Description: The Emirates started in 1985, and today it has become the largest airline in the Middle East. It's Dubai based head office manages approximately 50,000 employees and has a turnover of US$ 18.4 billion turnover per year. The IT Security & Information Assurance department (ISIA) of this large organisation has several key responsibilities, including designing, planning and creating of secured infrastructure. The ISIA is led by a Chief Information Security Officer (CISO) and eight security managers responsible for the key areas, such as Information & Physical security, Privacy, Business continuity, Managing Malware and Botnets, Identifying security holes and Applying appropriate remediation measures. With growing technological advances and recent threats to Information Security, senior management is concerned about organisational preparedness to handle the threat. The CISO strongly believes that the assessment of security risks and proactive steps to manage these risks are the key steps for both hardware and software security. The CISO often thinks that The Open Web Application Security Project (OWASP) is a good source to identify the current software security threats.
Task: As a first step, CISO asks you, one of the Security Managers, to review the top ten risks listed under OWASP so that Emirates is informed about the current software risks and the steps they need to take to handle them. Your responsibility is to identify and analyse at least FIVE major risks listed under the OWSAP and propose ways to overcome those threats. Your evaluation of risks and suggestions must be presented in a report format to CISO.