Question One
In accordance with the module guide introduced during the initial weeks of TM311, I have
diligently strived to stay informed of the forefront of information security. To comply with
the guidelines of the Open University, I have conscientiously recognised and acknowledged
the contributions of others, the source of the information presented for this question are:
Source 1 – Figure 1.1
Constatine, L. (2023) North Korea’s Lazarus Group hits organizations with two new RATs.
Available at: https://www.csoonline.com/article/650413/north-koreas-lazarus-group-hits-
organizations-with-two-new-rats.html#:~:text=%E2%80%9CLazarus%20Group%20remains
%20highly%20active,said%20in%20a%20new%20report. (Accessed: 25 October 2023).
Source 2 – Figure 1.2
Eston, T (2023) SEC VS. SolarWinds, CISO, Classiscam Scam-As-A-Service [Podcast]. 16
November 2023. Available at: https://sharedsecurity.net/2023/11/13/sec-vs-solarwinds-
ciso-classiscam-scam-as-a-service/ . (Accessed 25 November 2023).
, Question Two
To associate value with an asset, we must first define an “asset”. According to the ISO 27001 standards which is the International Organisation
for Standardisation in Information security, an asset is any location within an organisations system where sensitive information is stored,
processed or accessible, what would be the legal, reputational, or financial repercussions if the information is at risk or not accessible?
Organisations aiming to establish a robust Information Security Management System (ISMS) and secure ISO 27001 certification must undertake
an asset register. The register plays a role in the risk assessment process by helping to identify assets and evaluate potential information
security risks but also how it is managed and controlled during its lifecycle. The concept of vulnerabilities is central to this assessment,
representing organisational weaknesses that threats could exploit to compromise or harm assets (Irwin, 2022).
Figure: 2.1 – Draft information register.
In accordance with the module guide introduced during the initial weeks of TM311, I have
diligently strived to stay informed of the forefront of information security. To comply with
the guidelines of the Open University, I have conscientiously recognised and acknowledged
the contributions of others, the source of the information presented for this question are:
Source 1 – Figure 1.1
Constatine, L. (2023) North Korea’s Lazarus Group hits organizations with two new RATs.
Available at: https://www.csoonline.com/article/650413/north-koreas-lazarus-group-hits-
organizations-with-two-new-rats.html#:~:text=%E2%80%9CLazarus%20Group%20remains
%20highly%20active,said%20in%20a%20new%20report. (Accessed: 25 October 2023).
Source 2 – Figure 1.2
Eston, T (2023) SEC VS. SolarWinds, CISO, Classiscam Scam-As-A-Service [Podcast]. 16
November 2023. Available at: https://sharedsecurity.net/2023/11/13/sec-vs-solarwinds-
ciso-classiscam-scam-as-a-service/ . (Accessed 25 November 2023).
, Question Two
To associate value with an asset, we must first define an “asset”. According to the ISO 27001 standards which is the International Organisation
for Standardisation in Information security, an asset is any location within an organisations system where sensitive information is stored,
processed or accessible, what would be the legal, reputational, or financial repercussions if the information is at risk or not accessible?
Organisations aiming to establish a robust Information Security Management System (ISMS) and secure ISO 27001 certification must undertake
an asset register. The register plays a role in the risk assessment process by helping to identify assets and evaluate potential information
security risks but also how it is managed and controlled during its lifecycle. The concept of vulnerabilities is central to this assessment,
representing organisational weaknesses that threats could exploit to compromise or harm assets (Irwin, 2022).
Figure: 2.1 – Draft information register.
