You are interviewed by Southern Cross University for a position of cybersecurity consultant to work in a university’s cybersecurity program. As part of the interview, you are required to complete the following tasks:
Task 1: discuss why risk assessment is the most critical step in developing and managing cyber security in the university and identify the limitations of the current risk assessment methods.
Task 2: develop five questions that allow you to identify the most critical information assets of the university. Create a WFA template to rank the assets.
Task 3: identify the top five threats to the university information assets. Support you finding by quoting reputable sources of information.
Task 4: let’s assume that the university website is one of the most critical information asset of the university. Discuss how the top five threats could/could not impact the asset. Rank the threats based on their levels of impact on the asset. Support your discussion by quoting reputable sources of information.
Assignment-1 guideline
Task 1: The importance of risk assessment
To complete this task, use the following questions to guide your discussion:
What is risk assessment?
What do you know by performing cyber security risk assessment?
What do you think is difficult for you to do/obtain in the risk assessment process?
How risk assessment results are used to develop and manage cybersecurity and how they can affect the business decision making process?
Task 2: Critical asset identification
To complete this task, use the following questions to guide your thought:
What is an information asset?
What make an information asset critical?
What can be included in WFA to classify the university information assets?
Task 3: Threat identification
To complete this task, use the following guidelines:
Clearly understand the difference between important security concepts including threats, hazards, attacks and incidents.
Search for security threat, incident and trend reports and use the results from reputable sources such as government organisations and security companies.
Identify relevant threats by studying statistics and figures found in the reports.
Summarize each threat, threat agent, method of delivery and working mechanism
Task 4: Threat assessment
To complete this task, use the following guidelines:
Identify potential weaknesses (vulnerabilities) of the asset based on three information security components: confidentiality, integrity and availability.
Study the working mechanism of each threat to assess the potential impact of the threat on the asset by exploiting the vulnerabilities. Use your own and public domain knowledge to help you with the impact assessment.