User Account

All Pages

Identify and prioritize threat and vulnerabilities for asset

Assignment Help Business Management
Reference no: EM133820106

Homework: Risk Analysis for a Company

Given: The student is given a scenario where an organization's sensitive data are leaked due to a breach and information about their currently implemented security defense system/measures are provided. The student is also given a list that contains a full list of assets inventory for the organization, including all descriptions and monetary values.

XYZ Company Background:

XYZ Corporation is a small-medium-sized technology company specializing in software development and IT solutions. The company employs approximately 200 employees and handles sensitive data from clients in various industries, including financial institutions and healthcare providers. XYZ Corporation takes data security seriously and has implemented several security defense systems and measures to protect its assets.

Current Security Defense Systems/Measures:

A. Firewall and Intrusion Detection System: XYZ Corporation has deployed a robust firewall and intrusion detection system to monitor network traffic and prevent unauthorized access to its internal systems. The system is designed to identify and block suspicious activities.

B. Access Control and Authentication: The company enforces strong access control policies, requiring employees to use unique usernames and passwords to access their systems. Additionally, two-factor authentication (2FA) is implemented for accessing critical systems and databases.

C. Encryption: XYZ Corporation uses encryption techniques to safeguard sensitive data both at rest and during transit. All data stored on servers and databases are encrypted, and secure communication protocols (such as SSL/TLS) are utilized for data transmission.

D. Regular Software Updates and Patches: The company has a strict policy of regularly updating software and applying security patches to mitigate vulnerabilities. This includes operating systems, applications, and third-party software.

E. Employee Training and Awareness: XYZ Corporation conducts regular security awareness training programs for employees to educate them about data protection best practices, such as recognizing phishing attempts and the importance of strong passwords.

Company Assets and Inventory:

1. Servers and Networking Equipment: Dell PowerEdge R740 Server (x3) - $10,000 each
2. Cisco Catalyst 3850 Switch (x2) - $5,000 each
3. Juniper SRX340 Firewall - $8,000
4. Databases and Storage Systems: Oracle Database Server - $20,000
5. NetApp FAS2650 Storage System - $15,000
6. Workstations and Laptops: HP EliteBook 840 G7 (x50) - $1,500 each
7. Dell OptiPlex 7070 Desktop (x25) - $1,200 each
8. Software Licenses: Microsoft Office 365 Enterprise License - $12,000
9. Adobe Creative Cloud License - $6,000
10. Client Data: Financial Institution Client Data (confidential) - Value not specified
11. Healthcare Provider Client Data (protected health information) - Value not specified

Description of Data Breach Incident:

Despite the implemented security defense systems and measures, XYZ Corporation recently experienced a data breach incident. The breach occurred when a malicious attacker exploited a vulnerability in an outdated software component that had not been patched promptly. The attacker gained unauthorized access to the company's internal network and managed to extract sensitive client data, including financial institution client data and protected health information from healthcare providers. The exact value of the stolen data is yet to be determined, but it poses a significant risk to both the affected clients and XYZ Corporation's reputation.

Upon discovering the breach, XYZ Corporation took immediate action to contain the incident, engage with a cybersecurity forensic firm to investigate the extent of the breach, and notify the affected clients. The company is now working diligently to strengthen its security measures, update all software components, and enhance employee training programs to prevent future breaches and protect its assets and sensitive data.

Required

A. Assess the current security measures and strategies implemented at this company.

B. Perform a full analysis of possible types of breaches that might take place on those assets (minimum of three breaches) and use a risk analysis and assessment statistical techniques to report the security posture of that organization.

C. Identify and rank company XYZ's assets, threats, and vulnerabilities using a tool (like Excel) that shows all calculations and decision-making logic. Record any assumptions made.

D. Conduct a detailed Cost Benefit Analysis (CBA) for a chosen control based on prior risk analysis, justify assumptions, and provide a concise conclusion and recommendation regarding the control's purchase.

Task: The homework deliverables are as follows:

A Full PDF report to document your findings for the following (Template):

I. Part I: Countermeasures: A comprehensive assessment/critique of the listed 5 current security measures adopted by the XYZ company. The description shall include how these measures operate to protect data, which assets they target to protect, whether they are effective, and what are other potential security threats the current defenses impose on the XYZ Company.

II. Part II: Attacks: Provide full description of a minimum of 3 attacks (web based, network based, and software based) that can be launched against the company XYZ based on the current security posture as analyzed in part I. For each identified attack, provide sufficient information about the attack type, vulnerability or vulnerabilities that might lead to that attack, asset or assets that might be compromised, and security components that might be compromised, and your suggestion to mitigate that attack.

III. Part III: Risk Analysis: Perform the following tasks with respect to risk analysis of the company XYX assets: Prioritize Assets, Identify and Prioritize Threats and Vulnerabilities for each asset, Calculate risk for each vulnerability, Prioritize which vulnerability would you address first and why? The risk analysis process shall be done using a tool that can be a full excel spreadsheet showing all calculations and interpretations. Document any assumptions made during your analysis.

Note: Check useful resources for some useful tools that might shed light on what we expect you to submit in this part of the homework.

IV. Part IV: Cost Benefit Analysis (CBA): You are required to carry out a comprehensive Cost-Benefit Analysis (CBA) for a control measure that you have identified as a potential solution to risks outlined in your earlier risk analysis (Part III). Your analysis should lead to a well-reasoned conclusion on whether the control should be implemented. The CBA process shall be done using a tool that can be a full excel spreadsheet showing all calculations and interpretations. Document any assumptions made during your analysis. Justify each assumption's relevance and reasonableness. Summarize the results of your CBA and present a clear recommendation on whether or not to purchase the control.

V. Reflection:

Each student must write a bulleted list reflecting on their individual contribution to the fulfillment of this homework's requirements as a team member. Use the first-person pronoun "I" in your reflection.

VI. References: Cite all used references using APA style.

Reference no: EM133820106

Questions Cloud

Discussion to collaborate with your peers and faculty : Discussion to collaborate with your peers and Faculty to address the following regarding the gap in practice
What was purpose of jeffersons commissioning of the lewis : What was the purpose of Jefferson's commissioning of the Lewis and Clark expedition? What did they accomplish?
Display manifestations of hepatic encephalopathy : A client has begun to display manifestations of hepatic encephalopathy. The family is concerned and asks the nurse what caused this condition to develop.
Receiving digoxin : A nurse is caring for a 66-year-old client who is receiving digoxin. What is the appropriate action to take?
Identify and prioritize threat and vulnerabilities for asset : Identify and Prioritize Threats and Vulnerabilities for each asset, Calculate risk for each vulnerability, Prioritize which vulnerability would you address firs
What is the asian success frame : What is the difference between the Asian Success Frame and concept of Cultural Heterogeneity often found in low-income African-American/Hispanic neighborhoods?
How can you demonstrate respect for the perspective : How can you demonstrate respect for the perspective and experiences of other professionals on the interdisciplinary team?
How might the respiratory therapist solve situation : The physician does not want to give the patient more than 50% oxygen. How might the respiratory therapist solve this situation?
What 3 continents did atlantic slave trade impact politcally : What 3 continents did the Atlantic Slave trade impact politcally, economically, and socially?

Reviews

Write a Review

Business Management Questions & Answers

  Caselet on michael porter’s value chain management

The assignment in management is a two part assignment dealing 1.Theory of function of management. 2. Operations and Controlling.

  Mountain man brewing company

Mountain Man Brewing, a family owned business where Chris Prangel, the son of the president joins. Due to increase in the preference for light beer drinkers, Chris Prangel wants to introduce light beer version in Mountain Man. An analysis into the la..

  Mountain man brewing company

Mountain Man Brewing, a family owned business where Chris Prangel, the son of the president joins. An analysis into the launch of Mountain Man Light over the present Mountain Man Lager.

  Analysis of the case using the doing ethics technique

Analysis of the case using the Doing Ethics Technique (DET). Analysis of the ethical issue(s) from the perspective of an ICT professional, using the ACS Code of  Conduct and properly relating clauses from the ACS Code of Conduct to the ethical issue.

  Affiliations and partnerships

Affiliations and partnerships are frequently used to reach a larger local audience? Which options stand to avail for the Hotel manager and what problems do these pose.

  Innovation-friendly regulations

What influence (if any) can organizations exercise to encourage ‘innovation-friendly' regulations?

  Effect of regional and corporate cultural issues

Present your findings as a group powerpoint with an audio file. In addition individually write up your own conclusions as to the effects of regional cultural issues on the corporate organisational culture of this multinational company as it conducts ..

  Structure of business plan

This assignment shows a structure of business plan. The task is to write a business plane about a Diet Shop.

  Identify the purposes of different types of organisations

Identify the purposes of different types of organisations.

  Entrepreneur case study for analysis

Entrepreneur Case Study for Analysis. Analyze Robin Wolaner's suitability to be an entrepreneur

  Forecasting and business analysis

This problem requires you to apply your cross-sectional analysis skills to a real cross-sectional data set with the goal of answering a specific research question.

  Educational instructional leadership

Prepare a major handout on the key principles of instructional leadership

Free Assignment Quote

Assured A++ Grade

Get guaranteed satisfaction & time on delivery in every assignment order you paid with us! We ensure premium quality solution document along with free turntin report!

Submit Assignment

Academics

Major Subjects

Majors

Get In Touch

whatsapp: +1-415-670-9521

Phone: +1-415-670-9521

Email: [email protected]

TERMS & POLICIES

HELP & SUPPORT

All rights reserved! Copyrights ©2019-2020 ExpertsMind IT Educational Pvt Ltd