Security Risk Analysis effectiveness of their web communication BSBRSK501 – MANAGE BUSINESS RISK explain any extenuating circums…

FIND A SOLUTION AT Academic Writers Bay

CSMP® Level 6 Accredited Diploma
Unit 1 – Security Risk Analysis
Candidate Name

For Assessor Use
Candidate Number
11638A
First Assessor Name
[Assessor name] CSMP®
Submission Date
15 February 2021
Internal Verifier Name

Candidate Declaration
In submitting this work for assessment, I hereby declare:
I have read the Unit text in full. This is my own, individual work. I have not copied the work of other student(s) or engaged another person to write the answers for me. I have not sought assistance from any party other than the ISMI® nominated coach for this unit. Where I have used additional sources (Internet, reference books etc) I have referenced these and not presented them as my original thought. I have not worked together with other student(s) to produce shared answers in whole or in part. I have not shared my answers, verbally or otherwise, in whole, part or draft, with any other student.
I have read the Academic Discipline Policy and the Course Terms and Conditions and I understand that the standard penalty for students who violate the rules on academic misconduct is disqualification.
For Official Use
Assessor
[Assessor name] CSMP®
Dates
Has the candidate met all of the assessment criteria?
Exceeded/Met/Referred/Fail Note: Fail grades awarded to incomplete submissions. Late submissions eligible for met/fail grades only.

Overall assessment comment.

Assessor Aide Memoire

1.1 Characterisation 1.2a 3As 1.2b SRA 1.3a Risk Mitigation 1.3b MRMG 1.3c Consequential Loss
List any task numbers that have not met the assessment criteria.

Summary of required remedial action(s) and resubmission deadline.

Remedial actions log.

Final assessment comment (if referral).

Internal Verifier
CSMP® F.ISMI®

Overall assessment comment.

External Verifier
[EV name]

Observations.

For Candidate Use
The following task is designed to meet two assessment criteria (1.1a and 1.1b)
Unit Outcome 1.1
Be able to carry out a facility characterisation
Assessment Criteria
1.1a
Produce a facility characterisation for a given organisation, facility or operation.
1.1b
Collect, collate and synthesise information relating to asset criticality and interdependencies.
Task 1.1 (combined to meet Assessment Criteria 1.1a and 1.1b)
In Preparation
Develop your understanding of assets by studying pages 13-14 of the Unit Textbook.Your TaskFirst, identify the core assets (tangible/intangible) in your organisation, or one with which you are familiar.Second, analyse them in terms of: Clusters (assets working together with critical interdependencies). Relative criticality (i.e. putting aside the book value, are some assets more operationally critical than others, for example at certain times of the day?) Redundancy (is there back-up capacity or are there alternatives?) External dependencies (are you critically dependent on external suppliers and what is their level of contingency?) How the above points relate to your organisation’s contingency measures for recoverability and resilience (see Glossary in Unit 1 Textbook) in the event of a major disruptive incident.A comprehensive answer to this task will typically be in the region of 300-500 words.
IMPORTANT: Before beginning this assignment you must read the Unit Textbook cover to cover. If you skim-read it or just dip in to answer the tasks it will be obvious from the quality of your answers and you won’t pass the assignment.Brief Overview of the Facility, Operations and Organisational Objectives for the Assessor to Understand Your Context At EY, our purpose is Building a better working world. Through our four service lines — Assurance, Consulting, Strategy and Transactions, and Tax — we help our clients capitalize on transformative opportunities. We also help them fulfil regulatory requirements, keep investors informed and meet the needs of all of their stakeholders. The insights and quality services we provide across 27 Offices across Africa help build trust and confidence in the capital markets and in economies the world over. We play a critical role in building a better working world for our people, for our clients and for our communities.Today, every global organization faces a wide variety of complex security risks — risks that are asymmetric and intertwined, making them more difficult to manage. EY is committed to safeguarding our people, assets and operations against reasonably foreseeable risks in an increasingly uncertain but interconnected world. Global Security is part of our Global Risk Management function. It safeguards EY’s people, reputation, assets and intellectual property against natural disasters and man-made security threats through risk reduction, elevated security awareness and implementation of leading security practices through our multiple disciplined framework.People Physical Assets Information IndentityStaff (T) Customers (T) Intellectual Property (T) Land (T) Buildings (T) Laptops /MobileEquipment (T) Know-how (I) Confidential Information (I) Brand (I) Corporate Intellectual Property (I) Relationships(I)Be sure to annotate each of the above as (T) for tangible or (I) for intangible. For your answer to be considered complete you should identify at least six tangible assets and at least five intangible assets.Asset Clusters
[Begin each answer by explaining theory, then develop into analysis in relation to your chosen organisational context – for hints on how to present this refer to https://www.ismi.org.uk/resources/learning-zone/developing-strong-answers.aspx ] Assets change constantly, and part of the process of becoming more resilient is determining what triggers or potential triggers can affect high-value assets.  As changes occur, priorities for certain assets change and these need to be documented, maintained and acted upon immediately.   Here are some examples from the CERT ® Resilience Management Model of “activators,” which can impinge assets of significant value: termination or transferring staff between units or changes in roles and responsibilities amongst the organization technology infrastructure changes and configuration  information alteration or creation;  service alterations which therefore affect the assets they are reliant upon;   new assets identified in organizational contracts;  technology, facility or other asset acquisitions The processes, as summarized above, of defining assets, ranking assets, creating a profile and organizational chart for each critical asset, and managing the life cycle of each key asset need to be institutionalized within an organization so that the process can be continued and replicated.  Laptops are portable so there is a higher risk that they can be stolen. Therefore, it is important to take more security measures in order to protect all laptops. A simple solution is to encrypt them. In doing so, without the right password, your computer’s Data is unreadable and it will help keep the brand intact as if confidential information goes into the public, the Firm brand and reputational risk is compromised. Employees are our most important customers because they can provide crucial insights into the overall customer experience. They have a direct impact on our customers and relationships in terms of providing insights into the customer experience, or as brand ambassadors.Relative Criticality
[Documents such as the Indicative Content, Common Mistakes and Chatroom Transcript are essential in helping you understand concepts such as this] When it comes to out business, the most important asset is our Employees, which is its human capital. Employees carry the relevant knowledge and provide the productivity. All intangible assets such as patents, intellectual property, brands and R&D are created by people. They are the most essential contributors toward profits and shareholder value. That said, people are key assets for any organization. In today’s continuously changing business world, it is human assets, not the fixed or tangible assets that differentiate an organization from its competitors. The knowledge economy distinguishes one organization from another.Redundancy
Teams that are working in the on various assignments must frequently document their current status and share that information with other team members. If a key employee goes down, you need others to be able to pick up the ball and run with it. It is also critical for staff to document projects and in-progress activities in a shared location (with appropriate privacy and sensitivity limitationsExternal Dependencies
The business has a robust and thorough business continuity management plan is in place. This is regularly updated and maintained to stay on top of potential Business Interruption risks coming from external partners To reduce single source supplier dependencies we continuously : collaoboaret with our network have risk teams involved in continuity planning are diversifying our customer networkRecoverability and Resilience
Practice your paragraph writing using the construction guidance at http://www.ismi.org.uk/resources/learning-zone/writing-a-standard-paragraph.aspx
For Official Use
Task 1.1 Assessor Comments
Grade
Exceeded/Met/Referred/Fail (highlight as appropriate)
Comments

READ ALSO...   Are the following statements true or false?

Remedial actions by candidate (if required)

Comments after remedial actions

Unit Outcome 1.2
Be able to analyse security risk
Assessment Criteria
1.2a
Develop a methodology for a threat assessment.
1.2b
Critically evaluate methodologies to determine security risks to the candidate’s organisation.
For Candidate Use
The following task is designed to meet one assessment criterion, 1.2a.
Task 1.2a
In Preparation
Using the Unit Textbook, develop your understanding of the difference between the terms threat and risk, noting that some organisations, erroneously, use these terms interchangeably or in the wrong context.
A threat is a source of potential harm. It is anything that can exploit a vulnerability and obtain, compromise, damage, degrade, or destroy an asset. We need to protect against threats in order to reduce our risk exposure.
In assessing a threat it is useful to look at a range of factors, including the local criminal environment, potential adversaries, their motivation and determination, their actions and the targets to which they are attracted, crime facilitators etc.Your TaskFirst, set the context for the analysis by selecting a risk that exists in your organisation. The short risk statement should identify action, asset and adversary, e.g. theft (action) of product (asset) by contractors (adversary).Second, taking the examples of the intelligence-based threat assessment questions in the Unit Textbook, increase the adversary analysis question set from 7 questions to 10 questions and the action analysis question set from 10 questions to 13.Note: Be sure to study also the asset question examples in the Unit Textbook and don’t confuse these questions with those relating to asset and action.
Your context here:………………………………………….(this needs to be a single “3As” short threat statement – Unit Textbook refers)
Adversary
Action

Who are the adversaries? What is their accessibility to the target assets? By what means will they carry out their action against the target asset? What method are they likely to use and what tools/facilitators? What are their capabilities? What is their motivation, determination and persistence? Why are they targeting the asset? ? ? ?

What action is anticipated (theft, destruction, injury, embarrassment, stopping operations etc.)? How will the action be carried out? When will the action be carried out? Is there a history of action or has a threat been made? Has intelligence been received that suggests an action is likely? Are we doing something new or controversial that is likely to attract an action? Are there particular types of adversary actions that are common to this geographical area? Common to this business sector or type of enterprise? Are there facilitators or inherent vulnerabilities that make an action more likely? Is it easy for the action to be concealed to delay investigation? Is the action more prevalent at specific locations or times? ? ? ?
For Official Use
Task 1.2a Assessor Comments
Grade
Exceeded/Met/Referred/Fail (highlight as appropriate)
Comments

Remedial actions by candidate (if required)

Comments after remedial actions

Unit Outcome 1.2
Be able to analyse security risk
Assessment Criteria
1.2a
Develop a methodology for a threat assessment.
1.2b
Critically evaluate methodologies to determine security risks to the candidate’s organisation.
For Candidate Use
The following task is designed to meet one assessment criterion, 1.2b.
Task 1.2b
In Preparation
The Unit Textbook provides a description of a security risk analysis methodology using two matrices to represent the point of intersection between the likelihood, impact and controllability of (or vulnerability to) risk. Please study this and then read through the case study beginning on page 32 to ensure you have understood the process.Your TaskFirst, using the ISMI® security risk analysis methodology in the Unit Textbook, evidence your understanding of the process by filling in the gaps in the table opposite. Once completed, double check your plotting as errors will prevent your paper from being awarded a pass grade.Second,compare and contrast the ISMI® methodology with the approach to risk management outlined in the Warwickshire Risk Management Template), which can be found in the External Background Documents section of the Extranet Library.
You have been provided with two examples. Your task is to identify and develop six additional analytical observations.Note: In compiling your analysis try to apply the guidance at https://www.ismi.org.uk/resources/learning-zone/developing-strong-answers.aspx to ensure your analysis has the required depth and detail.
You may also find useful hints at http://www.ismi.org.uk/resources/learning-zone/critical-analysis.aspx
IMPORTANT: You should get into the practice of using the Extranet Library support documents (Indicative Content, Common Mistakes, Chatroom Transcript). Following the guidance in these resources is essential in helping you craft answers that will pass first time. If you don’t have a Library account or are having problems accessing the Extranet, contact ISMI® now.First Part
Serial Risk Descriptor Likelihood Impact IRV Controls Priority #1 Theft [action] of employee phones [asset] by contractors [adversary]. 3 3 ? Baseline ? #2 Criminal damage to delivery trucks by vandals. 2 4 ? Inadequate ? #3 Encroachment onto site by activists. 4 3 ? Inadequate ? #4 Fraud and kickbacks between colluding staff and contractors. 5 4 ? Baseline ? #5 Now insert your own example here. Be sure to identify adversary, asset and action and provide your own values for likelihood, impact and controls to evidence understanding of the ISMI security risk analysis process. ? ? ? ? ?IMPORTANT: You should make use of the coaching call facility for any issue you don’t understand in the Unit Textbook or Workbook. Distance learning can be difficult without such support. Coaching calls can be booked by email; coach and coaching availability details in the assignment email.Second Part
Make your compare and contrast observations analytical rather than descriptive An example layout, which you may use (recommended) or discard, is provided below.
Page reference every observation.
Point ISMI® SRA Warwickshire Risk Management Template 1 The ISMI® SRA defines risk as the point of intersection between likelihood, impact and vulnerability (U1, p24). Compare/Contrast: The Warwickshire Risk Management Template defines risk as “an uncertain event that, should it occur, will have an effect on the Council’s objectives and/or reputation. (WRMT, p4)Observation: This is quite close to the ISMI® definition of threat: “A source of potential harm”. (U1, p9)Analysis: In the ISMI® approach, for a threat to be developed into a risk is the implicit understanding that there is some chance of it occurring, that it will have an impact and that there are vulnerabilities, either in the protective systems, the capacity to absorb the event (resilience) or in the way in which business has to be conducted. (U1, p9) 2 The ISMI® SRA states that the first stage in the risk analysis process is to characterise the context or assets. It infers that assets generally fall into the categories of people, property, information, reputation and operational continuity. (U1, p13) Compare/Contrast: The Warwickshire Risk Management Template states that the first stage in the risk analysis process is to establish the context by looking at what the organisation is trying to achieve and what the proposed outcomes are. (WRMT, p6)Observation: While both methodologies concur in establishing the context through characterisation, the Warwickshire Risk Management Template is more outcome-focussed.Analysis: Outcomes are especially important as this is the raison d’ être for most enterprises. However, it is important not to lose sight of protecting the means to get there. For example, if personnel in a high-risk area are not effectively identified, risk assessed and protected, the organisation’s exposure increases. 345678
For Official Use
Task 1.2b Assessor Comments
Grade
Exceeded/Met/Referred/Fail (highlight as appropriate)
Comments

READ ALSO...   discusses managing organizational design and change.

Remedial actions by candidate (if required)

Comments after remedial actions

Unit Outcome 1.3
Be able to plan for security risk mitigation
Assessment Criteria
1.3a
Develop strategies for risk mitigation that can be adopted by the senior leadership team.
1.3b
Identify opportunities for integrated strategic risk analysis tools and templates.
1.3c
Produce tools for cross-functional involvement in the security risk analysis programme.
For Candidate Use
The following task is designed to meet one assessment criterion, 1.3a.
Task 1.3a
Case Study
Background
Moving the capital from the ancient port city on the coast to a more centralised location was difficult but necessary in order to have a city that was future-equipped for, and reflected, the needs of a forward-looking capital fit to serve the country into the middle of the 21st century and which would be, very ambitiously, carbon-neutral by 2030.
The Central Station
One of the first major infrastructure projects to be completed was “The Central”, a very grand and modern rail hub from which would eventually fan out high-speed electric and maglev rail links to all parts of the country.
At present, only one high-speed line is fully operational. This connects the new capital to the airport and then on to the former coastal capital. However, the network of numerous additional metro trains serving the new capital’s business and residential areas is 50% operational and already 180,000 passengers transit the station every day. This is anticipated to rise by 70% annually for at least the forthcoming five years. 80% of the users of “The Central” are nationals. Business visitors and tourists typically make up the other 20%.
The level of automation at the station is impressive and, rail power aside, the station itself is a model of carbon neutrality, powered by solar and wind energy alone. The facility has a photovoltaic system and a geothermal system heats and cools the building, while solar thermal systems produce hot water. The roof construction allows the building to harvest rainwater for the toilet facilities and a special lighting model makes best use of both natural light and energy-saving LED light technology. The facility has state-of-the-art IT. For example, all data is automatically processed and stored in the Cloud with local redundancy and contingency and a mirrored site.  All runs over high speed fiber with 4G (planned 5G) backup as contingency.
Facilities
The station concourse is home to a number of concessions (cafés, farmers’ pop-up markets, locally-sourced “street food” pop-up stalls, mobile phone store, computer accessories store etc.) and two ATMs. There are ticket/enquiry offices on the concourse but most ticket sales are via online apps, using a simple tap in/tap out at the ticket barriers with a credit card or mobile phone NFC, or from ticket machines.Risk and Crime Overview
At national level, there is a persistent terrorism threat from insurgents who are seeking to secede (split away) and form an independent state in the north of the country. Their primary tactics have been assassinations and arson, but intelligence reports indicate that they have been trying to develop the capability to produce VBIEDs (vehicle-borne improvised explosive devices) and there is some pressure within the ruling council of the insurgent group to target areas of tourism and commerce in order to bring international attention to their cause.
At a more local level, the new station has attracted several kinds of criminality, including pick pockets, robbers (mobile phones, valuables and laptops), scammers offering fake taxi services, fake SIM cards, fake excursions, misleading car hire, fraudulent currency exchange etc.
Security Measures
There is a police office on site but most of the patrolling and surveillance is undertaken by a privately contracted security firm, which also provides CVIT services to the railway company and concession vendors. The security team patrol on foot but have a QRF contingent that can respond rapidly on bicycles or electric quad bikes if necessary.
National law allows members of the contract security company to detain criminals using minimum necessary force as long as there is strong visual evidence (eye witness, CCTV etc.) that the detainee is a perpetrator of a criminal act or an act prohibited under the bylaws of the station (e.g. carrying of weapons). They have no power of search nor can they detain on suspicion that a person is about to commit a criminal act.
Consideration has been given to the installation of hostile vehicle barriers to mitigate against VBIED concerns, but as there isn’t specific intelligence on a credible threat no action has been taken.
The national facial recognition programme, currently being rolled out, is 100% operational at the station. The plan is to have every national on the database by 2025. As a matter of course, overseas travellers are automatically enrolled as they enter the country. As a matter of urgency the low-level criminals who operate on the station concourse are in the process of being logged and entered into the system so that if they enter the station the system will alarm and they can be removed, or arrested, before they have come into contact with the public. Trials so far have indicated a near 100% success as word spreads within the criminal community.
The station is a model for CPTED (crime prevention through environmental design), the elements of which are embedded in almost all of the design considerations.
In Preparation
Study the Unit Textbook explanation on the various forms of risk mitigation. Then analyse the case study for this task.Your TaskFirst, using the template in the answer box, explain how the railway station in the case study practices each of the four elements of security risk mitigation (represented by TEAR).Second,explain using one of the security examples how the concept of ALARP is put into practice at this site.Third, identify another example of risk mitigation, not covered by TEAR, which is evident at this site.Note: Each answer must be analytical. Aim for at least 50-75 words per section. More for the ALARP section.
Transfer (ensure you practice in this response the theory>application>analysis approach – advice at https://www.ismi.org.uk/resources/learning-zone/developing-strong-answers.aspx )Eliminate
Accept
Reduce
Applying ALARP to this case (Be sure to explain Point A and Point B in this context, explaining why it is unfeasible to take mitigation to Point B – take care; many students delete this comment without implanting the advice) Other Examples of Risk Mitigation in the Case Study, e.g. risk sharing
For Official Use
Task 1.3a Assessor Comments
Grade
Exceeded/Met/Referred/Fail (highlight as appropriate)
Comments

READ ALSO...   the historical context and the conceptual

Remedial actions by candidate (if required)

Comments after remedial actions

Unit Outcome 1.3
Be able to plan for security risk mitigation
Assessment Criteria
1.3a
Develop strategies for risk mitigation that can be adopted by the senior leadership team.
1.3b
Identify opportunities for integrated strategic risk analysis tools and templates.
1.3c
Produce tools for cross-functional involvement in the security risk analysis programme.
For Candidate Use
The following task is designed to meet one assessment criterion, 1.3b.
Task 1.3b
In Preparation
Read and study the “Microsoft Risk Management Guide” in the Online Library. Focus in particular on the process, skimming the fine detail.Your Task
Identify and analyse six process points that aren’t taken into consideration or otherwise addressed in either the ISMI® SRA process (Unit Textbook) or the Warwickshire Risk Management Template, evaluating the relative merits of your chosen points to your organisation.
Be sure to implement the guidance at:https://www.ismi.org.uk/resources/learning-zone/developing-strong-answers.aspx https://ismi.org.uk/resources/learning-zone/writing-a-standard-paragraph.aspx https://www.ismi.org.uk/resources/learning-zone/presenting-tidy-answers.aspx
For Official Use
Task 1.3b Assessor Comments
Grade
Exceeded/Met/Referred/Fail (highlight as appropriate)
Comments

Remedial actions by candidate (if required)

Comments after remedial actions

Unit Outcome 1.3
Be able to plan for security risk mitigation
Assessment Criteria
1.3a
Develop strategies for risk mitigation that can be adopted by the senior leadership team.
1.3b
Identify opportunities for integrated strategic risk analysis tools and templates.
1.3c
Produce tools for cross-functional involvement in the security risk analysis programme.
For Candidate Use
The following task is designed to meet one assessment criterion, 1.3c.
Task 1.3c
Case Study
In response to mounting media pressure to reduce the sugar content of its products, Irma Confectioners had dug its heels in and argued that the decision to purchase high-sugar products aimed specifically at children is a matter of personal choice. The strategy appears to have backfired….
The contamination story was worse than could have been anticipated. There were now seven separate reports of needles having been found by customers in the company’s flagship chocolate bar and sales had slumped in response to media attention. Moreover, TV media had “set up camp” outside the company’s main gates. Although the cases so far had been restricted to one geographical area, the Board was coming under mounting pressure to initiate a full product recall.
Production had stopped, pending police and health and safety authority investigations, although it was far from certain if the contamination had occurred at point of manufacture, distribution, storage or sale. It is also conceivable that the criminal(s) purchased the items, contaminated them offsite and then replaced them on the shop shelves. Most of the plant’s production workers had been laid off until further notice.
In Preparation
You may have an idea of the book value of an asset, but what is the value of that asset to the business at any given time and what would be the potential cumulative consequential loss if an asset is compromised or degraded in some way? For an understanding of issues such as this you will need to liaise closely with the asset custodians and users.
Read in detail and absorb the key points in the short case study.Your TaskFirst, aside from the cost of the immediate product recall and disposal of the recalled product, what additional consequential costs will this company likely face? Think in terms of employees, reputation, stakeholders, insurance and lawsuits etc. Target word count is 500 and you should practice the layout recommendations in the ISMI® website links presented earlier.Second, if you were asked to give risk mitigation advice to a board of directors on how to minimise the long-term impact (consequential loss) of a malicious product contamination incident, what you be your five generic key pieces of advice.Note: If you feel your ability to answer the second part of this task would benefit from additional resources specific to malicious product tampering, please email certification@ismi.org.uk
First Part
A good answer will identify at least ten categories (e.g. the impact on employees and employee availability, the impact on suppliers, the impact on customer etc.
An excellent answer will identify at least two long-term effects under each category. See Indicative Content document.Second PartEach piece of advice should be at least 50 word long and should include justification and consequences of non-implication.1. 2. 3. 4. 5.
Finally, before submitting, go back through your answers using again the Indicative Content, Common Mistakes and Chatroom Transcript, this time as a checklist.For Official Use
Task 1.3c Assessor Comments
Grade
Exceeded/Met/Referred/Fail (highlight as appropriate)
Comments

Remedial actions by candidate (if required)

Comments after remedial actions

Order from Academic Writers Bay
Best Custom Essay Writing Services

QUALITY: 100% ORIGINAL PAPERNO PLAGIARISM – CUSTOM PAPER