Reference no: EM133517162
Cybersecurity Risk Management Plan
You are an entrepreneur looking to start DigiWords Inc, a platform for self-publishing e-books. Authors and independent publishers can upload their manuscripts as electronic files to the platform, which then converts them into multiple e-book formats for various devices. Before submitting your application to register your business, you also need to submit a Cybersecurity Risk Management Plan for your business. The purpose of this plan is to protect intellectual property and financial data, ensure that your business meets with regulatory requirements, and create confidence in your clients that you are treating security of their data seriously. Your plan should be simple (easy to understand), but also dynamic, as you may change systems as business progresses in coming years.
1. Preparation for risk analysis
a. Set scope and focus [100 words]
b. Describe the overall goal and target of analysis (e.g. put the diagram that shows the interaction of users and IT systems)
2. High level analysis
a. Identify involved parties or stakeholders (e.g. supplier)
b. Identify assets (e.g. customer database, customer satisfaction)
c. Draw a relationship between assets. For example, asset diagram of a fictional AutoEngine
Inc company is depicted below.
d. List initial threats in the following format
3. Likelihood, Consequence scale, Risk function and evaluation Criteria
Likelihood (certain, likely, possible, unlikely, rare)
4. Risk Treatment
4.1 Draw your own diagram that shows the interaction of a given threat and each asset with the likelihood between them. For instance, the same company in 2(c) has a diagram that looks like the following
Draw your own diagram that shows the interaction of a given threat and each asset, labelling the harm the threat causes (as R1, 2, etc.) between them. For instance, the same company in 2(c) has a diagram that looks like the following