The i Premier Company A: A Distributed Denial of service attack. website was hacked and employees could not do anything on the website. the company stores customer information including credit cards that customer uses

In tracking email source, it show that they are coming from Europe or Asia.

Disaster recovery plan and incident response was old plans

Hackers had control of their website and were stealing information. there is no monitoring tool to be used to check traffic on the network. DDoS attack coming from $3000$ sites and they targeted the firewall $.$the company shut down the traffic on those sites. they shut down the server to disconnec to the public. this will affect normal business operations

an attacker uses a single computer to send many request in rapid succession but they can be traced.

More sophisticated DDoS occurs where many request come in rapid succession from many computers. they use Botnets then infect them wit malware, allowing hackers to control their devices. sometimes Zombies.

$1.$ The ISO $31000$:$2009$ Risk Management Principles and Guidelines notes that $$establishing the context will capture the objectives of the organization, the environment in which it pursues those objectives, its stakeholders and the diversity of risk criteria $$ all of which help reveal and assess the nature and complexity of its risks.$$Before starting the design and implementation of the framework for managing risk, it is important to understand both the external and internal context of the organization, since these can significantly influence the design of the framework.$$

Based on the information provided in the case study write a short summary of your understanding of the business context.

$2.$ Articulate the two $(2)$ critical risks that exist as a result of the incident. Provide two bow$-$tie diagrams noting the causes, event and impacts of each risk, then use the information of the bow$-$tie to clearly articulate the risks.

$3.$ Which methods can be used to assess risks to ensure that risk mitigation activities focus on the correct risks?

$4.$ Assess the risks identified in question $2,$ in terms of inherent and residual risk. Consider controls that are currently in place, whether they are effective and adequate and additional controls to implement to assist you in determining the residual risk. Do not multiply likelihood with impact to arrive at an inherent and residual risk rating.

$15$

$5.$ Apply the commonly accepted risk response$/$treatment options, to your answer in question $4$ to show how you will mitigate the risks identified for each risk treatment option.

$6.$ What is the single biggest challenge when it comes to IT Risk Management?

$7.$ Several IT Risk Management frameworks are noted in the prescribed readings. Why do we need an IT risk framework?