Word limit: 10 to 15 pages in length Students are expected to research and discuss and submit report. The project can be in any of the following areas: • Cybersecurity • Internet of Things • Cloud...

1 answer below »


Word limit: 10 to 15 pages in length


Students are expected to research and discuss and submit report. The project can be in any of the following areas:


• Cybersecurity
• Internet of Things
• Cloud security
• Mobile health devices
• Bring Your Own Device
• Smart vehicles
• Or an area in your profession


1. Cover page


2. Table of contents


3. Executive Summary (2-3 pages in length)


3.1 Provides a clear statement of the technology project that is being assessed


3.2 An overview of your recommendations to management as to the merits of the project based on your risk assessment


4. Risk assessment based on threats, vulnerabilities and consequences (4 - 10 pages in length)


4.1 These are must be derived from an IT control framework and any existing industry risk recommendations for the project.


4.2 Identify and discuss the key threat agents.
 List threat agents
 Issues
 Consequences
 Include pictures, images, tables, analysis


4.3 What could be done to mitigate the risks and their impact on the system
 Impact
 Mitigation


5 Provide a brief summary (literature review) (2 - 4 pages in length)


5.1 Protection mechanisms you could employ for the information security.
 Safe guards
 Other measurements Security mechanisms
 like change in key principle of information security


6 Conclusion


7 References


8 Appendices



Part 2 - Risk Assessment Report Your deliverable for this ITC596 task is an IT Risk Assessment report, written for the intended audience of management providing a risk assessment of a project. The project can be in any of the following areas: · Cybersecurity · Internet of Things · Cloud security · Mobile health devices · Bring Your Own Device · Smart vehicles · Or an area in your profession Scenario options: 1.You can work towards the scenario provided below; or 2.You also have the opportunity to choose your own scenario-based risk assessment that could potentially be drawn from your own professional experience or context. The second option requires a discussion with and approval by your Subject Coordinator. The report structure requirements and criteria should be the same regardless of your scenario. Provided Scenario You have been hired as the IT Risk Assessment lead consultant for Gigantic Corporation (your specialisation is based on the area you have chosen above). Your role is to be the interface between business stakeholders and technologists, translating potential technical difficulties into risk language to facilitate effective decision-making by stakeholders. You have been engaged to assess a project that falls into your specialised area. Once you complete a full assessment, you are required to provide the IT assessment report to the management in the department or section that is running the project for Gigantic. How to complete this task: 1. You will write a report on the project IT risks based on the scenario. 2. Your report must be a Microsoft Word document, 10 – 15 pages in length at 12 point font and single spacing. The report must address the following criteria: An Executive Summary at the beginning of the report which provides a clear statement of the technology project that is being assessed, and an overview of your recommendations to management as to the merits of the project based on your risk assessment (2 – 3 pages in length). A risk assessment based on threats, vulnerabilities and consequences derived from an IT control framework and any existing industry risk recommendations for the project. Identify and discuss the key threat agents. What could be done to mitigate the risks and their impact on the system? (4 – 10 pages in length). Provide a brief summary (literature review) of protection mechanisms you could employ for the information security. (2 – 4 pages in length). 3. The report is worth 15 marks of the overall marks available for assessment 3. Engaging with scenario-based tasks provides you with the opportunity to simulate real world application of your learning in this subject. Rationale back to top This assessment task will assess the following learning outcomes: · be able to justify the goals and various key terms used in risk management and assess IT risk in business terms. · be able to critically analyse the various approaches for mitigating security risk, including when to use insurance to transfer IT risk. · be able to critically evaluate IT security risks in terms of vulnerabilities targeted by hackers and the benefits of using intrusion detection systems, firewalls and vulnerability scanners to reduce risk. Marking criteria and standards back to top Part 1 - Online Quiz The quiz will involve multiple choice or true/false type questions. Marks will be given based on the correctness of the answers. Interact will be marking automatically and you will receive marks according to the following criteria: HD - At least 85% answers were correct DI - At least 75% answers were correct CR - At least 65% answers were correct PS - At least 50% answers were correct   Part 2 - Risk Assessment Report   Presentation back to top · Assignments are required to be submitted in either Word format (.doc, or .docx). Each assignment must be submitted as a single document. · Assignments should be typed using Times new Roman/Arial, 12 point font. APA referencing style should be used. A reference list should be included with each assessment item. · All diagrams that are required should be inserted into the document in the appropriate position.
Answered Same DaySep 24, 2020ITC596Charles Sturt University

Answer To: Word limit: 10 to 15 pages in length Students are expected to research and discuss and submit...

Kuldeep answered on Sep 27 2020
146 Votes
Running head: Cybersecurity
Cybersecurity
Student Name:
University Name:
Unit Name:
Date:
Contents
1.    2. Table of contents    3
3. Executive Summary (2-3 pages in length)    5
3.1 Provides a clear statement of the technology project that is being assessed    6
3.2 An overview of your recommendations to management as to the merits of the project based on your risk assessment    7
4. Risk assessment based on threats, vulnerabilities and consequences (4 - 10 pages in length)    8
4.1 These are must be derived from an IT control framework and any existing industry risk recommendations for the project.    9
4.2 Identify and discuss the key threat agents.    10
List threat agents    10
Issues    10
Consequences    10
Include pictures, images, tables, analysis    11
4.3 What could be done to mitigate the risks and their impact on the system    11
Impact    11
Mitigation    12
5.1 Protection mechanisms you could employ for the information security.    15
Safe guards    15
Other measurements Security mechanisms    16
Like change in key principle of information security    16
6 Conclusions    17
7 References    18
8 Appendices    19
Executive Summary
Cybercriminal is going to make 3.5 million latest, unfilled cybersecurity jobs by 2021. This increase is 350 percent in five years. As well as because of that growth several major
cyber security revenues are surrendered. Everywhere, to employ business security professionals, customers invest a significant amount to monitor the privacy and avoid ransomware attacks. In today's Internet-connected world, where technology is under almost every aspect of our community, cyber security and forensic experts are handling extensively with cyber hazards in real-time situations. Without the risky information, large data and the employment of machine learning techniques, in real-time situations, the ability to detect, analyze and prevent such threats is not possible. For example, when large-scale data is collected or generated by various security monitoring solutions, then intelligent and next-generation large data analytical techniques for knowledge, definition, and removal of this arbitrary/structured (large) data are necessary. Or maybe it's other method. Internet is creating social opportunities as well as latest business that scale moreover widely interacts. Increasing or accelerating personal as well as corporate data makes it more profitable target for a cyber crooks moreover a state-sponsored spy or saboteur. At a same time, more connectivity offers more probable attacking vectors. The report shows the responsibilities of the responsible person and the financial driver and the social media as well as the concerns related to the future of the Internet. One central theme is that the Internet must be successful in both areas; it should be reliable, safe and easy to use.
Statement of the technology project
The information or communications technology industry has also evolved significantly over last half century. This technology is universal as well as consistent integral in almost each aspect of modern technology. ICT devices as well as components are commonly mutually dependent and someone's interruptions might affect others. For the past some years, experts or policy maker have expressed rising concern about cyber attacks in protecting the ICT system, which is why lots of experts are expected to increase intensity and frequency over next few years. The work of protecting information or communications technology system or their content has been identified as cyber security (Bartlett & Bottollier-Depois, 2005). Comprehensive and rationally, some unclear ideas can be a useful term for cyber security, but that definition is denied. Sometimes they are messed up with other ideas like privacy, intelligence gathering as well as monitoring. But, cyber security may be a significant tool to protect privacy or prevent unauthorized monitoring, and gathering information as well as intelligence may be helpful tools due to cyber security. Risk management is considered to be the basic for cyber security in the information system. The threat related to any attack is dependent on three factors: Threats, vulnerability and impact. Most cyber attacks have restricted results; however some elements of critical infrastructure (CI) are a successful attack - most of the which, by a private sector, have important impact on the national security, financial system and individual citizens' livelihood as well as security. Reducing such risks usually involves the removal of threats, removal of vulnerabilities, and decreasing effects. Federal roles in cyber security include helping to safeguard both federal system and protect nonfederal system (Basu & Fernald, 2014). According to the current law, all federal agencies are responsible for their own cyber security capabilities related to their system moreover many people have area-specific responsibility for the CI. More than fifty rules cite the several aspects of cyber security. In the 113th Congress, five bills were implemented, and at 114th position, the second federal ICT and the USI Security, federal cyber security workforce, cyber security research and development, public and private sector information sharing and international aspects of cyber security. Other bills considered by Congress include restrictions and responses to data violation, cybercrime and law enforcement and other things besides internet cases. During the 114th Congress Period, the Obama administration has promoted and expanded non-Federal Information Sharing and Analysis Organizations; Announcement of action plan to improve cyber security across the country; More than 30% of federal agencies prepare a mobile van for the modernization of federal ICT with the proposed increase in cyber security funding; Instructions on how the federal government will respond to cyber security incidents of government and private sector (Biswas & Mukhopadhyay, 2016). Those recent legislative and executive-branch functions have been designed to meet the well-established needs of cyber security in large numbers. However, that requirement exists in the context of long-term challenges related to design, promotion, comprehensive, and environmental. 114th and future Congress legislation and executive actions can have a significant impact on those challenges.
Recommendations to management as to the merits of the project
The International Organization for Standardization (ISO) defines risk as the "effect of uncertainty on objectives." It is an ongoing procedure of recognizing risk management, evaluating as well as responding to risks. To manage risks, organizations must evaluate the probable impact of the probability of an event or then recognize the better approach to handling risks: Avoid Move, Accept and Decrease. To reduce the risk, one type of safety measures (preventing, preventing, detecting, correcting, etc.) should be ensured by an organization. Not every risk may be removed, and no grouping has a restricted budget and sufficient staff to deal with all the risks (Brody, Bianca & Krysa, 2012). Risk management (RM) is similar to managing the effect of the uncertainty on institutional objectives, which is why it is the most efficient and effective use of restricted resources. This ensures that the decisions of the risk can be well-inform, can be considered as well as made in context of organizational objective, for example the opportunity to support organization campaign or get professional awards. Risk management must take a broader approach to risks in an organization, so that resource allocation information, risk management, and responsibility must be enabled. Ideally, risk management helps in early detection of risks and applies appropriate measures to prevent or prevent the occurrence of events (Dourado & Castillo, 2018).
Risk assessment based on threats, vulnerabilities and consequences
Vulnerability Analysis The purpose of analyzing the sensitivity is to check whether current safeguards are sufficient in case of information gathering, confidentiality, integrity or availability to gather information and check current exposure. They will also indicate whether the proposed safe guard will be sufficient. Different tools can be used to identify specific weaknesses in the system. Solving the problem in many organizations is the ability to effectively filter false positives in the evaluation applications. It is necessary to verify the results of various tools to accurately determine the reliability of the devices in use and to prevent the protection of an area that does not exist in reality. False positive effects can be reduced by ensuring that the evaluation app is updated with the latest stable signature and patches (Giles, 2011).
Threat Analysis Risks are described as such things that contribute to the persecution, destruction or disruption of any service or value item. The risk of analysis will focus on each item that will probably be possible. These risks can be divided into human and inhuman elements.
Consequences Assessing whether existing policies, procedures, and protection items are enough in these places is one of the last steps. If there is no security guard in providing adequate protection, such deficiency can be considered. Existing and planned protection should be reviewed to determine whether earlier known and discovered threats and threats have been reduced (Groves, Cox & Hesse, 2017).
IT control framework
The preferred, flexible, or cost-effective approaches to Cyber security framework helps to promote vital protection and flexibility and promote the economy and other areas required for national security. Many organizations need to mix state, industry-specific and international cyber security rules. Challenge for an organization at a national or international level is important. Of all the companies considered in the survey, often in the banking and financial sector, security frameworks are often used and then they use information technology. Healthcare and medical sectors were the worst, 27% are not in any of these boxes (Heires, 2012).
Key threat agents
List threat agents
· Hackers
· Terrorists
· Cyber Criminals
Issues
Hackers: There are people interested in arcan working in the computing system. Hackers constantly try to deliver knowledge further or freely. The Hackers will not intentionally disrupt the data.
Terrorists: Those who violate systems integrity are malicious purposes. The terrorists enjoy the pleasure of these abuses and their temporary strength (M.Alghazzawi, Hamid Hasan & Salim Trigui, 2014).
Cyber Criminals: While considering threatening agents in relation to cyber-security, each of them come in one of the following: Cracker, Hacker, Amateur, therefore, is more effective to utilize the structure present in Figure 1, as well as then distinguish between us. Risk conditions depending on the agent. The above statements only have one concession (Malhotra, 2015).
Consequences
For cyber security, the definition of a cyber danger is somewhat less in Oxford Dictionary: "A malicious attempts to harm or inhibit computer network and systems." These definitions are incomplete, including attempts to access the files or intrusions or theft of data. But after the release of this list, different types of game-changing technologies have been widely used: name cloud computing, big data and mobile device use. Successful cyber attacks can cause main harms to your company. The effect of the security breaches can be divided into a three sections: financial, honorable or legal (Ramage, 2012).
Image Source: helpnetsecurity.com
Image Source: facilityexecutive.com
Mitigation the risks
Impact
Cyber attacks often result in substantial financial loss arising from:
· Theft of the corporate data
· Theft of the financial data (e.g. bank details and payment card)
· Theft of the money
· Disruption to trading
· Loss of the business and contract
The costs related with the repairing affected system, networks, as well as devices, including victims of cyber breach, are also usually taken (Sheetlani, 2017). Data Protection or Privacy Laws You must manage security of overall your data - be it on your employees and your clients. If this information has been compromised and deliberately compromise as well as you fails to use the correct security measures, then you have to face penalties and regulatory approvals.
Mitigation
Over the past several years cyber attacks have been going on in the attacks of hackers and cyber criminals. These attacks on computers and computer programs can often be disastrous for a company or a private user, rigorous and occasionally lengthy restoring processes are needed that can provide valuable time and income.
The Proper computer security is required when trying to prevent any type of cyber attack from a virus from a phishing scam to random software. One way to make sure your device is safe enough is to ensure that any software or security updates are available instead of taking as long as possible (Valasek, 2017). Hackers can...
SOLUTION.PDF

Answer To This Question Is Available To Download

Related Questions & Answers

More Questions »

Submit New Assignment

Copy and Paste Your Assignment Here