Académique Documents
Professionnel Documents
Culture Documents
A global bank wants to use a 3rd party supplier service to move enormous supplier contract
data/ historic financial data from on-premise to multi-tenant cloud. Objective is to enable
Supply Chain Management (SCM) function perform analysis on the data for business decision.
This services has an UI Interface for the SCM staff members to login and upload or download
files. The service also integrates with other applications within other sub-business units
located in different regions/data centers.
- identify minimum 5 potential risks, what are the consequences if incident happens
- identify the IT Assets in the scenario that are vulnerable for attack
-who are the threat actors what are the means in which they can exploit the above vulnerability
-what controls in line with ISO 27001 or NIST 800-53 would you recommend to mitigate the
above risks
The Confidentiality, Integrity, and Availability (CIA) rating was assessed as below, please provide
justification:
Overall Rating:
Confidentiality:
Integrity:
Availability:
Visibility:
2 EXECUTIVE SUMMARY
Please give a detailed summary on the risk assessment, what all methodologies you used to identify
potential risks
What were the areas of concern noted in the risk assessment which could result in impact to company.
The risk assessment and recommendations should be limited to the scope and based on information
provided only
3 RISK ASSESSMENT
1. Risk Statement:
Please prepare a risk statement
Risk Description:
Please describe the risk
Mitigating Controls:
Suggest your mitigation plan
Risk Description:
Please describe the risk
Mitigating Controls:
Suggest your mitigation plan
Risk Description:
Please describe the risk
Mitigating Controls:
Suggest your mitigation plan
Risk Description:
Please describe the risk
Mitigating Controls:
Suggest your mitigation plan
Risk Description:
Please describe the risk
Mitigating Controls:
Suggest your mitigation plan