Congratulations! $$Cybermedica has just contracted you for assisting the Chief Information Security Officer $($CISO$)$ of the company for designing its Information Security Management System $($ISMS$)$ based on the ISO$27001$ Information Security Framework.

As an expert in information security and cryptography you are invited to prepare a report for the CISO addressing the following points raised during meetings. You need to prepare a formal report to be submitted to the CISO that addresses all the following points.

DigiHealth and Co provides a platform that offers automated diagnosis and health$-$related advice to their customers using health and diet related data collected via company$$s wearables and mobile applications supporting Android and iOS at the moment.

The company has four major departments;

$$ Research and Development $($R&D$)$ department specialising in automated statistical

analysis with offices in UK $($London$)$ and Greece $($Athens$),$

$$ Manufacturing Department specialising in designing hardware for wearables in

China,

$$ Information Security and Technology Department that is responsible for the in$-$house

infrastructure as well as the cloud$-$based infrastructure hosted in Amazon Web

Services $($AWS$)$ in two locations USA and EU $($Ireland$),$

$$ Legal, Accounting, Billing and Invoicing department based in Cyprus $($UK$).$

a$)$ List the $10$ most critical operations$$ of DigiHealth and Co;

b$)$ Define the $$scope$$ according to the ISO$27001$ framework;

c$)$ Identify $10$ critical assets $$of the company and conduct a risk assessment for each asset by identifying $2$ possible threats and $2$ possible vulnerabilities for each threat for each asset.

You should include the following columns in your risk assessment table: name of the asset, threat, vulnerability, current situation, impact, likelihood, risk, suggested controls, residual risks.

In the current situation you are free to imagine any scenario that you would like, e$.$g$.$ the server$$s data are encrypted with outdated encryption algorithms.

d$)$ Identify $10$ policies $$according to ISO$27001$ that you plan to launch and for each policy define $2$ metrics that can be used to measure their effectiveness $($Refer to ISO$27001/$Annex A$).$

For Question $1$c provide me with and excel file which is basically what I want done ONLY with $10$ assets, for each asset $2$ threats and for each threat $2$ vulnerabilities $($total $4$ vulnerabilities. for the impact, likelyhood and residual risk columns add numerical values in the scale of $1-5$ please. The before should be outside the parentheisis and after the control in the parenthesis number. Thank you