Please help with this case study including answers to each bolded dot points; answers need to include theories in digital risk and clear connection to the case study?.

Start of case study

Consider that you have been hired as a consultant by a business organisation to provide guidance for the implementation of information systems security, its importance, the impact of cyberattacks in businesses, and how it can be successfully implemented in their organisation. You will be required to assess the case study a professional business analyst. The details are provided below.

MyMedical is an Australian health service provider based in Victoria. They have several branches throughout Victoria in various suburbs. Each branch has general practitioners, specialists, and pathologists who assist patients in resolving medical issues. Prior to the COVID-19 pandemic, they only provided face-to-face services and had no online presence. However, due to COVID-19-related restrictions, the company was also forced to move its operations online without proper cybersecurity implementation.

They began providing telehealth and consultation sessions to their patients. Medical practitioners and other personnel were also providing services from home. For consultation sessions, they used freely available online video conferencing applications. They have recently become concerned about their cybersecurity practises and have hired a security professional (i.e., you) to advise them on the importance of good cybersecurity practises and the implementation procedures for their business. You will develop an analysis as part of this exercise to highlight the importance of good security practises in businesses and the consequences of cyberattacks. You will also give them some pointers on how to implement a balanced security policy in their organisation.

Your task begins with highlighting any information related to the recent increase in cyberattacks. You must assist MyMedical stakeholders (who lack cybersecurity knowledge) in understanding how the pandemic may have affected global cyberattacks. Select a specific attack type for the next section of your report, such as Ransomware, Virus, Cryptojacking, Phishing, Denial-of-service (DoS), and so on. These are only examples, not an exhaustive list of attack types. You should choose an attack type that is common among health-care providers and justify your choice.

End of case study

Following the selection of the attack type, you should conduct research on at least seven recent cyber-attacks (2017-to-date) that targeted the health care industry. In your analysis, you must highlight some of the findings of those attacks, which include, but are not limited to:

• How the attacks occurred,
• What the impacts of those attacks were,
• What security measures were in place prior to the attacks,
• How the attacks were handled, What security control measures (if any) were implemented after the attacks, and, finally,
• Whether any other vulnerability remained on the targeted organisations after the implementation of those security measures.

After gathering information about recent cyberattacks in businesses similar to MyMedical, you must present your findings to MyMedical in the form of a professional business analysis. Any reasonable assumption about MyMedical, such as the number of employees, location, employee skills, information assets, supporting resources, and so on, can be made. In the body of your analysis, your assumptions must be clearly explained. Your analysis should emphasise critical issues such as, but not limited to: Detailed information about cyberattacks that occurred in various cases - You must describe how the attack occurred, its impact, details about security control measures implemented before and after the attack, and remaining vulnerabilities. - Compare and contrast the effects on various organisations or the strategies they use to deal with such attacks. Potential threats to MyMedical because of moving their business online (minimum 5 threats) - You must highlight and discuss at least the top 5 most relevant threats that the company may face because of moving its business online. Potential security control strategies to address those threats - You must mention at least two strategy for each threat and explain the cost of implementing this strategy. Potential issues when implementing those security control strategies - You should highlight any potential issues that the company may encounter while implementing the chosen strategy, e.g., internal resistance, a lack of skills, and so on. Recommendation considering a budget constraint - For this section, you must consider that MyMedical has some budget constraints and can only implement a portion of the security control strategies (e.g., 50-60% of the total required budget).

-You must make recommendations on which strategies they should implement right away, as well as a timeline for implementing the remaining strategies in the future. A five-year plan is advised.

You should inform them about the cybersecurity risks they may face as a result of moving their business online or working from home, as well as how such risks may have affected other companies in the industry. Your video should also give them some pointers on good cybersecurity practises. You should keep in mind that you are making this video for all of MyMedical's employees who have limited technical knowledge.

Note:

• The structure and design of the analysis:

- A consistently clear and appropriate structure is used that includes all required sections, elements, and information. The sections clearly and concisely present relevant arguments.

- Consistent use of appropriate vocabulary and sentence structure enables a completely unambiguous grasp of the meaning, intent, and message of the writing.

- Analysis is appropriate, clear labeling of figures, style, and font is used throughout the document.

• Cyberattacks faced in different organisations

- The analysis provides a clear and concise explanation of the cyber attacks and their impacts on different organisations and extends its analysis to identify and justify issues and problems beyond the expected main issues.

- The analysis demonstrated an excellent understanding of the topic being presented suggesting comprehensive background studies were completed.

- The analysis is written in a way that is understandable by people with no technical background.

- The analysis presents a comprehensive analysis of how the cyber attack impacted and was handled in different cases and the comparison is clearly and concisely highlighted.

• Potential threats: the discussion on potential threats that the company may face due to moving online

- The analysis provides clear and concise arguments about the threats the company is likely to face and justifies issues and problems beyond the expected main issues and the minimum five threats.

- The analysis demonstrated an excellent understanding of the topic being presented suggesting comprehensive background studies were completed.

- The analysis presents a comprehensive analysis of how these threats may impact ABC company and concisely justify why these threats are now the most relevant due to moving to an online business.

• Mitigation strategies: the details of mitigation strategies and their incorporation challenges

- The details of mitigation strategies and their incorporation challenges are clearly and concisely presented.

- The discussion presented is relevant, contains appropriate details, shows logical reasoning, shows clarity of argument, and uses an analytical approach.

- The incorporation challenges are clearly and concisely articulated and well-justified with appropriate reasoning.

- The analysis demonstrated an excellent understanding of the topic being presented suggesting comprehensive background studies were completed.

• The recommended steps for the organization to adopt in short time and long time

- The recommended steps for the organization are clearly and concisely presented.

- The discussion presented is relevant, contains appropriate details, shows logical reasoning, shows clarity of argument, and uses an analytical approach.

- The contents presented are value-adding. The recommendations are well-justified with appropriate reasoning.

- The analysis demonstrated an excellent understanding of the topic being presented suggesting comprehensive background studies were completed.