I need some help with this question. Thanks in advance

Advanced Medicos Limited (AML) is a private telehealth healthcare service and product selling company that has branches throughout Australia. As a healthcare provider, they manage sensitive health-related and personal data of their clients. They also sell their health care products to Australian and overseas customers online. The company also consists of a professional sub-division that manages both the back end and front-end applications. The vision of the company is to be among the top 5 nationwide. The board, from the advice of the Chief Information Officer (CIO) and Chief Information Security Officer (CISO), has concluded that they should get to the point that the key services such as web portals should be able to recover from major incidents in less than 15 minutes while other services can be up and running in less than 1 hour. In case of a disaster, they should be able to have the Web portal and payroll system fully functional in less than one day. The company is a new company that is growing rapidly. While the company uses its database server to store the information of its customers private data, credit card info, etc. it has a poor-designed network with a low level of security. As the company is responsible for the privacy and the security of customer personal and health-related info, credit card details, the security of payment transactions, etc., they are required to improve their information security. ISYS1003-Ass 3-T2 2022 Therefore, you are hired by the company as a cybersecurity consultant to help manage security and write a security plan for the company to address the contemporary and emerging risks from the cyber threats the company is facing.

Task 3: Business Impact Analysis (BIA) (18+2 Marks) You should analyse three business processes in AML Company: Credit Card Processing, Online Ordering, and Client Health Record Maintenance. You are responsible for deciding about RTO, RPO, and MTD values for these processes. Then, you should discuss the impact on the business if these processes were unavailable. The impact can be critical, urgent, important, or normal. You should explain both customer and financial impact with proper justification. For this question, you should initially perform BIA for AML Company before implementing possible security controls you like to propose. Then, in the second step, perform a BIA analysis after implementing the controls and explain whether the controls are enough and effective. In your report, you should analyse how the controls that you propose could affect these business processes. You should discuss possible vulnerabilities that exist with these assets. Table 1 provides an example of BIA for an example process.

Table 1. BIA information Consequence of MTD RTO RPO disruption Unable to provide student 72 48 12 data to other hours hours hours faculties when requested Consequence of disruption Mission/Busine ss Process (Department) Example 1: Student record maintenance Credit Card Processing Online booking ISYS1003-Ass 3-T2 2022 Mission/Busine ss Process (Department) Patients' health record maintenance MTD RTO RPO Customer Impact (critical, urgent, important, or normal) Urgent (explain your reason) Customer Impact (critical, urgent, important, or normal) Financial Impact (critical, urgent, important, or normal) Important (explain your reason) Financial Impact (critical, urgent, important, or normal)