SlideShare a Scribd company logo

Unit 7 Assignment Group Assignment – Risk Analysis and Ident

Download as DOCX, PDF
C
corbing9ttj

Unit 7 Assignment Group Assignment – Risk Analysis and Identification Assignment 7 will also be completed as a team assignment. Teams for the Group Assignment will be assigned by the end of week 2. Each team will be randomly assigned in Blackboard. At the beginning of or prior to Week 4, the team should assign a team leader to coordinate the team's work due in Week 7. Your team represents the State’s contractor selected by the State to carry out the Risk Assessment Project for this case study. Your company's senior management and the State's Project Manager have requested that you prepare a risk management plan that identifies potential risks and identifies risk management strategies. From the course content and readings, you know that the overall purpose of risk planning is to anticipate possible risk events and be ready to take appropriate action when risk events occur—to eliminate or reduce negative impacts on the project. Scenario As the industry moves into a smart-shipping era, the risk of cyber threats is at an all-time high. Digitalized ships, increasing interconnectedness, the extended use of electronic data exchange and electronic navigation increases the likelihood of cyber-attacks in variety, frequency and sophistication. Cyber threats are one of the most serious economic and international security challenges facing the maritime industry today. The need for protection and security enforcements to mitigate the threats is more important today than ever. Guidelines to support secure cyber operations and contingency plans to be followed in a case of cyber incident have become necessary. The XYZ Shipping Chamber recognizing the increasing concern of its Members with regards to the cyber security and their protection, developed this document with the intention to create awareness of the threat and provide guidance to its Members. Company Description “We own and/or operate over 100 ships which include tankers, bulkers, and container ships. We employ directly over 3,000 employees in seven offices worldwide. The company operates as an owner and technical operator, including crewing services”. Motivation “Driving this shipping company’s cyber security initiatives is the increasing awareness of the invasive nature of cyber-criminal activity in the shipping industry. Cyber threat has imposed an elevated cyber security related risk awareness from ship owners, the company board of directors, cargo owners, and legal / regulatory bodies such as TMSA, IMO and USCG to name some, as well as P&I club coverage”. 4.1 “Reducing the risk should be the main deliverable of the company’s cyber security strategy and outcome of the risk assessment decided by senior management. At a technical level, this would include the necessary actions to be implemented to establish and maintain an agreed level of cyber security.” 4.2 Ships entering / leaving management pose added challenge to mai ...

Education
1 of 11
Unit 7 Assignment Group Assignment – Risk Analysis and Identification Assignment 7 will also be completed as a team assignment. Teams for the Group Assignment will be assigned by the end of week 2. Each team will be randomly assigned in Blackboard. At the beginning of or prior to Week 4, the team should assign a team leader to coordinate the team's work due in Week 7. Your team represents the State’s contractor selected by the State to carry out the Risk Assessment Project for this case study. Your company's senior management and the State's Project Manager have requested that you prepare a risk management plan that identifies potential risks and identifies risk management strategies. From the course content and readings, you know that the overall purpose of risk planning is to anticipate possible risk events and be ready to take appropriate action when risk events occur—to eliminate or reduce negative impacts on the project.
Scenario As the industry moves into a smart-shipping era, the risk of cyber threats is at an all-time high. Digitalized ships, increasing interconnectedness, the extended use of electronic data exchange and electronic navigation increases the likelihood of cyber-attacks in variety, frequency and sophistication. Cyber threats are one of the most serious economic and international security challenges facing the maritime industry today. The need for protection and security enforcements to mitigate the threats is more important today than ever. Guidelines to support secure cyber operations and contingency plans to be followed in a case of cyber incident have become necessary. The XYZ Shipping Chamber recognizing the increasing concern of its Members with regards to the cyber security and their protection, developed this document with the intention to create awareness of the threat and provide guidance to its Members. Company Description “We own and/or operate over 100 ships which include tankers,
bulkers, and container ships. We employ directly over 3,000 employees in seven offices worldwide. The company operates as an owner and technical operator, including crewing services”. Motivation “Driving this shipping company’s cyber security initiatives is the increasing awareness of the invasive nature of cyber-criminal activity in the shipping industry. Cyber threat has imposed an elevated cyber security related risk awareness from ship owners, the company board of directors, cargo owners, and legal / regulatory bodies such as TMSA, IMO and USCG to name some, as well as P&I club coverage”. 4.1 “Reducing the risk should be the main deliverable of the company’s cyber security strategy and outcome of the risk assessment decided by senior management. At a technical level, this would include the necessary actions to be implemented to establish and maintain an agreed level of cyber security.” 4.2 Ships entering / leaving management pose added challenge to maintaining a uniform application of a
cyber security program as each ship differs in communication systems, ship technology, and operations budget. Efforts to establish a fleet wide standard cyber security strategy is an efficient way to maintain a consistent and effective level of defense and response across a fleet. “A further complexity is that shipping lines operate a mix of vessels which they either own or charter for a short period of time…”. 4.3 Company employees, port agents, service vendors, equipment manufacturers, and crewing services do introduce a significant cyber security risk for a ship’s commercial operations due to the large number of persons routinely visiting the ship or joining as crew. These ship visitors are often routine in nature and are left minimally monitored while they complete their tasks onboard. There is no company cybersecurity policy in place for ship related services that use the ships network. 4.4 Knowing who is using your ship network and for what purpose is important and a real concern relating to cyber security. Discovering early malicious intent, unintentional mistakes, or poor cyber security practices are a risk that needs to be addressed. Ship network monitoring and analysis is one way
to have this capability. 4.5 There is a need to have a clear policy and practical procedures for all crew and visitors who use the ship’s network in the cyber security policy and proper use expectations. 4.6 Cyber Incident insurance coverage will grow in importance as a part of a company’s risk management strategy. Using their assessment and audit standards is a good start and should be reviewed for applicability to your cyber security strategy and for possible future insurance coverage. Driving Cyber Security for the Fleet “Currently, the company is undergoing a transition from the current Fleet Broadband communication services to a higher broadband capable VSAT system. This ‘open to the internet’ situation will drive the company towards more vigilance and the need for a Cyber security program to be put in place”. Further Consideration: 5.1 “The rapid development in maritime broadband satellite coverage combined with the introduction of highly sophisticated equipment, such as computer-controlled engine systems, has changed the
structural risks to maritime vessels. Ships are no longer protected by an airgap from external systems. Today, an estimated 30,000 vessels globally have equipment providing them with constant internet access, which is an increase from only 6,000 in 2008. Even if networks on board are separated between systems for ship operation, crew welfare and remote access to suppliers, separations can over time be compromised by ad hoc interventions by the crew or suppliers, for instance in connection to maintenance…”. 5.2 “Cyber security refers to the security of information networks and control systems and the equipment and systems that communicate, store and act on data. Cyber security encompasses systems, ships and offshore assets, but includes third parties – subcontractors, technicians, suppliers – and external components such as sensors and analytic systems that interface with networks and data systems. This includes human interaction of crews and other Company personnel, customers and potential threat players. In such a dynamic system, cyber
security is an evolving set of capabilities inside the Company, developing and adapting as technology and threats evolve.” Moving to VSAT from Fleet Broadband (FBB) Company comment: “The VSAT broadband ability allows ships to have direct connection to the Internet. Your Submittal for Assignment 7 You may wish to begin this exercise with a brainstorming session about potential risks to get candidate risks “on the table” for consideration by the team and then identify and refine that wording for risks that have some realistic chance of occurring in this project. For example, work schedules, family obligations, etc., may interfere with completing the project by the planned completion date. It is also an issue that the project manager will ultimately have to plan for, as opposed to other issues that may more align with company policy such as employee retention policies. Also, a major disaster (e.g., your office burning down), is not a high-enough probability event that requires much time in planning. As described below, you will select several of the identified risks and carry out a risk
analysis. Your team will use one of the examples from the textbook of risks to make a risk probability/impact matrix. The matrix will have at least three categories (high/medium/low) for probability and impact. You may include a more detailed impact or probability categorization if you like. All team members should contribute to identifying risks and organizing them into the matrix. Remember that it is important to name risks effectively—use words that describe the risk event and point to the impact on the project (e.g., “injury of field technician disrupts data collection work”) After completion of the risk matrix, each team member should then select one of the identified risks which the team finds critical to the project. The team members will carry out and document a risk analysis for their selected risk. This detailed documentation for that selected risk will include: • a description of the risk and potential impacts (schedule, quality of work, cost, etc.) on the project • indicators or triggers that would be monitored to help identify
the risk as early as possible • specific risk response strategies to take (specific risk response actions that Schwalbe categorizes as Avoidance, Acceptance, Transference, and/or Mitigation). The team leader will have the main responsibility for assembling contributions from team members into a final deliverable and submit the assignment for the team. The risk probability/impact matrix and the risk analysis write- ups on selected risks should be about 1200 to 2500 words in length. As is the case for all written assignments, the word count is a target to give you an idea about the level of detail expected. As a rule, it is best to keep it concise and as brief as possible while still covering the necessary topics. No points will be deducted for submittals if they exceed the maximum word count by a small amount. As in all assignments, your document should include a title, identification of the Assignment # and name, your group#, names of each participating team member, and date.
Grading Assignment 7 is worth 200 points. The points awarded from the Instructor’s grading of this Assignment will be given to all members of the team. Late submissions will not be allowed. *Each team member MUST submit their work product from their assigned task for the project to the group leader for submission in the final package. Your final package will include: The final project submission scanned by the plagiarism checker. A list of the group members who participated in the project and their assigned tasks. The work product created by each team member which will be scanned by the plagiarism checker. Please note: any team member who has not provided their work product to the team leader to be included in the submission in the submission area will NOT receive credit.
Unit 7 Assignment Group Assignment – Risk Analysis and Ident

Recommended

UCISA cyber incident response toolkit.pptx
UCISA cyber incident response toolkit.pptxUCISA cyber incident response toolkit.pptx
UCISA cyber incident response toolkit.pptxucisa
 
future internetArticleERMOCTAVE A Risk Management Fra.docx
future internetArticleERMOCTAVE A Risk Management Fra.docxfuture internetArticleERMOCTAVE A Risk Management Fra.docx
future internetArticleERMOCTAVE A Risk Management Fra.docxgilbertkpeters11344
 
future internetArticleERMOCTAVE A Risk Management Fra
future internetArticleERMOCTAVE A Risk Management Frafuture internetArticleERMOCTAVE A Risk Management Fra
future internetArticleERMOCTAVE A Risk Management FraDustiBuckner14
 
Future internet articleermoctave a risk management fra
Future internet articleermoctave a risk management fraFuture internet articleermoctave a risk management fra
Future internet articleermoctave a risk management fraarnit1
 
Cyber Sec Project Proposal
Cyber Sec Project ProposalCyber Sec Project Proposal
Cyber Sec Project ProposalChris Young
 
ADAM ADLER FLORIDA
ADAM ADLER FLORIDA ADAM ADLER FLORIDA
ADAM ADLER FLORIDA AdamAdler10
 
Boardroom to War Room: Practical Application of the NIST Cybersecurity Frame...
Boardroom to War Room: Practical Application of the NIST Cybersecurity Frame...Boardroom to War Room: Practical Application of the NIST Cybersecurity Frame...
Boardroom to War Room: Practical Application of the NIST Cybersecurity Frame...robbiesamuel
 
Cisco
CiscoCisco
CiscoDebbie Van Opstal
 

Recommended

UCISA cyber incident response toolkit.pptx
UCISA cyber incident response toolkit.pptxUCISA cyber incident response toolkit.pptx
UCISA cyber incident response toolkit.pptxucisa
 
future internetArticleERMOCTAVE A Risk Management Fra.docx
future internetArticleERMOCTAVE A Risk Management Fra.docxfuture internetArticleERMOCTAVE A Risk Management Fra.docx
future internetArticleERMOCTAVE A Risk Management Fra.docxgilbertkpeters11344
 
future internetArticleERMOCTAVE A Risk Management Fra
future internetArticleERMOCTAVE A Risk Management Frafuture internetArticleERMOCTAVE A Risk Management Fra
future internetArticleERMOCTAVE A Risk Management FraDustiBuckner14
 
Future internet articleermoctave a risk management fra
Future internet articleermoctave a risk management fraFuture internet articleermoctave a risk management fra
Future internet articleermoctave a risk management fraarnit1
 
Cyber Sec Project Proposal
Cyber Sec Project ProposalCyber Sec Project Proposal
Cyber Sec Project ProposalChris Young
 
ADAM ADLER FLORIDA
ADAM ADLER FLORIDA ADAM ADLER FLORIDA
ADAM ADLER FLORIDA AdamAdler10
 
Boardroom to War Room: Practical Application of the NIST Cybersecurity Frame...
Boardroom to War Room: Practical Application of the NIST Cybersecurity Frame...Boardroom to War Room: Practical Application of the NIST Cybersecurity Frame...
Boardroom to War Room: Practical Application of the NIST Cybersecurity Frame...robbiesamuel
 
Cisco
CiscoCisco
CiscoDebbie Van Opstal
 
please see below.docx
please see below.docxplease see below.docx
please see below.docxwrite31
 
please see below.docx
please see below.docxplease see below.docx
please see below.docx4934bk
 
please see below.docx
please see below.docxplease see below.docx
please see below.docxbkbk37
 
Risks in cc
Risks in ccRisks in cc
Risks in ccRubaNagarajan
 
Csmp overview may 14
Csmp overview may 14Csmp overview may 14
Csmp overview may 14Jock ANDRE
 
Blog powerpoint
Blog powerpointBlog powerpoint
Blog powerpointLonda77
 
For Public_ Cybersecurity_ Frameworks, Fundamentals, and Foundations 2023.pdf
For Public_ Cybersecurity_ Frameworks, Fundamentals, and Foundations 2023.pdfFor Public_ Cybersecurity_ Frameworks, Fundamentals, and Foundations 2023.pdf
For Public_ Cybersecurity_ Frameworks, Fundamentals, and Foundations 2023.pdfJustinBrown267905
 
The Port Security Plan - Management of Tasks and Responsibilities.docx
The Port Security Plan - Management of Tasks and Responsibilities.docxThe Port Security Plan - Management of Tasks and Responsibilities.docx
The Port Security Plan - Management of Tasks and Responsibilities.docxoreo10
 
INFORMATION AND COMMUNICATIONS TECHNOLOGY PROGRAM
INFORMATION AND COMMUNICATIONS TECHNOLOGY PROGRAMINFORMATION AND COMMUNICATIONS TECHNOLOGY PROGRAM
INFORMATION AND COMMUNICATIONS TECHNOLOGY PROGRAMChristopher Nanchengwa
 
Risk Management of Secure Cloud in Higher Educational Institution
Risk Management of Secure Cloud in Higher Educational InstitutionRisk Management of Secure Cloud in Higher Educational Institution
Risk Management of Secure Cloud in Higher Educational Institutionijtsrd
 
© 2017 Journal of the Practice of Cardiovascular Sciences Pu.docx
© 2017 Journal of the Practice of Cardiovascular Sciences Pu.docx© 2017 Journal of the Practice of Cardiovascular Sciences Pu.docx
© 2017 Journal of the Practice of Cardiovascular Sciences Pu.docxgerardkortney
 
Cyber_Security_Action_Plan_2016
Cyber_Security_Action_Plan_2016Cyber_Security_Action_Plan_2016
Cyber_Security_Action_Plan_2016John T. Araneo
 
The Legal Case for Cyber Risk Management - InfoSec World Privacy & Risk Summit
The Legal Case for Cyber Risk Management - InfoSec World Privacy & Risk SummitThe Legal Case for Cyber Risk Management - InfoSec World Privacy & Risk Summit
The Legal Case for Cyber Risk Management - InfoSec World Privacy & Risk SummitShawn Tuma
 
The Legal Case for Cyber Risk Management Programs and What They Should Include
The Legal Case for Cyber Risk Management Programs and What They Should IncludeThe Legal Case for Cyber Risk Management Programs and What They Should Include
The Legal Case for Cyber Risk Management Programs and What They Should IncludeShawn Tuma
 
SBIC Report : Transforming Information Security: Future-Proofing Processes
SBIC Report : Transforming Information Security: Future-Proofing ProcessesSBIC Report : Transforming Information Security: Future-Proofing Processes
SBIC Report : Transforming Information Security: Future-Proofing ProcessesEMC
 
Cyber presentation spet 2019 v8sentfor upload
Cyber presentation spet 2019 v8sentfor uploadCyber presentation spet 2019 v8sentfor upload
Cyber presentation spet 2019 v8sentfor uploadsavassociates1
 
Weakest links of an organization's Cybersecurity chain
Weakest links of an organization's Cybersecurity chainWeakest links of an organization's Cybersecurity chain
Weakest links of an organization's Cybersecurity chainSanjay Chadha, CPA, CA
 
New technologies - Amer Haza'a
New technologies - Amer Haza'aNew technologies - Amer Haza'a
New technologies - Amer Haza'aFahmi Albaheth
 
Cyber Risk and Marine Insurance
Cyber Risk and Marine InsuranceCyber Risk and Marine Insurance
Cyber Risk and Marine InsurancePeter Hulyer
 
Emergency Services Sector Cybersecurity Initiative UASI briefing
Emergency Services Sector Cybersecurity Initiative UASI briefingEmergency Services Sector Cybersecurity Initiative UASI briefing
Emergency Services Sector Cybersecurity Initiative UASI briefingDavid Sweigert
 
1. Is a smile a universal nonverbal form of communication Why or wh.docx
1. Is a smile a universal nonverbal form of communication Why or wh.docx1. Is a smile a universal nonverbal form of communication Why or wh.docx
1. Is a smile a universal nonverbal form of communication Why or wh.docxcorbing9ttj
 
1. IntroductionWritten and Narrated by Professor Deni ElliottThe.docx
1. IntroductionWritten and Narrated by Professor Deni ElliottThe.docx1. IntroductionWritten and Narrated by Professor Deni ElliottThe.docx
1. IntroductionWritten and Narrated by Professor Deni ElliottThe.docxcorbing9ttj
 

More Related Content

Similar to Unit 7 Assignment Group Assignment – Risk Analysis and Ident

please see below.docx
please see below.docxplease see below.docx
please see below.docxwrite31
 
please see below.docx
please see below.docxplease see below.docx
please see below.docx4934bk
 
please see below.docx
please see below.docxplease see below.docx
please see below.docxbkbk37
 
Csmp overview may 14
Csmp overview may 14Csmp overview may 14
Csmp overview may 14Jock ANDRE
 
Blog powerpoint
Blog powerpointBlog powerpoint
Blog powerpointLonda77
 
For Public_ Cybersecurity_ Frameworks, Fundamentals, and Foundations 2023.pdf
For Public_ Cybersecurity_ Frameworks, Fundamentals, and Foundations 2023.pdfFor Public_ Cybersecurity_ Frameworks, Fundamentals, and Foundations 2023.pdf
For Public_ Cybersecurity_ Frameworks, Fundamentals, and Foundations 2023.pdfJustinBrown267905
 
The Port Security Plan - Management of Tasks and Responsibilities.docx
The Port Security Plan - Management of Tasks and Responsibilities.docxThe Port Security Plan - Management of Tasks and Responsibilities.docx
The Port Security Plan - Management of Tasks and Responsibilities.docxoreo10
 
INFORMATION AND COMMUNICATIONS TECHNOLOGY PROGRAM
INFORMATION AND COMMUNICATIONS TECHNOLOGY PROGRAMINFORMATION AND COMMUNICATIONS TECHNOLOGY PROGRAM
INFORMATION AND COMMUNICATIONS TECHNOLOGY PROGRAMChristopher Nanchengwa
 
Risk Management of Secure Cloud in Higher Educational Institution
Risk Management of Secure Cloud in Higher Educational InstitutionRisk Management of Secure Cloud in Higher Educational Institution
Risk Management of Secure Cloud in Higher Educational Institutionijtsrd
 
© 2017 Journal of the Practice of Cardiovascular Sciences Pu.docx
© 2017 Journal of the Practice of Cardiovascular Sciences Pu.docx© 2017 Journal of the Practice of Cardiovascular Sciences Pu.docx
© 2017 Journal of the Practice of Cardiovascular Sciences Pu.docxgerardkortney
 
Cyber_Security_Action_Plan_2016
Cyber_Security_Action_Plan_2016Cyber_Security_Action_Plan_2016
Cyber_Security_Action_Plan_2016John T. Araneo
 
The Legal Case for Cyber Risk Management - InfoSec World Privacy & Risk Summit
The Legal Case for Cyber Risk Management - InfoSec World Privacy & Risk SummitThe Legal Case for Cyber Risk Management - InfoSec World Privacy & Risk Summit
The Legal Case for Cyber Risk Management - InfoSec World Privacy & Risk SummitShawn Tuma
 
The Legal Case for Cyber Risk Management Programs and What They Should Include
The Legal Case for Cyber Risk Management Programs and What They Should IncludeThe Legal Case for Cyber Risk Management Programs and What They Should Include
The Legal Case for Cyber Risk Management Programs and What They Should IncludeShawn Tuma
 
SBIC Report : Transforming Information Security: Future-Proofing Processes
SBIC Report : Transforming Information Security: Future-Proofing ProcessesSBIC Report : Transforming Information Security: Future-Proofing Processes
SBIC Report : Transforming Information Security: Future-Proofing ProcessesEMC
 
Cyber presentation spet 2019 v8sentfor upload
Cyber presentation spet 2019 v8sentfor uploadCyber presentation spet 2019 v8sentfor upload
Cyber presentation spet 2019 v8sentfor uploadsavassociates1
 
Weakest links of an organization's Cybersecurity chain
Weakest links of an organization's Cybersecurity chainWeakest links of an organization's Cybersecurity chain
Weakest links of an organization's Cybersecurity chainSanjay Chadha, CPA, CA
 
New technologies - Amer Haza'a
New technologies - Amer Haza'aNew technologies - Amer Haza'a
New technologies - Amer Haza'aFahmi Albaheth
 
Cyber Risk and Marine Insurance
Cyber Risk and Marine InsuranceCyber Risk and Marine Insurance
Cyber Risk and Marine InsurancePeter Hulyer
 
Emergency Services Sector Cybersecurity Initiative UASI briefing
Emergency Services Sector Cybersecurity Initiative UASI briefingEmergency Services Sector Cybersecurity Initiative UASI briefing
Emergency Services Sector Cybersecurity Initiative UASI briefingDavid Sweigert
 

Similar to Unit 7 Assignment Group Assignment – Risk Analysis and Ident (20)

please see below.docx
please see below.docxplease see below.docx
please see below.docx
 
please see below.docx
please see below.docxplease see below.docx
please see below.docx
 
please see below.docx
please see below.docxplease see below.docx
please see below.docx
 
Risks in cc
Risks in ccRisks in cc
Risks in cc
 
Csmp overview may 14
Csmp overview may 14Csmp overview may 14
Csmp overview may 14
 
Blog powerpoint
Blog powerpointBlog powerpoint
Blog powerpoint
 
For Public_ Cybersecurity_ Frameworks, Fundamentals, and Foundations 2023.pdf
For Public_ Cybersecurity_ Frameworks, Fundamentals, and Foundations 2023.pdfFor Public_ Cybersecurity_ Frameworks, Fundamentals, and Foundations 2023.pdf
For Public_ Cybersecurity_ Frameworks, Fundamentals, and Foundations 2023.pdf
 
The Port Security Plan - Management of Tasks and Responsibilities.docx
The Port Security Plan - Management of Tasks and Responsibilities.docxThe Port Security Plan - Management of Tasks and Responsibilities.docx
The Port Security Plan - Management of Tasks and Responsibilities.docx
 
INFORMATION AND COMMUNICATIONS TECHNOLOGY PROGRAM
INFORMATION AND COMMUNICATIONS TECHNOLOGY PROGRAMINFORMATION AND COMMUNICATIONS TECHNOLOGY PROGRAM
INFORMATION AND COMMUNICATIONS TECHNOLOGY PROGRAM
 
Risk Management of Secure Cloud in Higher Educational Institution
Risk Management of Secure Cloud in Higher Educational InstitutionRisk Management of Secure Cloud in Higher Educational Institution
Risk Management of Secure Cloud in Higher Educational Institution
 
© 2017 Journal of the Practice of Cardiovascular Sciences Pu.docx
© 2017 Journal of the Practice of Cardiovascular Sciences Pu.docx© 2017 Journal of the Practice of Cardiovascular Sciences Pu.docx
© 2017 Journal of the Practice of Cardiovascular Sciences Pu.docx
 
Cyber_Security_Action_Plan_2016
Cyber_Security_Action_Plan_2016Cyber_Security_Action_Plan_2016
Cyber_Security_Action_Plan_2016
 
The Legal Case for Cyber Risk Management - InfoSec World Privacy & Risk Summit
The Legal Case for Cyber Risk Management - InfoSec World Privacy & Risk SummitThe Legal Case for Cyber Risk Management - InfoSec World Privacy & Risk Summit
The Legal Case for Cyber Risk Management - InfoSec World Privacy & Risk Summit
 
The Legal Case for Cyber Risk Management Programs and What They Should Include
The Legal Case for Cyber Risk Management Programs and What They Should IncludeThe Legal Case for Cyber Risk Management Programs and What They Should Include
The Legal Case for Cyber Risk Management Programs and What They Should Include
 
SBIC Report : Transforming Information Security: Future-Proofing Processes
SBIC Report : Transforming Information Security: Future-Proofing ProcessesSBIC Report : Transforming Information Security: Future-Proofing Processes
SBIC Report : Transforming Information Security: Future-Proofing Processes
 
Cyber presentation spet 2019 v8sentfor upload
Cyber presentation spet 2019 v8sentfor uploadCyber presentation spet 2019 v8sentfor upload
Cyber presentation spet 2019 v8sentfor upload
 
Weakest links of an organization's Cybersecurity chain
Weakest links of an organization's Cybersecurity chainWeakest links of an organization's Cybersecurity chain
Weakest links of an organization's Cybersecurity chain
 
New technologies - Amer Haza'a
New technologies - Amer Haza'aNew technologies - Amer Haza'a
New technologies - Amer Haza'a
 
Cyber Risk and Marine Insurance
Cyber Risk and Marine InsuranceCyber Risk and Marine Insurance
Cyber Risk and Marine Insurance
 
Emergency Services Sector Cybersecurity Initiative UASI briefing
Emergency Services Sector Cybersecurity Initiative UASI briefingEmergency Services Sector Cybersecurity Initiative UASI briefing
Emergency Services Sector Cybersecurity Initiative UASI briefing
 

More from corbing9ttj

1. Is a smile a universal nonverbal form of communication Why or wh.docx
1. Is a smile a universal nonverbal form of communication Why or wh.docx1. Is a smile a universal nonverbal form of communication Why or wh.docx
1. Is a smile a universal nonverbal form of communication Why or wh.docxcorbing9ttj
 
1. IntroductionWritten and Narrated by Professor Deni ElliottThe.docx
1. IntroductionWritten and Narrated by Professor Deni ElliottThe.docx1. IntroductionWritten and Narrated by Professor Deni ElliottThe.docx
1. IntroductionWritten and Narrated by Professor Deni ElliottThe.docxcorbing9ttj
 
1. IntroductionThe objective of this video is to introduce studen.docx
1. IntroductionThe objective of this video is to introduce studen.docx1. IntroductionThe objective of this video is to introduce studen.docx
1. IntroductionThe objective of this video is to introduce studen.docxcorbing9ttj
 
1. In the following sentence, which words are used as adjectivesT.docx
1. In the following sentence, which words are used as adjectivesT.docx1. In the following sentence, which words are used as adjectivesT.docx
1. In the following sentence, which words are used as adjectivesT.docxcorbing9ttj
 
1. In the song Tonight from the musical West Side Story, the compo.docx
1. In the song Tonight from the musical West Side Story, the compo.docx1. In the song Tonight from the musical West Side Story, the compo.docx
1. In the song Tonight from the musical West Side Story, the compo.docxcorbing9ttj
 
1. IT Diffusion Models Please respond to the followingReview th.docx
1. IT Diffusion Models Please respond to the followingReview th.docx1. IT Diffusion Models Please respond to the followingReview th.docx
1. IT Diffusion Models Please respond to the followingReview th.docxcorbing9ttj
 
1. In many ways the underworld was considered dangerous, but there w.docx
1. In many ways the underworld was considered dangerous, but there w.docx1. In many ways the underworld was considered dangerous, but there w.docx
1. In many ways the underworld was considered dangerous, but there w.docxcorbing9ttj
 
1. In Jules Henry’s view, how are values and drives related to e.docx
1. In Jules Henry’s view, how are values and drives related to e.docx1. In Jules Henry’s view, how are values and drives related to e.docx
1. In Jules Henry’s view, how are values and drives related to e.docxcorbing9ttj
 
1. If I wanted to test a certain chemical to see if it made mice run.docx
1. If I wanted to test a certain chemical to see if it made mice run.docx1. If I wanted to test a certain chemical to see if it made mice run.docx
1. If I wanted to test a certain chemical to see if it made mice run.docxcorbing9ttj
 
1. Identify a community or aggregate you are currently involved wi.docx
1. Identify a community or aggregate you are currently involved wi.docx1. Identify a community or aggregate you are currently involved wi.docx
1. Identify a community or aggregate you are currently involved wi.docxcorbing9ttj
 
1. Identify and describe the steps of the scientific method. Which o.docx
1. Identify and describe the steps of the scientific method. Which o.docx1. Identify and describe the steps of the scientific method. Which o.docx
1. Identify and describe the steps of the scientific method. Which o.docxcorbing9ttj
 
1. How many time zones are there across the world2. Which map wou.docx
1. How many time zones are there across the world2. Which map wou.docx1. How many time zones are there across the world2. Which map wou.docx
1. How many time zones are there across the world2. Which map wou.docxcorbing9ttj
 
1. How has society responded to coastal changes initiated by sand tr.docx
1. How has society responded to coastal changes initiated by sand tr.docx1. How has society responded to coastal changes initiated by sand tr.docx
1. How has society responded to coastal changes initiated by sand tr.docxcorbing9ttj
 
1. How has the economic geography of this region changed over the .docx
1. How has the economic geography of this region changed over the .docx1. How has the economic geography of this region changed over the .docx
1. How has the economic geography of this region changed over the .docxcorbing9ttj
 
1. Important nurses of the 19th century are often overshadowed by Ni.docx
1. Important nurses of the 19th century are often overshadowed by Ni.docx1. Important nurses of the 19th century are often overshadowed by Ni.docx
1. Important nurses of the 19th century are often overshadowed by Ni.docxcorbing9ttj
 
1. In what ways did the Columbian Exchange impact the Americas, .docx
1. In what ways did the Columbian Exchange impact the Americas, .docx1. In what ways did the Columbian Exchange impact the Americas, .docx
1. In what ways did the Columbian Exchange impact the Americas, .docxcorbing9ttj
 
1. How did the conditions of life among descendants of African Slave.docx
1. How did the conditions of life among descendants of African Slave.docx1. How did the conditions of life among descendants of African Slave.docx
1. How did the conditions of life among descendants of African Slave.docxcorbing9ttj
 
1. If you adopt the _______ perspective, youll reject an emphasis o.docx
1. If you adopt the _______ perspective, youll reject an emphasis o.docx1. If you adopt the _______ perspective, youll reject an emphasis o.docx
1. If you adopt the _______ perspective, youll reject an emphasis o.docxcorbing9ttj
 
1. How are information systems transforming business and what is the.docx
1. How are information systems transforming business and what is the.docx1. How are information systems transforming business and what is the.docx
1. How are information systems transforming business and what is the.docxcorbing9ttj
 
1. How can Fiedlers theory of the least preferred coworker help man.docx
1. How can Fiedlers theory of the least preferred coworker help man.docx1. How can Fiedlers theory of the least preferred coworker help man.docx
1. How can Fiedlers theory of the least preferred coworker help man.docxcorbing9ttj
 

More from corbing9ttj (20)

1. Is a smile a universal nonverbal form of communication Why or wh.docx
1. Is a smile a universal nonverbal form of communication Why or wh.docx1. Is a smile a universal nonverbal form of communication Why or wh.docx
1. Is a smile a universal nonverbal form of communication Why or wh.docx
 
1. IntroductionWritten and Narrated by Professor Deni ElliottThe.docx
1. IntroductionWritten and Narrated by Professor Deni ElliottThe.docx1. IntroductionWritten and Narrated by Professor Deni ElliottThe.docx
1. IntroductionWritten and Narrated by Professor Deni ElliottThe.docx
 
1. IntroductionThe objective of this video is to introduce studen.docx
1. IntroductionThe objective of this video is to introduce studen.docx1. IntroductionThe objective of this video is to introduce studen.docx
1. IntroductionThe objective of this video is to introduce studen.docx
 
1. In the following sentence, which words are used as adjectivesT.docx
1. In the following sentence, which words are used as adjectivesT.docx1. In the following sentence, which words are used as adjectivesT.docx
1. In the following sentence, which words are used as adjectivesT.docx
 
1. In the song Tonight from the musical West Side Story, the compo.docx
1. In the song Tonight from the musical West Side Story, the compo.docx1. In the song Tonight from the musical West Side Story, the compo.docx
1. In the song Tonight from the musical West Side Story, the compo.docx
 
1. IT Diffusion Models Please respond to the followingReview th.docx
1. IT Diffusion Models Please respond to the followingReview th.docx1. IT Diffusion Models Please respond to the followingReview th.docx
1. IT Diffusion Models Please respond to the followingReview th.docx
 
1. In many ways the underworld was considered dangerous, but there w.docx
1. In many ways the underworld was considered dangerous, but there w.docx1. In many ways the underworld was considered dangerous, but there w.docx
1. In many ways the underworld was considered dangerous, but there w.docx
 
1. In Jules Henry’s view, how are values and drives related to e.docx
1. In Jules Henry’s view, how are values and drives related to e.docx1. In Jules Henry’s view, how are values and drives related to e.docx
1. In Jules Henry’s view, how are values and drives related to e.docx
 
1. If I wanted to test a certain chemical to see if it made mice run.docx
1. If I wanted to test a certain chemical to see if it made mice run.docx1. If I wanted to test a certain chemical to see if it made mice run.docx
1. If I wanted to test a certain chemical to see if it made mice run.docx
 
1. Identify a community or aggregate you are currently involved wi.docx
1. Identify a community or aggregate you are currently involved wi.docx1. Identify a community or aggregate you are currently involved wi.docx
1. Identify a community or aggregate you are currently involved wi.docx
 
1. Identify and describe the steps of the scientific method. Which o.docx
1. Identify and describe the steps of the scientific method. Which o.docx1. Identify and describe the steps of the scientific method. Which o.docx
1. Identify and describe the steps of the scientific method. Which o.docx
 
1. How many time zones are there across the world2. Which map wou.docx
1. How many time zones are there across the world2. Which map wou.docx1. How many time zones are there across the world2. Which map wou.docx
1. How many time zones are there across the world2. Which map wou.docx
 
1. How has society responded to coastal changes initiated by sand tr.docx
1. How has society responded to coastal changes initiated by sand tr.docx1. How has society responded to coastal changes initiated by sand tr.docx
1. How has society responded to coastal changes initiated by sand tr.docx
 
1. How has the economic geography of this region changed over the .docx
1. How has the economic geography of this region changed over the .docx1. How has the economic geography of this region changed over the .docx
1. How has the economic geography of this region changed over the .docx
 
1. Important nurses of the 19th century are often overshadowed by Ni.docx
1. Important nurses of the 19th century are often overshadowed by Ni.docx1. Important nurses of the 19th century are often overshadowed by Ni.docx
1. Important nurses of the 19th century are often overshadowed by Ni.docx
 
1. In what ways did the Columbian Exchange impact the Americas, .docx
1. In what ways did the Columbian Exchange impact the Americas, .docx1. In what ways did the Columbian Exchange impact the Americas, .docx
1. In what ways did the Columbian Exchange impact the Americas, .docx
 
1. How did the conditions of life among descendants of African Slave.docx
1. How did the conditions of life among descendants of African Slave.docx1. How did the conditions of life among descendants of African Slave.docx
1. How did the conditions of life among descendants of African Slave.docx
 
1. If you adopt the _______ perspective, youll reject an emphasis o.docx
1. If you adopt the _______ perspective, youll reject an emphasis o.docx1. If you adopt the _______ perspective, youll reject an emphasis o.docx
1. If you adopt the _______ perspective, youll reject an emphasis o.docx
 
1. How are information systems transforming business and what is the.docx
1. How are information systems transforming business and what is the.docx1. How are information systems transforming business and what is the.docx
1. How are information systems transforming business and what is the.docx
 
1. How can Fiedlers theory of the least preferred coworker help man.docx
1. How can Fiedlers theory of the least preferred coworker help man.docx1. How can Fiedlers theory of the least preferred coworker help man.docx
1. How can Fiedlers theory of the least preferred coworker help man.docx
 

Recently uploaded

What is Model Inheritance in Odoo 17 ERP
What is Model Inheritance in Odoo 17 ERPWhat is Model Inheritance in Odoo 17 ERP
What is Model Inheritance in Odoo 17 ERPCeline George
 
Types of Journalistic Writing Grade 8.pptx
Types of Journalistic Writing Grade 8.pptxTypes of Journalistic Writing Grade 8.pptx
Types of Journalistic Writing Grade 8.pptxEyham Joco
 
MARGINALIZATION (Different learners in Marginalized Group
MARGINALIZATION (Different learners in Marginalized GroupMARGINALIZATION (Different learners in Marginalized Group
MARGINALIZATION (Different learners in Marginalized GroupJonathanParaisoCruz
 
Painted Grey Ware.pptx, PGW Culture of India
Painted Grey Ware.pptx, PGW Culture of IndiaPainted Grey Ware.pptx, PGW Culture of India
Painted Grey Ware.pptx, PGW Culture of IndiaVirag Sontakke
 
Framing an Appropriate Research Question 6b9b26d93da94caf993c038d9efcdedb.pdf
Framing an Appropriate Research Question 6b9b26d93da94caf993c038d9efcdedb.pdfFraming an Appropriate Research Question 6b9b26d93da94caf993c038d9efcdedb.pdf
Framing an Appropriate Research Question 6b9b26d93da94caf993c038d9efcdedb.pdfUjwalaBharambe
 
EPANDING THE CONTENT OF AN OUTLINE using notes.pptx
EPANDING THE CONTENT OF AN OUTLINE using notes.pptxEPANDING THE CONTENT OF AN OUTLINE using notes.pptx
EPANDING THE CONTENT OF AN OUTLINE using notes.pptxRaymartEstabillo3
 
“Oh GOSH! Reflecting on Hackteria's Collaborative Practices in a Global Do-It...
“Oh GOSH! Reflecting on Hackteria's Collaborative Practices in a Global Do-It...“Oh GOSH! Reflecting on Hackteria's Collaborative Practices in a Global Do-It...
“Oh GOSH! Reflecting on Hackteria's Collaborative Practices in a Global Do-It...Marc Dusseiller Dusjagr
 
ENGLISH 7_Q4_LESSON 2_ Employing a Variety of Strategies for Effective Interp...
ENGLISH 7_Q4_LESSON 2_ Employing a Variety of Strategies for Effective Interp...ENGLISH 7_Q4_LESSON 2_ Employing a Variety of Strategies for Effective Interp...
ENGLISH 7_Q4_LESSON 2_ Employing a Variety of Strategies for Effective Interp...JhezDiaz1
 
Employee wellbeing at the workplace.pptx
Employee wellbeing at the workplace.pptxEmployee wellbeing at the workplace.pptx
Employee wellbeing at the workplace.pptxNirmalaLoungPoorunde1
 
Computed Fields and api Depends in the Odoo 17
Computed Fields and api Depends in the Odoo 17Computed Fields and api Depends in the Odoo 17
Computed Fields and api Depends in the Odoo 17Celine George
 
ECONOMIC CONTEXT - PAPER 1 Q3: NEWSPAPERS.pptx
ECONOMIC CONTEXT - PAPER 1 Q3: NEWSPAPERS.pptxECONOMIC CONTEXT - PAPER 1 Q3: NEWSPAPERS.pptx
ECONOMIC CONTEXT - PAPER 1 Q3: NEWSPAPERS.pptxiammrhaywood
 
Full Stack Web Development Course for Beginners
Full Stack Web Development Course for BeginnersFull Stack Web Development Course for Beginners
Full Stack Web Development Course for BeginnersSabitha Banu
 
Organic Name Reactions for the students and aspirants of Chemistry12th.pptx
Organic Name Reactions for the students and aspirants of Chemistry12th.pptxOrganic Name Reactions for the students and aspirants of Chemistry12th.pptx
Organic Name Reactions for the students and aspirants of Chemistry12th.pptxVS Mahajan Coaching Centre
 
Roles & Responsibilities in Pharmacovigilance
Roles & Responsibilities in PharmacovigilanceRoles & Responsibilities in Pharmacovigilance
Roles & Responsibilities in PharmacovigilanceSamikshaHamane
 
Presiding Officer Training module 2024 lok sabha elections
Presiding Officer Training module 2024 lok sabha electionsPresiding Officer Training module 2024 lok sabha elections
Presiding Officer Training module 2024 lok sabha electionsanshu789521
 
Gas measurement O2,Co2,& ph) 04/2024.pptx
Gas measurement O2,Co2,& ph) 04/2024.pptxGas measurement O2,Co2,& ph) 04/2024.pptx
Gas measurement O2,Co2,& ph) 04/2024.pptxDr.Ibrahim Hassaan
 
AmericanHighSchoolsprezentacijaoskolama.
AmericanHighSchoolsprezentacijaoskolama.AmericanHighSchoolsprezentacijaoskolama.
AmericanHighSchoolsprezentacijaoskolama.arsicmarija21
 
MICROBIOLOGY biochemical test detailed.pptx
MICROBIOLOGY biochemical test detailed.pptxMICROBIOLOGY biochemical test detailed.pptx
MICROBIOLOGY biochemical test detailed.pptxabhijeetpadhi001
 

Recently uploaded (20)

What is Model Inheritance in Odoo 17 ERP
What is Model Inheritance in Odoo 17 ERPWhat is Model Inheritance in Odoo 17 ERP
What is Model Inheritance in Odoo 17 ERP
 
Types of Journalistic Writing Grade 8.pptx
Types of Journalistic Writing Grade 8.pptxTypes of Journalistic Writing Grade 8.pptx
Types of Journalistic Writing Grade 8.pptx
 
MARGINALIZATION (Different learners in Marginalized Group
MARGINALIZATION (Different learners in Marginalized GroupMARGINALIZATION (Different learners in Marginalized Group
MARGINALIZATION (Different learners in Marginalized Group
 
Painted Grey Ware.pptx, PGW Culture of India
Painted Grey Ware.pptx, PGW Culture of IndiaPainted Grey Ware.pptx, PGW Culture of India
Painted Grey Ware.pptx, PGW Culture of India
 
Framing an Appropriate Research Question 6b9b26d93da94caf993c038d9efcdedb.pdf
Framing an Appropriate Research Question 6b9b26d93da94caf993c038d9efcdedb.pdfFraming an Appropriate Research Question 6b9b26d93da94caf993c038d9efcdedb.pdf
Framing an Appropriate Research Question 6b9b26d93da94caf993c038d9efcdedb.pdf
 
EPANDING THE CONTENT OF AN OUTLINE using notes.pptx
EPANDING THE CONTENT OF AN OUTLINE using notes.pptxEPANDING THE CONTENT OF AN OUTLINE using notes.pptx
EPANDING THE CONTENT OF AN OUTLINE using notes.pptx
 
“Oh GOSH! Reflecting on Hackteria's Collaborative Practices in a Global Do-It...
“Oh GOSH! Reflecting on Hackteria's Collaborative Practices in a Global Do-It...“Oh GOSH! Reflecting on Hackteria's Collaborative Practices in a Global Do-It...
“Oh GOSH! Reflecting on Hackteria's Collaborative Practices in a Global Do-It...
 
ENGLISH 7_Q4_LESSON 2_ Employing a Variety of Strategies for Effective Interp...
ENGLISH 7_Q4_LESSON 2_ Employing a Variety of Strategies for Effective Interp...ENGLISH 7_Q4_LESSON 2_ Employing a Variety of Strategies for Effective Interp...
ENGLISH 7_Q4_LESSON 2_ Employing a Variety of Strategies for Effective Interp...
 
Employee wellbeing at the workplace.pptx
Employee wellbeing at the workplace.pptxEmployee wellbeing at the workplace.pptx
Employee wellbeing at the workplace.pptx
 
Computed Fields and api Depends in the Odoo 17
Computed Fields and api Depends in the Odoo 17Computed Fields and api Depends in the Odoo 17
Computed Fields and api Depends in the Odoo 17
 
ECONOMIC CONTEXT - PAPER 1 Q3: NEWSPAPERS.pptx
ECONOMIC CONTEXT - PAPER 1 Q3: NEWSPAPERS.pptxECONOMIC CONTEXT - PAPER 1 Q3: NEWSPAPERS.pptx
ECONOMIC CONTEXT - PAPER 1 Q3: NEWSPAPERS.pptx
 
Full Stack Web Development Course for Beginners
Full Stack Web Development Course for BeginnersFull Stack Web Development Course for Beginners
Full Stack Web Development Course for Beginners
 
Organic Name Reactions for the students and aspirants of Chemistry12th.pptx
Organic Name Reactions for the students and aspirants of Chemistry12th.pptxOrganic Name Reactions for the students and aspirants of Chemistry12th.pptx
Organic Name Reactions for the students and aspirants of Chemistry12th.pptx
 
Model Call Girl in Bikash Puri Delhi reach out to us at 🔝9953056974🔝
Model Call Girl in Bikash Puri Delhi reach out to us at 🔝9953056974🔝Model Call Girl in Bikash Puri Delhi reach out to us at 🔝9953056974🔝
Model Call Girl in Bikash Puri Delhi reach out to us at 🔝9953056974🔝
 
Roles & Responsibilities in Pharmacovigilance
Roles & Responsibilities in PharmacovigilanceRoles & Responsibilities in Pharmacovigilance
Roles & Responsibilities in Pharmacovigilance
 
Model Call Girl in Tilak Nagar Delhi reach out to us at 🔝9953056974🔝
Model Call Girl in Tilak Nagar Delhi reach out to us at 🔝9953056974🔝Model Call Girl in Tilak Nagar Delhi reach out to us at 🔝9953056974🔝
Model Call Girl in Tilak Nagar Delhi reach out to us at 🔝9953056974🔝
 
Presiding Officer Training module 2024 lok sabha elections
Presiding Officer Training module 2024 lok sabha electionsPresiding Officer Training module 2024 lok sabha elections
Presiding Officer Training module 2024 lok sabha elections
 
Gas measurement O2,Co2,& ph) 04/2024.pptx
Gas measurement O2,Co2,& ph) 04/2024.pptxGas measurement O2,Co2,& ph) 04/2024.pptx
Gas measurement O2,Co2,& ph) 04/2024.pptx
 
AmericanHighSchoolsprezentacijaoskolama.
AmericanHighSchoolsprezentacijaoskolama.AmericanHighSchoolsprezentacijaoskolama.
AmericanHighSchoolsprezentacijaoskolama.
 
MICROBIOLOGY biochemical test detailed.pptx
MICROBIOLOGY biochemical test detailed.pptxMICROBIOLOGY biochemical test detailed.pptx
MICROBIOLOGY biochemical test detailed.pptx
 

Unit 7 Assignment Group Assignment – Risk Analysis and Ident

  • 1. Unit 7 Assignment Group Assignment – Risk Analysis and Identification Assignment 7 will also be completed as a team assignment. Teams for the Group Assignment will be assigned by the end of week 2. Each team will be randomly assigned in Blackboard. At the beginning of or prior to Week 4, the team should assign a team leader to coordinate the team's work due in Week 7. Your team represents the State’s contractor selected by the State to carry out the Risk Assessment Project for this case study. Your company's senior management and the State's Project Manager have requested that you prepare a risk management plan that identifies potential risks and identifies risk management strategies. From the course content and readings, you know that the overall purpose of risk planning is to anticipate possible risk events and be ready to take appropriate action when risk events occur—to eliminate or reduce negative impacts on the project.
  • 2. Scenario As the industry moves into a smart-shipping era, the risk of cyber threats is at an all-time high. Digitalized ships, increasing interconnectedness, the extended use of electronic data exchange and electronic navigation increases the likelihood of cyber-attacks in variety, frequency and sophistication. Cyber threats are one of the most serious economic and international security challenges facing the maritime industry today. The need for protection and security enforcements to mitigate the threats is more important today than ever. Guidelines to support secure cyber operations and contingency plans to be followed in a case of cyber incident have become necessary. The XYZ Shipping Chamber recognizing the increasing concern of its Members with regards to the cyber security and their protection, developed this document with the intention to create awareness of the threat and provide guidance to its Members. Company Description “We own and/or operate over 100 ships which include tankers,
  • 3. bulkers, and container ships. We employ directly over 3,000 employees in seven offices worldwide. The company operates as an owner and technical operator, including crewing services”. Motivation “Driving this shipping company’s cyber security initiatives is the increasing awareness of the invasive nature of cyber-criminal activity in the shipping industry. Cyber threat has imposed an elevated cyber security related risk awareness from ship owners, the company board of directors, cargo owners, and legal / regulatory bodies such as TMSA, IMO and USCG to name some, as well as P&I club coverage”. 4.1 “Reducing the risk should be the main deliverable of the company’s cyber security strategy and outcome of the risk assessment decided by senior management. At a technical level, this would include the necessary actions to be implemented to establish and maintain an agreed level of cyber security.” 4.2 Ships entering / leaving management pose added challenge to maintaining a uniform application of a
  • 4. cyber security program as each ship differs in communication systems, ship technology, and operations budget. Efforts to establish a fleet wide standard cyber security strategy is an efficient way to maintain a consistent and effective level of defense and response across a fleet. “A further complexity is that shipping lines operate a mix of vessels which they either own or charter for a short period of time…”. 4.3 Company employees, port agents, service vendors, equipment manufacturers, and crewing services do introduce a significant cyber security risk for a ship’s commercial operations due to the large number of persons routinely visiting the ship or joining as crew. These ship visitors are often routine in nature and are left minimally monitored while they complete their tasks onboard. There is no company cybersecurity policy in place for ship related services that use the ships network. 4.4 Knowing who is using your ship network and for what purpose is important and a real concern relating to cyber security. Discovering early malicious intent, unintentional mistakes, or poor cyber security practices are a risk that needs to be addressed. Ship network monitoring and analysis is one way
  • 5. to have this capability. 4.5 There is a need to have a clear policy and practical procedures for all crew and visitors who use the ship’s network in the cyber security policy and proper use expectations. 4.6 Cyber Incident insurance coverage will grow in importance as a part of a company’s risk management strategy. Using their assessment and audit standards is a good start and should be reviewed for applicability to your cyber security strategy and for possible future insurance coverage. Driving Cyber Security for the Fleet “Currently, the company is undergoing a transition from the current Fleet Broadband communication services to a higher broadband capable VSAT system. This ‘open to the internet’ situation will drive the company towards more vigilance and the need for a Cyber security program to be put in place”. Further Consideration: 5.1 “The rapid development in maritime broadband satellite coverage combined with the introduction of highly sophisticated equipment, such as computer-controlled engine systems, has changed the
  • 6. structural risks to maritime vessels. Ships are no longer protected by an airgap from external systems. Today, an estimated 30,000 vessels globally have equipment providing them with constant internet access, which is an increase from only 6,000 in 2008. Even if networks on board are separated between systems for ship operation, crew welfare and remote access to suppliers, separations can over time be compromised by ad hoc interventions by the crew or suppliers, for instance in connection to maintenance…”. 5.2 “Cyber security refers to the security of information networks and control systems and the equipment and systems that communicate, store and act on data. Cyber security encompasses systems, ships and offshore assets, but includes third parties – subcontractors, technicians, suppliers – and external components such as sensors and analytic systems that interface with networks and data systems. This includes human interaction of crews and other Company personnel, customers and potential threat players. In such a dynamic system, cyber
  • 7. security is an evolving set of capabilities inside the Company, developing and adapting as technology and threats evolve.” Moving to VSAT from Fleet Broadband (FBB) Company comment: “The VSAT broadband ability allows ships to have direct connection to the Internet. Your Submittal for Assignment 7 You may wish to begin this exercise with a brainstorming session about potential risks to get candidate risks “on the table” for consideration by the team and then identify and refine that wording for risks that have some realistic chance of occurring in this project. For example, work schedules, family obligations, etc., may interfere with completing the project by the planned completion date. It is also an issue that the project manager will ultimately have to plan for, as opposed to other issues that may more align with company policy such as employee retention policies. Also, a major disaster (e.g., your office burning down), is not a high-enough probability event that requires much time in planning. As described below, you will select several of the identified risks and carry out a risk
  • 8. analysis. Your team will use one of the examples from the textbook of risks to make a risk probability/impact matrix. The matrix will have at least three categories (high/medium/low) for probability and impact. You may include a more detailed impact or probability categorization if you like. All team members should contribute to identifying risks and organizing them into the matrix. Remember that it is important to name risks effectively—use words that describe the risk event and point to the impact on the project (e.g., “injury of field technician disrupts data collection work”) After completion of the risk matrix, each team member should then select one of the identified risks which the team finds critical to the project. The team members will carry out and document a risk analysis for their selected risk. This detailed documentation for that selected risk will include: • a description of the risk and potential impacts (schedule, quality of work, cost, etc.) on the project • indicators or triggers that would be monitored to help identify
  • 9. the risk as early as possible • specific risk response strategies to take (specific risk response actions that Schwalbe categorizes as Avoidance, Acceptance, Transference, and/or Mitigation). The team leader will have the main responsibility for assembling contributions from team members into a final deliverable and submit the assignment for the team. The risk probability/impact matrix and the risk analysis write- ups on selected risks should be about 1200 to 2500 words in length. As is the case for all written assignments, the word count is a target to give you an idea about the level of detail expected. As a rule, it is best to keep it concise and as brief as possible while still covering the necessary topics. No points will be deducted for submittals if they exceed the maximum word count by a small amount. As in all assignments, your document should include a title, identification of the Assignment # and name, your group#, names of each participating team member, and date.
  • 10. Grading Assignment 7 is worth 200 points. The points awarded from the Instructor’s grading of this Assignment will be given to all members of the team. Late submissions will not be allowed. *Each team member MUST submit their work product from their assigned task for the project to the group leader for submission in the final package. Your final package will include: The final project submission scanned by the plagiarism checker. A list of the group members who participated in the project and their assigned tasks. The work product created by each team member which will be scanned by the plagiarism checker. Please note: any team member who has not provided their work product to the team leader to be included in the submission in the submission area will NOT receive credit.