Cybersecurity Risk Assessment And Threat Management For Atlassian Corporation Plc
Task 1: The Importance of Risk Assessment
The foremost determination of the paper is to focus on the cybersecurity issue of the Atlassian Corporation Plc which is based in Sydney, Australia having around 2738 employees all around Australia (Atlassian. 2018). The paper will be focussing on the importance and the limitations of the risk assessment for the cyber security issues in the organization. How the threats can impact the assets of the organization will be stated in the later unit of the paper (Gov.uk. 2018). The ranking of the threats based on their level of impact on the information assets of Atlassian will be discussed in final unit of the paper.
It is defined as the method by which the probable risks and hazard associated with an organization can be identified.
The different types of cyber security issues such as data breaches and cyber security threats such as the ransomeware can be prevent with the help of effective cyber security risk assessment which is done occasionally in any organization which deals with both structured and unstructured data.
- The entire business profit and the financial loss of the organization depends of the efficiency of the risk assessment process.
- Accountability: The decision and laws of the organization and the industry keeps on changing.
- Risk-ware culture (Drias, Serhrouchni and Vogel, 2015).
The results of the risk assessment helps in identifying the steps which can be implemented in the organization such as the security awareness training among the employees of the organization, updating the patches of the operating systems of the systems used by the stakeholders of the organization, data asset inventory and continuous vulnerability assessment and traffic monitoring (Jokar, Arianpoo and Leung, 2016).
- Ever changing market conditions are the most essential limitation of the risk current assessment process of this organization (Baig et al., 2018).
- Integrity of the risk assessment process is not maintained by the project managers.
Considered as a single entity Information Asset is a unit full of knowledge. The information asset register is the most critical aspect of the information asset.
Identification of critical information assets can be understood by the following questions:
- Which assets have the most impact on revenue?
- Which assets have the most impact on profitability?
- Which assets have the most impact on public image?
- Which assets is the most expensive to protect?
- Which assets is responsible for the success of the organization?
1 signifies lowest rank and 5 signifies highest rank for the following tables
|
Information asset |
Ranking of the assets |
Category of the asset |
Role of the asset |
Impact on revenue |
Impact on profitability |
Impact on public image |
|
Trademarks and Copyrights |
2 |
Intangible asset |
Authorization of the products |
5 |
5 |
3 |
|
Brand value |
1 |
Intangible asset |
Maintaining strong market relations. |
5 |
4 |
5 |
|
Servers and IS |
3 |
Tangible asset |
Efficient delivery of the products and services |
3 |
2 |
3 |
|
Infrastructure |
4 |
Tangible asset |
Efficient utilization of the human resources |
3 |
4 |
4 |
Table 1: WFA
(Source: Created by the author)
|
Threats |
Asset impacted |
Threat Agent |
Method of delivery |
Working Mechanism |
Source |
|
Infringement |
Trademarks and Copyrights |
Violators |
Sales of products |
Use of products and service provided by the company. |
“Keeping competitors away from your IP is not only your right but also your responsibility (Ipaustralia.gov.au2018).” |
|
Lack of interest |
Brand value |
Clients |
Products |
Finds alternative services. |
“Brand equity is the value that your brand brings to your company. You can measure it in a number of ways, such as the price premium you can charge over a no-name product, or long-term customer loyalty” |
|
Ransomeware |
Servers and IS |
Cyber Criminals |
Private network |
Data encapsulation |
“ransomware is a rising threat to businesses in Australia and abroad” |
|
Malware |
Servers and IS |
Cyber Criminals |
Private network |
Data Alteration |
“Malware is the most predominant cybercrime threat in Australia, according to (ACSC)” |
|
IS breakdown |
Infrastructure |
Internal Stakeholders |
Manual |
Human Resources |
“IS can affect production as well as loss of income and customer goodwill” |
Table 2: Details of the top 5 threats
|
Security concepts |
Security threat |
Incident |
Trend |
|
Threats |
Alteration of data |
Facebook Data Breach |
July 2017 |
|
Hazards |
Data alternation |
eBay Hazard |
May 2014 |
|
Attacks |
Alternation of personal information |
Target Stores |
December 2013 |
|
Incidents |
Threat to information |
Uber Incident |
November 2016 |
Table 3: Details of security concepts
(Source: Created by the author)
Figure 1: Details of security concepts
(Source: Created by the author)
|
Asset |
Infringement |
Lack of interest |
Loss of trust |
Ransomeware |
Malware |
|
Impact |
High |
Low |
Medium |
High |
High |
|
Level of threat |
2 |
3 |
4 |
5 |
4 |
|
Effect on the organizational business community |
4 |
2 |
2 |
5 |
5 |
Table 4: Level of impact on Atlassian Corporation Plc
(Source: Created by the author)
Considering the mentioned threats, it can be stated that the ransomeware threat will be having the highest impact on this asset as it is the only medium of communication and business purpose for all the internal as well as the external stakeholders of this ICT organization (Knowles et al., 2015). The mission and vision of the organization can be fully impacted by this threat.
|
Weakness of the Asset |
Confidentiality |
Integrity |
Association |
|
Server Issue |
3 |
5 |
2 |
|
Broken links |
4 |
2 |
1 |
|
Poor design |
3 |
4 |
4 |
Task 2: Critical Asset Identification
Table 5: Weakness of the asset considering CIA
(Source: Created by the author)
Infringement have a least impact on official website where as lack of interest also have no significant impact. Loss of trust have a medium impact on the website where as the Ransomeware and Malware have the most significant impact on the selected asset of this organization (Komninos, Philippou and Pitsillides, 2014). Threats coming from the IS breakdown also have some impact on the selected website.
Conclusion
From the above paper, it can be concluded that the there are lots of security threats associated with the assets of the organization. The existing risk assessment methods of the selected organization along with its limitations is highlighted in the paper. All the threats on the growth of the corporation can be concluded from the paper. The paper also helps in concluding the level of impact of the threats associated with the chosen organization. The threats are ranked according to their level of impact on certain departments of the accounting organization such as profitability. The impact of the threats can also be concluded from the paper. The critical information assets of the organization has been discussed in the paper along with the threat to the information assets of the organization.
Reference
Atlassian. (2018). Atlassian | Software Development and Collaboration Tools. [online] Available at: https://www.atlassian.com/ [Accessed 6 Dec. 2018].
Baig, Z.A., Szewczyk, P., Valli, C., Rabadia, P., Hannay, P., Chernyshev, M., Johnstone, M., Kerai, P., Ibrahim, A., Sansurooah, K. and Syed, N., 2017. Future challenges for smart cities: Cyber-security and digital forensics. Digital Investigation, 22, pp.3-13.
Drias, Z., Serhrouchni, A. and Vogel, O., 2015, August. Analysis of cyber security for industrial control systems. In Cyber Security of Smart Cities, Industrial Control System and Communications (SSIC), 2015 International Conference on (pp. 1-8). IEEE.
GOV.UK. (2018). Cyber Security Breaches Survey 2018. [online] Available at: https://www.gov.uk/government/statistics/cyber-security-breaches-survey-2018 [Accessed 6 Dec. 2018].
Ipaustralia.gov.au. (2018). IP Infringement | IP Australia. [online] Available at: https://www.ipaustralia.gov.au/ip-infringement [Accessed 9 Dec. 2018].
Jokar, P., Arianpoo, N. and Leung, V.C., 2016. A survey on security issues in smart grids. Security and Communication Networks, 9(3), pp.262-273.
Knowles, W., Prince, D., Hutchison, D., Disso, J.F.P. and Jones, K., 2015. A survey of cyber security management in industrial control systems. International journal of critical infrastructure protection, 9, pp.52-80.
Komninos, N., Philippou, E. and Pitsillides, A., 2014. Survey in smart grid and smart home security: Issues, challenges and countermeasures. IEEE Communications Surveys & Tutorials, 16(4), pp.1933-1954.