Your report should highlight the following issues:

• As part of your report, you should concisely and clearly present your findings of how the business operates and how the services will move online.

• Clearly highlight seven potential risks and present qualitative and quantitative risk analysis

• Present security control strategies to handle those risks with appropriate justification.

• Highlight and justify the budget amount allocated for each control strategy.

• Discuss the impact of Internet-of-things and industry 4.0 (two changes)

• Highlight any additional security risks that may exist due to these changes and their mitigation

• Discuss any legal or ethical implication of these changes

You should include any other relevant issues you feel is important in your report. PLEASE DON'T COPY ANSWERS FROM OTHERS. THANKS.

Overview You are required to produce a business report for the board of directors of a business organisation regarding the security risks the organisation may face and your recommended control strategies. The purpose of this assessment is for you to demonstrate that you understand the security risks an organisation may face while transitioning to online business and the challenges that need to be addressed to minimise those risks. Learning Outcomes The targeted Course Learning Outcomes for this assessment are: CLO1: Apply a set of IS and business skills to design and evaluate an information systems security architecture. CLO2: Develop security solutions and mitigation strategies to address security threats and vulnerabilities for Information Systems (IS) and other organisational assets. CLO3: Apply security management and technical tools and knowledge to real-life case study situations. CLO6: Frame judgements and communicate the results of security problem solving activities, individually and within a group. Assessment details The COVID-19 pandemic has significantly changed the way we live and run our businesses. Due to lockdown and other government restrictions businesses had to swiftly shift to an online model. Such a sudden shift has not always followed appropriate risk analysis and assessment activities, which may result in businesses suffering from cyberattacks. Your task begins with selecting a particular industry sector for this individual project. You can select any type of industry, e.g., healthcare, retail, banks, food, accommodation, financial and insurance services, education, etc. Please note that these are just examples and do not show a comprehensive list. You can talk to your tutor if you need help with selecting a type of business organisation for this task. Consider that you have been hired as a security professional to provide advice and guidance to ABC company who are planning to move their businesses online to continue operating and providing service to their stakeholders. For this task, you can consider that the ABC company is doing a similar business as your selected industry sector. You can use personal experience, communicate with someone working in that industry, and/or conduct a literature review or any other form of investigation to determine how the business operates, what its information assets are, and what the requirement will be to move the business online. The next step is to conduct a formal risk assessment activity. You need to identify seven potential security risks that the company may face while operating its business online. You need to calculate and present both qualitative and quantitative risk assessments for this task. After identifying the risks, you need to provide appropriate control strategies for each risk and provide appropriate justification for taking the action. You should consider 70% budget availability to tackle these risks, i.e., if the organisation needs to spend $100,000 to handle all the six risks, only $70,000 is currently available. Please note that this is just an example. You should use your own amount based on the security control measure and background research. As discussed in Week 10 & 11 modules, Internet-of-things (IoT) and Industry 4.0 are going to make a huge impact on businesses and how they operate. Identify two such changes that may happen in the near future in ABC company. Use appropriate assumptions and some background research to answer this part. Are these changes going to produce any additional security risk? Why or why not? If you answered yes, what are those security risks? If there are additional security risk, how can they be handled? Can you think of any ethical or legal implications of these changes? Justify your answer with proper explanation and relevant evidence. Overview You are required to produce a business report for the board of directors of a business organisation regarding the security risks the organisation may face and your recommended control strategies. The purpose of this assessment is for you to demonstrate that you understand the security risks an organisation may face while transitioning to online business and the challenges that need to be addressed to minimise those risks. Learning Outcomes The targeted Course Learning Outcomes for this assessment are: CLO1: Apply a set of IS and business skills to design and evaluate an information systems security architecture. CLO2: Develop security solutions and mitigation strategies to address security threats and vulnerabilities for Information Systems (IS) and other organisational assets. CLO3: Apply security management and technical tools and knowledge to real-life case study situations. CLO6: Frame judgements and communicate the results of security problem solving activities, individually and within a group. Assessment details The COVID-19 pandemic has significantly changed the way we live and run our businesses. Due to lockdown and other government restrictions businesses had to swiftly shift to an online model. Such a sudden shift has not always followed appropriate risk analysis and assessment activities, which may result in businesses suffering from cyberattacks. Your task begins with selecting a particular industry sector for this individual project. You can select any type of industry, e.g., healthcare, retail, banks, food, accommodation, financial and insurance services, education, etc. Please note that these are just examples and do not show a comprehensive list. You can talk to your tutor if you need help with selecting a type of business organisation for this task. Consider that you have been hired as a security professional to provide advice and guidance to ABC company who are planning to move their businesses online to continue operating and providing service to their stakeholders. For this task, you can consider that the ABC company is doing a similar business as your selected industry sector. You can use personal experience, communicate with someone working in that industry, and/or conduct a literature review or any other form of investigation to determine how the business operates, what its information assets are, and what the requirement will be to move the business online. The next step is to conduct a formal risk assessment activity. You need to identify seven potential security risks that the company may face while operating its business online. You need to calculate and present both qualitative and quantitative risk assessments for this task. After identifying the risks, you need to provide appropriate control strategies for each risk and provide appropriate justification for taking the action. You should consider 70% budget availability to tackle these risks, i.e., if the organisation needs to spend $100,000 to handle all the six risks, only $70,000 is currently available. Please note that this is just an example. You should use your own amount based on the security control measure and background research. As discussed in Week 10 & 11 modules, Internet-of-things (IoT) and Industry 4.0 are going to make a huge impact on businesses and how they operate. Identify two such changes that may happen in the near future in ABC company. Use appropriate assumptions and some background research to answer this part. Are these changes going to produce any additional security risk? Why or why not? If you answered yes, what are those security risks? If there are additional security risk, how can they be handled? Can you think of any ethical or legal implications of these changes? Justify your answer with proper explanation and relevant evidence