CMP71001 Cybersecurity - Weighted Factor Analysis
Task 1: The importance of risk assessment
To complete this task, use the following questions to guide your discussion:
- What is risk assessment?
- What do you know by performing cybersecurity risk assessment?
- What do you think is difficult for you to do/obtain in the risk assessment process?
- How risk assessment results are used to develop and manage cybersecurity andhow they can affect the business decision making process?
Task 2: Critical asset identification
To complete this task, use the following questions to guide your thought:
- What is an information asset?
- What make an information asset critical?
- What can be included in WFA to classify the university information assets?
Task 3: Threat identification
To complete this task, use the following guidelines:
- Clearly understand the difference between important security concepts includingthreats, hazards, attacks and
- Search for security threat, incident and trend reports and use the results fromreputable sources such as government organisations and security
- Identify relevant threats by studying statistics and figures found in the
- Summarize each threat, threat agent, method of delivery and working mechanism
Task 4: Threat assessment
To complete this task, use the following guidelines:
- Identify potential weaknesses (vulnerabilities) of the asset based on threeinformation security components: confidentiality, integrity and
- Study the working mechanism of each threat to assess the potential impact of thethreat on the asset by exploiting the vulnerabilities. Use your own and public domain knowledge to help you with the impact
Answer
Task 1
Section 1
The concept of risk assessment can be considered as the identification of hazards that would directly impact the overall working of the organisation. The concept which can be applied to the aspect is detect business risk and provide processes, measures and control which would be directly reducing the impact of the risk to the operation of the business (Wood and Dandin 2017). The main aspect which would be taken into consideration would be the reduction of the different risk factor which is involved into the concept.
Section 2
The organisation mainly take into consideration risk assessment framework (RAF) to directly share and prioritize the details relating to the assessment including details which is related to the risk in the sector of information technology (I
T). The RAF can be beneficial in a way which would be directly beneficial in a way which would be helping the organisation to identify hazards which are potential and any aspect which is related to the risk by these type of hazards as well as fallout of potential if these risk come to fruition. The main functionality which is related to the assessment of the risk is done mainly by the Chief Risk manager (CRM) and Chief Risk officer (CRO).
Section 3
The main difficulty which is related to the risk assessment process is related to the risk identification and the development of the countermeasures which is related to the risk. An analysis of the risk can be very much beneficial in the aspect of identifying the different factor which are related to the risk and the mitigation aspect which can be involved into the concept.
Section 4
It can be stated here that management and development of cyber security can be very much beneficial in the aspect of business decision is making is due to the factor that there would not be any type risk factor involved into the internal as well as external working of the business (Levi, Allouchen and Kontorovich 2018).. It can be stated that a business without the factor of cyber security and other risk factor involved into the concept can be very much a successful business orientation.
Task 2
Section 1
An information assets can be considered as a knowledge body that is managed and organised by means of a single entity. Taking into consideration other organisation assets it can be stated here that the information assets also is very much crucial in the working of the organisation.
Section 2
There are different types of factor which can be included into the concept which would be directly making an information assets critical. It can be stated that the assists which include different type of data which are very much crucial in the sector of operation of the organisation can be considered to be a critical assists (Levi, Allouchen and Kontorovich 2018). The security aspect of the critical assets are very much important in the sector of operation of the buienss. This is due to the factor that if there are any type of intruder activity included into the concept it would be directly affecting the overall working of the organisation.
Section 3
In the WFA there can be implementation of a technique which is related to the periodization of the data which would be classifying the university information assists. Security of the data should be one of the most priority sector within the working of the organisation.
Questions
1. What is the strategy which would be included into the working of the assists of the organisation?
2. What are the intellectual property which are involved into the assets of the working of the organisation?
3. What are the material which are used in the concept in the securing aspect of the critical data?
4. What are the operations which are included in the sector of the critical data of the university?
5. Is there any type of legal constraint impacted into the sector of dealing with the critical data?
Weighted factor analysis
|
Information assets |
Criteria 1 (Impact on internal working) |
Criteria 2 (Impact on security of data) |
Criteria 3 (Impact on social factor) |
Weighted score |
|
Criteria weightage |
30 |
30 |
40 |
Total weightage is 100 |
|
Financial |
0.4 |
0.7 |
0.5 |
40 |
|
Legal |
0.8 |
0.4 |
0.3 |
56 |
|
Organizational |
0.4 |
0.1 |
0.6 |
100 |
|
Decision support |
0.5 |
0.3 |
0.2 |
80 |
Task 3
Section A
Threat: Threats can be considered as external entity which would be directly degrading the quality of the data and would be hampering with the security of the data.
Hazards: The hazards can be considered as attacks which only degrade the quality of the data.
Attack: Attack are those factor which aim a system or a data in order to get the access of the data and use it for their own benefit (Kruse et al. 2017). The attack is mainly generated by the hackers.
Incident: The concept of incident can be stated to be less complexity aspect as compared to other event which majorly include intrusion into a system.
Section B
Threat: One of the example of threat which can be stated here is the attack of the HDFC bank server. The main concept which resulted in the attack was the loopholes in the security of the system.
Incident: The example which can be stated in context of the incident can be related to the World health organisation database (Massey 2017). The incident resulted in discloser of personal details of many person who were involved into the concept and personal details were stolen in the concept. The attack was mainly generated by means of an attack which is known as WannaCry
Section C
The attack which are discussed above mainly had a aim of taking into consideration personal details of the person so that the data can be used in some type of unethical manner which would be including the bank details, the phone name, email and other personal details which are very much crucial for an individual.
Section D
WannaCry can be considered as one of the attack which directly aim at accessing the data of the organisation and does not leave the system and takes the overall control of the system (Singer and Friedman 2014). The main mitigation aspect which can be done in the aspect is ensuring the data entry point of the system is secured.
Security of the system can be considered to be very much essential due to the factor that if there are any type of loopholes in the system it would be directly hampering the overall access point of the system.
Task 4
Section A
Confidentiality: The data of the user should be always be secured if it is not secured the system cannot be termed as confidentiality system
Integrity: The integrity of the data is very much essential in the sector that the quality of the data is not compromised upon (Levi, Allouchen and Kontorovich 2018).
Availability: The availability of the data should be done to the user so that they can access the data when they need to do so.
Section B
It can be stated that according to the critically of the data the data should be sorted and the data which has the highest priority would be given security of the upmost level which would be keeping the data very much safe from the hand of the intruders and any type of unethical activity.
References
Gcaza, N. and Von Solms, R., 2017. A Strategy for a Cybersecurity Culture: A South African Perspective. The Electronic Journal of Information Systems in Developing Countries, 80(1), pp.1-17.
Kruse, C.S., Frederick, B., Jacobson, T. and Monticone, D.K., 2017. Cybersecurity in healthcare: A systematic review of modern threats and trends. Technology and Health Care, 25(1), pp.1-10.
Levi, M., Allouche, Y. and Kontorovich, A., 2018, June. Advanced Analytics for Connected Car Cybersecurity. In 2018 IEEE 87th Vehicular Technology Conference (VTC Spring)(pp. 1-7). IEEE.
Massey, D., 2017, November. Applying Cybersecurity Challenges to Medical and Vehicular Cyber Physical Systems. In Proceedings of the 2017 Workshop on Automated Decision Making for Active Cyber Defense (pp. 39-39). ACM.
Singer, P.W. and Friedman, A., 2014. Cybersecurity: What everyone needs to know. Oxford University Press.
Weinstein, R., 2016. Cybersecurity: Getting beyond Technical Compliance Gaps. NYUJ Legis. & Pub. Pol'y, 19, p.913.
Wood, T.A. and Dandin, M., 2017, May. Cybersecurity and the electric grid: Innovation and intellectual property. In Circuits and Systems (ISCAS), 2017 IEEE International Symposium on (pp. 1-1). IEEE.
Answer
Task 1
Section 1
The concept of risk assessment can be considered as the identification of hazards that would directly impact the overall working of the organisation. The concept which can be applied to the aspect is detect business risk and provide processes, measures and control which would be directly reducing the impact of the risk to the operation of the business (Wood and Dandin 2017). The main aspect which would be taken into consideration would be the reduction of the different risk factor which is involved into the concept.
Section 2
The organisation mainly take into consideration risk assessment framework (RAF) to directly share and prioritize the details relating to the assessment including details which is related to the risk in the sector of information technology (IT). The RAF can be beneficial in a way which would be directly beneficial in a way which would be helping the organisation to identify hazards which are potential and any aspect which is related to the risk by these type of hazards as well as fallout of potential if these risk come to fruition. The main functionality which is related to the assessment of the risk is done mainly by the Chief Risk manager (CRM) and Chief Risk officer (CRO).
Section 3
The main difficulty which is related to the risk assessment process is related to the risk identification and the development of the countermeasures which is related to the risk. An analysis of the risk can be very much beneficial in the aspect of identifying the different factor which are related to the risk and the mitigation aspect which can be involved into the concept.
Section 4
It can be stated here that management and development of cyber security can be very much beneficial in the aspect of business decision is making is due to the factor that there would not be any type risk factor involved into the internal as well as external working of the business (Levi, Allouchen and Kontorovich 2018).. It can be stated that a business without the factor of cyber security and other risk factor involved into the concept can be very much a successful business orientation.
Task 2
Section 1
An information assets can be considered as a knowledge body that is managed and organised by means of a single entity. Taking into consideration other organisation assets it can be stated here that the information assets also is very much crucial in the working of the organisation.
Section 2
There are different types of factor which can be included into the concept which would be directly making an information assets critical. It can be stated that the assists which include different type of data which are very much crucial in the sector of operation of the organisation can be considered to be a critical assists (Levi, Allouchen and Kontorovich 2018). The security aspect of the critical assets are very much important in the sector of operation of the buienss. This is due to the factor that if there are any type of intruder activity included into the concept it would be directly affecting the overall working of the organisation.
Section 3
In the WFA there can be implementation of a technique which is related to the periodization of the data which would be classifying the university information assists. Security of the data should be one of the most priority sector within the working of the organisation.
Questions
1. What is the strategy which would be included into the working of the assists of the organisation?
2. What are the intellectual property which are involved into the assets of the working of the organisation?
3. What are the material which are used in the concept in the securing aspect of the critical data?
4. What are the operations which are included in the sector of the critical data of the university?
5. Is there any type of legal constraint impacted into the sector of dealing with the critical data?
Weighted factor analysis
|
Information assets |
Criteria 1 (Impact on internal working) |
Criteria 2 (Impact on security of data) |
Criteria 3 (Impact on social factor) |
Weighted score |
|
Criteria weightage |
30 |
30 |
40 |
Total weightage is 100 |
|
Financial |
0.4 |
0.7 |
0.5 |
40 |
|
Legal |
0.8 |
0.4 |
0.3 |
56 |
|
Organizational |
0.4 |
0.1 |
0.6 |
100 |
|
Decision support |
0.5 |
0.3 |
0.2 |
80 |
Task 3
Section A
Threat: Threats can be considered as external entity which would be directly degrading the quality of the data and would be hampering with the security of the data.
Hazards: The hazards can be considered as attacks which only degrade the quality of the data.
Attack: Attack are those factor which aim a system or a data in order to get the access of the data and use it for their own benefit (Kruse et al. 2017). The attack is mainly generated by the hackers.
Incident: The concept of incident can be stated to be less complexity aspect as compared to other event which majorly include intrusion into a system.
Section B
Threat: One of the example of threat which can be stated here is the attack of the HDFC bank server. The main concept which resulted in the attack was the loopholes in the security of the system.
Incident: The example which can be stated in context of the incident can be related to the World health organisation database (Massey 2017). The incident resulted in discloser of personal details of many person who were involved into the concept and personal details were stolen in the concept. The attack was mainly generated by means of an attack which is known as WannaCry
Section C
The attack which are discussed above mainly had a aim of taking into consideration personal details of the person so that the data can be used in some type of unethical manner which would be including the bank details, the phone name, email and other personal details which are very much crucial for an individual.
Section D
WannaCry can be considered as one of the attack which directly aim at accessing the data of the organisation and does not leave the system and takes the overall control of the system (Singer and Friedman 2014). The main mitigation aspect which can be done in the aspect is ensuring the data entry point of the system is secured.
Security of the system can be considered to be very much essential due to the factor that if there are any type of loopholes in the system it would be directly hampering the overall access point of the system.
Task 4
Section A
Confidentiality: The data of the user should be always be secured if it is not secured the system cannot be termed as confidentiality system
Integrity: The integrity of the data is very much essential in the sector that the quality of the data is not compromised upon (Levi, Allouchen and Kontorovich 2018).
Availability: The availability of the data should be done to the user so that they can access the data when they need to do so.
Section B
It can be stated that according to the critically of the data the data should be sorted and the data which has the highest priority would be given security of the upmost level which would be keeping the data very much safe from the hand of the intruders and any type of unethical activity.
References
Gcaza, N. and Von Solms, R., 2017. A Strategy for a Cybersecurity Culture: A South African Perspective. The Electronic Journal of Information Systems in Developing Countries, 80(1), pp.1-17.
Kruse, C.S., Frederick, B., Jacobson, T. and Monticone, D.K., 2017. Cybersecurity in healthcare: A systematic review of modern threats and trends. Technology and Health Care, 25(1), pp.1-10.
Levi, M., Allouche, Y. and Kontorovich, A., 2018, June. Advanced Analytics for Connected Car Cybersecurity. In 2018 IEEE 87th Vehicular Technology Conference (VTC Spring)(pp. 1-7). IEEE.
Massey, D., 2017, November. Applying Cybersecurity Challenges to Medical and Vehicular Cyber Physical Systems. In Proceedings of the 2017 Workshop on Automated Decision Making for Active Cyber Defense (pp. 39-39). ACM.
Singer, P.W. and Friedman, A., 2014. Cybersecurity: What everyone needs to know. Oxford University Press.
Weinstein, R., 2016. Cybersecurity: Getting beyond Technical Compliance Gaps. NYUJ Legis. & Pub. Pol'y, 19, p.913.
Wood, T.A. and Dandin, M., 2017, May. Cybersecurity and the electric grid: Innovation and intellectual property. In Circuits and Systems (ISCAS), 2017 IEEE International Symposium on (pp. 1-1). IEEE.
Buy CMP71001 Cybersecurity - Weighted Factor Analysis Answers Online
Talk to our expert to get the help with CMP71001 Cybersecurity - Weighted Factor Analysis Answers to complete your assessment on time and boost your grades now
The main aim/motive of the management assignment help services is to get connect with a greater number of students, and effectively help, and support them in getting completing their assignments the students also get find this a wonderful opportunity where they could effectively learn more about their topics, as the experts also have the best team members with them in which all the members effectively support each other to get complete their diploma assignments. They complete the assessments of the students in an appropriate manner and deliver them back to the students before the due date of the assignment so that the students could timely submit this, and can score higher marks. The experts of the assignment help services at urgenthomework.com are so much skilled, capable, talented, and experienced in their field of programming homework help writing assignments, so, for this, they can effectively write the best economics assignment help services.
