As a security consultant, you have been employed by WarwickshireRail, a rail operator, to assess their online
booking system. Your role is to perform a risk assessment and outline a mitigation strategy. You are also
expected to identify the issues that should be included in the security policies and summarise the relevant legal
aspects.
Rationale: This assessment will allow you to demonstrate your knowledge and understanding of cyber security
operations, as well as your ability to perform risk assessment, suggest mitigation strategies, outline issues that
need to be covered in security policies, taking into consideration relevant legislation.
Description: Please See CASE Study below for details
Additional information:
Detailed Description
Case Study
A new rail operator (WarwickshireRail) will operate 8 trains which will join towns across Warwickshire using the
existing rail infrastructure owned by Network Rail. WarwickshireRail will have 125 employees and the centre of
its operations will be in Nuneton. A new online booking system will be implemented by WarwickshireRail
allowing users to search for routes, ticket prices and times, passes, as well as to book their tickets online.
You have been appointed by WarwickshireRail as an external security consultant to ensure that the new online
booking system meets all the regulations in place and to assess the risks associated with customer information
and the use of the system.
The submission should be a report covering the following:

1. Risk Assessment
   Once WarwickshireRail starts operating, the online booking system will become key to its successful
   operations. You are tasked with conducting a risk assessment for the booking ?