Scribd Logo
Upload

Welcome to Scribd!

  • I. Sparq Chief Executive Officer (Ceo) Department: Admin Staff Mom Handle

    Uploaded by

    fawas hamdi
    5 views4 pages
    The document discusses information security risks within SparQ's CEO department. It outlines key information assets like minutes of meetings (MoMs) and legal documents. MoMs are recorded digitally and on paper, with the latter stored in locked cabinets requiring keys. A number of threat scenarios are then presented that could lead to leaks or loss of sensitive information, including disgruntled or phished employees, ransomware, infrastructure issues, and physical threats like theft, fires or floods. The company has experienced some prior data breaches from these types of issues in recent years. Maintaining strong information security is important for SparQ's business operations and compliance with regulations.

    Original Description:

    Original Title

    2019ITEC854-44518188

    Copyright

    © © All Rights Reserved

    Available Formats

    PDF, TXT or read online from Scribd

    Did you find this document useful?

    Is this content inappropriate?

    Report this Document
    The document discusses information security risks within SparQ's CEO department. It outlines key information assets like minutes of meetings (MoMs) and legal documents. MoMs are recorded digitally and on paper, with the latter stored in locked cabinets requiring keys. A number of threat scenarios are then presented that could lead to leaks or loss of sensitive information, including disgruntled or phished employees, ransomware, infrastructure issues, and physical threats like theft, fires or floods. The company has experienced some prior data breaches from these types of issues in recent years. Maintaining strong information security is important for SparQ's business operations and compliance with regulations.

    Copyright:

    © All Rights Reserved
    Download as PDF, TXT or read online from Scribd
    Flag for inappropriate content
    5 views4 pages

    I. Sparq Chief Executive Officer (Ceo) Department: Admin Staff Mom Handle

    Uploaded by

    fawas hamdi
    The document discusses information security risks within SparQ's CEO department. It outlines key information assets like minutes of meetings (MoMs) and legal documents. MoMs are recorded digitally and on paper, with the latter stored in locked cabinets requiring keys. A number of threat scenarios are then presented that could lead to leaks or loss of sensitive information, including disgruntled or phished employees, ransomware, infrastructure issues, and physical threats like theft, fires or floods. The company has experienced some prior data breaches from these types of issues in recent years. Maintaining strong information security is important for SparQ's business operations and compliance with regulations.

    Copyright:

    © All Rights Reserved
    Download as PDF, TXT or read online from Scribd
    Flag for inappropriate content
    of 4

    I.

    SparQ Chief Executive Officer (CEO) department

    The SparQ’s CEO department is responsible for promote Information Security culture
    at SparQ. By delegating the role for other department heads, CEO’s SparQ want to
    ensure Information Security Management System (ISMS) will be followed by all
    employees. This would be meet requirements from local government and SparQ’s
    customers to ensure an adequate ISMS is deployed and maintained at SparQ.

    By implementing ISO 27000 framework, SparQ would also increase its market
    competition comparing with other potential competitors. A well manage ISMS and
    high-level Information Security awareness is a key to sustain and enhance SparQ
    business capability in future.

    In order to support CEO department to coordinate and implement successfully ISMS


    in SparQ. Other heads of department will also provide the resource and a level of
    commitments to implement ISMS within their responsible departments.

    II. Business Processes and Information Assets

    In daily business of a CEO, the meeting of minutes (MoM) is a type of document


    need to be treated as an information asset. The MoM is a record of discussion points
    during meetings between CEO and other department heads, CEO and external
    partners/customers/local government authorities. The MoM will be recorded and
    coordinated by CEO’s Admin staff (including personal assistant). The MoM also will
    deliver to involved participators

    •Deliver to
    participators
    Admin •Record Digital MoM •Keep MoM
    MoM files Handle outside of
    Staff •Note
    non-
    authorized
    people

    Another potential information asset that handled by CEO’s department is a set of legal
    paper documents. These legal papers including but not limited to third parties’
    contracts, company’s certificates, property’s certificates, company’s audit reports and
    internal compliance case documents.

    Keys are
    Legal paper
    CEO's managed
    documents Stored In department
    cabinets by Admin
    Staff

    III. Threat scenarios

    #101 – Leaked sensitive information to unauthorized individuals/parties

    Scenario: A disgruntled employee steal a MoM file and send it to unauthorized


    parties/person.

    Records of previous data breach: one case in last three years ago.

    #102 – Spear Phishing Attack

    Scenario: Hackers found list of Admin’s staff employee email in a public forum.
    They start an intensive phishing attack on these emails. One of employees of Admin
    staff click the phishing email and open the malicious attachment which lead to her
    computer infected by a trojan

    Records of previous data breach: one case in last three years ago.

    #103 – Mishandling Information

    Scenario: One of employees in Admin staff leave user and password in open places.
    This information could be stolen and accessed by unauthorized person

    Records of previous data breach: One case that happened last year.

    #104 – Ransomware Attack

    Scenario: The file sharing has been encrypted by a type of ransomware.


    Records of previous data breach: One case that happened last year.

    #105 – IT Infrastructure down

    Scenario: There was a crash in file sharing server that cause the interruption in access
    important MoM files in department sharing drive.

    Records of previous data breach: One case that happened last year.

    #106 – Lack of integrity

    Scenario: A disgruntled employee delete/change information on the MoM. This


    would cause the lost in information integrity.

    Records of previous data breach: One case that happened last year.

    #107 – IT application

    Scenario: A misconfiguration in the access control list that led an unauthorized


    person able to access sensitive MoM file on CEO’s department share.

    Records of previous data breach: One case in the last five years.

    #201 – Physical Security Threat

    Scenario: A thief bypass physical security system and cracked the CEO’s department
    cabinets. Several legal paper documents could be stolen from the company.

    Records of previous data breach: One case in the last five years.

    #202 – Lost the keys

    Scenario: An employee in CEO’s department mishandling cabinet keys. This would


    cause a potential threat that allows unauthorize physical access to sensitive legal
    documents.

    Records of previous data breach: One case in the last three years.

    #203 – Health, Safety and Environment

    Scenario: Paper documents has been burned by fire

    Records of previous data breach: This threat did not occur yet but according to
    company incident history, there was a small fire near the CEO’s department area that
    was occurred five years ago
    #204 – Natural Disaster

    Scenario: Paper documents has been destroyed by flood

    Records of previous data breach: This threat did not occur yet but the area where
    SparQ is located inside a valley landscape. The last flood was recorded by local
    government that happened five years ago.

    You might also like