User Account

All Pages

Develop a risk assessment report for a company

Assignment Help Management Information Sys
Reference no: EM131455457 , Length: 12

Risk assessment Report- based on NIST 800-30 R2

Your report should be 12 pages, double-spaced, exclusive of cover, title page, table of contents, endnotes and bibliography. Your paper must use APA formatting with the exception that tables and figures can be inserted at the appropriate location rather than added at the end. Submit the report in your Assignment Folder prior to the submission deadline.

The Risk Assessment Report should be a polished, graduate-level paper. Be sure to carefully cite (using correct APA-Style in-line citations) all sources of information in the report.

The objective of this assignment is to develop a Risk Assessment Report for a company, government agency, or other organization (the "subject organization"). The analysis will be conducted using only publicly available information (e.g., information obtainable on the Internet, company reports, news reports, journal articles, etc.) and based on judicious, believable extrapolation of that information.

Your risk analysis should consider subject organization information assets (computing and networking infrastructure), their vulnerabilities and legitimate, known threats that can exploit those vulnerabilities. Your assignment is then to derive the risk profile for the subject organization. Your report should also contain recommendations to mitigate the risks.

There is a wealth of business-oriented and technical information that can be used to infer likely vulnerabilities and assets for an organization. It is recommended that students select their organizations based at least in part on ease of information gathering, from a public record perspective.

Steps to be followed:

1. Pick a Subject Organization: Follow these guidelines:

a. No insider or proprietary information. All the information you collect must be readily available for anyone to access. You will describe in your proposal how you intend to collect your information.

b. You should pick a company or organization that has sufficient publicly available information to support a reasonable risk analysis, particularly including threat and vulnerability identification.

2. Develop Subject Organization Information: Examples of relevant information includes:

a. Company/Organization name and location

b. Company/Organization management or basic organization structure

c. Company/Organization industry and purpose (i.e., the nature of its business)

d. Company/Organization profile (financial information, standing in its industry, reputation)

e. Identification of relevant aspects of the company/organization's computing and network infrastructure, Note: Do not try to access more information through Social Engineering, or through attempted cyber attacks or intrusion attempts.

3. Analyze Risks

a. For the purposes of this assignment, you will follow the standard risk assessment methodology used within the U.S. federal government, as described in NIST Special Publication 800-30 (United States. National Institute of Standards and Technology (2002).

Risk Management Guide for Information Technology Systems (Special Publication 800-30).

Retrieved from: https://csrc.nist.gov/publications/nistpubs/800-30/sp800-30.pdf)

b. In conducting your analysis, focus on identifying threats and vulnerabilities faced by your subject organization.

c. Based on the threats and vulnerabilities you identify, next determine both the relative likelihood and severity of impact that would occur should each of the threats materialize. This should produce a listing of risks, at least roughly ordered by their significance to the organization.

d. For the risks you have identified, suggest ways that the subject organization might respond to mitigate the risk.

4. Prepare Risk Assessment Report

a. Reports should be 12 pages (exclusive of cover, title page, table of contents, endnotes and bibliography), double-spaced, and should follow a structure generally corresponding to the risk assessment process described in NIST Special Publication 800-30.

b. The report should be prepared using the APA Style. All sources of information should be indicated via in-line citations and a list of references.

c. Reports should be submitted via the Assignment Folder.

Reference no: EM131455457

Questions Cloud

Summarize a case decision where an employer : Locate and briefly summarize a case decision where an employer or union was found guilty of bad faith bargaining (or not!).
Can a company explain its corporate citizenship activities : Can a company explain its corporate citizenship activities as investments in future? Is Microsoft creating right partnerships to complement its market opening
Identify the values that the random variable can assume : isted is a series of experiments and associated random variables. In each case, identify the values that the random variable can assume and state.
How might an organization craft compensation : How might an organization craft compensation and other rewards if employees meet or exceed performance expectations, but discourage budgetary slack?
Develop a risk assessment report for a company : develop a Risk Assessment Report for a company, government agency, or other organization (the "subject organization").
Our oceans are turning into plastic : analyze either Jon Lovett's "The Culture of Shut Up" or Susan Casey's "Our Oceans Are Turning into Plastic...Are You?"
Best practices in strategic compensation : Describe three to four key best practices in strategic compensation. Focus on theories or concepts for approaching a total rewards strategy.
What is the issue that is required to be discussed : The scenario is similar to the Class Discussion. The object is to read the scenario and determine what is the issue that is required to be discussed.
What led to the downfall of argentinas currency board : 1. What was the impetus for Argentina's currency board system? 2. How successful was Argentina's currency board?

Reviews

Write a Review

Management Information Sys Questions & Answers

  Prepare a business report for the client

HI5019 STRATEGIC INFORMATION SYSTEMS BUSINESS REPORT ASSIGNMENT. Prepare a Business Report for the client detailing the processes of selecting an AIS/ERP to help them to make informed decision for investment in an accounting software to take their ..

  What are the roles of an alternatives analysis

How can the capital planning process help support decisions on investing in future EA component upgrades or new capabilities?What is a business case for investment in EA components? What are the roles of an Alternatives Analysis, Cost Benefit Analy..

  What are the different types of media

What are the different types of media that can be used to connect different computers together into a computer network? Twisted pair cables are used for connecting computers to a network. Distinguish between straight-through and crossover cable con..

  Description of aggregate supply curve

Description of aggregate supply curve - In a command system, economic decision making is carried out by which group?

  Description of computer crimeswrite an executive summary to

description of computer crimeswrite an executive summary to the board of directors that summarizes the following issues

  Impact of gps technology on the consumer market

Information Technology Managment - It reviews the impact of GPS technology on the consumer market.

  What are the potential risks in using erp implementations

What are the potential risks in using ERP implementations and implications for security, audit and control? How these risks can be prevented and corrected?

  Warehouse management

Warehouse Management -Warehousing has a critical part to play in the supply chain and equal attention must be given to the security of its goods.

  Show the role of information systems

Information Systems Role - Show the role of information systems in achieving excellence in healthcare service.

  What types of risks or vulnerabilities could be transferred

CSIA 350- What types of risks or vulnerabilities could be transferred from a supplier and/or imposed upon a purchaserofcybersecurity related products and/or services?

  What are the disadvantages of cloud computing

Explain what are the "take-home messages" in the paper, and do you agree with them. What are the advantages and disadvantages of cloud computing. What are the challenges for the adoption of cloud computing in general.

  Which say would be most effective in training adaptable team

To test adaptability, the Gorman, Cooke, and Amazeen (2010) study utilized three training techniques with teams: the perturbation approach, the cross-training approach, and the procedural approach. After reviewing the article and the textbook, ha..

Free Assignment Quote

Assured A++ Grade

Get guaranteed satisfaction & time on delivery in every assignment order you paid with us! We ensure premium quality solution document along with free turntin report!

Submit Assignment

Academics

Major Subjects

Majors

Get In Touch

whatsapp: +1-415-670-9521

Phone: +1-415-670-9521

Email: [email protected]

TERMS & POLICIES

HELP & SUPPORT

All rights reserved! Copyrights ©2019-2020 ExpertsMind IT Educational Pvt Ltd