Cybersecurity Management – Essay Furious

School of Business and Tourism


Unit Cybersecurity Management

Unit code CMP73001

Assignment 4: Reflective writing

Due Date: Week 13

Learning outcomes: LO2



Weight 10% of overall unit assessment


Task Description

You are hired by MyHealth Company as a cybersecurity consultant to help in security management and to address the contemporary and emerging risks from the cyber threats the company is facing. The mission of MyHealth Company is providing quality health care services to its patients.

In addition, MyHealth Company is involved in clinical practice, education, and cancer-related research. The company is a new company which is growing quickly. While the company uses its database server to store the information of its patients’ medical history and the data collected from the research team, it has a poor-designed network with a low level of security. As the company is responsible for the privacy and the security of clinical information and payment transactions, they have decided to improve their information security. Therefore, they have hired you to do the following task:

You need to write a reflective report to the CEO of the company, and explain the outcome of your Business Impact Analysis (BIA). In addition, you should develop a policy for BIA. Your report should be submitted in a PDF/DOC file, and it should be between 300 to 600 words.


Assignment-4 guideline

In this assignment, you should review the vulnerability assessment and the proposed controls in previous assignments, and write a reflective report about BIA. You should analyse three business processes in MyHealth Company: Credit Card Processing, Online booking, and patients’ record maintenance. You are responsible to decide about RTO, RPO and MTD values for these processes. Then, you should discuss the impact on the business if these processes were unavailable. The impact can be critical, urgent, important or normal. You should explain both customer and financial impact.

For this question, you should initially perform BIA for MyHealth Company before implementing the controls. Then, in the second step, perform BIA analysis after implementing the controls and explain whether the controls are enough and effective. In your analysis, you should analyse how the controls that you implemented in Assignment 1 to 3 could affect these business processes. Table 1 provides an example of BIA for an example process.

Table 1. BIA information

Mission/Business Process (Department)




Consequence of disruption

Customer Impact

(critical, urgent, important or normal)

Financial Impact

(critical, urgent, important or normal)

Example1: Student record maintenance

72 hours

48 hours

12 hours

Unable to provide student data to other faculties when requested


(explain your reason)


(explain your reason)

Credit Card Processing
Online booking
Patients’ record maintenance

You should develop a BIA policy for MyHealth Company. Three policy requirements should be provided.



Task 2: Report template

The report created from assignment 4 should have a brief introduction section which briefly explains the work done in the assignment. You also should add your references in the last section of your report. The answers to question 1 and 2 should be included in the submitted report.

Assignment-4 Marking Rubric

A spreadsheet that will be used for the marking of your site is provided (co-located with this assignment specification) on MySCU to itemize exactly what tutors will be looking at in relation to marking your assignment. It contains a detailed breakdown of the marking criteria for this assignment. I strongly suggest you peruse this spreadsheet.

Submission Format

When you have completed the assignment, you are required to submit your assignment in the PDF/DOC format. The file will be named using the following convention:

filename = FirstInitialYourLastName_CMP73001_A4.pdf (i.e. FJones_CMP73001_A3.pdf)

The questions that should be answered in your report are listed in questions 1 and 2. Your answers should be added to your report. The first page of the report should have the company’s logo, your name, and student ID, CMP73001 Assignment 4, and the date you submit your assignment.

Note that you are not allowed to cut and paste from online resources. Use your own words and figures. Acknowledge all reference sources.