Organizational Risk Appetite and Risk Assessment
Imagine you have just been hired as an Information Assurance
Officer and the leader of business impact analysis (BIA) and risk assessment
team for a video game development company. The organization network structure
is identified in the network diagram below and specifically contains:
2 firewalls
3 file servers
1 Web / FTP server
1 wireless access point (WAP)
1 exchange email server
100 desktop / laptop computers
1 Network Intrusion Detection System (NIDS)
In-house PKI environment
2 Windows 2008 Active Directory Domain Controllers (DC)
VoIP telephone system
The Chief Information Officer (CIO) has seen reports of
malicious activity on the rise and has become extremely concerned with the
protection of the intellectual property and highly sensitive data maintained by
your organization. As one of your first tasks with the organization, the CIO
requests your help.
Write a three to five (3-5) page paper in which you:
Conduct an organizational business impact analysis (BIA) and
determine which information assets need to have a risk assessment performed.
Conduct an organizational risk assessment and provide an
initial report that includes the following:
Identify information assets and prioritize identified
assets.
Define risks and prioritize the risks.
Identify the critical asset(s) and its associated risks.
Based on your BIA and risk assessment initial report,
evaluate the current network and organizational requirements and complete the
following:
Identify one (1) risk that should be accepted by the
organization. Explain why.
Identify one (1) risk that should be avoided by the
organization. Explain why and how it should be avoided.
Identify one (1) risk that should be shared by the
organization. Explain why and how it should be shared.
Identify one (1) risk that should be controlled by the
organization. Explain why and how it should be controlled.
Identify the organization’s risk appetite. Provide the
organization with recommendations of where action(s) need to be planned and
your approach to mitigate the risks.
Explain why you have chosen the approach and how it can be
completed.
Use at least three (3) quality resources in this assignment.
Note: Wikipedia and similar Websites do not qualify as quality resources.
Your assignment must follow these formatting requirements:
Be typed, double spaced, using Times New Roman font (size
12), with one-inch margins on all sides; citations and references must follow
APA or school-specific format. Check with your professor for any additional
instructions.
Include a cover page containing the title of the assignment,
the student’s name, the professor’s name, the course title, and the date. The
cover page and the reference page are not included in the required assignment
page length.
The specific course learning outcomes associated with this
assignment are:
Describe the components and basic requirements for creating
an audit plan to support business and system considerations.
Describe the parameters required to conduct and report on IT
infrastructure audit for organizational compliance.
Use technology and information resources to research issues
in security strategy and policy formation.
Write clearly and concisely about topics related to
information technology audit and control using proper writing mechanics and
technical style conventions.
0 comments:
Post a Comment