Professional Documents
Culture Documents
LabManual - RAA (Repaired)
LabManual - RAA (Repaired)
Assessment
Lab Manual
Department of Computer Science and Engineering
The NorthCap University, Gurugram
Risk Analysis and Assessment | i
2019-20
Session 2019-20
Published by:
© Copyright Reserved
Copying or facilitating copying of lab work comes under cheating and is considered as use of
unfair means. Students indulging in copying or facilitating copying shall be awarded zero marks
for that particular experiment. Frequent cases of copying may lead to disciplinary action.
Attendance in lab classes is mandatory.
Labs are open up to 7 PM upon request. Students are encouraged to make full use of labs beyond
normal lab hours.
Risk Analysis and Assessment| iii
2019-20
PREFACE
Risk Analysis and Assessment Lab Manual is designed to meet the course and program
requirements of NCU curriculum for B.Tech III year Cyber Security students of CSE branch.
The concept of the lab work is to give brief practical experience for basic lab skills to students. It
provides the space and scope for self-study so that students can come up with new and creative
ideas.
The Lab manual is written on the basis of “teach yourself pattern” and expected that students
who come with proper preparation should be able to perform the experiments without any
difficulty. Brief introduction to each experiment with information about self-study material is
provided. The laboratory case study will assist students to develop an understanding of the
fundamentals of risk management and to introduce classical as well as state-of-the-art risk
analysis techniques. Students will be able to perform risk assessment and determine mitigation
step for the same. Students are expected to come thoroughly prepared for the lab. General
disciplines, safety guidelines and report writing are also discussed.
The lab manual is a part of curriculum for the TheNorthCap University, Gurugram. Teacher’s
copy of the experimental results and answer for the questions are available as sample guidelines.
We hope that lab manual would be useful to students of CSE and IT branches and author
requests the readers to kindly forward their suggestions / constructive criticism for further
improvement of the work book.
Author expresses deep gratitude to Members, Governing Body-NCU for encouragement and
motivation.
Authors
The NorthCap University
Gurugram, India
Authors
Risk Analysis and Assessment| iv
2019-20
CONTENTS
S.N. Details Page No.
Syllabus
1 Introduction
2 Lab Requirement
3 General Instructions
4 List of Experiments
5 Rubrics
Risk Analysis and Assessment| v
2019-20
1. INTRODUCTION
2. LAB REQUIREMENTS
Requirements Details
8 GB RAM (Recommended)
Required Bandwidth NA
Risk Analysis and Assessment| vii
2019-20
3. GENERAL INSTRUCTIONS
● Students must turn up in time and contact concerned faculty for the experiment they
● Students will not leave the class till the period is over.
● Experimental results should be entered in the lab report format and certified/signed
● Students must get the connection of the hardware setup verified before switching on
● Students should maintain silence while performing the experiments. If any necessity
arises for discussion amongst them, they should discuss with a very low pitch
without disturbing the adjacent groups.
● Damaging lab equipment or removing any component from the lab may invite
3.2 Attendance
● Students should not attend a different lab group/section other than the one assigned
Risk Analysis and Assessment| viii
2019-20
● Students should come to the lab thoroughly prepared on the experiments they are
● Students must bring the lab report during each practical class with written records
performed and bring to lab class for evaluation in the next working lab. Sufficient
space in work book is provided for independent writing of theory, observation,
calculation and conclusion.
● Students should follow the Zero tolerance policy for copying / plagiarism. Zero
marks will be awarded if found copied. If caught further, it will lead to disciplinary
action.
4. LIST OF EXPERIMENTS
5. RUBRICS
Marks Distribution
Each experiment shall be evaluated for 10 At the end of the semester viva will be
marks and viva at the end of the semester conducted related to the subject
proportional marks shall be awarded out of knowledge and this component carries 20
total 50. marks.
Semester:6th
Group:cs2
EXPERIMENT NO. 1
Link to Code:
Date:
Faculty Signature:
Marks:
Objective(s):
Student will be familiarize with concepts of assets, threat and vulnerability and prepare report on it
Problem Statement:
Background Study:
Vulnerability assessment report contains three columns in excel file :- assets, vulnerability and threat.
Asset: anything that has value to the organization.
Vulnerability:- A weakness of an asset that can be exploited by one or more threats.
Threat: any action or event with the potential to cause harm.
Question Bank:
EXPERIMENT NO. 2
Link to Code:
Date:
Faculty Signature:
Marks:
Objective:
Student will be familiarizing with concepts of assets, threat and vulnerability and prepare report on it
Problem Statement:
Design Vulnerability Report on E-Commerce site
Background Study:
Vulnerability assessment report contains three columns in excel file :- assets, vulnerability and threat.
Asset: anything that has value to the organization.
Vulnerability: - A weakness of an asset that can be exploited by one or more threats.
Threat: any action or event with the potential to cause harm.
Question Bank:
EXPERIMENT NO. 3
Link to Code:
Date:
Faculty Signature:
Marks:
Objective:
Student will be familiarize with concepts of assets, threat and vulnerability and prepare report on it
Problem Statement:
Design Risk Assessment Report on NCU
Background Study:
Risk assessment report contains columns in excel file :- assets, vulnerability, threat, threat severity and
threat likelihood, Risk, type of Risk and Risk severity .
Asset: anything that has value to the organization.
Vulnerability:- A weakness of an asset that can be exploited by one or more threats.
Threat: any action or event with the potential to cause harm.
Risk=threat× Vulnerability on particular assets
Question Bank:
1.Mention two characteristics of Software risk ?
3. To estimate the level of risk from a particular type of security breach, three factors are considered:
threats, vulnerabilities, and impact. An agent with the potential to CAUSE a security breach. This could be
Risk Analysis and Assessment | 6
2019-20
4.What are the difference between quantitative risk assessment and qualitative risk assessment?
EXPERIMENT NO. 4
Link to Code:
Date:
Faculty Signature:
Marks:
Objective:
● Understands the management requirement and formulate the requirement into high-level
statement.
● Formulate statement that are concise, brief , unambiguous and easy to understand
Outcome:
Student will be able to frame security policies.
Problem Statement:
Policy on online teaching and exam conduction.
Background Study:
Policy is a high-level statement of requirements. A security policy is the primary way in which
management’s expectations for security are provided to the builders, installers, maintainers, and
users of an organization’s information systems.
A good security policy should be a high-level, brief, formalized statement of the security practices
that management expects employees and other stakeholders to follow.
Policy should contain:-purpose, scope, responsibility and content
Question Bank:
1.What are the security documents?
Purpose:
This policy outlines the framework for effective and secure delivery of online teaching
and exam conduction within the NorthCap University. It seeks to ensure that students
receive quality education and are assessed fairly while maintaining academic integrity.
Scope:
Students
Teachers
Service Staffs
It also applies to:
Online courses
Online proctoring
Exam administration
Use of online learning platforms and technologies
Responsibility:
Students:
Teachers:
Content:
Online Teaching:
EXPERIMENT NO. 5
Link to Code:
Date:
Faculty Signature:
Marks:
Objective:
2. Which type of control protects transmitted data and information as well as stored data against
unauthorized disclosure?
3. How Least cost approach impacts the risk mitigation strategy decisions?
EXPERIMENT NO. 6
Link to Code:
Date:
Faculty Signature:
Marks:
Objective:
Student will be able to find out residual risk and prepare overall summary of risk management.
Problem Statement:
Risk treatment and risk communication on risk assessment report of NCU.
Background Study:
Report contains columns in excel file :- assets, vulnerability, threat, threat severity and threat likelihood,
Risk, type of Risk , Risk severity, Control , Recommended Control and Residual Risk.
Asset: anything that has value to the organization.
Vulnerability:- A weakness of an asset that can be exploited by one or more threats.
Threat: any action or event with the potential to cause harm.
Risk=threat× Vulnerability on particular assets.
Options of risk treatment:- mitigation ,transfer ,avoidance and retention of risks
Question Bank:
EXPERIMENT NO. 7
Link to Code:
Date:
Faculty Signature:
Marks:
Objective:
Student will be able to find out residual risk and prepare overall summary of risk management.
Problem Statement:
Discuss risk management scenario on given case study:-
The Challenge When you’re a global manufacturing company, litigation comes with the territory.
And the way you manage and produce all of the documentation required for legal matters has a
major impact on the bottom line. The steps involved in eDiscovery, legal review, information
production and distribution are challenging in themselves. They are complicated by demanding
discovery timelines... the threat of penalties for non-compliance... the increasing cost of outside
counsel... and inconsistent processes used by suppliers. All of these factors contribute to the
skyrocketing costs of litigation and make it difficult for companies to manage risk across the
enterprise in the most efficient way. A few years ago, a leading manufacturer decided to tackle
these problems head-on in a bold and innovative way. At the time, the company relied on a variety
of outside suppliers for everything from database search and retrieval, eDiscovery processing,
document coding, legal review, information production, warehousing and distribution. In addition,
the company did not have direct control over these suppliers, since they were typically hired by
outside counsel for assistance on a particular matter. As a result, there was no consistent,
enterprise-wide discovery process or document management solution. And that made it difficult for
the company’s legal staff to maximize efficiency and maintain consistency in case/matter
Risk Analysis and Assessment | 16
2019-20
productions. The company also realized that their case-by case approach to discovery and their
reliance on outside counsel were driving up costs. From their perspective, there was only one real
solution. They had to completely transform their approach to litigation support. So they began to
look for a strategic partner with the experience, expertise and wide-ranging resources necessary to
turn an inefficient business process into a benchmark operation. After a careful review of proposals
from 10 leading sources, the company decided to manage its litigation support with the business
process outsourcing experts from XYZ Services Pvt Ltd.
Background Study:
Report contains columns in excel file :- assets, vulnerability, threat, threat severity and threat likelihood,
Risk, type of Risk and Risk severity.
Asset: anything that has value to the organization.
Vulnerability:- A weakness of an asset that can be exploited by one or more threats.
Threat: any action or event with the potential to cause harm.
Risk=threat× Vulnerability on particular assets.
Options of risk treatment:- mitigation ,transfer ,avoidance and retention of risks
Question Bank:
EXPERIMENT NO. 8
Semester /Section:
Link to Code:
Date:
Faculty Signature:
Marks:
Objective:
Student will be able to find out residual risk and prepare overall summary of risk management.
Problem Statement:
Design ISO audit report on NCU.
Background Study:
Report contains columns in excel file:- assets, vulnerability, threat, threat severity and threat likelihood,
Risk, type of Risk , Risk severity, Control , Recommended Control and Residual Risk.
Asset: anything that has value to the organization.
Vulnerability: - A weakness of an asset that can be exploited by one or more threats.
Threat: any action or event with the potential to cause harm.
Risk=threat× Vulnerability on particular assets.
Options of risk treatment: - mitigation, transfer ,avoidance and retention of risks
Question Bank:
1.What is ISMS?
2. What are the difference between security and privacy?
Risk Analysis and Assessment | 19
2019-20