1. Online Banking Case Study: Answer the following questions based on the information provided below.

Information security risk assessment is the process used to identify and understand risks to the confidentiality, integrity, and availability of information and information systems. In its simplest form, a risk assessment consists of the identification and valuation of assets and an analysis of those assets in relation to potential threats and vulnerabilities, resulting in a ranking of risks to mitigate. The resulting information should be used to develop strategies to mitigate those risks. Risk assessments for most industries focus only on the risk to the business entity. Financial institutions must also consider the risk to their customers' information. For example, U.S. federal regulations require financial institutions to "protect against unauthorized access to or use of customer information that could result in substantial harm or inconvenience to any customer."

ACME Financial Corporation is planning to roll out their new web and mobile online banking application. However, before deployment, the CEO has asked you (CISO) to assess risks and vulnerabilities, and provide strategies to protect customer data.

For this analysis, you will utilize the following formula:

Risk-Rating Factor = (Asset Impact x Likelihood) Current Controls + Uncertainty

You may assume that Likelihood is a numerical value within the scale (0.1 1.0) and Asset Impact is a numerical value within the scale (1 100). Current Controls is a numerical value based on the percentage of risk mitigation from control mechanisms. Uncertainty is a numerical value based on the current knowledge of the vulnerability. You shall determine all values based on your knowledge, experience and/or references for each of the five assets and vulnerabilities. Be sure to explain how you derived all values.