StudyDaddy Information Systems It is Risk assessment paper

It is Risk assessment paper

PP

Risk Assessment Exercise--Possible guidelines

This document is meant to help you go through the steps required for Stage 1 of your project. Use it as needed or when needed.

IDENTIFICATION

  1. What are the components of the [ORGANIZATION NAME] system (assets)?

    1. Identify and assess value, (at this early stage, we don't need to worry about $$$ details),

    2. classify and,

    3. prioritize them (create a table).

Possible questions you need to be asking at this point:

  • Which information asset is the most critical to the success of [ORGANIZATION NAME]?

  • Which information asset generates the most revenue?

  • Which the most profitability?

  • Which is the most expensive to replace? (don’t limit yourself into thinking in terms of $$ only: time, loss productivity, etc.)

  • Which would be the most expensive to protect?

  • Which would be the most embarrassing or cause greatest liability (think of all those bad lawyers) if revealed?

  • Does data need to be classified? Do users need a different security clearance (examples of users: office staff, local nationals, lab monitors, librarian, students, faculty, etc.)

  1. What are the threats these components face?

    1. Identify threats (you can use the web and find current threats or even think of some other possible threats),

    2. Prioritize threats (again, table format works)

Possible questions at this point (think in terms of danger to the company v. to the information):

  • Which threats are the most dangerous to [ORGANIZATION NAME'S] assets in the given environment?

  • Which are the most dangerous to the information?

  • What would cost to recover from an attack? (non-detailed estimation of time and loss productivity),

  • Which are the most expensive to prevent?

  1. What are the vulnerabilities the [ORGANIZATION NAME] system has?

    1. Create a list of weaknesses you think the system has (i.e., human error, theft, etc.)

RISK ASSESSMENT

  1. Likelihood: chance that a specific vulnerability will be exploitednumber them (for example, 0.1 low and 1.0 high).

  2. Valuation of Information assets (we have these findings earlier on (2))assign weight (any form of scale would do).

  3. Create a list of current controls (don't limit yourself to technical ones).

  4. Identify possible controls to implement.

  5. Document the results of risk assessment (a table format will do)

Extra credit: Are data confidentiality, integrity and availability protected?

Have a similar question?

Continue to edit or attach image(s).

  • Fast and convenient

    Fast and convenient

    Simply post your question and get it answered by professional tutor within 30 minutes. It's as simple as that!

  • Any topic, any difficulty

    Any topic, any difficulty

    We've got thousands of tutors in different areas of study who are willing to help you with any kind of academic assignment, be it a math homework or an article.

  • 100% Satisfied Students

    100% Satisfied Students

    Join 3,4 million+ members who are already getting homework help from StudyDaddy!