CYB600 Assignment Help
Enterprise Security Management Assignment help
Assessment Description and Instructions
In this assessment, students will work on a security management project individually. The objective is to gain experience working on a security management project as an expert and be able to analyse the performance of solutions.
Description of the Case
SportX company is specialized on selling sports products. The company’s main sales are through their e-commerce website, where customers can issue orders and pay online. SportX company can receive orders through the following lines of sales
1. Online e-commerce website
2. Phone calls
3. Email orders
Then the sales team are responsible on checking those emails and orders, prepare them and the deliver them to customer.
1. Currently SportX have two branches – one headquarter and one site branches
2. HQ contains the following –
• Email server
• Web Server that hosts the e-commerce site.
• Databases Server that include the following databases
o Employee Database
o Customer Database
o Product Database
o Orders Database
3. Figure 1 shows the entire topology.
SportX’s business got an exponential growth from the beginning of 2018. This steady growth also brought challenges for SportX They have to secure the sensitive information of their employee, customer and the most important assets are the orders Database. Moreover, their employees receive many emails and they have to filter the orders emails from other emails.
SportX had no dedicated security team and therefore till now no security policy is in place. Recently, the governing body of SportX forms a security team and makes following two goals that they would like to achieve in six months –
o Assessing the current risk of the entire organization
o Treat the Risk as much as possible
In achieving the above two goals, in this assignment you should do the followings –
1. Find at least five assets
List five most valuable assets of SportX
Create a weighted factor analysis worksheet (WFAW). In WFAW, use at least four criteria.
2. Find at least two threats against each asset
Identify and list two threats for each asset.
3. Idenitfiy vulnerabilities for the assets
Identify and list the vulnerability of each asset. One vulnerability against each asset.
4. Calculate Risk
At the end of the risk identification process, you should have i) a prioritized list of assets and ii) a prioritized list of threats facing those assets and iii) Vulnerabilities of assets. At this point, create Threats-Vulnerabilities-Assets (TVA) worksheet.
Each TVA triplet represents risk. Choose any five triplets and identify the impact and likelihood of each risk.
Calculate the risk rating of each of the five triplets out of 25. Consider that your assumptions and data are 95% accurate.
5. Provide treatment strategy for each risk
For each of the five identified risk, state what basic strategy you will take. Justify for each decision.
6. Make the HQ’s network secure by design
7. Finally, provide plausible protection mechanism
Advise all possible protection mechanism and corresponding place of application.