Attaching the file here.Response Paper3 Response Paper3 Risk Management Scenario Although not all of...

Question

Attaching the file here.Response Paper3 Response Paper3 Risk Management Scenario Although not all of the OIT management agreed with your top five (5) threat categories and accompanying attack vectors recommendation1, the CIO was  impressed with your research as well as your newly revised policies2. Top management now  wants you to join the WMU InfoSec Initiative team to help in the next major phase of the  project: risk management. The risk management process is comprised of three major areas:  1. risk identification 2. risk assessment  3. risk treatment and control In this paper, you will delve into each as we work to help WMU minimize risk to its most  valuable assets.3 Task Components Please include the following sections as major paper headings. Implement sub-section  headings as appropriate when appropriate. This paper will require a great deal of analysis and support so organization and  presentation is extremely important. Part1: Identification Asset identification may require you to assume certain items about WMU because we do not  have detailed information about all human resource roles, equipment, etc. However you can  make some assumptions using material found on WMU websites as well as articles  from other higher education assessments4. Even extending some of your own  organizational knowledge would help here. By previously identifying the major threats, you have already completed part of the process of  threat assessment. You may change your initial threat analysis, use partial components, etc.  However, make sure to discuss threat categories and attack vectors you deem the most  important to guard against. 1 Response Paper1 2 Response Paper2 3    If you would like to use your place of work instead of WMU and have authorization to share  organizational details with me alone, please contact me via email or Teams to discuss it. 4 https://www.educause.edu/focus-areas-and-initiatives    Response Paper 3 1 of 2 https://www.educause.edu/focus-areas-and-initiatives Once you have identified assets and discussed vulnerabilities, create a TVA worksheet  (table or embedded spreadsheet) to illustrate and support your discussion.  If necessary, include tables and/or worksheets in appendices. Do make sure to discuss the  TVA findings in your analysis. Please note: For Part1 there is no expectation that we can cover every WMU asset against  every potential threat. Work to narrow your focus to a particular area (e.g., computer labs) or  category (e.g., data) and state the constraints. Part2: Assessment In terms of risk assessment make sure to explain WMU’s risk appetite and determine the  risk cost for your top three (3) TVA-ranked items at a minimum. This will require you to  perform a quantitative analysis using your best “guesstimates” although you can find  some preliminary costs online. Part3: Treatment and Control Using your TVA and risk assessment, assign and discuss risk treatment and control  strategies for each identified asset associated with a risk cost. Make sure to justify your  rationale. A major part of this rational needs to be a cost benefit analysis using accepted  quantitative approaches. For example: CBA = ALE(pre-control) – ALE(post-control) - ACS If quantitative feasibility analyses are not sufficient—and many times they are not—add  other feasibility methods such as behavioral, operational, organizational, political, and  technical. Please Note If you want to reference and follow industry standard models such as OCTAVE, NIST, or  ISO 27005 you can, but make sure the sections used support your approach. Do include an Executive Summary and a Conclusion section for this paper. Deliverable Make sure to follow the Response Paper Guidelines posted in eLearning. Your paper should  be turned in to the eLearning dropbox with the filename: ResponsePaper3 before the due date and time. Response Paper 3 2 of 2

Dr Raghunandan G · Accepted Answer

Risks & Cyber Security	                                                                                      	2
RISKS & CYBER SECURITY
Executive Summary
Risks to security indicate the possibility of a cyberattack. A purposeful and hostile attempt to compromise the networks of some other organisation or entity is known as a cyberattacks. Data theft, monetary reward, intelligence, or destruction may be the suspect's goals. Regardless of how one begins to estimate the cyberthreats, the effect or hazard is calculated utilising the same formula as for any program / project planning Additionally, take into account the threat's effects. How sensitive are the systems that will likely be impacted? How priceless and important is the information that could be lost? One may discover dangers which are important to the organisation and make sure companies are safeguarded by integrating both probability and effect. These issues are faces by WMU and in further sections of this paper they are addressed analysed and given appropriate solution. Identification of the risks associated with cybersecurity, followed by assessing them with proper analysis and proofs and finally suggesting few control and treatment measures that could be followed by the WMU to set a better standard. 
Table of Contents
1. Identification	4
Assets	4
1.1 Cyber assets	4
1.2 Human Resources	4
1.3 Group Cyber Assets.	5
1.4 Threat	5
1.5 Vulnerabilities	5
Cyber Vulnerabilities include	5
Threat Vulnerability Asset Worksheet.	6
1.5.1 A ransomware assault	6
1.5.2 Ethical hacking assaults	6
1.5.3 Threats on the technology distribution chain	6
2. Risk Assessment	7
2.2 Human Vulnerabilities	8
2.3 Network Vulnerability	9
3. Treatment and Control	9
3.1 Get rid of the danger	9
3.2 Utilise administrative safeguards	9
Conclusion	11
Reference	13
1. Identification
 Assets
All material which is significant and can be utilized to access confidential information is referred to as a resource. Assets might be material, devices, or other related equipment inside an organisation.  
1.1 Cyber assets 
· Control and information.
· Information collection methods.
· Network hardware.
· Interfaces for virtual servers or storing on devices like backup power generators, Ventilation systems, and malware scans, are supplementary or assisting devices (UPS).
1.2 Human Resources
The Haworth College of Business at Western Michigan University will provide particular skills that need to assist firms in gaining a profitable competitive advantage via their largest vital commodity workers. The curriculum offers the specialized and technological abilities needed to comprehend and creatively address the issues affecting today’s competitive industry and business (Arquilla, 2020). By placing a strong emphasis on subjects that adhere to the standards established by the Society for Human Resource Management, the field's largest professional organisation, the concentration assists candidates in preparing for fulfilling employment (SHRM). 
1.3 Group Cyber Assets. 
Users may divide the cyber resources into several categories based on their numerous attributes and functions in so that the concept of information security resources simpler. Cybersecurity resources which connect with a certain software program could fall under one class. Additional examples are functional groupings that handle certain fundamental capacities. Build the Critical Cyber Assets List (Rasner et al., 2021). One should identify all of the information resources so as to comply the NERC-CIP guidelines after having reviewed each and concluded which ones are crucial to the protection of the key assets (Cyber & Infrastructure Security Agency, 2020).
1.4 Threat
Every event which may harm a resource, such as if it were stolen, rendered inaccessible, or used by an unknown user, is considered a danger. They are defined as events which unintentionally or accidentally jeopardise the privacy, validity, or accessibility of a resource.
1.5 Vulnerabilities 
Cyber Vulnerabilities include
· Network Vulnerabilities are one type of cyber vulnerability to take into account. These are problems in a program's software or hardware that make it vulnerable to probable external invasion.
· Security flaws in the OS.
· Vulnerabilities of individuals.
· Vulnerability in the operation.
Threat Vulnerability Asset Worksheet.
	ASSETS
	RISK MEASUREMENT
	VULNERABILITY
	RISK MEASUREMENT
	Control System
	Medium
	Operating System vulnerabilities
	High
	Data Acquisition system
	High
	Human Vulnerabilities
	Medium
	Networking Equipment
	Low
	Network Vulnerabilities
	Medium
	Hardware platforms
	Medium
	Process Vulnerabilities
	Low
1.5.

Attaching the file here.

Answer To: Attaching the file here.

Answer To This Question Is Available To Download

Related Questions & Answers

Submit New Assignment