Reference no: EM132373882

Information Systems Risk and Security

The CoM Case Study for Assignment

The CoM Business Information Systems Manager, has accepted your advice as an external auditor proposing to undertake a risk assessment audit for the charity. It was tabled to the Board of Directors and, after much deliberation, the CFO has approved a reasonable budget to improve CoM's risk and security management posture.

You have been assigned to CoM to carry out an extensive risk assessment of the organization's information management practices and information assets. Your task is to produce a 2500 auditors report (in business report format). Your report should address the following components

Project: Risk Assessment Report

Prepare a risk assessment (RA). To do so, you must:

1. Clearly and concisely assesses CoMs value creation activities and strategic context in order to propose a target risk appetite and risk tolerance level for the Council,

2. Identify the key roles and responsibilities of individuals and departments within the council as they pertain to risk assessment,

3. Carefully audit the case evidence, undertake an inventory and identify information assets that includes both, CoM's most significant business information and the information systems that must be accounted for in any approach to risk management,

4. Identify risks: provide an analysis of the threats and vulnerabilities that pose the greatest risks to CoM's most important information assets (information and systems),

5. Present a likelihood and impact analyses for the most significant risks you have identified, in doing so, prioritise the most significant risks for CoM and provide details in a risk assessment table.

6. In preparing a risk assessment report you are NOT TO extend beyond this brief or prepare any other components of a risk management plan. Following the completion of the risk assessment report, CoM will evaluate the next steps for your consultancy. The risk assessment needs to be conducted in accordance with best practice and should apply (one, or a hybrid combination of) the leading standards, guidelines or frameworks pertaining to IS risk and security management. Your report must articulate clearly which standards/guidelines it has followed and how they have been used.

You are to prepare your risk assessment report for the company's senior executive and your report should be written as formal business report that is suitable for your audience. Guidelines for business report writing can be found at the Faculty of Business and Law, Swinburne subject.

In addition to your use of standards and guidelines for the risk assessment report, you should research and consult secondary sources in your work and in presenting your report follow standard academic referencing procedures for the Harvard Style:

The following should be included with your risk assessment report

• Relevant appendices for the report (should be used as you deem appropriate and will not be counted in word),

• A report reference list that applies the Harvard style guide (in text citation is an expectation for this report).

• All reports must be presented in standard 12-point font Your report will be submitted online in CANVAS.

Please note: The assessment criteria for this report focuses on your analysis and explanation of the risk assessment you undertake. While all appendices, tables and diagrams used in the report will contribute to your assessment, they do not be count towards the word limit for the assignment.

However, all diagrams and tables in the report and any appendix added to the report must be relevant, significant and well supported (through written description) in order to count favourably towards your assessment.

Attachment:- Information Systems Risk and Security.rar