module 8 portfolio project 5

The objective of this assignment is to develop a Risk Assessment Report for an organization including companies and government agencies.

You will conduct the analysis using only public information from the internet, organizational and news reports, journal articles, etc., and information based on judicious, believable extrapolation of that information. Consider the organization’s information assets (computing and networking infrastructure), vulnerabilities, and legitimate threats that can exploit those vulnerabilities.

There is a wealth of business-oriented and technical information that can be used to infer likely vulnerabilities and assets for an organization. It is recommended that students select their organizations based at least in part on ease of information gathering, from a public record perspective.

Instructions

(NOTE: You will complete steps 1 and 2 by the end of Week 4 to submit as the Portfolio Project Milestone.)

  1. Select an organization that has sufficient publicly available information to support a reasonable risk analysis, particularly including threat and vulnerability identification.
  2. Create an organization profile that includes:
  • Name and location
  • Management or basic organization structure
  • Industry and purpose (i.e., the nature of its business)
  • Financial information, standing in its industry, reputation
  • Relevant aspects of the company/organization’s computing and network infrastructure

Note: Do not try to access more information through Social Engineering or through attempted cyber-attacks or intrusion attempts. This is a look at how readily available information might be used from a risk management perspective.

  1. Conduct the analysis using the National Institute of Standards and Technology (NIST) Risk Management Guide for Information Technology Systems (Links to an external site.).
    1. Focus on identifying threats and vulnerabilities faced by the organization.
    2. Based on the threats and vulnerabilities, determine the likelihood and severity of impact that would occur should each of the threats materialize. This should produce a listing of risks, at least roughly ordered by their significance to the organization.
    3. For the risks you have identified, suggest ways that the subject organization might respond to mitigate the risk.

Your well-developed report must meet the following requirements.

Refer to the Rubric in Module 8 for assignment expectations.

"Order a similar paper and get 100% plagiarism free, professional written paper now!"

Order Now