90.2K

Verified Solution

Link Copied!

2. Due to the COVID-19 pandemic, most companies must resort to the new hybrid working mode comprises "Work-in-Office" and "Work-from-Home". As the security analyst for a consultant company. you have been requested by a client to conduct a security risk assessment related to the hybrid working mode. Based on your initial investigations, most workers tend to work from home using their personal devices such as mobile phones, mobile tablets, and personal laptops other than their company's devices (laptops / notebooks). They are also using home-based wireless connectivity for connecting to the company's network. Additionally, you have discovered that all workers use email services and cloud services almost all the time during their working hours and these have exposed the company to malware attacks. It is estimated that the average cost in damages and lost productivity due to a malware attack is RM20,000. Based on historical data, the company has been attacked at an average four times a year. The company decided to invest in an intelligent malware scanner which will cost RM100,000 as the countermeasure for the issue. Your task is to assess the risks involved in your company and provide a comprehensive risk assessment report. Your report should include the following: Purpose and the importance of Risk Assessment for the company. Risk Assessment Approach and the justification for using the approach. Assets of the Company and the associated threats and vulnerabilities in terms of Confidentiality, Integrity and Availability (CIA) triad. Risk register for each of the identified assets. Risk treatment for each of the identified assets. Risk quantitative analysis and return on security investment related to purchasing of the intelligent malware scanner. Justification on whether the investment is reasonable or not. [40 marks) 2. Due to the COVID-19 pandemic, most companies must resort to the new hybrid working mode comprises "Work-in-Office" and "Work-from-Home". As the security analyst for a consultant company. you have been requested by a client to conduct a security risk assessment related to the hybrid working mode. Based on your initial investigations, most workers tend to work from home using their personal devices such as mobile phones, mobile tablets, and personal laptops other than their company's devices (laptops / notebooks). They are also using home-based wireless connectivity for connecting to the company's network. Additionally, you have discovered that all workers use email services and cloud services almost all the time during their working hours and these have exposed the company to malware attacks. It is estimated that the average cost in damages and lost productivity due to a malware attack is RM20,000. Based on historical data, the company has been attacked at an average four times a year. The company decided to invest in an intelligent malware scanner which will cost RM100,000 as the countermeasure for the issue. Your task is to assess the risks involved in your company and provide a comprehensive risk assessment report. Your report should include the following: Purpose and the importance of Risk Assessment for the company. Risk Assessment Approach and the justification for using the approach. Assets of the Company and the associated threats and vulnerabilities in terms of Confidentiality, Integrity and Availability (CIA) triad. Risk register for each of the identified assets. Risk treatment for each of the identified assets. Risk quantitative analysis and return on security investment related to purchasing of the intelligent malware scanner. Justification on whether the investment is reasonable or not. [40 marks)

Answer & Explanation Solved by verified expert

See Answer