4) b )

1. Actor: Hackers (external threat)

Asset: Customer financial data and personal information

Threat: Data breaches through phishing scams or malware attacks

Vulnerability: Weaknesses in the company's data security systems

Impact: Loss of customer trust and financial losses from regulatory fines.

Actor: Disgruntled employees (internal threat)

Asset: Company's proprietary information and intellectual property

Threat: Insider threats, such as the unauthorized sharing of confidential information

Vulnerability: Lack of proper access controls and security protocols

Impact: Loss of competitive advantage and potential legal action 3.

Actor: Cybercriminals (external threat) Asset: Company's financial accounts and transactions

Threat: Fraudulent activities, such as unauthorized access to financial accounts Vulnerability: Weaknesses in the company's network security systems

Impact: Financial losses and potential damage to the company's reputation

4.

Actor: Nation-state actors (external threat) Asset: Company's sensitive data and systems

Threat: Advanced persistent threats and targeted cyber-attacks

Vulnerability: Lack of proper security measures and incident response plan Impact: Loss of sensitive data and potential disruption to the company's operations 5.

Actor: Ransomware attacks (external threat)

Asset: Company's data and systems Threat: Encryption of company's data and systems and demanding ransom to decrypt it

Vulnerability: Lack of proper backup and recovery plan

Impact: Loss of access to critical data and potential disruption to the company's operations

6.

Actor: Social engineering attacks (external threat)

Asset: Company's data and systems Threat: Phishing scams, pretexting, baiting, and other social engineering techniques

Vulnerability: Lack of employee security awareness and phishing training Impact: Loss of sensitive data and potential compromise of company's systems

Q. Give each risk a realistic rating, using your risk assessment tables/matrices