TCSE1ICB Individual Cybersecurity Risk Management PlanSQL

Java Python TCSE1ICB Individual Assignment (15%)

Cybersecurity Risk Management Plan

You are an entrepreneur looking to start DigiWords Inc, a platform. for self-publishing e-books. Authors and independent publishers can upload their manuscripts as electronic files to the platform, which then converts them into multiple e-book formats for various devices. Before submitting your application to register your business, you also need to submit a Cybersecurity Risk Management Plan for your business. The purpose of this plan is to protect intellectual property and financial data, ensure that your business meets with regulatory requirements, and create confidence in your clients that you  are treating security of their data seriously. Your plan should be simple (easy to understand), but also dynamic, as you may change systems as business progresses incoming years.

1. Preparation for risk analysis [20 marks]

a.   Set scope and focus [10 marks/100 words]

b.   Describe the  overall goal  and target  of analysis  (e.g.  put the  diagram that  shows the interaction of users and IT systems) [10 marks]

2. High level analysis [20 marks]

a.   Identify involved parties or stakeholders (e.g. supplier) [ 5 marks]

b.   Identify assets (e.g. customer database, customer satisfaction) [5 marks]

c.   Draw a relationship between assets. For example, asset diagram of a fictional AutoEngine

Inc company is depicted below. [5 marks] You can use https://app.diagrams.net/ or any other drawing software

d.   List initial threats in the following format [5 marks]

Cause of the threat (Who or What?)

What may happen (risk)?

Enabler

e.g. Hacker

Extract customer database

Through SQL injection

3. Likelihood, Consequence scale, Risk function and evaluation Criteria [30 marks]

3.1.        Likelihood (certain, likely, possible, unlikely, rare) [ 10 marks]

Likelihood

Description

e.g. certain

10 times per year or a significant number of similar occurrences already on record

3.2.       Consequence scale (Hint: catastrophic, serious, moderate, minor, insignificant) [10 marks]

Consequence

TCSE1ICB Individual Assignment Cybersecurity Risk Management PlanSQL Description

e.g. Catastrophic

Range of 65% affected or downtime in range of [1month, 1 year] Or the ICT director has been jailed

3.3.        Risk Function and evaluation criteria [10 marks] This table is for one asset (customer database)

Risk function (e.g. for customer database)

Consequence/Likelihood

Insignificant

Minor

Moderate

Serious

Catastrophic

Rare

Unlikely

Possible

Likely

Certain

Shade: green for “acceptable”, yellow for “monitor” and red for “needs to be treated”

4. Risk Treatment [30 marks]

4.1 Draw your own diagram that shows the interaction of a given threat and each asset with the likelihood between them. For instance, the same company in 2(c) has a diagram that looks like the following [10 marks]

4.2. Draw your own diagram that shows the interaction of a given threat and each asset, labelling the harm the    threat causes (as R1, 2, etc.) between them. For instance, the same company in 2(c) has a diagram that looks like the following: [10 marks]

4.3         

评论
添加红包

请填写红包祝福语或标题

红包个数最小为10个

红包金额最低5元

当前余额3.43前往充值 >
需支付:10.00
成就一亿技术人!
领取后你会自动成为博主和红包主的粉丝 规则
hope_wisdom
发出的红包
实付
使用余额支付
点击重新获取
扫码支付
钱包余额 0

抵扣说明:

1.余额是钱包充值的虚拟货币,按照1:1的比例进行支付金额的抵扣。
2.余额无法直接购买下载,可以购买VIP、付费专栏及课程。

余额充值