Assessment 2b is weighted 20% of your final grade in MGMT862.
This assessment builds on your findings from assessment 2.
You are required to:
• plan a change engagement process for example embedding new Health and Safety processes at Aotearoa Gold Mining Company (AGMC).
• design and create a PowerPoint presentation (5-6 slides) that communicates a planned change process and its implementation from the case (AGMC) analysed in assessment 2
• apply evidence of engagement with and reference back to relevant required weekly readings listed on pg. 6 of the the paper study guide.
Question Q3: a) What risk treatment strategies would you recommend to banking industry as part of their information security program? Explain these in the context of the various business processes and resources. b) Consider the case of ABC Software Company which is facing a number of major information security threats (as listed in the table below). The information security team has estimated the cost per incident which the company will bear if the threat is materialised. Calculate the Single Loss Expectancy (SLE), Annualized Rate of Occurrence (ARO), and Annualized Loss Expectancy (ALE) for each threat.
ABC Software Cost per Frequency of SLE ARO ALE Company major incident Occurrence threats Programmer $4,500.00 2 per week mistakes Flood $250,000.00 1 per 10 years Virus, Worms, $1,500.00 1 per week Trojan Denial-of- $6,500.00 1 per quarter service attacks Theft of $6,000.00 1 per 6 months information
Question Q4: a) Consider a tertiary education organization (e.g., a university). Consider applying mandatory access controls vs non-discretionary access controls with respect to student records. (Assume that student records include these four categories: (i) personal details,( ii) external documents supplied by the student, (iii) records about study progress, e.g., enrolment and grades , and (iv) internal documents generated administratively such as letters sent to the student). Which approach would you recommend, mandatory access controls or nondiscretionary access controls? Justify your recommendation, referring specifically to the four categories above.
b) Why is it a good security practice to collect and report near-miss event in which major incidents were only narrowly averted (such as spam messages that were not filtered out ) need to be collected and reported? Explain your answer providing five examples of hypothetical near-miss events. and what weaknesses they may indicate.
The post Calculate the Single Loss Expectancy appeared first on My Assignment Online.