executive summary

Traditional Risk Workshops: Information Security, Business Continuity & Resilience 

Resources:

Read Before Class  

 

·         (Examples of IT security weakness): https://digitalguardian.com/blog/data-security-experts-reveal-biggest-mistakes-companies-make-data-information-security

·         Case study source: https://www.csoonline.com/article/2130877/the-biggest-data-breaches-of-the-21st-century.html

·         Refer to the book, lecture slides and review as many references provided to gain a better understanding of best practice.

 

Description of Adverse Event

You are the Chief Risk Officer (CRO) of LIFT, a global ride sharing service.  At 9:00 AM, you read in today’s newspaper that your main competitive rival, U-Beer has just been hit with a cyber breach. The root cause of the incident was employee misconduct and the inappropriate misuse by that employee of company funds to pay off hackers who had breached security parameters and gained access to customer sensitive data including (names, address and social security #’s). The employee failed to escalate or notify anyone in internal management of the breach until the event was made public. U-Beer has since removed their Chief Information Security Officer (CISO) and is in full-blown crisis management mode as public concern around the situation has escalated.  The CEO of U-Beer has also been under tremendous pressure by the media and customers to resign off the back of the incident. 

 

At 10:00 AM, you get a call from the CEO of LIFT, your boss, asking for more details on the situation at U-Beer and whether this type of incident could occur at LIFT. You commit to do an analysis of the situation and report back by 5:00 PM to the CEO and he wants answers to the questions to follow. 

 

 

Template outline

This workshop is designed to provide a more immersive experience than lecture to understand how each of the traditional risk functions contribute to a robust ERM program.  The purpose of each workshop is to provide a self-study guide to learn more about each risk discipline. The first of these workshops deals with Information Security.  The book and the lecture slides are only the beginning of your research. You are required to explore the topic further to determine how to apply the separate risk disciplines in ways that lead to appropriate responses to adverse events. Each workshop will be scenario based and you must apply your reading and research to develop an appropriate response to the adverse event.

 

Please Answer the Following Questions and Upload to Canvas by the end of class with your Team Name. You are encouraged to make assumption(s) about the current control environment, known internal gaps, key risks previously identified and known issues from Internal Audit or other areas of the firm in formulating your response. Be creative and think out of the box!!!  Use and state assumptions where facts are not available.

 

Your risk response must include the following short sections in the form of a Risk Response to Adverse Events – Executive Summary: (No more than 1 ½ to 2 pages in total, list references if any)

The Executive Summary must cover the following section(s): 

Part one: Individual responses

I.                    Short summary of key factors that led to the adverse event at U-Beer

II.                  Impacts to the U-Beer business caused by the adverse event

III.                Mitigation efforts needed at Lift to prevent a similar event from occurring

IV.                Draft a high level crisis response plan for Lift to respond to a similar breach should one occur

Part two – Team response: Target Project Firm

I.                    Cybersecurity is a risk for all firms with access to the internet (via laptops, cellphones, or other devices) describe what key risk factors your target project firm must consider with respect to cyber risks? (examples include social media, web-surfing at work and IoT devices, etc.) Short paragraph answers are expected – no more than 5-7 sentences.

II.                  What do you think the impact would be if your firm experienced a data breach or ransomware?

III.                As a chief risk officer, what steps should be taken to mitigate the risk of a data breach? (please consider business impacts, customer impacts, vendor impacts, market impacts and regulatory response such as legal impacts) Short paragraph answers are expected – no more than 5-7 sentences

IV.                Draft a high-level crisis response plan for your target project firm to respond to a similar breach should one occur.  Short paragraph answers are expected – no more than 5-7 sentences

 

 

 

 

 

 

 

 

Name: Qing Wang

UNI: qw2321

Part one: Individual responses

 I.                    Key factors that led to the adverse event at U-Beer:

 

II.                  Impacts to the U-Beer caused by the adverse event:

 III.                Mitigation efforts needed at the lift:

 IV.                The high-level crisis response plan:

 

 

 

 

 

 

Collepals.com Plagiarism Free Papers

Are you looking for custom essay writing service or even dissertation writing services? Just request for our write my paper service, and we'll match you with the best essay writer in your subject! With an exceptional team of professional academic experts in a wide range of subjects, we can guarantee you an unrivaled quality of custom-written papers.

Get ZERO PLAGIARISM, HUMAN WRITTEN ESSAYS

Why Hire Collepals.com writers to do your paper?

Quality- We are experienced and have access to ample research materials.

We write plagiarism Free Content

Confidential- We never share or sell your personal information to third parties.

Support-Chat with us today! We are always waiting to answer all your questions.

Related Posts

All Rights Reserved Terms and Conditions
College pals.com Privacy Policy 2010-2018