Can you tell some improvements in this and add some data in task 1,2,3 and 4 Introduction G44 Consultants have been asked to prepare a limited report for XYZ Realty Group (XYZRG) on their cyber security management Background XYZRG is a licensed prominent high end real estate agency based in Melbourne, Australia The company provides real estate services such as buying, selling, renting, investing, and managing properties across the country With a target to increase market share by 20 over the next three years, the organization places a significant emphasis on its proprietary information, which is managed and secured at the data centre located at the corporate headquarters The board and executive of XYRG have identified a low risk appetite for any risks that may result in reputational damage, regulatory breaches, operational risks related to service delivery, and the integrity and confidentiality of data One area in which they are willing to take risk is in deploying information technology that allows innovative practices in their business Recommendations Based on the risk analysis we have undertaken these are the risks we recommend the XYZRG address The critical risk we have identified is around access control and safety of data and intellectual property Based on the information provided we recommend that a password policy be implemented to ensure that complex passwords are enforced This is to ensure that unauthorised access to XYZRG laptops and commercial information is secure Implement an encryption system for information stored on the remote database to ensure that if it is intercepted in transmission between laptops and central database it cannot be used To ensure that staff are well aware of the cyber security threats and vulnerabilities and how the controls work we would recommend implementing a clear training procedure The cyber security governance should be well implemented with clear, easy to follow policies that are easily accessible by staff This training should also raise the importance of incident reporting to ensure that any non compliance can be managed To ensure that protections are in place for prevention of cyber attacks penetration testing should be carried out on a regular basis as determined by the IT team The ability for agents to install their software should be reviewed to avoid the possibility of malware entering the system Conclusion While XYZRG appears to have some understanding of cyber security risks controls could be implemented as suggested above to uplift the cyber security governance Along with the actions that XYZRG is already taking in regards to regular software updates and hardware controls these recommendations will add an extra layer of security and protect the businesses data integrity and confidentiality Task 1 Cyber Security Risk Identification Asset identification Identify four assets, one of each type information, knowledge, application, and businessprocess For each asset, determine is current worth (value), and the security requirements (confidentiality,integrity, and availability) Finally, prioritise the assets based on their level of criticality from highly critical to lesscritical Table I Asset risk register AssetName Type Value Security Requirements Priority Confidentiality Integrity Availability Customer database Information $500,000 The requirement to safeguard confidential information from unauthorised disclosure is referred to as confidentiality This involves ensuring that client data is shielded from outside dangers like hacking and eavesdropping and that only authorised individuals have access to it Integrity is the requirement to guarantee that data is accurate and unaltered This entails safeguarding the data from unauthorised alterations as well as identifying and fixing any problems that might arise The necessity to make sure that data is available when requested is referred to as availability This entails making sure the data is stored in a trustworthy location and that the necessary disaster recovery processes are in place to guarantee that the data can be recovered in the case of a loss Highly critical Company's intellectual property (e g patents, trademarks) Knowledge $1,000,000 Intellectual property (IP) confidentiality is essential to safeguarding a business's competitive edge and preventing illegal exposure of trade secrets, including patents, trademarks, and other sensitive data To ensure that only authorised employees with a need to know have access to IP, businesses should put tight access controls in place For information to be accurate and comprehensive as well as to prevent illegal changes to patents, trademarks, and other valuable information, a company's IP integrity is crucial To spot any unlawful changes, businesses should employ routine monitoring and auditing methods A company's IP must be accessible in order to be accessed and used when necessary To ensure that the data can be recovered in the event of a loss, IP should be saved in a secure and trustworthy location with adequate disaster recovery processes Highly critical CRM software Applications $250,000 Client relationship management (CRM) software confidentiality is crucial to guard against unauthorised access to and disclosure of sensitive customer data, including personal information, contact details, and sales history To restrict access to the CRM system to just authorised individuals who have a need to know, businesses should instal stringent access controls, such as user authentication and role based access Additionally, data must be encrypted while in transit and at rest The accuracy and integrity of a company's CRM software must be guaranteed to avoid unauthorised alterations to client information To preventing illegal changes and ensuring data integrity, businesses should employ routine monitoring and auditing methods For client data to be available when required, such as for sales and customer service operations, a company's CRM software must be operational To ensure that the data can be recovered in the case of a loss, the CRM system must be housed on a dependable and highly available infrastructure with adequate disaster recovery methods Critical Sales process Process $100,000 To prevent unauthorised access to or disclosure of sensitive information such as price, sales techniques, customer data, and trade secrets, confidentiality in a company's sales process is crucial Strict access controls, such as user authentication and role based access, can be used to restrict access to the sales process to only authorised personnel with a need to know Confidentiality agreements and non disclosure agreements can also be used to protect the interests of outside parties involved in the sales process Integrity in a company's sales process is crucial to guaranteeing data accuracy and preventing unauthorised changes to sales techniques, customer information, or other crucial data This can be accomplished by creating rigors data validation methods to guarantee that the entered data is accurate and consistent, as well as by conducting routine monitoring and auditing activities For client information and sales related information to be available when needed, a company's sales process must be available This can be done by maintaining a solid and trustworthy IT infrastructure, such as cloud based solutions that make data access simple, as well as by having disaster recovery and business continuity plans in place to guarantee that the sales process can continue in the event of unforeseen circumstances Less critical

The Answer is in the image, click to view ...

Answered step by step

Verified Expert Solution

Link Copied!

Question

1 Approved Answer

Posted on Jul 27, 2024

Can you tell some improvements in this and add some data in task 1,2,3 and 4. Introduction G44 Consultants have been asked to prepare a

Can you tell some improvements in this and add some data in task 1,2,3 and 4.

Introduction

G44 Consultants have been asked to prepare a limited report for XYZ Realty Group (XYZRG) on their cyber security management.

Background

XYZRG is a licensed prominent high-end real estate agency based in Melbourne, Australia. The company provides real estate services such as buying, selling, renting, investing, and managing properties across the country. With a target to increase market share by 20% over the next three years, the organization places a significant emphasis on its proprietary information, which is managed and secured at the data centre located at the corporate headquarters.

The board and executive of XYRG have identified a low risk appetite for any risks that may result in reputational damage, regulatory breaches, operational risks related to service delivery, and the integrity and confidentiality of data. One area in which they are willing to take risk is in deploying information technology that allows innovative practices in their business.

Recommendations

Based on the risk analysis we have undertaken these are the risks we recommend the XYZRG address:

The critical risk we have identified is around access control and safety of data and intellectual property.

Based on the information provided we recommend that a password policy be implemented to ensure that complex passwords are enforced. This is to ensure that unauthorised access to XYZRG laptops and commercial information is secure.

Implement an encryption system for information stored on the remote database to ensure that if it is intercepted in transmission between laptops and central database it cannot be used.

To ensure that staff are well aware of the cyber security threats and vulnerabilities and how the controls work we would recommend implementing a clear training procedure. The cyber security governance should be well implemented with clear, easy to follow policies that are easily accessible by staff. This training should also raise the importance of incident reporting to ensure that any non-compliance can be managed.

To ensure that protections are in place for prevention of cyber attacks penetration testing should be carried out on a regular basis as determined by the IT team.

The ability for agents to install their software should be reviewed to avoid the possibility of malware entering the system.

Conclusion

While XYZRG appears to have some understanding of cyber security risks controls could be implemented as suggested above to uplift the cyber security governance. Along with the actions that XYZRG is already taking in regards to regular software updates and hardware controls these recommendations will add an extra layer of security and protect the businesses data integrity and confidentiality.

Task 1: Cyber Security Risk Identification

Asset identification: Identify four assets, one of each type: information, knowledge, application, and businessprocess. For each asset, determine is current worth (value), and the security requirements (confidentiality,integrity, and availability). Finally, prioritise the assets based on their level of criticality from highly critical to lesscritical.

Table I: Asset risk register

AssetName	Type	Value	Security Requirements			Priority
AssetName	Type	Value	Confidentiality	Integrity	Availability	Priority
Customer database	Information	$500,000	The requirement to safeguard confidential information from unauthorised disclosure is referred to as confidentiality. This involves ensuring that client data is shielded from outside dangers like hacking and eavesdropping and that only authorised individuals have access to it.	Integrity is the requirement to guarantee that data is accurate and unaltered. This entails safeguarding the data from unauthorised alterations as well as identifying and fixing any problems that might arise.	The necessity to make sure that data is available when requested is referred to as availability. This entails making sure the data is stored in a trustworthy location and that the necessary disaster recovery processes are in place to guarantee that the data can be recovered in the case of a loss.	Highly critical
Company's intellectual property (e.g. patents, trademarks)	Knowledge	$1,000,000	Intellectual property (IP) confidentiality is essential to safeguarding a business's competitive edge and preventing illegal exposure of trade secrets, including patents, trademarks, and other sensitive data. To ensure that only authorised employees with a need to know have access to IP, businesses should put tight access controls in place.	For information to be accurate and comprehensive as well as to prevent illegal changes to patents, trademarks, and other valuable information, a company's IP integrity is crucial. To spot any unlawful changes, businesses should employ routine monitoring and auditing methods.	A company's IP must be accessible in order to be accessed and used when necessary. To ensure that the data can be recovered in the event of a loss, IP should be saved in a secure and trustworthy location with adequate disaster recovery processes.	Highly critical
CRM software	Applications	$250,000	Client relationship management (CRM) software confidentiality is crucial to guard against unauthorised access to and disclosure of sensitive customer data, including personal information, contact details, and sales history. To restrict access to the CRM system to just authorised individuals who have a need to know, businesses should instal stringent access controls, such as user authentication and role-based access. Additionally, data must be encrypted while in transit and at rest.	The accuracy and integrity of a company's CRM software must be guaranteed to avoid unauthorised alterations to client information. To preventing illegal changes and ensuring data integrity, businesses should employ routine monitoring and auditing methods.	For client data to be available when required, such as for sales and customer service operations, a company's CRM software must be operational. To ensure that the data can be recovered in the case of a loss, the CRM system must be housed on a dependable and highly available infrastructure with adequate disaster recovery methods.	Critical
Sales process	Process	$100,000	To prevent unauthorised access to or disclosure of sensitive information such as price, sales techniques, customer data, and trade secrets, confidentiality in a company's sales process is crucial. Strict access controls, such as user authentication and role-based access, can be used to restrict access to the sales process to only authorised personnel with a need to know. Confidentiality agreements and non-disclosure agreements can also be used to protect the interests of outside parties involved in the sales process.	Integrity in a company's sales process is crucial to guaranteeing data accuracy and preventing unauthorised changes to sales techniques, customer information, or other crucial data. This can be accomplished by creating rigors data validation methods to guarantee that the entered data is accurate and consistent, as well as by conducting routine monitoring and auditing activities.	For client information and sales-related information to be available when needed, a company's sales process must be available. This can be done by maintaining a solid and trustworthy IT infrastructure, such as cloud-based solutions that make data access simple, as well as by having disaster recovery and business continuity plans in place to guarantee that the sales process can continue in the event of unforeseen circumstances.	Less critical