You are an entrepreneur looking to start a new online business. As part of registering your new venture and applying for
Posted: Fri Apr 29, 2022 6:46 am
You are an entrepreneur looking to start a new online business.
As part of registering your new venture and applying for small
business funding, you are required to develop and submit a
cybersecurity risk management plan. The purpose of such a plan is
to demonstrate how you will protect your intellectual property and
financial data, both to satisfy your bank and to create confidence
for your future clients. Your plan should be easy to understand,
but also dynamic such that you can adapt to changes within the
business systems in the coming years.
1. Preparation for risk analysis (20 marks) a. Describe the
goals of the business and the focus of the risk assessment (10
marks) b. Describe the scope of its technology environment (use a
logical diagram showing the interactions between users and systems)
(10 marks)
2. High level threat analysis (20 marks)
a. Identify all actors (10 marks)
b. Identify all information assets (10 marks)
3. Threat assessment (20 marks)
a. Create bow tie diagrams which describe two or three key
adverse events that may occur, showing both the potential causes
and consequences of each (20 marks)
4. Risk assessment and ratings (30 marks)
a. Create or source appropriate qualitative risk assessment
tables/matrices that describe likelihood, impact, and overall risk
rating (5 marks)
b. Articulate at least six information risks derived from your
threat assessment in a format that describes all important facets
of the risk (actor, asset, threat, vulnerability, impact) (15
marks)
c. Give each risk a realistic rating, using your risk assessment
tables/matrices (10 marks)
As part of registering your new venture and applying for small
business funding, you are required to develop and submit a
cybersecurity risk management plan. The purpose of such a plan is
to demonstrate how you will protect your intellectual property and
financial data, both to satisfy your bank and to create confidence
for your future clients. Your plan should be easy to understand,
but also dynamic such that you can adapt to changes within the
business systems in the coming years.
1. Preparation for risk analysis (20 marks) a. Describe the
goals of the business and the focus of the risk assessment (10
marks) b. Describe the scope of its technology environment (use a
logical diagram showing the interactions between users and systems)
(10 marks)
2. High level threat analysis (20 marks)
a. Identify all actors (10 marks)
b. Identify all information assets (10 marks)
3. Threat assessment (20 marks)
a. Create bow tie diagrams which describe two or three key
adverse events that may occur, showing both the potential causes
and consequences of each (20 marks)
4. Risk assessment and ratings (30 marks)
a. Create or source appropriate qualitative risk assessment
tables/matrices that describe likelihood, impact, and overall risk
rating (5 marks)
b. Articulate at least six information risks derived from your
threat assessment in a format that describes all important facets
of the risk (actor, asset, threat, vulnerability, impact) (15
marks)
c. Give each risk a realistic rating, using your risk assessment
tables/matrices (10 marks)