# CW2 Analytical Report

FIND A SOLUTION AT Academic Writers Bay

CW2 Analytical Report
Executive summary [200 to 250 words]
What are the areas covered?
A brief description of the computations (methodology)
Brief conclusions and recommendations
Introduction [500 to 1000 words]
The background of the problem
A short summary of the recent cyber-attack and associated losses and vulnerabilities [a sort of case study]
The challenges to solve the problems
The methodology used to solve the problem
description and development of the scenario, cyber risk assessment [NIST] and computational framework [CRO article and IFoA article]
Computations and results [1000 to 1500 words]
Create the EXCEL model on the worksheets, justification of the model parameters, etc
Total Cyber Risk Management cost is £209,950,000
This is a fixed number – where is the flexibility as the events are uncertain – so the costs.
Assigning the minimum and maximum level of costs around the average (most-likely) cost for each cost category
What to do to include the future uncertainty – perform the Monte Carlo simulation
Selection of probability distribution – for simplicity we consider three popular distributions i.e., triangular, pert and uniform distribution. What is the justification of selecting these distributions?
Model setup: 10,000 iterations and 1 simulation
Apply @Risk to generate model outputs
Figure 1: Aggregated Cyber Loss (PDF)
There is a 95% probability that the cyber cost will remain within £186 million and £229 million. Also, there is a 5% probability that the cost will exceed £229 million and go upto the maximum value (see on the excel model output statistics). Alternatively, we expect 5 event in each 100 years.
Figure 2: Aggregated Cyber Loss (cumulative)
This figure 2 (the cumulative distribution) has same interpretation as of Figure 1.
Present and interpret the results
What is the next question the CEO can ask? Which of the specific cost category influence the total cyber loss?
We need to perform sensitivity analysis
Figure 3: Influence of cyber loss category on mean Total Cyber Loss (Tornado chart)
The Compensation influence the mean cyber loss mostly. The second is regulatory fines and son on…..
Figure 4: Influence of cyber loss category on mean Total Cyber Loss (Spider chart)
This spider charts tells the same thing. The compensation line is steeper than other lines.
10% change in the compensation influence the compensation value from £218m to £222m (=£4m). however, the same percentage change cause compensation value from £214m to £215m (=£1m)
What is the next question the CEO can ask? The total cyber loss that you presented is one-off. However, there could be multiple events and the CEO need to develop a strategy or planning for short-medium (2-5 years)-longer terms (5 – 10 years).
Use the NIST framework to develop a mitigation strategy
Table 1: Cyber Risk Assessment with NIST Framework
Components

YOU MAY ALSO READ ...  option #1: Why is diversity in the workplace so crucial? (paper)

Relevance to scenario
Impact Frequency
Impact Severity
IDENTIFY (ID)
1
Asset Management
Y
N/A
L
2
N
N/A
N/A
3
Governance
Y
M
H
4
Risk Assessment
Y
H
H
5
Risk Management Strategy
Y
L
N/A
PROTECT (PR)
6
Access Control
Y
H
H
7
Awareness and Training
Y
M
N/A
8
Data Security
Y
H
H
9
Information Protection Processes and Procedures
Y
L
H
10
Maintenance
N
N/A
N/A
11
Protective Technology
Y
N/A
M
12
Anomalies and Events
Y
M
M
13
Security Continuous Monitoring
Y
H
N/A
14
Detection Processes
Y
L
M
RESPOND (RS)
15
Response Planning
Y
N/A
H
16
Communications
Y
N/A
H
17
Analysis
Y
M
M
18
Mitigation
Y
N/A
M
19
Improvements
Y
L
M
RECOVER (RC)
20
Recovery Planning
Y
N/A
H
21
Improvements
Y
L
L
22
Communications
Y
N/A
N/A
Add a description of this table 1
Conclusion and Recommendations [800 to 1000 words]
Revisit the problem and present a summary of the computational frameworks
Draw the recommendations from your analysis and results
References [not counted in the word limit]
Appendices [not counted in the word limit] – send to Madhu separately
Appendix 1: Scenario Register
Appendix 2: NIST Scenario Assessment Framework
Appendix 3: Impact Cost
Appendix 4: Model (one period)
Appendix 5: Model (multi period)
END
Selection and description of an appropriate insurance company (see the factors listed in the above (a) to (j));
[10 marks]
Development of the scenario (other than the example scenarios given in (a) to (g);
[20 marks]
Description of the cyber risk analysis, computational framework and the justification of its parameters
[20 marks]
Mathematical computations of the financial impact in EXCEL [30 marks]
Recommendations for the CEO in his/her decision making to protect the organisation from the potential impact of the cyber threat. Your recommendations should highlight the pros and cons of the financial impact in line with your computational framework.

YOU MAY ALSO READ ...  Creating safe and healthy workplaces

QUALITY: 100% ORIGINAL PAPERNO PLAGIARISM – CUSTOM PAPER