UCLanRE is a new Real Estate agency in Preston, and its current IT infrastructure is depicted in Figure 1. The IT infrastructure comprising: (a) Office personal computers (PCs) running Windows XP for employees;

CO4512 – Information Security Management Assignment – Risk Assessment Report, University of Central Lancashire, UK

Learning Outcomes –

Learning Outcome 1 – Select and use applicable standards and methods for information security and risk management.

Learning Outcome 2 – Conduct and properly document risk assessment based on a given scenario.

Learning Outcome 3 – Find and evaluate appropriate published information to remain up-to-date about threats, vulnerabilities and patches.

Assignment Description – This assignment requires you to plan, conduct and document a risk assessment based on the scenario described in Section 3. You should carefully read the marking scheme (refer to Section 5) to have a clear perception of what is the expected content of the risk assessment report you have to deliver and how it will be evaluated. The scenario is described in broad terms, therefore, you may need to make assumptions and set a scope for the risk assessment; all this has to be documented in the report. Additionally, any use of published information has to be properly referenced with in-text citation and a corresponding item in the references list using the Harvard style consistently.

Scenario Description – UCLanRE is a new Real Estate agency in Preston, and its current IT infrastructure is depicted in Figure 1. The IT infrastructure comprising:

(a) Office personal computers (PCs) running Windows XP for employees;

(b) A machine running SQL server, which stores all information about customers and real estates;

(c) A machine running a mail server and stores all emails and attached files.

(d) A machine running an IIS web server hosting the website of UCLanRE on which users can browse for real estates, register themselves and contact the employees;

(e) All the servers and office PCs are connected to a network switch so that they can communicate with each other. The router serves as a gateway between the internal network and the internet.

(f) Internet Information Services (IIS, formerly Internet Information Server) is an extensible web server created by Microsoft.

After some attack incidents and financial loss, the agency realized that it should carry out a risk assessment and improve its IT infrastructure with security controls.

Task – In this assignment you have to:

Task 1 – Conduct a risk assessment on the network in Figure 1, based on the ISO 27005 standard.

Task 2 – Write a detailed risk assessment report (see Section 4 for the required structure).

Flexibility of the software/hardware/firmware parameters – As you can see, there are no specific hardware and software details given in Figure 1. To avoid working in the entirely same network (and hence copying from each other), before doing the risk assessment, you have to specify the system parameters and the system boundaries, including the used operating systems, hardware, software/applications and firmware. Ideally, each of you will work with different sets of system parameters/scope that you chose or specified.

Report Structure – To meet the requirements your report must have a professional look. In order to help you in this regard the following structure is provided as a guideline. The report must contain the following main sections, however, you are allowed to add subsections as you find reasonable.

i. Introduction – Here you will specify the risk assessment method that you use, discuss the advantages of this risk assessment method. Finally, highlight the certain tasks that you will perform during the risk assessment on the given system.

ii. Risk Assessment – This section contains the main part (result) of the report, namely, the whole risk assessment process made on the system in Figure 1, besides your chosen system parameters. The section can include several sub-sections.

iii. Summary and Recommendations – In this section you summarize the main findings and write a non-technical recommendation (executive summary) for the management/director board, summarizing why they should invest in security and follow the ISO 27001 standards.

Note – Total 2000 words (flexible), excluding the entire bibliography list.

GET HELP WITH YOUR HOMEWORK PAPERS @ 25% OFF

For faster services, inquiry about  new assignments submission or  follow ups on your assignments please text us/call us on +1 (251) 265-5102

Write My Paper Button

WeCreativez WhatsApp Support
We are here to answer your questions. Ask us anything!
👋 Hi, how can I help?
Scroll to Top