IT Security and Risk Management - NMIMS Latest solved assignments

 

 

Dear students, get latest Solved NMIMS assignments and case study help by professionals.

Mail us at : help.mbaassignments@gmail.com

Call us at : 08263069601

 

 

IT Security and Risk Management

June 2021 Examination

 

 

1.      The Oracle and KPMG Cloud Threat Report 2019 reveals that cloud vulnerability is and will continue to be one of the biggest cyber security challenges faced by organizations. This is because enterprises are leveraging cloud applications and storing sensitive data related to their employees and business operations on the cloud. The adoption of the cloud is creating new challenges for firms and exacerbating the old ones. Discuss the specific cyber threats faced by enterprises with respect to cloud applications and data storage. (10 Marks)

 

Answer 1.

Introduction:

The use of cloud computing is on the rise these days. Enterprises have been using these technological advancements to use, store and sharing information, applications and data. The use of such applications has been increasing rapidly due to their ease of storage and usage. This storage system provides various benefits to its users. Some of them being backing up multiple files and folders, getting access to

 

The objectives of an IT security policy is the preservation of confidentiality, integrity, and availability of systems and information used by an organization’s members. Explain the various aspects of designing a comprehensive security policy with respect to the CIA triad. (10 Marks)

Answer 2.

Introduction:

The main objective behind the development of any security policy is preserving three main factors of confidentiality, integrity and availability of systems and information. This is also known as the CIA triad. This is the model used for guiding the management of policies relating to the organization's information technology. Each of the acronyms has its meaning and significance in the security policy development process. The organization members use these to frame various policies

 

Q3. Friends Credit Union (FCU) is a federally chartered and insured credit union offering financial services for over 60 years. As a non-profit financial cooperative. it is owned and operated by its members. With over 6400 million in assets and over 51,000 members. FCU’s mission is to operate in a financially sound and competitive manner to ensure long-term financial stability while safeguarding member assets. The landscape of organizations across the globe and the way business is conducted has changed dramatically over the last decade. New technologies have added tremendous efficiencies and methods for communicating, and corporations have benefitted from these innovations. However, there have been disturbing increases globally in the number of attacks through criminal activities — be it cyber or onsite infiltration. FCU recognized that adhering to regulatory compliance does not always equate to security. In an effort to provide world-class service. as well as to ensure confidential client information remains secure, FCU contracted independent remote and onsite social engineering assessments. Understanding that the modem criminal preys on the human element as a weakness. Common undercover ploys were developed and executed so determine the organization’s susceptibility to potential exploitation. The results identified vulnerabilities within the organization and revealed the need for corporate wide security awareness, crucial to mitigating future risks. Onsite and remote social engineering engagements examined the effectiveness of the existing education and awareness programs, challenging the security posture of the institution’s workforce. The security risk assessment methodology Involved four phases, each phase conducted by a certified security analyst.

(1) Reconnaissance

(2) Analysis

(3) Penetration

(4) Reporting

The engagement objective was to infiltrate the corporation and access confidential information through phishing attacks and onsite intrusions. Based on the success rate of achieving the objectives, FCU received a performance report for both of the social engineering risk assessments.

a.      Explain the need for social engineering attack preparedness of any organization and the possible impact of being ill prepared for such an attack.

Answer 3a.

Introduction:

Social engineering refers to the multiple malicious activities accomplished through human interactions by psychologically tricking the users and misusing sensitive information. It is dangerous in the sense that it is done concerning human error than software or technological vulnerabilities. So it is always advised to organizations to be prepared for any social engineering attack.

 

b.      Explain the 4 phases involved in the security risk assessment of FCU in the above case.

Answer 3b.

Introduction

The development of a comprehensive and adequate security policy is essential for any organization, irrespective of its size and nature. So is the case with the security risk assessment. It is done to avoid any external or internal risk to the organization regarding cyber breach and security. The four phases involved in the security risk assessment of FCU are explained below.

 

Dear students, get latest Solved NMIMS assignments and case study help by professionals.

Mail us at : help.mbaassignments@gmail.com

Call us at : 08263069601