Question
Answered step-by-step
Assume you are working in an organization that has many online...
Assume you are working in an organization that has many online stores that deals with sale and
purchase of electronic goods. They have thousands of customers and hundreds of employees.
They have a centralized payment system. Being an information security expert, usually its you
job to design and
...[Show More]
Question
Answered step-by-step
Assume you are working in an organization that has many online...
Assume you are working in an organization that has many online stores that deals with sale and
purchase of electronic goods. They have thousands of customers and hundreds of employees.
They have a centralized payment system. Being an information security expert, usually its you
job to design and manage following aspects:
Security and Risk Management
Asset Security
Security Architecture and Engineering
Communication and Network Security
Identity and Access Management (IAM)
Security Assessment and Testing
Security Operations
Software Development Security
Guidelines for information security risk management for the given organisation. Your
discussion should include the following:
1. Identifying and prioritising risk factors for information assets in the given scenario
2. The risk management framework(s), strategy and process that could be adopted to
discover, assess, treat and manage the InfoSec risks for the organisation.
3. Strategy of risk acceptance and risk mitigation plan that could be adopted by the
organisation.
o Introduction: briefly introduce the business requirements provided in the specification
o Security requirements: identify the need of securing business information assets for protecting
functionality, safeguarding data, safe operation of the business, and complying with ethical and
legal
policies
o Security framework: provide information security blueprint based on chosen framework
o Risk management: identify all the risks, assess the effect of each risk, and propose control
strategies o Security measures: propose security measures and justify the use of security
approaches for the
project while identifying strengths and weaknesses of each approach
o Development: Implementation and demonstration of prototype solutions
[Show Less]