User Account

All Pages

Develop a risk assessment report for a company

Assignment Help Management Information Sys
Reference no: EM131428800 , Length: 12

Risk Assessment Report Instructions

Background

This is an individual research project. The objective of the research project is to develop an Information Asset Risk Assessment Report for an organization of your choosing, and worth 25% of your total course grade.

The report will be due by the end of the 11thweek. The analysis should be conducted using only publicly available information (that is, information obtainable on the Internet,company reports, news reports, journal articles, etc.). The risk analysis should consider legitimate, known threats that pertain to the subject organization.

Based on the information gathered, presumed vulnerabilities of the company or organization's computing and networking infrastructure will be identified. Then, based on the identified threats and vulnerabilities, you will describe the risk profile for the subject organization and suggest recommendations to mitigate the risks.

Your report should be 12 pages, double-spaced, exclusive of cover, title page, table of contents, endnotes and bibliography. Your paper must use APA formatting with the exception that tables and figures can be inserted at the appropriate location rather than added at the end. Submit the report in your Assignment Folder prior to the submission deadline.

Project Proposal

Prior to writing your report, you must submit a short (a page and half) Project Proposal, indicating the name and relevant aspect(s) of the organization you intend to use as a subject for your report. The proposal must be accompanied by an annotated bibliography submitted via the assignment folder. Your instructor will provide feedback as to the suitability of your subject and bibliography. Additional details are provided below.

You will submit a project proposal of your Risk Assessment Report by the end of Session 4. The project proposal will account for 10% of your research paper grade (2.5% of your total course grade).

The project proposal should be a page and half (double spaced) description of the organization that you propose to analyze, with a summary of the scope (e.g., entire organization, key business area, major system, etc.) for the risk assessment you are expected to conduct.

The proposal should identify the subject organization with a brief explanation of why you chose the subject for this assignment. The proposal should also describe the research methods to be used and anticipated sources of research information sources.

Your instructor will use the proposal to provide feedback on the suitability of the proposed subject organization and the scope you propose, as well as the suitability of the proposed research methods and information sources. If you do not provide a proposal, you will be preparing their Risk Assessment Reports "at risk;" i.e., they will run the risk of delivering a report that is not suitable for this course.

An important step in developing your Risk Assessment Report will be the construction of an Annotated Bibliography. Having developed and described a subject organization and scope of analysis in the proposal, the next step is to identify and assess the value of potential research material. You should identify five (5) to six (6) significant articles relevant to your subject organization and to identifying and assessing risks in a context similar to the scope of your report.

For a report of this nature you may expect to find useful sources in both business-focused (e.g., Business Source Premier, Business and Company Resource Center, ABI/Inform) and technically-focused databases (e.g., ACM Digital Library, IEEE, Gartner.com). The annotated bibliography will consist of 100-250 words per article, that describe the main ideas of the article, a discussion of the usefulness of such an article in understanding various aspects of you report, and other comments you might have after reading the article.

For each article, there should be acomplete reference in APA format. Your Annotated Bibliography will then form the basis of the sources for your report. (You may also supplement the references used in your report with additional reference material.)

Some excellent guidance on how to prepare an annotated bibliography can be found at HYPERLINK

"https://www.library.cornell.edu/okuref/research/skill28.htm"

https://www.library.cornell.edu/okuref/research/skill28.htm.

Risk Assessment Report Proposal and Annotated Bibliography should be submitted by the end of Session 4.

Risk Assessment Report

The Risk Assessment Report should be a polished, graduate-level paper. Be sure to carefully cite (using correct APA-Style in-line citations) all sources of information in the report. UMUC policies regarding plagiarism will apply to the Risk Assessment Report as well as all other deliverables in this course. You must submit the report to Turnitn.com to improve the originality score before submitting the report in the Assignment Folder. The lower the originality score the better it is. You should aim for an originality score of 10%..

Please submit questions regarding the research paper to the INFA610 "Q&A" Conference.

The Risk Assessment Report should be submitted by the end of Session 11

Risk Assessment Report Overview

The objective of this assignment is to develop a Risk Assessment Report for a company, government agency, or other organization (the "subject organization"). The analysis will be conducted using only publicly available information (e.g., information obtainable on the Internet, company reports, news reports, journal articles, etc.) and based on judicious, believable extrapolation of that information.

Your risk analysis should consider subject organization information assets (computing and networking infrastructure), their vulnerabilities and legitimate, known threats that can exploit those vulnerabilities. Your assignment is then to derive the risk profile for the subject organization. Your report should also contain recommendations to mitigate the risks.

There is a wealth of business-oriented and technical information that can be used to infer likely vulnerabilities and assets for an organization. It is recommended that students select their organizations based at least in part on ease of information gathering, from a public record perspective.

Steps to be followed:

1. Pick a Subject Organization: Follow these guidelines:

No insider or proprietary information. All the information you collect must be readily available for anyone to access. You will describe in your proposal how you intend to collect your information.

You should pick a company or organization that has sufficient publicly available information to support a reasonable risk analysis, particularly including threat and vulnerability identification.

2. Develop Subject Organization Information: Examples of relevant information includes:

Company/Organization name and location

Company/Organization management or basic organization structure

Company/Organization industry and purpose (i.e., the nature of its business)

Company/Organization profile (financial information, standing in its industry, reputation)

Identification of relevant aspects of the company/organization's computing and network infrastructure, Note: Do not try to access more information through Social Engineering, or through attempted cyber attacks or intrusion attempts.

3. Analyze Risks

For the purposes of this assignment, you will follow the standard risk assessment methodology used within the U.S. federal government, as described in NIST Special Publication 800-30 (United States. National Institute of Standards and Technology (2002).Risk Management Guide for Information Technology Systems (Special Publication 800-30). Retrieved from: HYPERLINK "

https://csrc.nist.gov/publications/nistpubs/800-30/sp800-30.pdf"

https://csrc.nist.gov/publications/nistpubs/800-30/sp800-30.pdf)

In conducting your analysis, focus on identifying threats and vulnerabilities faced by your subject organization.

Based on the threats and vulnerabilities you identify, next determine both the relative likelihood and severity of impact that would occur should each of the threats materialize. This should produce a listing of risks, at least roughly ordered by their significance to the organization.

For the risks you have identified, suggest ways that the subject organization might respond to mitigate the risk.

4. Prepare Risk Assessment Report

Reports should be 12 pages (exclusive of cover, title page, table of contents, endnotes and bibliography), double-spaced, and should follow a structure generally corresponding to the risk assessment process described in NIST Special Publication 800-30.

The report should be prepared using the APA Style. All sources of information should be indicated via in-line citations and a list of references.

Reference no: EM131428800

Questions Cloud

Describe the varieties of religious experience : Describe the selected content and explain the significance of the selected category across all of the religions studied. Show in what ways the category is significant for each religion.
How many treatment combinations are there in this experiment : What are the degrees of freedom for the estimated variance in response (for pieces made under a given set of process conditions)?
What is the current price of the bond : Suppose a German company issues a bond with a par value of €1,000, 23 years to maturity, and a coupon rate of 5.8 percent paid annually. If the yield to maturity is 4.7 percent, what is the current price of the bond?
Define the concept of the self in the social world : Define the concept of "the self" in the social world. Apply the concepts of "the self" to your own life, including self-concept, self-esteem, and self-efficacy. Also relate these concepts back to peer reviewed sources
Develop a risk assessment report for a company : INFA 610: Based on the information gathered, presumed vulnerabilities of the company or organization's computing and networking infrastructure will be identified. Then, based on the identified threats and vulnerabilities, you will describe the ris..
Did corzine act appropriately : The Commodity Futures Trading Commission recently filed a complaint against Jon Corzine, CEO of MF Global, charging him with directing one of his mid-level managers, Edith O'Brien, to transfer millions of dollars of customer assets to cover a bank ov..
Analyze and critique the conclusions drawn by the researcher : Analyze and critique the conclusions drawn by the researchers. Do the conclusions follow logically from the results of the analysis? Evaluate the overall efficacy of the research study by identifying the strengths and weaknesses of aspects of its ..
Identify its core culture and elements of observable culture : Using an organization in which your familiar, identify its core culture and the elements of its observable culture as defined by Senge. What do you think would need to be changed in order to facilitate learning? What role would organizational develop..
Health care organizations operational unit : You are managing a health care organization's operational unit and a major HIPAA compliance issue occurred in which outbound faxes have been sent to 200 incorrect numbers. Who should you involve on your team? Explain the level of concern for this vio..

Reviews

Write a Review

Management Information Sys Questions & Answers

  Information technology - analog and digital signalsidentify

information technology - analog and digital signalsidentify the difference between analog and digital signals. provide

  Resource planningallocation how many service technicians

resource planningallocation how many service technicians does it take?assumptionsfactors- available working hours 8am -

  Identify the key factors that companies should consider

Identify the key factors that companies should consider when deciding whether to buy or to build their own information systems. Explain your rationale

  Learning technology relationshipscompare the three 3

learning technology relationshipscompare the three 3 learning technologies verbal information intellectual skill and

  How have social media changed the way information exchange

How have social media changed the way we exchange information about organizations and their products and services. How can services such as Facebook be used to communicate business proposals, plans, and reports

  Using the research topic do the benefits of vaccinationout

using the research topic do the benefits of vaccinationout weigh the risks?1. find 10 sources of information and write

  Assess bcp as a process that adds business value

Assess BCP as a process that adds business value. Give your opinion on whether or not the argument that states BCP adds value is a credible argument. Explain why or why not

  Write comparison between two programming languages

Write comparison between at least two programming languages, for example: C, C++, C#, Java, JavaScript, Perl, PHP, Python, Ruby, SQL

  What are the roles of an alternatives analysis

How can the capital planning process help support decisions on investing in future EA component upgrades or new capabilities?What is a business case for investment in EA components? What are the roles of an Alternatives Analysis, Cost Benefit Analy..

  Cost benefits to cloud computing using specific examples

Cloud Profitability In a one- to two-page paper (250-500 words), discuss whether or not there are cost benefits to cloud computing using specific examples. Be sure to include at least three reference sources. APA rules for formatting, quoting, paraph..

  How important is it for the industry practice advancement

What is your research area, the motivation of research, and how important is it for the industry practice/knowledge advancement?

  Compare and contrast the dyb and gyb strategies

Compare and contrast the DYB and GYB strategies in terms of the ability to sustain a business in the marketplace over the long term, to be competitive against rivals, and profitability.

Free Assignment Quote

Assured A++ Grade

Get guaranteed satisfaction & time on delivery in every assignment order you paid with us! We ensure premium quality solution document along with free turntin report!

Submit Assignment

Academics

Major Subjects

Majors

Get In Touch

whatsapp: +1-415-670-9521

Phone: +1-415-670-9521

Email: [email protected]

TERMS & POLICIES

HELP & SUPPORT

All rights reserved! Copyrights ©2019-2020 ExpertsMind IT Educational Pvt Ltd