Course Learning Outcomes:
This assignment addresses the following learning outcomes from the module syllabus:
A) Select and use applicable standards and methods for information security and risk management.
B) Conduct and properly document risk assessment based on a given scenario.
C) Find and evaluate appropriate published information to remain up-to-date about threats, vulnerabilities and patches.
Assignment Description:
This assignment requires you to plan, conduct and document a risk assessment based on the scenario described in Section 3.
Assignment Task:
In this assignment you have to:
Question 1: Conduct a risk assessment on the network in Figure 1, based on the ISO 27005 standard.
Question 2: Write a detailed risk assessment report.
Report Structure:
To meet the requirements your report must have a professional look. In order to help you in this regard the following structure is provided as a guideline. The report must contain the following main sections, however, you are allowed to add subsections as you find reasonable.
Introduction:
Here you will specify the risk assessment method that you use, discuss the advantages of this risk assessment method. Finally, highlight the certain tasks that you will perform during the risk assessment on the given system.
Risk Assessment:
This section contains the main part (result) of the report, namely, the whole risk assessment process made on the system in Figure 1, besides your chosen system parameters. The section can include several sub-sections:
- Owner specification,
- Assets (primary and secondary). You should explain briefly why the assets are primary or secondary. You can give a collective explanation for a group of assets instead of explaining for each asset.
- One threat for each asset.
- One vulnerability for each asset. The vulnerabilities have to be taken from one of the online vulnerability database (e.g. NVD), and have to be given with the official CVE number.
- Likelihood level computation, using Boston gird
- Impact table specification
- Risk identification with the risk level, using risk matrix (Boston grid).
o At most 10 risks should be given.
Summary and Recommendations
Summarize the main findings and write a non-technical recommendation (executive summary) for the management/director board, summarizing why they should invest in security and follow the ISO 27001 standards.
Information Security and Risk Management Assignment Help service has been the most prominent and trustworthy online service provider organizations among the students from all over the world.
Tags: Information Security and Risk Management Assignment Help, Information Security and Risk Management Homework Help, Information Security and Risk Management Coursework, Information Security and Risk Management Solved Assignments, Risk Assessment Method Assignment Help, Risk Assessment Method Homework Help
Download:- Information Security Management.rar