Professional Documents
Culture Documents
This study source was downloaded by 100000836533786 from CourseHero.com on 12-13-2021 22:36:32 GMT -06:00
https://www.coursehero.com/file/120380398/BSBXCS404-Attempt1pdf/
Assessment 1 - Knowledge Assessment (Written Tasks)
b) When must an organization or agency notify affected individuals and the Office of the
Australian Information Commissioner (OAIC) according to Notifiable Data Breach
legislation and Privacy Act 1988? Answer using 20-40 words.
A data breach happens when personal information is accessed or disclosed without
authorization or is lost. As per Privacy Act 1988, organizations must notify affected individuals
and OAIC when a data breach involving personal information is likely to result in serious harm
immediately after detection.
c) Identify five (5) examples of serious harm under the Notifiable Data Breaches scheme?
• a device with a customer’s personal information is lost or stolen
• a database with personal information is hacked/leaked
• a database of organisation’s employee details is leaked
• sensitive government information leaked
• health record of individual or from medical service provider’s is breached
• Financial details of an individual or finance org. hacked.
d) What are the seven (7) principles of the General Data Protection Regulation (GDPR)?
Principle (a) – lawfulness, fairness and transparency
Principle (b) – purpose limitation
Principle (c) – data minimization
Principle (d) – accuracy
Principle (e) – storage limitation
Principle (f) – integrity and confidentiality
Accountability principle
This study source was downloaded by 100000836533786 from CourseHero.com on 12-13-2021 22:36:32 GMT -06:00
https://www.coursehero.com/file/120380398/BSBXCS404-Attempt1pdf/
1.2 Answer the following questions:
a) What is the purpose of attending regular organizational training in cybersecurity risk
management strategies? Answer using 30-60 words.
• Making confident staffs- By holding official Security Awareness Training, team can feel confident
using the technology they need to. They'll know what to do and what not to do to help protect
the business.
• Better Culture - Being informed creates a better workplace culture. By establishing data security
as a priority, employees can help keep each other accountable for best practices and support
each other in safe technology use.
• Save Money - Combining a confident team with a data security-conducive culture will save your
company money.
• Save Time - One of the hidden costs of data breaches is the time lost trying to fix it and recover.
Similar to the cost saved, one can also save time by implementing training on security awareness.
• Better Security- the biggest benefit to holding a training session on security awareness is better
security.
b) What is the purpose of a regular cybersecurity threat assessment? Answer using 30-60
words.
Regular cybersecurity threat assessment assist the network in many ways
1. keeps the network more secure
2. Helps prevent hidden or pre-planned network breach, malware or spy ware attacks.
d) Why should escalation routes to senior levels be clear, efficient and effective? Answer
using 30-60 words.
At the time of Cyberspace breach command line to senior or experts need to be very
clear. It helps in
1. Identifying, isolate and eradicate the breach faster
2. Stake holders/customers data breach/loss can be minimized
This study source was downloaded by 100000836533786 from CourseHero.com on 12-13-2021 22:36:32 GMT -06:00
https://www.coursehero.com/file/120380398/BSBXCS404-Attempt1pdf/
1.3 Answer the following questions:
a) What are the two (2) types of risk management methodologies for assessing, analyzing
and reviewing cybersecurity risks?
There are two main types of risk assessment methodologies: quantitative and qualitative.
A qualitative risk assessment is less about numbers and more about what would actually
happen, day-to-day if one of the risks on your list were to occur. , a qualitative security
risk assessment methodology is performed by talking to members of different
departments or units and asking them questions about how their operations would be
impacted by an attack or a breach. Specifically, asking how a team’s productivity would
be affected if they couldn’t access specific platforms, applications, or data. These
interviews will show an assessor which systems and platforms are mission-critical for
specific teams, and which aren’t.
b) Identify four (4) reasons why developing communication plans are critical risk
management processes.
Developing communication plan can be sometimes critical. Reason being-
1. Communication plan involves assigning responsibilities to different stake holders
including suppliers. Reaching the appropriate stake holder at all times can be difficult.
2. Lack of proper distribution of communication plan among all the stake holders may
cause chaos and mismanagement at the time of breach.
3. Communication management plan are usually complicated as different problems/
issues are usually dealt with different stake holders. So the communication process are
usually lengthy and time consuming.
4. Communication process can be expensive when it comes to critical problems, so
meeting budgetary requirement at times of fault rectification needs to have budget
already approved. Which can be sometime critical.
This study source was downloaded by 100000836533786 from CourseHero.com on 12-13-2021 22:36:32 GMT -06:00
https://www.coursehero.com/file/120380398/BSBXCS404-Attempt1pdf/
c) What are the eight (8) steps you should consider when developing communication
plans?
1. Demography
2. Organizational structure
3. Network architecture
4. Stakeholder, supplier and vendors involved
5. Budgetary requirement
6. First point of contact when breach/fault occurs
7. A guide line/detailed incident report directory which can help at the time of breach.
8. A hierarchy/diagram/flowchart clearly showing whom to contact at different types of
incident.
d) Identify five (5) phases included in evaluating the effectiveness of cybersecurity risk
management.
1. By benchmarking the current methodology with the best practice in market.
2. Checking the effectiveness by self-generated drill or breach
3. Regular audit of the current risk management strategy by internal/external RM
experts.
4. Update RM as per feedback from experts/suppliers/vendors/customers when its
required.
5. Impalement the updated RM strategy and create awareness among staffs.
e) Explain the term risk-based monitoring in cybersecurity risk management using 30-60
words.
Risk-based approach to cybersecurity, means considering risk above all other
factors. Risk-based security teams are more concerned with reducing their
organization’s real exposure to cyber-attack and data breach than they are about
checking boxes or passing audits.
f) Why is maintaining the currency of the risk register important in cybersecurity risk
management? Answer using 30-60 words.
Failing to update the risk register is a pitfall for two reasons. One, the risk register will not
be as effective due to it being out-of-date. Two, the project team will not mature as
quickly in risk management practices if they do not practice regularly.
This study source was downloaded by 100000836533786 from CourseHero.com on 12-13-2021 22:36:32 GMT -06:00
https://www.coursehero.com/file/120380398/BSBXCS404-Attempt1pdf/
1.4 Answer the following questions:
This study source was downloaded by 100000836533786 from CourseHero.com on 12-13-2021 22:36:32 GMT -06:00
https://www.coursehero.com/file/120380398/BSBXCS404-Attempt1pdf/
1.6 Answer the following questions:
b) What are the three (3) key aspects behind business process design principles?
1. Adding value for the customer.
2. Reduction of risk management delays.
3. Simplicity in business/network process standardization.
c) Identify five (5) business process design principles concerning risk management.
1. Identify and analyze the risk
2. Evaluate the rank of the risk
3. Monitor and review the risk
4. Treat the risk
5. Update business process design with new lessons learnt.
1.7 Answer the following questions:
References
1. https://securityscorecard.com/blog/it-security-risk-assessment-methodology
2. https://securityscorecard.com/blog/what-is-network-security-assessment
This study source was downloaded by 100000836533786 from CourseHero.com on 12-13-2021 22:36:32 GMT -06:00
https://www.coursehero.com/file/120380398/BSBXCS404-Attempt1pdf/
Powered by TCPDF (www.tcpdf.org)