User Account

All Pages

Why information security is important

Assignment Help Computer Network Security
Reference no: EM132506526

Business Case Scenario: Aloe Insurance AS (henceforth referred to as Aloe) is a Norwegian financial services firm listed on the Oslo Stock Exchange.

Problem Task 1: Presentation (Power point with voice recording)

Explain to the members what Information Security is Motivate why Information Security is important, considering the context of the organization and threat landscape Summarize where Information Security fits into and forms part of the larger ICT governance and corporate governance structures within the firm Highlight the results from your preliminary risk landscape analysis (Task 2)

State the risks that you identified and their severity rating
Motivate the severity of the risks by explaining how it could impact the firm
Suggest any mitigating control (not device/system/technology specific, see e.g. ISO27002 control/s that could mitigate the risk)
Briefly motivate why implementing controls in isolation won't be as effective as implementing an ISMS
Outline and briefly explain the phases that Aloe will have to undertake if they were to implement an ISMS based on the "ins2outs" 7-step approach discussed in Lecture 6

You need to outline to the executive, the phases of an ISMS implementation and briefly explain each phase to them (i.e. requirements, outputs etc.), walk them through the phases

To add value to your presentation and to solidify the importance and need for information security management within Aloe, you want to outline potential risks that already exist within Aloe, considering the context of the firm (industry, revenue, services, client data processing and storage etc.). Therefore, in preparation for this presentation to ExCo, you want to have meetings with various managers within the broader ICT function to identify obvious risks in their current processes. The point of this exercise is to emphasize to the executive, that without any extensive analysis or audit, you are able to identify major information security risks in the organization.

As such, you had meetings with various department heads, and operational ICT staff, to assess and gain a high-level overview of existing information security risks that have been overlooked in the past, and doing so without conducting an extensive risk assessment (due to 2 week time limit, and also because an extensive information security risk assessment will be conducted as part of the ISMS roll-out). Notes from your meetings are detailed below:

"...We are running monthly backups to our onsite server on our ClaimHub system, which stores and processes all insurance claims. Our data center is quite impressive, didn't even need to set up a secondary site, got all we need here..."

"...we had some issues with processing timeframes for new life insurance applications, so we resorted to just setting up a network share drive for all the guys in the life insurance department so they could copy the application and supporting docs like ID's etc. to the network for everyone to access easily, we sent an email to the department telling people they should respect privacy and only work on their own client documents..."

"...all employees have access to the ClaimHub system, we did of course lock down the Admin account, about 8 of us in the infrastructure team have access to the Admin account so we can easily implement changes to the system code and so forth when we're having issues..."

"...when an insurance claim has been processed on ClaimHub, it is sent to our client relations team in Bergen. We set up an ftp link with the AloePay system so the two systems can communicate and share data. The team in Bergen can therefore easily view newly processed claims and make any payouts to clients..."

Problem Task 2: Supporting Document

Prepare a report to hand out at the ExCo meeting, detailing the risks that you were able to identify during your meetings with ICT staff:
Summary of the organization (0.5 page). This is as explained in your own words, a summary of what Aloe does, the industry in which it operates and its value proposition.

Introduction outlining what you did
Explain in a short paragraph the process you followed to come to the conclusions in the report (extrapolate from the scenario and fill in any blanks regarding methodology you followed etc.)
Detail the identified risks:
Each risk should be contained in its own sub-section,
No longer than one page per risk

As seen in Figure 1, each risk should document the following:

Describe the risk within context of Aloe, explaining what the risk is and why it is a risk

Give the risk a risk rating (Figure 2), based on your professional judgment, considering the impact and likelihood of the risk materializing (Figure 3) in the organizational context

Summarize the potential impact this risk could have on Aloe, should it materialize

Outline potential control/s that could be implemented to mitigate this risk (reference any control from ISO27002) and explain why it could mitigate the risk

Attachment:- Assignment Case Details.rar

Reference no: EM132506526

Questions Cloud

Define what is meant by cumulative voting system : Define what is meant by cumulative voting system. Explain how a cumulative voting system allows minority shareholders to elect a board of directors
ENG200 Business Communication Assignment : ENG200 Business Communication Assignment Help and Solution, Emirates College of Technology - Assessment Writing Service
What is the the present value that expect to receive : What is the the present value of $10,000 that you expect to receive in 10 years if the interest rate is 5% from years 0 to 5 and 7% from year 5 to 10?
What are the major challenges facing the multilateral : What are the major challenges facing the multilateral trade system and how can they be addressed?
Why information security is important : Explain to the members what Information Security is Motivate why Information Security is important, considering the context of the organization
Assess culture of the organization for potential challenges : Assess the culture of the organization for potential challenges in incorporating the nursing practice intervention. Use this assessment when creating.
Which in turn caused the price of natural gas to rise : In 2007, the price of oil increased, which in turn caused the price of natural gas to rise. This can best be explained by saying that oil and natural gas
Explain the development stages of the project : A literature review analyzes how current research supports the PICOT, as well as identifies what is known and what is not known in the evidence. Students will.
Given an increase in input price : Suppose that real domestic output in an economy is 20 units, the quantity of inputs is 10, and the price of each input is $4. Given an increase in input price

Reviews

Write a Review

Computer Network Security Questions & Answers

  An overview of wireless lan security - term paper

Computer Science or Information Technology deals with Wireless LAN Security. Wireless LAN Security is gaining importance in the recent times. This report talks about how vulnerable are wireless LAN networks without any security measures and also talk..

  Computer networks and security against hackers

This case study about a company named Magna International, a Canada based global supplier of automotive components, modules and systems. Along with the company analysis have been made in this assignment.

  New attack models

The Internet evolution is and is very fast and the Internet exposes the connected computers to attacks and the subsequent losses are in rise.

  Islamic Calligraphy

Islamic calligraphy or Arabic calligraphy is a primary form of art for Islamic visual expression and creativity.

  A comprehensive study about web-based email implementation

Conduct a comprehensive study about web-based email implementation in gmail. Optionally, you may use sniffer like wireshark or your choice to analyze the communication traffic.

  Retention policy and litigation hold notices

The purpose of this project is to provide you with an opportunity to create a document retention policy. You will also learn how to serve a litigation hold notice for an educational institute.

  Tools to enhance password protection

A report on Tools to enhance Password Protection.

  Analyse security procedures

Analyse security procedures

  Write a report on denial of service

Write a report on DENIAL OF SERVICE (DoS).

  Phising email

Phising email It is multipart, what are the two parts? The HTML part, is it inviting the recepient to click somewhere? What is the email proporting to do when the link is clicked?

  Express the shannon-hartley capacity theorem

Express the Shannon-Hartley capacity theorem in terms of where is the Energy/bit and is the psd of white noise.

  Modern symmetric encryption schemes

Pseudo-random generators, pseudo-random functions and pseudo-random permutations

Free Assignment Quote

Assured A++ Grade

Get guaranteed satisfaction & time on delivery in every assignment order you paid with us! We ensure premium quality solution document along with free turntin report!

Submit Assignment

Academics

Major Subjects

Majors

Get In Touch

whatsapp: +1-415-670-9521

Phone: +1-415-670-9521

Email: [email protected]

TERMS & POLICIES

HELP & SUPPORT

All rights reserved! Copyrights ©2019-2020 ExpertsMind IT Educational Pvt Ltd