Describe the things that the organisation needs to consider when developing a Cyber Security Incident Response Plan (CSIRP) Your answer should include; the need for a plan and the purpose, links to any


a) Produce an Information Security Risk Assessment for the organisation described in the case study. A good answer will use a methodical approach to identify threats, vulnerabilities, and impacts. It will include priorities and risk treatment options. It should identify any specific risks from the case study and general risks that might be faced by any organisation. Your answer should include identification of appropriate security policies, procedures and practices. You can use feedback from Part 1 (a). There are resources in Canvas which show how a risk assessment should be conducted. (45 marks). +/-1500 words

b) Describe the things that the organisation needs to consider when developing a Cyber Security Incident Response Plan (CSIRP) Your answer should include; the need for a plan and the purpose, links to any other relevant contingency plans, stages, identification and general guidance on prevention. (15 marks) +/-500 words

c) Cybersecurity is always playing catch-up (waiting for new exploits to happen and then responding to them). A more proactive approach could consider where the future challenges might come from and how they might be responded to. For this task you are asked to consider any or all of the following:

 (i) Where the threats and vulnerabilities might exist in future

(ii) How approaches to cybersecurity may change

(iii) How to mitigate future threats and vulnerabilities

 (You will need to undertake some research into developments in both technology and cybersecurity). Don’t forget to cite and reference your sources using the Harvard Referencing system. (10 marks) +/-500 words

Case Study

1.1 Wolverhampton Power Company (WPC) is a company that manufactures and supplies undersea cabling and currently employs 65 people who deal with businesses that are located in the UK, Netherlands and Taiwan. They have offices in each location, but the management team and main office are located in Wolverhampton. The company is part of a group that includes energy projects in developing countries. They manufacture and supply both submarine data and power cables. WPC is currently hoping to expand into North Africa and is actively seeking investors to help facilitate this. The company has experienced high staff turnover in the past few years, requiring on occasions the use of temporary employees.

1.2 Office staff at WPC have a range of PCs with different specifications: many staff and managers use laptops and mobile devices. Many of the company’s computers are running Microsoft Windows 10 and Microsoft Office 2013. A few computers are running Windows 7 for access to an older production system and bespoke developments. Many senior staff have a variety of mobile devices (phones, iPads etc) to access mail, contacts and other work- related files. When asked, the MD of the company was not aware of any additional security systems or software being used with mobile devices and believes that staff may be using both their own as well as company issued devices. The systems administrator (Sysadm) makes sure that all windows updates are applied (all computers are set to auto update).

1.3 The company has two windows 2020 servers (located in the Wolverhampton office and a Windows 2008 server supporting cable manufacturing (in Taipei). They are in the basement office in each location. Weekly backups are taken via a network connected SAN drive (further copies of some data are stored on removable hard disks which are locked in the system administrator’s desk and on USB sticks that the company secretary locks in her desk). The MD and other senior staff will often copy data to their laptops to work on from home.

1.4 There do not appear to be any plans to respond to any incident involving loss of the servers or other technology.

1.5 The company uses Microsoft exchange server and operates Outlook for e- mail. Standard applications include Microsoft CRM (for Customer Relationship and Contact Management) and Microsoft Share Point for collaborative working and document handling. Dropbox and other web-based systems are sometimes used for the convenience they offer.

1.6 Outlook Web Access is deployed for remote web access to e-mail and public folders. Some staff also use their webmail accounts to forward emails to when they are working from home or overseas. Back-office systems include the company Oracle 11g database housed on a database server. There is an integrated sales and purchase system. Accounting is linked with these systems. The main application is Sage 50 Accounts Professional together with the Sage 50 Forecasting package. The company website is hosted by an external hosting company and it includes a facility for remote workers to login to back office systems.

1.7 The company has a small IT Support team based in the Wolverhampton offices. Outside of the main office, support is provided via a help-line and remote access. A third-party company is used for dealing with some of the more difficult problems and to provide assistance outside of normal working hours.

1.8 Recently, printouts of cable specifications were found in a skip near to the offices in Wolverhampton. This became known when the company was contacted by an irate pub landlord who wanted to know why her skip had been filled up. There was also a recent problem where some confidential information was sent to the wrong email address and another where a computer became infected with malware. However, the board do not consider that the company has information / cyber-security issues. The company does not currently have a formal information security policy. Any issues would be the responsibility of IT Support. The MD stated that the organisation is compliant with GDPR but was unable to discuss any specific actions undertaken.

1.9 The MD says that the systems administrator is very able to deal with any security issues; when passwords have been forgotten, he has been able to access the affected accounts and he will not allow anyone else know the administrator passwords. He also told us that the administrator had been able to reduce the costs of some IT expenditure by sourcing less expensive versions from China. The Sysadm has also been very useful to the company as he bought with him some designs from a previous employer.

2.0 The system administrator is also responsible for disposing of redundant equipment. He usually takes them home and destroys them.

2.1 The MD stated that he never had password problems as his PA is able to remind him if he forgets a password. When asked whether the company used encryption, he said that to date they have not. This is in case someone forgets the password and they cannot then access the data. Although he does not think that cyber security is an issue, he is concerned that his emails might be read by other people and would like to know if there is any way they might be made secure.

2.2 A number of staff were asked about their knowledge of risks to information. They were aware of some of the risks from things that they had heard in the news

2.3 Firewalls are located at the perimeter of each of the WPC networks (i.e. in Wolverhampton (U.K.), Groningen (Netherlands) Taipei (Taiwan). It is thought that all host computers also have firewalls enabled.

2.4 All authentication to WPC systems is through login codes and passwords. The sysadm has set up a rule so that all users are forced to change their passwords every month.

2.5 The Director of Finance has asked for a plan to move to a fully Cloud Based Environment (including backups) because of the economies that she believes it can achieve