Perfect Essay Writing

Information Security Risk Management

Order ready-to-submit essays. No Plagiarism Guarantee!

Note:  All our papers are written from scratch by human writers to ensure authenticity and originality.

Information Security Risk Management,
ITC6315
Final Project

Verify your essay before you submit. Get an Official Turnitin Report for Just $8.99!

Check your paper with the same Turnitin report your professor uses. AI detection + similarity score without storing your work. Pay once, no subscription

Check My Assignment!

 

 Assignment Description

The final project is a comprehensive assessment of all the topics covered during this course.  A risk scenario is provided below, and students are required to complete both the risk evaluation and mitigation plan sections of the report.

The final project summarizes each of the individual assignments that were completed during this course.  Start by reading a brief description of the organization and some identified issues in the risk scenario.  The details of the organization have been left vague to allow each student the flexibility to fill in the gaps as they wish.  From the risk scenario, identify and rate any three risks.  In the risk description, make it clear which resource is at risk, and which threat/vulnerability pair is being evaluated.  Use the sensitivity, severity and likelihood scales from Appendix B in the book (Tables 4.2, 6.11 and 6.12) to evaluate each finding.  A mapping table is provided (Figure 6.3) to calculate the Risk Exposure value for each combination of sensitivity/severity/likelihood.

Then determine the appropriate mitigation plan for each risk, including who it should be assigned to and a proposed date for completion.

After you have completed the analysis of the risks and proposed mitigation plans, write a short executive summary to summarize your findings.  This should be no longer than 1 page.  Keep in mind your audience when writing the executive summary; it should be tailored for senior managers who are not technical.  You should write the executive summary last, but it should be the first page of your risk report.

If you don’t understand the technical details of any of the findings, please post questions to the Discussion Forum and ask the instructor to clarify.

This will represent the skills that you have learned throughout the semester, and can be an important addition to your portfolio when applying for risk related job positions. My hope is that you have a solid example of a risk assessment report to bring on interviews.

You can turn in the assignment electronically through Blackboard.

 

Risk Scenario

Higher Education Institution

  • There are 25 wireless access points which are consumer devices each configured separately
  • Student ID numbers are the individuals social security number (or International Identifying Number like a Passport Number)
  • All servers are together on a single network.  This includes email, web, file servers, database servers, and their credit card processing server.
  • Servers are put online and taken down regularly by different groups and individuals in the organization
  • A complex set of ACL’s is used at the core switch to control traffic between student networks
  • The server that hosts the student records SQL database, which includes things like the students SSN, is protected using BitLocker file system encryption
  • Records related to students and faculty are kept for archiving purposes indefinitely
  • Unrestricted Internet access is available from any system
  • The school psychologist stores patient files on the faculty file server
  • Access to the data center is restricted using a traditional key
  • Admin accounts on the servers and workstations are still using the default passwords.
  • Students and faculty can use any personal devices on the network
  • Instant Messaging is allowed and regularly used for business and personal

 Risk Evaluation Worksheet
#

Risk Description (Asset, Threat, and Vulnerability)

Sensitivity

Severity

Likelihood

Risk

0

Sensitive account information is discarded in the regular trash, which could lead to disclosure of customer financial accounts to unauthorized internal or external parties.  Disclosure of this data violates several state privacy laws.

High

High

Moderate

High

Risk Mitigation Plans

Finding 0: 

Owner Action:  Buy a shredder and install in convenient location, and publish a handling policy

By Whom: Administrative Staff and Senior Management                                                         When: By end of Q2 2012

Finding 1: 

Owner Action: _______________________________________________________________________________________________________                      When: ____________________________________

Finding 2: 

Owner Action: ________________________________________________________________________________

By Whom: _________________________________________________________                      When: ____________________________________

 

Finding 3: 

Owner Action:

______________________________________________________________________________________________________________________

By Whom: _________________________________________________________                      When: ____________________________________

 

SOURCE: WWW.ROYALRESEARCHERS.COM
Havent found the Essay You Want?
We Can Help
The Essay is Written From Scratch for You

🛒Place Your Order

ORDER AN ESSAY WRITTEN FROM SCRATCH at : https://royalresearchers.com/

PLACE YOUR ORDER

Share your love