Problem
ABC Air is a small aircraft service company that carry out the aircraft maintenance for the civil operators. The company records the total number of flying hours for each aircraft, servicing time, man-hours of the engineers and related maintenance. An external contractor has provided a report that outlined the possible solution for the ABC Air. Based on the documentation provided you are required to assess an information security risk and complete the information security audit. You should clearly identify any assumptions that you may have. In providing your information security risk and audit, you should:
A. Conduct systematic risk assessment, identification and analysis
B. Evaluate a suitable auditing approach for this case (general risk based approach, or specific control based approach) and provide justification
C. Consider some possible cyber-attack that could happen and use this for an integrated fault event analysis.
D. Determine the standard, best practice, or guideline that is suitable for ABC Air to mitigate the risk of information security breaches. Explain advantages and disadvantages of these