I just placed an Order #LW92140 Therefore, I need a totally different writer for

ORDER YOUR PAPER AND GET QUALITY FOR YOUR MONEY

I just placed an Order #LW92140Therefore, I need a totally different writer for this order.If the wording and sources are exactly the same, I will submit a Revision RequestIn addition, For this Assignment, I kindly ask not to have the Writers from previous order of :• #LW92139• #LW92137ASSIGNMENT – CASE STUDY ON IT CYBER RISKS FROM A DATA BREACH****PLEASE USE 4 PAGES TO COMPLETE THIS ORDER****For this case study, you will research the Data breach that Involved Marriott HotelsThis assignment will be broken down into several parts to maximize learning. The first part is to understand the Enterprise Risk Management (ERM) program of the organization that was impacted by the data breach. The second part is to identify the applicable federal regulations, policies, and laws that regulate the organization. These regulations include HIPAA or the Health Insurance Portability and Accountability Act, The Sarbanes Oxley Act, Federal Information Security Management Act of 2002 (FISMA), Family Educational Rights and Privacy Act (FERPA), Payment Card Industry Data Security Standard (PCI-DSS), and the Gramm Leach Bliley Act (GLBA) among other acts and regulations.ASSIGNMENT INSTRUCTIONSPART 1PLEASE INCLUDE a well-detailed INTRODUCTION and CONCLUSION paragraph.******Each of the bullets listed below SHOULD BE A PARAGRAPH… with subsections if needed************EACH PARAGRAPH SHOULD BE TITLED******Therefore, there should be at least 5 TITLED PARAGRAPHS ….***Please use 3 of the 4 pages to write a case study report addressing the bullets LIST BELOW:***•Describe the background, history, organizational and leadership culture, and risk appetite of the organization. Did the Organizational Leadership communicate and demonstrate their cyber risk tolerance, appetite, and influence the culture of the organization?• Identify the Organization’s security policies, procedures, technical security measures that were in place to prevent a data breach from occurring. Cite any applicable regulations, policies, and laws.• Identify the motivations of the Threat Actor. Were there “indications” or “signs” of compromise of the IT systems, networks, security controls that should have tipped off the management, information security/risk staff of the Organization to this threat?• Using the publicly known cyber vulnerability reporting systems and the MITRE ATT&CK framework, map out the attack Tactics, Techniques, and Procedures (TTPs) used by the Trusted Actor. Reflect on why and how the Threat Actor was effective in attacking the IT systems, networks, gaining access to the “crown jewels” and successfully gaining access to protected data.• Describe the Organizational response to the data breach – what was done to identify, respond, and mitigate the attack? What were the lessons learned by the Organization to include additional security controls, policy changes, and consequences to the Threat Agent?PART 2Please use 1 of the 4 pages to Create TWO (2)Case Study Annexes*** The annexes come after the conclusion***FOR THE FIRST ANNEX, USE 137 WORDS TO build a Cyber Risk Register for a Data Breach scenario. Include five different possible scenarios/events that could occurUse the ATTACHED EXAMPLE to create a risk register table. It can use some of the following elements:•Risk factors•Threat agents, threats, and vulnerabilities•Risk scenarios•Criticality, severity, or priority of risk•Asset information•Impact of the risk on an asset•Likelihood of the threat exploiting the vulnerability•Current status of risk response actions•Resources that may be committed to respond to risk•Risk ownership information•Planned milestones toward risk responseAfter you create the risk register table using the elements listed on the attachment, Please fill in the table with different possible scenarios/events that could occurFOR THE SECOND ANNEX, USE 137 WORDS TO Create a Data Breach Cyber Threat Incident Response Plan Annex. (This will be a list of bullet point tasks). Identify specific “Data Breach” policies, procedures, technical security controls, executive management roles, and responsibilities, checklists, communications plans (internal, external), legal considerations, external support, engagement requirements, business continuity, and disaster response considerations. Cite specific regulatory requirements.***Please make sure to only use website sources******DO NOT USE BOOKS as sources for this assignment*******This assignment should be writing from Scratch********Please do not use examples found on different websites such as Coursehero or any other websites****