Great Deal! Get Instant $10 FREE in Account on First Order + 10% Cashback on Every Order Order Now

Your summary document should provide references in APA 7 format. TASK: SoftArc Engineering Ltd (SEL) is a civil engineering company which works across Australia as well as in New Zealand, Fiji,...

1 answer below »

Your summary document should provide references in APA 7 format.

TASK:

SoftArc Engineering Ltd (SEL) is a civil engineering company which works across Australia as well as in New Zealand, Fiji, Vanuatu, Indonesia, Timor Leste and Papua New Guinea.

SEL has a small data centre at its main site in Bathurst where the company’s servers and data storage is located. The company has the following server infrastructure:

· 2 x Active Directory domain controllers on Windows Server 2008 R2, (2 x Xeon 3.6GHZ, 8GB RAM, 140GB HDD);

· 3 x SQL Server 2003 database servers on Windows Server XXXXXXXXXXx Xeon 2.8GHZ, 4GB RAM, 250GB RAID-5 array);

· 1 x Exchange 2007 email server on Windows Server 2008 R2 (2 x Xeon 3.6GHZ, 8GB RAM, 250GB RAID-1 array);

· 4 x Windows Server 2003 File and Print servers (2 x Xeon 2.8GHZ, 4GB RAM, 250GB RAID-1 array);

· 2 x Windows Server 2008 R2 running Microsoft SharePoint XXXXXXXXXXx Xeon 2.8GHZ, 4GB RAM, 250GB RAID-5 array);

· 2 x Red Hat Enterprise 5 Linux servers running Apache and TomCat (2 x Xeon 2.8GHZ, 16GB RAM, 140GB HDD)

· 1 x Cisco ASA 5512-X firewall running v9.6 ASA software .

The company has some 70 engineering and support staff that work on different projects for clients in various locations in Australia and overseas. The support staff are mainly based in Bathurst, but engineering staff are located in different parts of Australia, New Zealand, an d Papua New Guinea. Most of the support staff have access to a PC, although some support staff share a PC with other staff. The engineering staff all connect remotely to the SEL data centre from their laptops. The SEL data centre infrastructure has not been updated for some time and the SEL Board is concerned that they may be exposed to a cyber attack as they are now starting to work on various Government projects in different countries.

Tasks:

You have been employed by SEL as their first ever Chief Information Security Officer (CISO). You have been tasked by the Board to conduct a review of the company’s risks. You are required to produce for the next SEL Board meeting:

1. A document that summarises the major IT risks that SEL currently faces. This document should identify the major risks and their impact, likelihood and consequence. It should also discuss the possible controls to mitigate these risks.

2. A complete Risk Register for SEL. This risk register must contain, as a minimum:

a. A description of all risks identified for each IT asset, data set or process. This must not be restricted just to major risks.

b. A summary of the impact or consequence to each IT asset, data set or process, if the identified risk was to arise.

c. The likelihood of this risk occurring.

d. The inherent risk assessment(this is the assessed, raw/untreated risk inherent in a process or activity without doing anything to reduce the likelihood or consequence).

e. The key controls to mitigate the risk (NOTE:it is possible that there may be more than one (1) control needed.Each control should be listed on a separate line)

f. The residual risk assessment(this is the assessed risk in a process or activity, in terms of likelihood and consequence, after controls are applied to mitigate the risk)

g. Prioritisation of the risk(what is the priority order for the risks to be addressed).

Your Risk Register should be in table format using the following column headings:

· Risk

· Impact

· Likelihood

· Assessment

· Controls

· Residual Risk

· Priority

NOTE: REQUIRED SOLUTION SHOULD BE IN TABLE FORMAT (SAMPLE);

ASSEST

RISK

IMPACT

LIKELIHOOD

ASSESSMENT

CONTROLS

RESIDUAL RISK

PRIORITY

PEOPLE

TECHNOLOGY

PROCESS

Answered Same Day Aug 19, 2021

Solution

Deepti answered on Aug 20 2021
127 Votes
Risk Summary
Risks are inherent under all undertakings of the target organization. They cannot be completely eliminated but can be effectively managed to reduce their impact on business goals. Risks associated with SEL include business inte
uption, e
ors or omission by its people, service failure, IT system failure, fraud and theft, loss of key people, regulation and compliance. The major risks that the organizational setup of SEL should consider are
· People- SEL may face emergence of crisis when the management of frontline attitudes and behaviors of the workforce is neglected. Compatibility among the engineering staff of SEL is located all over Australia and internationally at two other countries. Compatibility among support staff, if neglected, will cause adverse impact on human decision that govern day-to-day activities at the Bathurst data center. Decisions that are innocuous and small can be critical. Efficient risk managers should acknowledge risk and rely on their organizational policies and procedures. Insufficient and mismatched talent among the support and engineering staff hired at SEL is a crucial risk. Transparency of risk and taking advantage of it can help overcome the risk and emerging issues in due time long before they acquire high priority (Smith,1989).
· Cyber risk in the form of data theft, compromised accounts, destroyed files, disabled system (Fiedler, 1994). The risk of degraded systems is not the IT risk at hand for SEL since it uses considerable amount of IT equipment at its data center with updated features. The board and management may not be concerned about this particular risk.
· Technology- The risks in technology include strategic IT risks, cyber security, incident response risk, IT resiliency and continuity, IT execution and technology operations risk among multiple sites in and outside Australia, ineffectiveness of existing risk management plan.
The impact of these risks on the target organization include
· Technology risks entail financial, regulatory, operational, strategic and reputational implications (Lainhart, 2020).
· Additional cost and time are incu
ed impacting the benefits which can be delivered.
· In the absence of risk management strategy or if the organization’s methodology is not followed according to the standard best practice, the process shall adversely impact the desired results.
· Technology, people and process risks directly impact the timeline of projects since their identification and analysis preparation to act and track them will take time, causing delays in running...
SOLUTION.PDF

Answer To This Question Is Available To Download

Related Questions & Answers

More Questions »

Submit New Assignment

Copy and Paste Your Assignment Here