The objective of this assignment is to develop a Risk Assessment Report for an organization including companies and government agencies.
You will conduct the analysis using only public information from the internet, organizational and news reports, journal articles, etc., and information based on judicious, believable extrapolation of that information. Consider the organizationâ€™s information assets (computing and networking infrastructure), vulnerabilities, and legitimate threats that can exploit those vulnerabilities.
There is a wealth of business-oriented and technical information that can be used to infer likely vulnerabilities and assets for an organization. It is recommended that students select their organizations based at least in part on ease of information gathering, from a public record perspective.
(NOTE: You will complete steps 1 and 2 by the end of Week 4 to submit as the Portfolio Project Milestone.)
- Select an organization that has sufficient publicly available information to support a reasonable risk analysis, particularly including threat and vulnerability identification.
- Create an organization profile that includes:
- Name and location
- Management or basic organization structure
- Industry and purpose (i.e., the nature of its business)
- Financial information, standing in its industry, reputation
- Relevant aspects of the company/organizationâ€™s computing and network infrastructure
Note: Do not try to access more information through Social Engineering or through attempted cyber-attacks or intrusion attempts. This is a look at how readily available information might be used from a risk management perspective.
- Conduct the analysis using the National Institute of Standards and Technology (NIST) Risk Management Guide for Information Technology Systems (Links to an external site.).
- Focus on identifying threats and vulnerabilities faced by the organization.
- Based on the threats and vulnerabilities, determine the likelihood and severity of impact that would occur should each of the threats materialize. This should produce a listing of risks, at least roughly ordered by their significance to the organization.
- For the risks you have identified, suggest ways that the subject organization might respond to mitigate the risk.
Your well-developed report must meet the following requirements.
- Include 15 to 20 pages, not including the cover page and reference page.
- Follow the CSU-Global Guide to Writing & APA Requirements (Links to an external site.). Include an introduction, a body, and a conclusion.
- Be clear and employ excellent grammar and style techniques. Be concise. Be logical. A percentage of your grade depends on the quality of your writing. If you need assistance with your writing style, start with the Writing Center in the Library (Links to an external site.).
- Support your paper with at least four peer-reviewed, scholarly references. The CSU-Global Library (Links to an external site.) is a great place to find these resources.
Refer to the Rubric in Module 8 for assignment expectations.