Section – 4 and 5
Case Scenario
You and your team have been asked to write a risk assessment report on the nature of new threats faced during the pandemic
` This can affect any of the listed assets below:
In consultation with ZU management, and with your knowledge of tertiary institutions, you need to identify relevant threats/vulnerabilities to the ZU IT infrastructure, intranet and extranet and then create a Risk Management Plan using iso software and the RACI cha
Report Guidelines
Your team has been assigned to develop a Risk Management. You will present management with a risk management report in which you identify the top threats and vulnerabilities that can affect these systems with mitigation measures along with required reports.
Use the following table to guide you through the development of your Risk Management plan (see relevant chapters in the book – It’s the student’s duty to find out relevant topics from the book that is related to the project).
Risk Management Plan
1. Introduction to the case and your team’s role in this project including your tasks.
1.1. Introduction to the project
1.2. Prepare a list of threats (2 threats per student) during the pandemic – global
a. Research the Internet for the threats (cyber-attacks)
b. Explain the threat – define; the asset/s that is/are affected
c. Explain how the threat spread – how the attack happens
i. If there is diagram/figure, please insert – the process of attack
d. The probability and impact of these threats
1.3. Which controls from ISO 27002 can control these threats (table)
1.4 . Heat map (to insert into the iso manager report)
2. Threats, Vulnerabilities and Mitigation (ISO Manager software)
See attached guideline (see below) to do this section using iso manager software
3. Prepare a project plan for implementation of the controls (use project management
software). Start with a future date
4.1. Create WBS structure with predecessor (sequential)
4.2. Allocate resources to tasks
4.3. Generate a GANTT chart
4. Task allocation table
Prepare a table to list the tasks allocated and done by each member of the group in the whole
project
Project steps for section 2 (Add this to the final report)-ISO manager
1. Open https://iso27001.isomanager.com/ and use the given username and default password.
2. Change the password at the first log in
3. This is the home screen
Section 2A – Risk Assessment
4. List all the threats that you have identified in section 1 of your report (2 threats for each student in the group) including the asset in the assignment report.
Threat Asset
5. In the figure below select Number 6
6. Add an asset by selecting Asset Inventory and by selecting the Asset Category (Use the correct category). Use the Code (SEC 430 501 and group number) sample is given below:
Take screenshot
Each member of the group should add two assets
7. Select ‘Risk Assessment’ and select the ‘asset category’ (that you have added the asset to in the table)
8. Identify the most critical threat and vulnerability. Add the risk owner (that’s you) and select the correct Impact and Likelihood using the Edit Function. (Select only one for your group from a threat that is not filled up), A sample screenshot is given.
Take screenshot
9. Select ‘By Annex A’ and identify the correct ISO 27K controls that corresponds to your threat. One for each member of the group. The control should correspond to the threat and asset.
Take two screenshots of the controls that correspond to the threat. A sample screenshot is given below
Take a second screenshot of the edit with impact and likelihood
10. Select ‘By CIA’ and identify the correct C or I or A that corresponds to your threat. Edit and do the same as above. One for each member of the group. The control should correspond to the threat and asset.
Take screenshot (It will be similar to the above)
11. GO the top of the menu open Add and Incident
Incident is the Threat that you have identified in section 1
12. Fill the table below (Insert the date within the summer semester)
13. Make a table of risks and write the impact and likelihood value (5*5 point scale). Sample
Threat Impact Likelihood Risk Value
R1 Ransomware 2 2 4
R2
R3
14. Select ‘Methodology’ in number 6. Select ‘Risk Acceptance Criteria’ and use the format to create a heat map similar to the one you see. Please use Excel sheet OR copy and paste the image and ad R1, R2, R3 etc in the appropriate cell.
Insert the figure in the report
Please write in one paragraph what have you understood from these tasks in Risk Assessment
Section 2 B Incident Management
15. Go to home screen and select number 9 on the left-hand side of the main menu.
In this phase you assume that an incident has happened based on the threat and targeted at the asset.
16. Select the correct category and add the incident. Two incidents for each member of the group
A sample screenshot is given below
Take screenshot
17. Edit and add the incident. A sample screenshot is given below
18. Fill in the email below and sent a Calendar Invite to your email or to one of your group member
19. Show evidence of the email by taking a screenshot from outlook. A sample screenshot is given below
20. Open the link and take the screenshot
21. Complete the task allocated by the email
a. Select whether the task is weekly, monthly, or annually
b. Write the cost per hour to treat this incident
c. Write the analysis (why it happened and how it happened) of the incident in the analysis box
d. Select Yes in the corrective action and the description of the action to be taken to correct/rectify the incident
e. Save
Take screenshot