IT Security and Risk Management April 2026

Description

IT Security and Risk Management

Apr 2026 Examination

 

 

Q1. A mid-sized financial services company, FinSecure Ltd., recently discovered unusual login attempts on its customer data portal. Further investigation revealed that several employee accounts had weak or reused passwords, and multi-factor authentication (MFA) was not enforced across all systems. The company also lacked a formal incident response plan, and many critical security patches were overdue. Senior management is concerned about the rising cyber risks and the potential exposure of sensitive customer information. As the IT Security Manager, what actions should you take to assess the risks, strengthen the organization’s security posture, and prevent future incidents? (10 Marks)

Ans 1.

Introduction

FinSecure Ltd.’s discovery of unusual login attempts highlights a common yet dangerous pattern seen in growing financial organizations: security controls fail to evolve at the same pace as digital expansion. Weak passwords, incomplete multi-factor authentication coverage, outdated security patches, and the absence of a formal incident response plan together create a high-risk environment for customer data exposure. In the financial services sector, even a minor breach can result in reputational damage, regulatory penalties, and long-term loss of customer trust. As the IT Security Manager, the priority is not only to stop immediate threats but also to build a resilient

Fully solved you can download

ASSIGNMENTS April 2026

• Fully Solved, High Quality
• Lowest Price Guarantee: Just ₹299 per Assignment!
• 100% Original & Manually Solved (No AI/ChatGPT!)

Hurry! Last Date: 26 March 2026

• Order Now: com/online-buy-2/

Quick Response Guaranteed!

For Unique Assignment please contact on

• WhatsApp: 8791490301
• [email protected]
• aapkieducation.com

 

 

 

Q2. A mid-sized e-commerce company uses agile frameworks to deliver frequent product updates. Security frameworks have been added ad hoc and break rapidly when product requirements change. Developers resist heavy security gates, causing delays and shadow workarounds. Automated CI/CD checks exist but produce noise and false positives, so fixes are deferred. Customer data incidents and PCI audit warnings have created business pressure to reconcile agility with robust security controls while preserving time-to-market. Evaluate the trade-offs inherent in the firm’s current agile development and security posture. Critique the existing balance between speed and secure design, justify a revised governance and tooling approach, and recommend a sequenced roadmap (people, process, technology) with KPIs to reduce vulnerabilities without unduly slowing delivery. (10 Marks)

Ans 2.

Introduction

The e-commerce company’s situation reflects a common tension in modern digital businesses: the need to release features quickly while maintaining strong security controls. Agile development practices have enabled rapid innovation and faster time-to-market, but the ad hoc addition of security frameworks has created instability and friction within development teams. Automated security checks that generate excessive false positives further weaken confidence in existing controls, leading to delayed remediation and risky workarounds. Recent customer data incidents and PCI audit

 

 

Q3(A). A multinational manufacturing company with 25,000 employees is consolidating five regional security programs into a single global infosec capability. Past investments emphasized tooling with limited staff training and inconsistent procedures; security metrics are fragmented and non-comparable across regions. Leadership demands a single, auditable security posture that integrates human behaviour, standardized processes and harmonized technologies while remaining measurable and defensible to regulators and auditors. Given the scenario, create a comprehensive three-dimensional information security governance framework (people, processes, technology) that produces measurable security outcomes. Your framework should include roles, KPIs, escalation and reporting mechanisms, and a 12-month implementation roadmap with milestones and resource estimates. How would you structure and justify this framework to the board to ensure buy-in and measurable improvement? (5 Marks)

Ans 3a.

Introduction

As multinational organizations expand, fragmented regional security practices often create blind spots, duplicated costs, and uneven risk exposure. For a manufacturing company with 25,000 employees, consolidating five separate security programs into a unified global framework is both a strategic necessity and a governance challenge. Leadership requires a standardized, auditable, and measurable security posture that aligns people, processes, and technology. A three-dimensional governance framework offers a structured way to integrate behavioral change,

 

Q3(B). A mid-sized healthcare organization has implemented a cloud-based patient record system to streamline operations and enable remote access for doctors and staff. While the system improves efficiency, the organization has experienced phishing attempts, unauthorized access attempts, and inconsistent data backup practices. Additionally, some departments use personal devices to access sensitive records, increasing the risk of data breaches and regulatory non-compliance. Evaluate the potential impact of these risks on patient data integrity, operational efficiency, and regulatory compliance. (5 Marks)

Ans 3b.

Introduction

The adoption of cloud-based patient record systems has transformed healthcare operations by enabling faster access and improved collaboration. However, increased connectivity also introduces new cybersecurity and compliance risks. Phishing attacks, unauthorized access attempts, weak backup practices, and the use of personal devices expose sensitive patient data to potential breaches. For healthcare organizations, these risks extend beyond financial losses and directly affect patient safety, service continuity, and regulatory standing. Evaluating these impacts helps management