Dear students, get latest Solved NMIMS assignments and
case study help by professionals.
Mail us at : help.mbaassignments@gmail.com
Call us at : 08263069601
IT Security and Risk Management
June 2021 Examination
1.
The Oracle and KPMG Cloud Threat
Report 2019 reveals that cloud vulnerability is and will continue to be one of
the biggest cyber security challenges faced by organizations. This is because
enterprises are leveraging cloud applications and storing sensitive data
related to their employees and business operations on the cloud. The adoption
of the cloud is creating new challenges for firms and exacerbating the old
ones. Discuss the specific cyber threats faced by enterprises with respect to
cloud applications and data storage. (10 Marks)
Answer
1.
Introduction:
The use of cloud computing is on the rise
these days. Enterprises have been using these technological advancements to
use, store and sharing information, applications and data. The use of such
applications has been increasing rapidly due to their ease of storage and
usage. This storage system provides various benefits to its users. Some of them
being backing up multiple files and folders, getting access to
The objectives of an IT security policy is the
preservation of confidentiality, integrity, and availability of systems and
information used by an organization’s members. Explain the various aspects of
designing a comprehensive security policy with respect to the CIA triad. (10
Marks)
Answer
2.
Introduction:
The main objective behind the development of
any security policy is preserving three main factors of confidentiality,
integrity and availability of systems and information. This is also known as
the CIA triad. This is the model used for guiding the management of policies
relating to the organization's information technology. Each of the acronyms has
its meaning and significance in the security policy development process. The
organization members use these to frame various policies
Q3.
Friends Credit Union (FCU) is a federally chartered and insured credit union
offering financial services for over 60 years. As a non-profit financial
cooperative. it is owned and operated by its members. With over 6400 million in
assets and over 51,000 members. FCU’s mission is to operate in a financially sound
and competitive manner to ensure long-term financial stability while
safeguarding member assets. The landscape of organizations across the globe and
the way business is conducted has changed dramatically over the last decade.
New technologies have added tremendous efficiencies and methods for
communicating, and corporations have benefitted from these innovations.
However, there have been disturbing increases globally in the number of attacks
through criminal activities — be it cyber or onsite infiltration. FCU
recognized that adhering to regulatory compliance does not always equate to
security. In an effort to provide world-class service. as well as to ensure
confidential client information remains secure, FCU contracted independent
remote and onsite social engineering assessments. Understanding that the modem
criminal preys on the human element as a weakness. Common undercover ploys were
developed and executed so determine the organization’s susceptibility to
potential exploitation. The results identified vulnerabilities within the
organization and revealed the need for corporate wide security awareness,
crucial to mitigating future risks. Onsite and remote social engineering
engagements examined the effectiveness of the existing education and awareness
programs, challenging the security posture of the institution’s workforce. The
security risk assessment methodology Involved four phases, each phase conducted
by a certified security analyst.
(1)
Reconnaissance
(2)
Analysis
(3)
Penetration
(4)
Reporting
The
engagement objective was to infiltrate the corporation and access confidential
information through phishing attacks and onsite intrusions. Based on the
success rate of achieving the objectives, FCU received a performance report for
both of the social engineering risk assessments.
a.
Explain the need for social
engineering attack preparedness of any organization and the possible impact of
being ill prepared for such an attack.
Answer
3a.
Introduction:
Social engineering refers to the multiple
malicious activities accomplished through human interactions by psychologically
tricking the users and misusing sensitive information. It is dangerous in the
sense that it is done concerning human error than software or technological
vulnerabilities. So it is always advised to organizations to be prepared for
any social engineering attack.
b.
Explain the 4 phases involved in
the security risk assessment of FCU in the above case.
Answer
3b.
Introduction
The development of a comprehensive and
adequate security policy is essential for any organization, irrespective of its
size and nature. So is the case with the security risk assessment. It is done
to avoid any external or internal risk to the organization regarding cyber
breach and security. The four phases involved in the security risk assessment
of FCU are explained below.
Dear students, get latest Solved NMIMS assignments and
case study help by professionals.
Mail us at : help.mbaassignments@gmail.com
Call us at : 08263069601
No comments:
Post a Comment
Note: Only a member of this blog may post a comment.