Assessment 3Assessment type: Practical and Written Assessment, Individual assignment (2000 words).Purpose: The purpose of this assignment is to assess the students' understanding on identifying the risks,vulnerabilities and awareness of current industry and research trends in the field of information security.Students need to exercise operational, analytical, and critical skills in order to reduce the potential securityrisks involved in the given case study. Analyse and evaluate the organizational adoption of securitycontrols. Design solutions for concrete security problems for distributed applications. This assessmentcontributes to learning outcomes a, b, c, d.Value: 35%Due Date: 16 june 2022 by 11:00 am; Demonstration Week 12Submission requirements details: All work must be submitted on Moodle by the due date.Reference sources must be cited in the text of the report and listed appropriately at the end in a referencelist using Harvard Anglia referencing style.Assessment topic: Risk identification, assessment and treatmentTask details: This Assignment requires you to perform risk identification, assessment and treatment basedon the given case study. Also, it is required to implement ethical hacking (which does not do any maliciousactivity) on your own virtual machine. This is just for demonstration purposes and focusing the riskidentification, assessment and treatment accordingly and you should not implement it on any othercomputers.The assignment' requirements are Kali Linux and the required tools.Case Study for the Assignment: A pharmacy is specialized on selling health products. The pharmacy'smain sales are through their e-commerce website, where customers can issue orders and pay online. Thepharmacy can receive orders through the following lines of salesOnline e-commerce websitePhone callsEmail ordersThen the sales team are responsible on checking those emails and orders, prepare them and the deliverthem to customer. This business got an exponential growth since 2020. This steady growth also broughtchallenges for the pharmacy. They have to secure the sensitive information of their employee;customer and the most important assets are the orders Database. Moreover, their employees receive many emailsand they have to filter the orders emails from other emails, The pharmacy had no dedicated security teamand therefore till now no security policy is in place. Data breaches could have the pharmacy puts itsreputation at risk, and patient expect a high level of protection of their data. It is highly recommended thatthere is a need to impose a certain level of filtering for the network to be secure so as to sustain fromthreats and attacks. To add restrictions on a particular network it is necessary to identify the possiblethreats to the organization. For example, it is necessary to identify the important services that run on thenetwork. In order to get this done, there is a need to perform scanning on the network to identify theservices and ports of the applications. Furthermore, the firewall needs to be configured by adding rules toblock and allow the services based on the requirements of the organization and the security perspectivesof the network.Part A:The pharmacy had no dedicated security team and therefore till now no security policy is in place.Recently, the governing body of this business forms a security team and makes following two goals thatthey would like to achieve in six months -Assessing the current risk of the entire businessTreat the Risk as much as possibleTask 1: Risk IdentificationIn achieving the above two goals, you will do the followings -1.Find at least five assets2.Find at least two threats against each asset3.Identify vulnerabilities for the assetsTask II: Risk AssessmentAt the end of the risk identification process, you should have i) a prioritized list of assets and il) a prioritizedlist of threats facing those assets and iii) Vulnerabilities of assets. At this point, create Threats-Vulnerabilities-Assets (TVA) worksheet. Also, calculate the risk rating of each of the five triplets out of 25.TASK III: Risk TreatmentIn terms of Risk Treatment, for each of the five identified risk, state what basic strategy you will take. Justifyfor each decision. Also, Advise all possible protection mechanism and corresponding place of application.Part B:For better understanding of the above tasks, implement threat on your own virtual machine and considertasks I, II, and III of part A:Tips: You may implement XSS attack or SQL Injection or any other attacks that you can run it onyour own systemNOTE: You should not run the attacks on any other systems as you are not allowed to collect auser's personal Information due to the cybercrime.SectionDescription:1.Executive Summary on what the report is addressing.2. Introduction includes a short description about the case study andan introduction on what is security from theorganization's perspective and what is the need for asecurity plan.3. Risk Identification4. Risk assessment5. Risk treatment6. Conclusion7. Demonstration on kali linux8. References