Read the following case study and answer the questions that follow. Following the hack by the Social Consciousness Hacker Collective on Grosvener Systems (Pty) Ltd, where all of the internal emails of the company were leaked onto the internet, the CEO and CIO of the company are dismissed. The CIO of the organisation where you work is concerned that the Social Consciousness Hacker Collective will target other organisations, and asks you to develop a ranked vulnerability worksheet for the information assets of your organisation, using the template provided. Question 1 Before you can rank the vulnerabilities present in your organisation, you need to lay out the relative value of each information asset in the organisation that may be affected by such a data breach (refer to Section 3 and 4 of the Unit 2 Notes). Identify at least 10 assets in the ranked vulnerability worksheet template provided, and then rate the impact on the organisation for each asset (100, 50, or 1) if it were to be compromised in any way, using the drop-down menu in the Excel spreadsheet provided. Explain your reasons for the value you have assigned in the ""value rationale"" column. Ensure that the asset you have identified is a realistic data asset, and not simply a business asset. Note: You will not be marked on your valuation, but on how you rationalise the value you assigned.
Added by Susan L.
Close
Step 1
To identify the assets, we need to consider the information assets that may be affected by a data breach. These assets should be realistic data assets and not simply business assets. Here are 10 examples of information assets that could be included in the Show more…
Show all steps
Your feedback will help us improve your experience
Akash M and 69 other AP CS educators are ready to help you.
Ask a new question
Labs
Want to see this concept in action?
Explore this concept interactively to see how it behaves as you change inputs.
Key Concepts
Recommended Videos
Your CEO is worried that a similar situation could happen at your company and has asked you to try and determine if investing in greater cybersecurity is a smart move. You call your friend who works for a major cybersecurity firm and ask about their products, pricing, and guarantees. Well, the bad news is they have no guarantees, but they can show evidence that even one major attack would result in significant losses for your company. Here is the information you receive: - Cyber attacks are up 600% from pre-pandemic levels. - The average cost of a cyber attack on a small business ranges from $120,000 to $1.24 million per successful attack. - 71.1 million people fall victim to cyber crimes yearly. Your company has been quoted $1.5 million for a new cyber defense system. The new program will likely protect the company for 3 years and then need to be replaced as technology improves. Using sophisticated detection skills, they determine that your company's website faces approximately 800 cybersecurity incidents a day, 365 days a year. They also estimate that 1 in 500 attacks are successful, and the cost of the average attack is $1,000 after tax – due to lost merchandise, notification of the customers affected, and time spent by employees following up on the incidents. Should you buy the system? Your company estimates its cost of capital is 7.5%. Using Excel, calculate the payback, discounted payback, NPV, and IRR of the proposed new cybersecurity system.
Akash M.
Assessment topic: Risk identification, assessment, and treatment Task details: This assignment requires you to perform risk identification, assessment, and treatment based on the given case study. Also, it is required to implement ethical hacking (which does not do any malicious activity) on your own virtual machine. This is just for demonstration purposes and focusing on the risk identification, assessment, and treatment accordingly, and you should not implement it on any other computers. The assignment's requirements are Kali Linux and the required tools. Case Study for the Assignment: A small family-owned construction company made extensive use of online banking and automated clearing house (ACH) transfers. Employees logged in with both a company and user-specific ID and password. Two challenge questions had to be answered for transactions over $1,000. The owner was notified that an ACH transfer of $10,000 was initiated by an unknown source. They contacted the bank and identified that in just one week, cybercriminals had made six transfers from the company bank accounts, totaling $550,000. How? One of their employees had opened an email from what they thought was a materials supplier but was instead a malicious email laced with malware from an imposter account. Part A: The business had no dedicated security team, and therefore, till now, no security policy is in place. Recently, the governing body of this business forms a security team and makes the following two goals that they would like to achieve in six months – 1. Assessing the current risk of the entire business 2. Treat the risk as much as possible Task I: Risk Identification In achieving the above two goals, you will do the following – Find at least five assets 1. Find at least two threats against each asset 2. Identify vulnerabilities for the assets Task II: Risk Assessment At the end of the risk identification process, you should have i) a prioritized list of assets and ii) a prioritized list of threats facing those assets and iii) Vulnerabilities of assets. At this point, create a Threats-Vulnerabilities-Assets (TVA) worksheet. Also, calculate the risk rating of each of the five triplets out of 25. Task III: Risk Treatment In terms of Risk Treatment, for each of the five identified risks, state what basic strategy you will take. Justify each decision.
Case Study 1 (Industrial/Organizational Psychology) A few months ago, the upper management of a large corporation that employs 2,500 people decided to implement major changes in the method their company handles the development of projects. This change was based on a well-known model used in the military that was familiar to the CEO. The reasoning for the change was not well-communicated to employees; it was simply mandated to be implemented without providing required, significant learning or training opportunities. Many employees do not feel the fit of this model is beneficial for their particular type of programs. As a result, employee morale is low, and group dynamics and personal work performance are suffering because the work process as it relates to their job performance is not understood. After selecting a case study, think about how you could research this scenario. Compose at least one research question for the case study you selected. Explain the goal of the research you are proposing to address for your chosen case study. Define the steps of the research process you would follow. Evaluate how ethical considerations would affect your research. Based on the information you read from the "Standard 8: Research and Publication" section of the APA Code of Ethics, determine which ethical principles apply to your case study. Explain how you will consider cultural diversity in the interpretation of your research findings.
Supreeta N.
Recommended Textbooks
Computer Science and Information Technology
Introduction to Programming Using Python
Computer Science - An Overview
Transcript
Watch the video solution with this free unlock.
EMAIL
PASSWORD