Answered step by step
Verified Expert Solution
Link Copied!

Question

1 Approved Answer

XYZ Realty Group (XYZRG) XYZRG is a licensed prominent high-end real estate agency headquartered in Melbourne. XYZRG offers real estate services to buy, sell, rent,

XYZ Realty Group (XYZRG) XYZRG is a licensed prominent high-end real estate agency headquartered in Melbourne. XYZRG offers real estate services to buy, sell, rent, invest, and manage all kinds of real estate properties throughout Australia. XYZRG is targeting to increase market share by increasing sales and rental revenues by 20% over the next three years. A large quantity of proprietary information is managed and secured at the data centre, which is located at the corporate headquarter. Laptops and other devices account for a significant portion of XYZRG's assets, and these devices are critical to employee productivity and business profitability. The XYZRG board and the executive management have expressed risk appetite for some of the key risks XYZRG exposed to as follows: (i) there is a law risk appetite for the loss or breach of business and customer data as well as intellectual property in pursuit of its goals, (ii) a law risk appetite for operational risks related to the availability of services, the integrity and confidentiality of the data entrusted to XYZRG, (iii) a high risk appetite for information technology initiatives which enhance its capabilities, (iv) brand is critical for XYZRG. Therefore, there is a low-risk appetite for compromising its reputation and brand loyalty, (v) a low-risk appetite for non-conformance with established laws, regulations, and industry standards, and (vi) a very low risk appetite for employee misconduct, breach of relevant codes of practice, fraudulent dealing with clients, false publication of agency data or material, or other actions which threaten the XYZRGs integrity. These risks may only be accepted where all legislative controls requirements are fulfilled and where the risks have been reduced to the point where additional controls have negative cost/benefit. The real estate agents are provided with XYZRG-owned laptop to improve customer service delivery, business efficiency and productivity. Other staff members could also borrow laptop when it is essential to their productivity and function. All laptops purchased by XYZRG or on its behalf are the sole property of XYZRG. The laptops come pre-installed with a variety of up- to-date and regularly updated software, including advanced security products (e.g., VPN, firewall and antimalware), encryption software, a password-protected screensaver, MS Word, and Excel. A virtual desktop software to access the company's applications and data remotely from the data centre is also pre-installed on the laptops. Some realtors also use private productivity software and personal messaging apps on the laptop. The real estate agents use XYZRG-issued laptop both inside and outside their office to serve XYZRG clients (e.g., buyers, renters, residents, corporations, and investors). Meeting clients at restaurants and caf shops is inherent in real estate businesses. As a result, XYZRG agents occasionally meet clients at caf shops and use the laptop to access the XYZRG's client database via the caf shop's Wi-Fi. Because some XYZRG employees frequently use public transportation and work on their laptops while commuting to and from work, it is common practise to keep a copy of the company dataset on the laptop in readable format. Some realtors also store personal files on the laptop and leave a laptop connected to networks, email, and Web sites even when it is not actively used. The laptops are password-protected, but significant number of staff use memorable weak passwords. In addition to servicing XYZRG clients, the real estate agents use the XYZRG-issued laptop to stay connected with the clients and other agents, market business to clients, share data and information with other XYZRG and other agents, and close deals quickly. Some realtors also use the laptop to check personal email, pay bills and online meetings.

XYZRG has a laptop security policy, and employees are only given laptops after they acknowledge that they understand and agree to follow the policy. XYZRG deploys cutting- edge cyber security solutions that include access control systems, firewalls, antivirus and anti- malware software, denial of service prevention, an email security system, and so forth to protect the assets at the datacentre as well as on desktops and mobile devices used by the individual agents. Also, the company network and devices are regularly monitored for inappropriate use. XYZRG's IT division remotely manages updates on work-issued laptops and can wipe sensitive data (if necessary) from the laptop in real time. Many staff members habitually leave the laptop in a locked car while running errands. Since XYZRG experiences a fair number of issues with laptops including theft, it purchases laptop warranties that cover normal wear and tear, such as the battery, keyboard, hard disc, and so on. The warranty does not cover negligence such as dropping or spilling liquids on the devices and does not cover lost or stolen laptops.

Vulnerabilities and emerging threats that XYZRG must consider include:

Loss or theft of laptops and other devices containing sensitive data.

Weak password protection practices.

Public Wi-Fi security risks when accessing the company database.

Physical damage to laptops through normal wear and tear or accidental damage.

Insider threats from employees who may compromise confidential data.

Vulnerabilities in virtual desktop software and third-party applications.

Threats to the availability of data and systems from cyber attacks and system failures.

Non-compliance with laws, regulations and industry standards.

Here is the information presented in a table form:

Asset Name

Type

Value

Security Requirements

Priority

Proprietary Information

Data

High

Encryption, Data Center Security, Remote Wiping

High

Laptops

Physical Device

High

Antivirus/Antimalware, Encryption, Password Protection, Virtual Desktop Software

High

Reputation and Brand Loyalty

Brand

High

Compliance with Laws and Regulations, Employee Conduct, Protecting Intellectual Property

Low

Data Centre

Physical Location

High

Access Control Systems, Firewalls, Antivirus/Antimalware, Email Security System

High

Task 2: Cyber Security Risk Assessment

Table III: Inherent risk register

Risks

Vulnerabilities

Threats

Likelihood

Impact

Risk level

Can you help me with risk assesments?

Step by Step Solution

There are 3 Steps involved in it

Step: 1

blur-text-image

Get Instant Access to Expert-Tailored Solutions

See step-by-step solutions with expert insights and AI powered tools for academic success

Step: 2

blur-text-image

Step: 3

blur-text-image

Ace Your Homework with AI

Get the answers you need in no time with our AI-driven, step-by-step assistance

Get Started

Recommended Textbook for

SQL Database Programming

Authors: Chris Fehily

1st Edition

1937842312, 978-1937842314

More Books

Students also viewed these Databases questions