Answered step by step
Verified Expert Solution
Question
1 Approved Answer
Congratulations! Cybermedica has just contracted you for assisting the Chief Information Security Officer ( CISO ) of the company for designing its Information Security Management
Congratulations! Cybermedica has just contracted you for assisting the Chief Information Security Officer CISO of the company for designing its Information Security Management System ISMS based on the ISO Information Security Framework.
As an expert in information security and cryptography you are invited to prepare a report for the CISO addressing the following points raised during meetings. You need to prepare a formal report to be submitted to the CISO that addresses all the following points.
DigiHealth and Co provides a platform that offers automated diagnosis and healthrelated advice to their customers using health and diet related data collected via companys wearables and mobile applications supporting Android and iOS at the moment.
The company has four major departments;
Research and Development R&D department specialising in automated statistical
analysis with offices in UK London and Greece Athens
Manufacturing Department specialising in designing hardware for wearables in
China,
Information Security and Technology Department that is responsible for the inhouse
infrastructure as well as the cloudbased infrastructure hosted in Amazon Web
Services AWS in two locations USA and EU Ireland
Legal, Accounting, Billing and Invoicing department based in Cyprus UK
a List the most critical operations of DigiHealth and Co;
b Define the scope according to the ISO framework;
c Identify critical assets of the company and conduct a risk assessment for each asset by identifying possible threats and possible vulnerabilities for each threat for each asset.
You should include the following columns in your risk assessment table: name of the asset, threat, vulnerability, current situation, impact, likelihood, risk, suggested controls, residual risks.
In the current situation you are free to imagine any scenario that you would like, eg the servers data are encrypted with outdated encryption algorithms.
d Identify policies according to ISO that you plan to launch and for each policy define metrics that can be used to measure their effectiveness Refer to ISOAnnex A
For Question c provide me with and excel file which is basically what I want done ONLY with assets, for each asset threats and for each threat vulnerabilities total vulnerabilities. for the impact, likelyhood and residual risk columns add numerical values in the scale of please. The before should be outside the parentheisis and after the control in the parenthesis number. Thank you
Step by Step Solution
There are 3 Steps involved in it
Step: 1
Get Instant Access to Expert-Tailored Solutions
See step-by-step solutions with expert insights and AI powered tools for academic success
Step: 2
Step: 3
Ace Your Homework with AI
Get the answers you need in no time with our AI-driven, step-by-step assistance
Get Started