Assignment 3 - due 16th February 2020 Assignment Objective Develop approaches to assessing cyber risk – 2,000-2,200 word case study report. Assignment Question This assessment requires the student to...

I have attached the requirements below in document file



Assignment 3 - due 16th February 2020 Assignment Objective Develop approaches to assessing cyber risk – 2,000-2,200 word case study report. Assignment Question This assessment requires the student to describe a Cyber security risk assessment program with discussion of its applicability in a relevant case study. The case study should be from a student’s experience or a news article assessing how an organisation may have avoided a security breach by defining and following a risk programme. It is suggested students identify an organisation which has undergone a security breach, review the published material on how the breach occurred and identify where in the risk management programme control objectives should have been identified to mitigate the actual threat. Students should highlight any assumptions that have been made as part of the review. Assessment Criteria: The submission must cover the following points: The student must identify and review a published security breach, assess the cause and the business impact. The student must then describe an approach that may have mitigated the risk of the security breach occurring or establish a capability to withstand or recover from the threat. The student must describe how the fundamental approach to risk management would have benefitted the organisation in managing the risk. This should include: · Asset identification; · Impact assessment; · Threat assessment; · Vulnerability and exposure analysis; · Control objective definition; · Control selection; · Compliance management including maturity modelling and testing; · Business continuity planning – crisis management, disaster recovery, business continuity; · Governance oversight and executive ownership and accountability.  Notes: This submission must not detail the design of a typical security technology environment.  It should describe the process for identifying and managing risk and identifying control objectives to mitigate those risks. Use a published case study scenario of a security breach. Submission Assignments must be structured to show: · A clear understanding of the assignment objective (the question); · How this will be answered (the assignment roadmap); · The research; · Analysis and argument; · Conclusion summarising the submission and how it has been answered.