1. Critically evaluate benefits and limitations of alternative approaches related to vulnerability and risk assessment.
2. Analyse real world scenarios and properly document results of activities involved in the process of vulnerability” and risk assessment.
Description of the assessment
Background: For any organization, having a secure network is the primary thing to reach its business requirements. A network is said to be secure when it can sustain from attacks, which may damage the whole network. Over the last few decades, inter-networking has grown tremendously, and a lot of importance is given to secure the network. To develop a secure network, network administrators must have a good understanding of all attacks that are caused by an intruder (threat assessment) and their mitigation techniques (control). Choosing a mitigation technique for an attack has an impact on the overall performance of the network because each attack has different ways of mitigation. By performing risk analysis and assessment, network administrators will identify the assets that need to be protected, threats, and vulnerabilities that the network may pose. With the help of risk analysis, administrators will have sufficient information about all risks which helps to build a network with high security. After risk analysis, designing a set of security policies is very important to provide a high level of security. Security policies provide information for network users for using and auditing the network.
The goal of this project is to perform a risk analysis to identify assets, threats, vulnerabilities, and existing controls. Another goal is to have a proposal that convinces management for a technology-based and insurance-based control system to secure the network.
Base Organization: Consider any Organization preferred (Banking, Hospital, University, or e-commerce Datacentres). Assume the organization you have chosen has a yearly revenue of around £300 million. For the selected organization, your tasks are to apply the steps of risk management towards analysing the security of the organization (Data, Network, and Devices). During the design of the project just consider one or two products of the organization around which you can circle your discussion. You are required to perform the tasks mentioned below. You can consider any assumption towards the design, however, clearly mention it in the report. Your report should be supported with proper tables, references, and figures.
Task 1: Identify risks, which includes
Briefly provide background about the organization and discuss why risk assessment is the most critical step in developing and managing cyber security in the organisation and identify the limitations of the current risk assessment methods. Your discussion should be supported with references from reputable resources (This can be technical paper, technical standard, or any other web reference)
Creating an inventory of information assets (You can use standard Template for Inventory control)
Provide a System or network architecture and infrastructure, such as a network diagram showing how assets are configured and interconnected
Classifying and organizing assets into meaningful groups
Assigning a value to each information assets (you can give actual value, or any guess value however your value should be based on the importance of assets)
Identify the top five threats to the organisation information assets. Support you finding by quoting reputable sources of information.
Task 2: Assessing risks which includes
Determining the likelihood that a vulnerable system will be attacked by a specific threat (for a specific vulnerability you can use some online statistics, give reference when using such statistics)
Calculating the risks to which assets are exposed in their current settings
Prioritize the analysed Risks for Treatment (Your analysis should be supported with proper argument or some statistics, check OWASP)
Critically Analysing the methods used for risk assessment (Quantitative or Qualitative)
Mention the Tools you recommend for the risk assessment and vulnerability identification (Your recommendation should be realistic and within the budget of the organization. For the safe side recommend both open source and licensed versions)
Task 3 Risk Control Strategies
Looking in a general way at Controls that might come into play for identified vulnerabilities and way to control the risk that the assets face (Consider at-least 3 Vulnerabilities)
Provide a cost-benefit analysis of a risk-mitigating strategy to convince management for your suggested control (your suggestion should circle around identified Vulnerabilities in first subtask of Task 3)
Provide cost-benefit analysis for insurance-based risk transference (a statement to convince management for insurance for the network)
Identification of overall challenges towards the risk assessment and vulnerability analysis.
Buy Answer of This Assessment & Raise Your Grades
The postappeared first on .