Reference no: EM133042628
Assessment item - Risk Assessment
Learning outcome 1: be able to justify the goals and various key terms used in risk management and assess IT risk in business terms.
Learning outcome 2: be able to apply both quantitative and qualitative risk management approaches and to compare and contrast the advantages of each approach.
Learning outcome 3: be able to critically analyse the various approaches for mitigating security risk, including when to use insurance to transfer IT risk.
TASK
Read the Challenger Constructions case study document before attempting this assignment.
Tasks:
You have been employed by Challenger Constructions as their first ever Chief Information Security Officer (CISO). You have been tasked by the Board to conduct a review of the company's risks.
1. As the first step, you are to provide a Risk Register for Challenger Constructions. This risk register must contain, as a minimum:
a. A description of each risk identified for each IT asset, data set or process.
b. A summary of the impact or consequence to each IT asset, data set or process, if the identified risk was to arise.
c. The likelihood of this risk occurring.
d. The inherent risk assessment (this is the assessed, raw/untreated risk inherent in a process or activity without doing anything to reduce the likelihood or consequence).
e. The key controls to mitigate the risk (NOTE: it is possible that there may bemore than one (1) control needed. Each control should be listed on a separate line)
f. The residual risk assessment (this is the assessed risk in a process or activity, in terms of likelihood and consequence, after controls are applied to mitigate the risk)
g. Prioritisation of the risk (what is the priority order for the risks to be addressed).
Your Risk Register should be in table format using the following column headings:
• Risk
• Impact
• Likelihood
• Assessment
• Controls
• Residual Risk
• Priority
You should provide references in IEEE format, particularly for controls to be employed.
Attachment:- IT Risk Management.rar
|
What is the partnership gain or loss on the sale
: Suppose that Y is X's father, and the partnership later sells the land for $180,000. What is the partnership's gain or loss on the sale
|
|
What will the effect be of each of these alternative
: Suppose the firm issues 30,000 new shares at the following prices: $73, $69, and $60. What will the effect be of each of these alternative
|
|
Compute Zola gross income under two assumptions
: Simba received $73,600 of salary and $26,700 of taxable dividends on stock he purchased in his name. Compute Zola gross income under two assumptions
|
|
Determine any gain or loss
: Annual revenues are $200,000, and selling and administrative expenses are $24,000, regardless of which pressing machine is used. Determine any gain or loss
|
|
Risk management and assess IT risk in business terms
: Justify the goals and various key terms used in risk management and assess IT risk in business terms - summary of the impact or consequence
|
|
What amount would you use for the cost of switching
: If you were using NPV analysis to decide whether the company should switch to the net 30 credit policy, what amount would you use for the cost of switching
|
|
How much can be accumulated for retirement
: How much can be accumulated for retirement if $2,000 is deposited annually, beginning one year from today, and the account earns 9 percent interest
|
|
What amount of dividend will a shareholder who owns
: If the preference shares are cumulative and fully participating, what amount of dividend will a shareholder who owns 2,500 ordinary shares receive
|
|
Examine malicious activities that may affect the security
: Examine malicious activities that may affect the security of a computer program and justify the choice of various controls to mitigate threats
|