MIS607_Assessment_3_Brief_Mitigation plan for threat report_ Module 6.1 Page 1 of 4 Task Summary For this assessment, you are required to write a 2500 words mitigation plan for threat report based on...

1 answer below »
Assessment 3


MIS607_Assessment_3_Brief_Mitigation plan for threat report_ Module 6.1 Page 1 of 4 Task Summary For this assessment, you are required to write a 2500 words mitigation plan for threat report based on knowledge you gained about threat types and key factors in Assessment 2. You are required to use the Assessment 2 case as context to write a report to address or alleviate problems faced by the business and to protect the customers. In doing so, you are required to demonstrate your ability to mitigate threat/risks identified in Assessment 2 through the strategy you recommend (STRIDE). Context Cybersecurity help organizations to mitigate threats/risks, reduce financial loss and safety violations, decrease unethical behaviour, improve customer satisfaction, and increase efficiency, as well as to maintain these improved results. Threats can be resolved by Risk Acceptance (doing nothing), Risk Transference (pass risk to an externality), Risk Avoidance (removing the feature/component that causes the risk) and Risk Mitigation (decrease the risk). This assessment gives you an opportunity to demonstrate your understanding of cybersecurity and your capability to explain Risk Mitigation strategies for such threats. Mitigations should be chosen according to the appropriate technology and resolution should be decided according to the risk level and cost of mitigation. Task Instructions 1. Read the Assessment 2 Case Scenario again to understand the concepts discussed in the case. 2. Review your subject notes to establish the relevant area of investigation that applies to the case. Re- read any relevant readings that have been recommended in the case area in modules. Plan how you will structure your ideas for the mitigation plan for threat report. 3. The mitigation plan for threat report should address the following: • Setting priorities for risks/threats ASSESSMENT 3 BRIEF Subject Code and Title MIS607 Cybersecurity Assessment Mitigation Plan for Threat Report Individual/Group Individual Length 2500 words (+/- 10%) Learning Outcomes The Subject Learning Outcomes demonstrated by successful completion of the task below include: b) Explore and articulate cyber trends, threats and staying safe in cyberspace, plus protecting personal and company data. c) Analyse issues associated with organisational data networks and security to recommend practical solutions towards their resolution. d) Evaluate and communicate relevant technical and ethical considerations related to the design, deployment and/or the uses of secure technologies within various organisational contexts. Submission Due by 11:55pm AEST Sunday end of Module 6.1 Weighting 45% Total Marks 100 marks MIS607_Assessment_3_Brief_Mitigation plan for threat report_ Module 6.1 Page 2 of 4 • Analyse the case in terms of identified risk categories and scenarios • Apply standard mitigations • Discuss specific resolutions for improvement, and justify their significance • Provide recommendations for mitigating risk based on an assessment of risk appetite, risk tolerance and current risk levels (Choose techniques to mitigate the threats) • Make recommendations to the CEO on how to conduct risk management, key issues involving your process improvement model, including a road map, the identification of appropriate technologies for the identified techniques, communicating the strategy, and a suggested timeline. 4. The report should consist of the following structure: A title page with subject code and name, assignment title, student’s name, student number, and lecturer’s name. The introduction that will also serve as your statement of purpose for the report. This means that you will tell the reader what you are going to cover in mitigation plan report. You will need to inform the reader of: a) Your area of research and its context (how to mitigate or manage threats) b) The key concepts you will be addressing c) What the reader can expect to find in the body of the report The body of the report will need to respond to the specific requirements of the case study. It is advised that you use the case study to assist you in structuring the report. Set priorities for identified threats from assessment 2, analyse the case in terms of identified risk categories and discuss specific resolutions and recommendations for improvements in the body of the report. The conclusion (will summarise any findings or recommendations that the report puts forward regarding the concepts covered in the report. 5. Format of the report The report should use font Arial or Calibri 11 point, be line spaced at 1.5 for ease of reading, and have page numbers on the bottom of each page. If diagrams or tables are used, due attention should be given to pagination to avoid loss of meaning and continuity by unnecessarily splitting information over two pages. Diagrams must carry the appropriate captioning. 6. Referencing There are requirements for referencing this report using APA referencing style for citing and referencing research. It is expected that you used 10 external references in the relevant subject area based on readings and further research. Please see more information on referencing here: https://library.torrens.edu.au/academicskills/apa/tool 7. You are strongly advised to read the rubric, which is an evaluation guide with criteria for grading the assignment—this will give you a clear picture of what a successful report looks like. Submission Instructions Submit Assessment 3 via the Assessment link in the main navigation menu in MIS607 Cybersecurity. The Learning Facilitator will provide feedback via the Grade Centre in the LMS portal. Feedback can be viewed in My Grades. Academic Integrity Declaration I declare that, except where I have referenced, the work I am submitting for this assessment task is my own work. I have read and am aware of the Torrens University Australia Academic Integrity Policy and Procedure viewable online at http://www.torrens.edu.au/policies-and-forms. I am aware that I need to keep a copy of all submitted material and their drafts, and I will do so accordingly. https://library.torrens.edu.au/academicskills/apa/tool http://www.torrens.edu.au/policies-and-forms MIS607_Assessment_3_Brief_Mitigation plan for threat report_ Module 6.1 Page 3 of 4 Assessment Rubric Assessment Attributes Fail (Yet to achieve minimum standard) 0-49% Pass (Functional) 50-64% Credit (Proficient) 65-74% Distinction (Advanced) 75-84% High Distinction (Exceptional) 85-100% Visual appeal and presentation of content Title page included. Adheres to the font, spacing, format, word count requirement. Appropriate use of paragraphs, sentence construction, spelling, and grammar. 20% No title page. Incorrect font and size with poor line spacing and large gaps in pagination, tables, or diagrams. Report is written as a block of text with no breaks in between ideas. Separate ideas cannot be clearly discerned. Many errors in spelling or grammar. Does not adhere to the word count requirement. Title page is included. Missing most information. Incorrect font and size is used or poor line spacing and large gaps in pagination. Paragraphs are used but large blocks of text with long sentences make it difficult to understand the ideas being conveyed. Spelling or grammar has errors but meaning remains clear. Does not adhere to the word count requirement. Title page is included but is missing key information. Some errors in font use and line spacing. Some pagination problems. One idea or concept per paragraph. Some paragraphs could be more succinctly written. Minor spelling or grammar errors. Adheres to the word count requirement. Title page is included with most required information. Minor errors in font, spacing and format. One idea or concept per paragraph with 3–4 well- constructed sentences per paragraph. No errors in spelling or grammar. Adheres to the word count requirement. Title page is included with all required information. Font, spacing, and format are in accordance with the requirements of the assignment brief. Expert use of paragraphs with 3–4 well-constructed sentences per paragraph that follow logically from each other. No errors in spelling or grammar. Adheres to the word count requirement. Knowledge and understanding Understanding of the key concepts, principles of cybersecurity, Analyse the case in terms of identified risk categories and scenarios and apply standard mitigations. 30% Lack of understanding of the required concepts and knowledge. Key components of the assignment are not addressed. Lack of analysis of the case in terms of identified risk categories and scenarios and no application of standard mitigations. Limited understanding of required concepts and knowledge. Some of the key components of the assignment are not addressed. Limited analysis of the case in terms of identified risk categories and scenarios. Limited application of standard mitigations. Adequate understanding of the required concepts. A reasonable capacity to explain and apply relevant key concepts. Supports opinion and information substantiated by evidence from research to analyse the case in terms of identified risk categories and scenarios. Adequate application of standard mitigations. Thorough understanding of the key concepts. Well- demonstrated capacity to apply and analyse relevant information to analyse the case in terms of identified risk categories and scenarios and application of standard mitigations. Highly developed understanding of the field or discipline/s and key concepts. Expert analysis of case in terms of identified risk categories and application of standard mitigation. MIS607_Assessment_3_Brief_Mitigation plan for threat report_ Module 6.1
Answered 7 days AfterAug 05, 2021

Answer To: MIS607_Assessment_3_Brief_Mitigation plan for threat report_ Module 6.1 Page 1 of 4 Task Summary For...

Karthi answered on Aug 10 2021
142 Votes
Table of Contents
Introduction .................................................................................................................... 3
Prioritising the Risks ........................................................................................................ 4
Identified Categories of the Risk ....................................................................................... 6
Standard Mitigations ....................................................................................................... 6
Specific Resolutions and their Significance .............
........................................................... 7
Techniques to Mitigate the threats ................................................................................... 7
Recommendation ............................................................................................................ 9
Conclusion ....................................................................................................................... 9
References ..................................................................................................................... 10



















Introduction

This article highlights the Business & Communication Insurance (B&C Insurance) mitigation
strategy. After prioritising risks or threats, a mitigation plan will be developed. In order to
develop goals for risk, a model will be applied to classify various risk variables and analyse
them based on their effect on the organisation. In addition, defined categories of risk such as




UTILITY
CONFIDENTIALITY
POSSESION
AUTHENTICITY
hacking, spy and phishing will be evaluated. In addition to this STRIDE model, the case of the
insurance firm will be studied, and mitigation measures such as setting up of a high-tech
cyber protection framework that guarantees that only permitted individuals have access to
their individual accounts will therefore be proposed.



Prioritising the Risks

Different researchers have used multiple models for prioritising risks. One of the models was
to determine different risk variables and then score each variable following their significance
and impact on the organisation. In the Business and Communication case, risk variables can
be Strategic plan risk, client's data leakage risk, and leakage of the company's confidential
information such as financial and its internal strategy risk variable. Every variable will be
scored, and at the end, the overall score will be identified. The overall score helps in
determining the degree of threat either it is normalised or not based on a predefined scale.
An example of such a model is shared in figure 1, where risks 3 and 4 are prioritised based
on assigned scores (Hinkelmann, 2012).Moreover, after determining the overall score, every
risk variable is prioritised based on the highest score. In the case of an insurance company, a
highly prioritised risk is the leakage of clients' information that is considered an important
resource of the organisation. Second priority will be given to strategic planning and in the
last unauthorised access to an internal strategy. Moreover, in other scenarios, risk variables
can be personnel and funding related depending on the company's operations and
cybersecurity system, and accordingly, variables are prioritised (Martins & Lambe, 2013)

INFORMATION
SECURITY

Figure 1. Parkerian hexad
INTEGRITY AVAILABILITY








The six elements were identified explicitly by Parkerian hexad related to ISOs and stressed
that companies concentrate on those elements highlighted: control or ownership, secrecy,
usefulness, honesty, integrity and utility. These components protect businesses, as
mentioned in the case of insurance companies, from such cyber-attacks. Organisations
understand, however, that they cannot fully defend themselves from certain attacks and
threats, even though they can avoid threats because of the factors above. Furthermore, it
calls on businesses to prioritise data protection, networks, processes and analyse the
opportunities available to reduce the risk of cybercrime.
Companies must increase resources for the authentication, instead of stressing the secret
details, of the credibility of individual information. Experts would definitely claim that
privacy cannot be overlooked, so businesses have to choose carefully. It is necessary to
remember that priority should be given to honesty over secrecy, and the regulatory
implications should be possible under sanction or penalty. The tools for cyber attacks have
been restricted to businesses. This needs to be handled carefully, and the risk must be
prioritised accordingly (Boyes, 2015)

Apart from protecting and prioritising the most critical items, clear measures can be taken to
deter individual cyber assaults by exchanging threat information. Companies in particular
industries must exchange information by setting up a Security Council as a protective tool to
deter cyber attacks. The concept behind the establishment of an information-sharing council
is clear. Take a case of a business and communications insurance firm exchanging cyber
attacks, through a common strategy and priority approach and solution models, with other
insurance firms that have the same digital assets which other players in the industry will
prevent from using the same nature of the cyber attack.



Identified Categories of the Risk

The threats facing business and communications insurance companies have been listed in
various categories, such as; hacking, malware, social engineering, espionage, and more
precision phishing Phishing is described as an external party entity or business that receives
emails. External parties have easy access to internal networks,...
SOLUTION.PDF

Answer To This Question Is Available To Download

Related Questions & Answers

More Questions »

Submit New Assignment

Copy and Paste Your Assignment Here