Get Instant Help From 5000+ Experts For

Writing: Get your essay and assignment written from scratch by PhD expert

Rewriting: Paraphrase or rewrite your friend's essay with similar meaning at reduced cost

Editing:Proofread your work by experts and improve grade at Lowest cost

And Improve Your Grades
Phone no. Missing!

Enter phone no. to receive critical updates and urgent messages !

Attach file

Error goes here

Files Missing!

Please upload all relevant files for quick & complete assistance.

Guaranteed Higher Grade!
Free Quote
Conducting a Risk Assessment for XYZCLOUD's IT Infrastructure Following ISO 27005 Standards

Learning Outcomes


•    Select and use applicable standards and methods for information security and risk management.
•    Conduct and properly document risk assessment based on a given scenario.
•    Find and evaluate appropriate published information to remain up-to-date about threats, vulnerabilities and patches.


The XYZCLOUD scenario (note: this scenario is completely fictitious).

XYZCLOUD is a new cloud service company in Preston, and its current IT infrastructure is depicted in Figure 1. The company provides (i) secure storage and (ii) virtual server services for both individual customers and organisations. 

The IT infrastructure comprising 
•    Employees computers (Human Resource and Admin PCs) running Windows XP SP2.
•    A machine running SQL server, which stores all personal information about customers and employees (Running MySQL).
•   A DMZ (Demilitarized Zone) containing a mail server (Microsoft Exchange Server version 12) and stores all emails and attached files, and a web server (IIS 5 ) hosting the websites of the company. Note that the most recent version of Microsoft Exchange Server is version 20.
•    A Windows-based authentication server for authenticating the customers and employees. 
•   A firewall with the firmware version 1.2 to protect the internal network from the outside world (internet).  Note that the recent firmware version of the firewall is version 2.0.  
•    The servers hosting the documents of customers (cloud storage services).
•    The servers hosting the virtual machines for providing cloud computing services. 
•    All the servers and PCs are connected to switches and routers so that they can communicate with each other. The router serves as a gateway between the internal network and the internet.  Note that the recent firmware version of the switches and routers is version 1.2.  

After some attack incidents and financial loss, the company realized that it should carry out a risk assessment and improve its IT infrastructure with security controls.    


In this assignment you have to: 
•    Conduct a risk assessment on the network in Figure 1, based on the ISO 27005 standard.
•    Write a detailed risk assessment report (see Section 4 for the required structure).  

As you can see, there are no specific hardware and software details given in Figure 1. To avoid working in the entirely same network (and hence copying from each other), before doing the risk assessment, you have to specify the system parameters and the system boundaries, including the used operating systems, hardware, software/applications and firmware. Ideally, each of you will work with different sets of system parameters/scope that you chose or specified.  


The 2000-words (excluding the entire bibliography list) risk assessment report should be submitted as a .docx to the appropriate assignment submission link through Blackboard. All references and in-text citations in the report should follow the Harvard style of referencing.


To meet the requirements your report must have a professional look. In order to help you in this regard the following structure is provided as a guideline. The report must contain the following main sections, however, you are allowed to add subsections as you find reasonable.

sales chat
sales chat