CIS097-6 Tactical and Strategic Cybersecurity Management

1. Critically identify, discuss and argue principles and concepts of information assurance and risk management from a combined strategic, tactical and operational perspective

2. Produce a detailed analysis and assessment of risk management processes and construct a DRP procedure for an organization XYZ

What am I required to do in this assignment?

You are required to produce a written report, consisting of two main factors. You are expected to conduct a risk assessment and a DRP (Disaster Recovery Plan) for a company of your choice. The word limit for this project is not supposed to exceed approximately

1. Use the given network infrastructure or design your own network infrastructure for your chosen organization.

2. Identify the organizations hardware assets (Type, Quantity & Asset Values)

3. Identify the organizations software assets

4. Investigate what the nature of data is being used in the organization.

5. What technology components does the organization operate with

6. Identify risk, threats and vulnerabilities using the correct calculation formulas.

7. Calculate the likelihood for each risk identified.

8. Calculate the magnitude of impact

9. Specify your risk assessment methodology (Quantitative and qualitative)

Single Loss expectancy (SLE) = To determine what the single loss expectancy if a particular resource were made unavailable. Annual Loss Expectancy (ALE) = How often should we expect that particular resource not to be available for the entire year. Asset Value (AV) = Value of the assess, despite it being a hardware or a software asset.

Annualized Rate of Occurrence (ARO) = To identify the ARO, it is crucial to understand the particular risk and investigate on how likely it is for a certain event to happen, within a certain period.

Exposure Factor (EF) = Is the percentage of asset lost. The individual conducting the assessment for XXX is a specialist and experienced assessor who knows how to give the EF a value, depending on the asset.

A crucial element in developing a secure network is to undertake a risk assessment task. A risk assessment assigns levels of risk to different possible threats to the network security by comparing the nature of the threats to the types of controls designed to reduce such threats and provide adequate protection to the network and workstations. This is achieved by constructing a control plan and then rating the importance of each risk. A critical element in any risk assessment undertaking is how to recover from any security breach or incident whether natural or otherwise? This is referred to as a disaster recovery plan, which is intended to tackle the ways and means of responding to a possible disaster once it happens. Using the background above, produce up to 3000 words report on developing a possible risk assessment and disaster recovery plan for a corporate network of your choice. The plan should take into consideration the following: · possible threats priotrized according to their probability of occurrence (i.e. any potential adverse incidence that can do harm and interrupt the systems using the network) · network assets (i.e. resources that have a monitory value, such as hardware and software) · All controls that are currently used on the network to lessen or prevent risks (i.e. control mechanisms against threats, such as fire, flood power loss, viruses etc.) · a disaster recovery plan (i.e. the actions and procedures that provide for a partial or complete recovery of the network assets)

What do I need to do to pass? (Threshold Expectations from UIF)

1. Develop appropriate risk mitigation plans as a response to a given scenario

2. Present a documented set of procedures to assure recovery and protection of a business IT infrastructure

3. Design effective GRC framework with references to legal and regulatory requirements

How do I produce high quality work that merits a good grade?

Alongside presentation of the documentation you should provide a critical analysis of the incident, highlighting failings and making suggestions as to how such events could be avoided in future. You should also justify and explain the approaches you are proposing and be able to show their effectiveness.

How does this assignment relate to what we are doing in scheduled sessions?

This assignment builds on aspects of risk and business continuity planning, which are core aspects that have been discussed in lectures. It allows you to take the theoretical underpinnings of the risk management process and apply these to a real world scenario.