TASK back to top Read the Regional gardens case study document before attempting this assignment. Tasks: You have been employed by Regional Gardens as their first ever Chief Information Officer (CIO)....

1 answer below »
File uploaded Below


TASK back to top Read the Regional gardens case study document before attempting this assignment. Tasks: You have been employed by Regional Gardens as their first ever Chief Information Officer (CIO). You have been tasked by the Board to conduct a review of the company’s risks.  1. As the first step, you are to provide a Risk Register for Regional Gardens. This risk register must contain, as a minimum:  a. A description of each risk identified.  b. A summary of the impact or consequence if the risk was to arise.  c. The inherent risk assessment (this is the assessed, raw/untreated risk inherent in a process or activity without doing anything to reduce the likelihood or consequence).  d. The key controls to mitigate the risk.  e. The residual risk assessment (this is the assessed risk in a process or activity, in terms of likelihood and consequence, after controls are applied to mitigate the risk) f. Prioritisation of the risk using a standardised framework (such as the ANSI B11.0.TR3 Risk Assessment Matrix) Your Risk Register should be in table format using the following column headings: · Risk · Impact · Assessment · Controls · Residual Risk · Priority RATIONALE back to top This assessment task will assess the following learning outcome/s: · be able to justify the goals and various key terms used in risk management and assess IT risk in business terms. · be able to apply both quantitative and qualitative risk management approaches and to compare and contrast the advantages of each approach. · be able to critically analyse the various approaches for mitigating security risk, including when to use insurance to transfer IT risk.   MARKING CRITERIA AND STANDARDS back to top Task HD DI CR PS FL Value Identified Risk Comprehensive identification of risks in all areas of case study  Very good identification of risks in all areas of case study Good identification of risks in most areas of case study Adequate identification of risks in many areas of case study Incomplete or inadequate identification of risks in some areas of case study 10 Impact Comprehensive summary of risk impact for all identified risks Very good summary of risk impact for all identified risks Good summary of risk impact for most identified risks Adequate summary of risk impact for many identified risks Incomplete or inadequate summary of risk impact for identified risks 20 Assessment Comprehensive summary of inherent risk for all identified risks Very good summary of inherent risk for all identified risks Good summary of inherent risk for most identified risks Adequate summary of inherent risk for many identified risks Incomplete or inadequate summary of inherent risk for identified risks 20 Controls Comprehensive list of key controls to mitigate each identified risk Thorough list of key controls to mitigate each identified risk Good list of key controls to mitigate each identified risk Adequate list of key controls to mitigate each identified risk Incomplete or inadequate list of key controls to mitigate each identified risk 20 Residual Risk Comprehensive summary of residual risk for each identified risk Very good summary of residual risk for each identified risk Good summary of residual risk for most identified risks Adequate summary of residual risk for many identified risks Incomplete or inadequate summary of residual risk for identified risks 20 Priority Priority assigned to each identified risk using a standard framework Priority assigned to approximately 80% of  identified risk  Priority assigned to approximately 60% of identified risks  Priority assigned to approximately 40% of identified risks Priority assigned to < 20% of identified risk 10 referencing and presentation up to 5 marks may be deducted for incorrect or incomplete referencing in numbered ieee format  up to 5 marks may be deducted for poor presentation, spelling and grammar presentation back to top when submitting your assignment be sure to meet the following presentation requirements: · this assignment must be submitted in tabular format.  · assignments are required to be submitted in a word format (.doc, or .docx) only. each assignment must be submitted as a single document. · assignments should be typed using  a 12 point font, times new roman/arial and 1.5 spacing. · this assignment should be referenced using the numbered ieee style format. 20%="" of="" identified="" risk="" 10="" referencing="" and="" presentation="" up="" to="" 5="" marks="" may="" be="" deducted="" for="" incorrect="" or="" incomplete="" referencing="" in="" numbered="" ieee="" format ="" up="" to="" 5="" marks="" may="" be="" deducted="" for="" poor="" presentation,="" spelling="" and="" grammar="" presentation="" back="" to="" top="" when="" submitting="" your="" assignment="" be="" sure="" to="" meet="" the="" following="" presentation="" requirements:="" ·="" this="" assignment="" must="" be="" submitted="" in="" tabular="" format. ="" ·="" assignments="" are="" required="" to="" be="" submitted="" in="" a="" word="" format="" (.doc,="" or="" .docx)="" only.="" each="" assignment="" must="" be="" submitted="" as="" a="" single="" document.="" ·="" assignments="" should="" be="" typed="" using=""  a="" 12="" point="" font,="" times="" new="" roman/arial="" and="" 1.5="" spacing.="" ·="" this="" assignment="" should="" be="" referenced="" using="" the="" numbered="" ieee="" style="">
Answered Same DayJan 02, 2021ITC596Charles Sturt University

Answer To: TASK back to top Read the Regional gardens case study document before attempting this assignment....

Neha answered on Jan 04 2021
140 Votes
Risk
    Description
    Impact
    Assessment
    Controls
    Residual Risk
    Priority
    Password Risk
    Staff password are easy to guess
    The passwords are so common and easy to guess that anyone can use the system.
    The passwords are so common and easy to guess that anyone can use the system
. Easy passwords allow intruders to easily gain access in the system and control the device [1]. It impacts the internal security of the system. Anyone can login using someone else's account details.
    The employees should use strong passwords. The access should be blocked if the user enters wrong password thrice. The business should use strong internal system in order to protect system. The password should have few rules like using upper case, lower case, special character and numbers
    After making all necessary decisions the residual risk for the password can be when any user shares his password with someone. Passwords can be detected if someone sees it while user is entering in the system.
    High
    Internet Risk
    A risk which makes financial loss to the firm
    As the internet is used by everyone for free of cost. The firm uses very few websites but employees can access any website which increases the wastage of the internet.
    After checking the history of the employee’s usage, it was found that they are accessing websites which are not related with the firm [2]. The staff is watching the videos online which consumes a large amount of the internet. They also use the internet in their mobile phones on the sake of doing the work via phone.
    The firm should block all the pages except for the websites related with the firm. Staff should not be able to use the WIFI in their mobile phones. The internet itself blocks the other websites and mobile phones should not be allowed to use inside the work area.
    After managing all the controls, the risk can be of using a gateway which can unblock the pages.
    Medium
    Data loss risk
    As there is no backup in the firm the data related with customer, staff or nursery can be lost
    If the data gets lost from a firm all its history work is lost. They can't check what they have done and this will impact the future. The data loss can lead up to failure of the organisation [3].
    The staff members can access the websites using their mobile phones. The systems in the office are very old and all have old servers installed in them. There is no updated server. The systems have a very high chance of getting crashed.
    All the servers in the firm must be updated with the latest features. The systems should be brand new as five years old system will not be able to match up the quality of new ones. A firm which completely relies on the systems can't have old systems and servers. The members should not be allowed to use the website on their mobile phones. A backup must be taken for the data. The maintained backup allows us to...
SOLUTION.PDF

Answer To This Question Is Available To Download

Related Questions & Answers

More Questions »

Submit New Assignment

Copy and Paste Your Assignment Here