Hello, dear friend, you can consult us at any time if you have any questions, add WeChat: daixieit

Individual Project

Course Learning Outcomes

CLO 3: Evaluate cyber security risks and apply appropriate risk management

Outline and interpret cybersecurity principles and approaches.

Apply knowledge of security principles, security risk management strategies in real life scenarios.

Discuss the key concepts related to cyber security using appropriate terminology.

Task Description

Assignment description:

Background: You have recently been hired as a consultant to undertake a security risk assessment for a forward-thinking aged care organization, "AgeWell Innovations," with operations at a single location in Adelaide. AgeWell Innovations offers residential aged care, retirement living, and in-home services to a diverse community. The organization is looking to modernize its operations by digitizing and automating processes, particularly in the in-home services sector. Carers, who provide critical services to clients, currently face challenges with paper-based processes, leading to inefficiencies and potential security risks.

Scenario Overview: AgeWell Innovations serves approximately 120 aged-care residents, 30 retirement living residents, and 300 clients receiving in-home services. The current paper-based processes for in-home services have raised concerns among carers, who express frustration with limited access to client data, error-prone manual note-taking, and the time-consuming transcription of notes back at the office. Management is particularly concerned about the confidentiality of sensitive client data and the accuracy of reports.

Digital Transformation Initiative with AI Integration: The company has decided to implement a remote access solution powered by Artificial Intelligence (AI) to enhance client care and productivity. The AI tool will assist carers in real-time decision-making, ensuring personalized and efficient services. Additionally, partially-managed corporate-approved devices will be introduced, allowing carers to purchase their preferred device from a corporate-approved shortlist. Shared use of personal devices is permitted to minimize the burden on carers, who would otherwise need to carry two devices during their rounds. A moderate level of risk management controls will be applied, including separating organizational and client data from the personal data of the carer.

Your Task: Undertake a security risk assessment for the introduction of this digital transformation initiative and prepare a comprehensive report for the board. The board members are generally risk-averse and have low computer literacy.

Structure your report in the following numbered sections:

1. Executive Summary

Highlight the purpose and focus of the report and why it is important for the intended audience. Provide a very brief overview of what is included in the report and then focus on the recommendations.

2. Introduction / Context Establishment

Introduce your report, and state its purpose and focus, defining the scope and boundaries of the risk assessment process. Provide support / justification for the importance of the review with reference to business objectives. Document any relevant legal compliance constraints. Explain and justify the criteria that will be used to evaluate risk. Provide an outline of the remainder of the report and the steps undertaken in the process.

3. Risk Assessment

3.1. Risk Identification

3.2. Risk Analysis

3.3. Risk Evaluation

In this section, you will describe your chosen risk assessment method (e.g., quantitative, qualitative, semi-quantitative, asset-based, vulnerability-based, treat-based, etc.), identify relevant risks, analyse their characteristics and evaluate their potential business impact. Limit your discussion to a subset of the potential risks by focussing on the (3 - 5) risks most relevant to the business and only consider threats initiated by malicious adversaries.

4. Risk Treatment / Recommendations

Provide justified recommendations regarding risk treatment (risk avoidance, risk mitigation, risk acceptance, and risk transference). Recommendations should include both corporately enforced and user-reliant risk management controls. The recommended controls should be explicitly linked to the risks identified in the previous section. Formally document and justify any residual risk remaining after the recommended treatments.

5. Evaluation

Include a review and reflection on the process undertaken, describing communication and consultation plans used throughout the process. The evaluation should cover suggestions for ongoing monitoring and review and provide suggestions for effectively implementing the recommendations.

6. References

Audience Focus: This report is tailored for two primary stakeholder audiences – the board/executives and cybersecurity personnel. Striking a careful balance is crucial to ensure that the content caters to the unique needs of each group. The board, being technical laypersons, expects a focus on business interests for informed decision-making. On the other hand, technical staff will require sufficient technical detail to guide the implementation of cybersecurity controls.

Format & Length: The PDF should be between 3-5 A4-size pages. The text should be in Times New Roman or similar font at size 12 and single line spacing. Handwriting is not acceptable. Name your PDF as YourName_IndividualProject.pdf