The aim of the module is as follows;Businesses are implementing many new digital technologies, bringing security challenges. The module will cover key governance, risk, compliance and ethical issues...

I attached my assignment


The aim of the module is as follows; Businesses are implementing many new digital technologies, bringing security challenges. The module will cover key governance, risk, compliance and ethical issues that will ensure that any ICT activities are aligned from a security perspective in a way that supports the organization's business goals. The 3 Learning Outcomes (LOs) are as follows. LO1 Demonstrate a critical awareness of the key attributes of an information compliance and governance frameworks in a range of organisational settings. LO2 Apply strategies for risk identification, measurement and mitigation within a cyber security context. LO3 Demonstrate a critical appreciation of legislation and ethical issues related to privacy, data protection and cyber security. Part 1: Risk Management (40%) Conduct a risk assessment for specific areas of concern for the business you work for or for a selected organisation e.g. the HSE. Scenario: The Senior Management Team (SMT) is accustomed to receiving risk assessments using qualitative risk assessment charts/heat maps. The CEO of the organisation was in discussion with a CEO from another organisation who recommended to them the use of Factor Analysis of Information Risk (FAIR). The CEO wonders if FAIR will give better insights into the risks the business is facing from threat actors in the Cybersecurity sphere. The CEO wants you to investigate how FAIR could be useful both internally and externally. You must; · Firstly identify 3 assets that could be at risk for your selected organisation. Aim to draw these from across at least 3 different aspects of assets, for example people, data, computer systems. · Create a Risk register and treatment plan for your organisation. Here priorities the risks and select the top 2 for the organisation and assess the risk, based on the impact on the asset and likelihood of the threat. · Prepare a document that will be presented to the SMT. Explain the current risk position of the organisation and how you intend to mitigate those risks (reference to appropriate Frameworks should be evident). You should display quantitative, qualitative and hybrid risk analysis to SMT. Reflect on the work that you have done above in 1500 words including; · Make a recommendation to the CEO on if you feel the quantitative FAIR can provide value to the company going forward or if the traditional approached of qualitative heat maps is sufficient for monitoring Cybersecurity risk in the future. Link your comments to any research in this area. Propose where and when it is appropriate to use each approach going forward. · You may choose to use Frameworks and Tools from NIST/ISO/CIS/FAIR/etc to assist you in your risk analysis. Note: The assignment is not asking for such detail that the confidentiality of the organisation you are working for is breached, you do not need to include any identifier on the assignment to link it to your organisation. Part 2: Governance (20%) Design a tailored IT Governance system using COBIT 2019 Design Factors for the business you work for or for a selected organisation e.g. the HSE. (You do not have to implement a full Governance system, but you should have a list of priorities for your selected organisation to focus on) Figure 1: Governance System Design Workflow Include; · A description of the organisation you are tailoring the governance system for. The enterprise strategy/goals are set out here. Discuss what sort of role does I&T play in the organisation? Has the enterprise suffered from any IT problems or had any Cybersecurity incidents in the past? Have similar organisations suffered breaches? This description will then be used during the Design Factors stage. · Apply the COBIT 2019 Design Toolkit and determine what are the recommended focus points for the organisation. Reflect on the information received in 1200 words. · Discuss the feedback the Design Toolkit gave you. What Governance and Management Objectives and Activities should your business be focusing on? If the documentation for that Objective is not on Blackboard then please request this from your Lecturer. · Was this Design Factor process useful? How can this benefit your organisation or HSE? · What aspects were not helpful, how would you critique the Design Factor toolkit and the feedback the tool gave you? · Are there other Governance frameworks that would be more beneficial to use and what type of insights would using those frameworks give compared to COBIT 2019 e.g. does NIST/ISO prescribe a better way to construct an IT Governance system for our organisation? · Link your reflection to any research/best practices in this area.