Case Scenario:
A small family-owned book shop has decided to offer online purchasing. With the addition of an online book store, the company aims to reach a broader audience and increase book sales. The website will enable customers to create an account, store their credit card information for future purchases, keep track of their purchasing history, and receive books anywhere within the UK and Europe.
Having heard of numerous companies falling victim to cyber attacks, the company have decided to hire "Secure Applications Ltd", a security consultant, to test its web application for vulnerabilities. During their investigation:
1) The security analyst found that an SQL query can be executed and customer record/records could be retrieved by appending it to the URL of the website.
2) The security analyst was able to access files stored on the server, and was able to load a remote script and execute it.
3) The security analyst observed that whenever they entered the line
" " in the product search text box, an alert pop up appeared.
In terms of existing security measures taken by the company to protect itself from cyber attacks, the analyst observed anti-virus software was installed on the company server, and each employee was issued an access card. Furthermore, they observed that all the servers used to host the website are kept in a room that all staff have access to.
Problem 1: Write an individual report of no more than 1500 words describing ALL the threats that the company might be exposed to, based on the vulnerabilities discovered and information provided. For each threat identified suggest countermeasures that the company can implement to reduce the risk the company is exposed to.
i) Summarize the problem
ii) Identify threats based on the vulnerabilities found and information provided
iii) Propose countermeasure to mitigate risk
iv) Considering the nature of data the company will be handling, it needs to be compliant with GDPR regulation. What steps do they need to take to comply with GDPR regulations?
Problem 2: As a group, conduct qualitative analysis on the top three threats that the company is facing and identify the most appropriate countermeasures to mitigate the risk. Based on your analysis, produce a report for management on the viability of new business expansion, including how the company should handle the risk arising from a web application. Finally, create a security policy that the company should implement to protect itself from cyber attacks. As a group submit a single report of not more than 1500 words, summarizing
i) Qualitative risk analysis to identify the most pertinent threats
ii) How should the company handle the top three risks arising from the web application?
iii) Design of information security policy to implement the risk mitigation strategy
Problem 3: In week 12, as a group, give a 5 minute presentation highlighting your recommendation to the senior management on how the company should handle risk. The presentation will be timed and students will be cut off after 5 minutes. The presentation should be prepared keeping in mind it is to be given to senior management, that has a mix of technical as well as non-technical people. The presentation should include
i) Overview of the vulnerabilities and threats.
ii) Summary of qualitative risk analysis.
iii) The proposed solution to handle risk arising from the threats.
iv) Overview of security policy designed.
v) Learning, reflective summary (challenges, achievements etc)
vi) A summary of your skills and expertise as a research team (not as individuals).
Assignment Outcomes:
A) Determine, establish and maintain appropriate information security governance within an organisation.
B) Identify, analyze, evaluate and manage risks related to different components of an information system (i.e. data, people, processes, hardware, software and network) accounting for current threat landscape.
C) Identify and effectively articulate different types of threat to, and vulnerabilities of, information systems to a range of audiences (e.g. top management, end users, non-technical and technical experts).
D) Critically analyze a wide range of security countermeasures, select and justify appropriate security countermeasures to mitigate risks in an information system.
E) Define and implement effective security policies and processes within an organisation, make and sustain argument; make judgment and propose solutions.
Avail Cybersecurity and Risk Management Assignment Help Service And Get Assured Top-Notch Grades By Submitting A Masterpiece Prepared By Apt Tutors.
Tags: Cybersecurity and Risk Management Assignment Help, Cybersecurity and Risk Management Homework Help, Cybersecurity and Risk Management Coursework, Cybersecurity and Risk Management Solved Assignments, SQL Query Assignment Help, SQL Query Homework Help
Attachment:- Cybersecurity-Risk Management.rar