XYZ Tech Solutions is a leading technology company specializing in providing a distributed web application that enables clients to manage sensitive financial data securely$.$ The application allows users to access their financial information, perform transactions, and view real$-$time analytics. The platform is designed to handle a large volume of users and financial transactions simultaneously, making it a valuable tool for both individuals and businesses. Challenges: Despite XYZ Tech Solutions' commitment to information security, the company faces several challenges in ensuring a robust security posture across its distributed web application: Increasing Cyber Threats: The cybersecurity landscape is constantly evolving, with sophisticated cyber threats emerging regularly. Ensuring the protection of sensitive financial data is paramount, as any security breach could result in severe financial and reputational consequences for the company and its clients. Web Application Complexity: The distributed nature of the web application involves numerous interconnected components, such as web servers, databases, APIs, and administrative interfaces. Each component represents a potential entry point for attackers, necessitating a comprehensive security assessment. Regulatory Compliance: XYZ Tech Solutions operates in a highly regulated industry where compliance with data protection and privacy regulations is crucial. Adhering to industry standards such as PCI$-$DSS$,$ GDPR$,$ and ISO $27001$ is vital for maintaining the trust of clients and ensuring legal compliance. Let us assume that the XYZ Tech Solutions' hires you to develop an information security plan to identify the possible threats to the organization. For example, it is necessary to identify the important services $($e$.$g$.,$ website, booking portal, electronic equipment$)$ that XYZ Tech Solutions' is managing. The criteria that you need to address based on the given scenario are summarized into two parts: Part A: $1.$ Assessing the current risk of the entire business $2.$ Treat the Risk as much as possible

Task I: Risk Identification In achieving the above two goals, you will do the followings $1.$ Find at least five assets $2.$ Find at least two threats against each asset $3.$ Identify vulnerabilities for the assets Task II: Risk Assessment At the end of the risk identification process, you should have i$)$ a prioritized list of assets and ii$)$ a prioritized list of threats facing those assets and iii$)$ Vulnerabilities of assets. Using the information gathered during risk identification, create a prioritized list of assets, threats, and vulnerabilities. Develop a Threats$-$Vulnerabilities$-$Assets $($TVA$)$ worksheet to assist in risk rating calculations. Calculate the risk rating of each of the identified triplets out of $25.$ Part B: You are expected to implement one of the attacks that could be happening on any of the assets. For example, if one of the assets is the platform used $($e$.$g$.,$ Booking portal$),$ it has a login page, and the patients have to enter their username and password. You can assume that the platform is vulnerable to password$-$cracking attacks. This assessment requires you to use password crackers to break passwords. A password cracker is software designed to break passwords. Use two types of password crackers $($e$.$g$.,$ Brute force Attack, Rule Attack or Dictionary attack$)$ to extract passwords from the Rainbow table. You are required to first set up a rainbow table and apply the password cracker on that.