Risk Assessment Report – Information Systems Security

Risk Assessment Report (350 Points)

The objective of this assignment is to develop a risk assessment report for a company, government agency, or other organization (the ”subject organization”). The analysis will be conducted using only publicly available information (e.g., information obtainable on the Internet, company reports, news reports, journal articles, etc.) and based on judicious, believable extrapolation of that information. Your risk analysis should consider subject organization information assets (computing and networking infrastructure), their vulnerabilities, and legitimate, known threats that can exploit those vulnerabilities. Your assignment is then to derive the risk profile for the subject organization. Your report should also contain recommendations to mitigate the risks.

There is a wealth of business-oriented and technical information that can be used to infer likely vulnerabilities and assets for an organization. It is recommended that students select their organizations based at least in part on ease of information gathering, from a public record perspective.

Steps to be completed by the end of Week 4

1. Pick a Subject Organization: Follow these guidelines:

You should pick a company or organization that has sufficient publicly available information to support a reasonable risk analysis, particularly including threat and vulnerability identification.

2. Develop Subject Organization Information: Examples of relevant information include:

  • Company/Organization name and location
  • Company/Organization management or basic organization structure
  • Company/Organization industry and purpose (i.e., the nature of its business)
  • Company/Organization profile (financial information, standing in its industry, reputation)
  • Identification of relevant aspects of the company/organization’s computing and network infrastructure

Note: Do not try to access more information through social engineering, or through attempted cyber attacks or intrusion attempts. This is a look at how readily available information might be used from a risk management perspective.

You are required to complete these first two steps and to submit your selected organization including the pertinent information above by the end of Week 4. No points are assessed for this assignment in Week 4, but you must complete it this week as part of your Portfolio Project due in its entirety in Week 8.

Steps to be completed by the end of Week 8

3. Analyze Risks

  • For the purposes of this assignment, you will follow the standard risk assessment methodology used within the U.S. federal government, as described in NIST Special Publication 800-30 Risk Management Guide for Information Technology Systems (linked at the bottom of the page).
  • In conducting your analysis, focus on identifying threats and vulnerabilities faced by your subject organization.
  • Based on the threats and vulnerabilities you identify, next determine both the relative likelihood and severity of impact that would occur should each of the threats materialize. This should produce a listing of risks, at least roughly ordered by their significance to the organization.
  • For the risks you have identified, suggest ways that the subject organization might respond to mitigate the risk.

4. Prepare Risk Assessment Report

The report should include the following:

  • Approved organization identification summary submitted in Week 4
  • Executive Summary
    • Scope
    • Overall level of risk
    • Number of risks identified and brief description of what they are
  • Body of the paper
    • Purpose of risk assessment
    • Identify assumptions and constraints
    • Describe risk tolerance
    • Identify and describe risk model
    • Rationale for any risk-related decisions
    • Missions and functions
    • Summarize risk assessment results
    • Identify the time frames for which the risk assessment is valid

Your 12- to 15-page report should be formatted according to APA requirements with any sources properly cited.


1. Attached the NIST Special Publication 800-30 for reference

2. Attached the Textbook for reference.

3. Inline citations are must and no plagiarism.

You can leave a response, or trackback from your own site.


10 Responses to “Risk Assessment Report – Information Systems Security”

  1. 502306 533065How do I know if a WordPress theme supports a subscribe option? 409524

  2. gay sex doll says:

    780333 349526The particular New york Diet can be an highly affordable and versatile eating better tool built for time expecting to loose fat along with naturally maintain a healthful every day life. la weight loss 202687

  3. arvest bank says:

    237752 197832I adore your wp style, wherever did you download it by means of? 740040

  4. 킹스포커 says:

    490906 355705This internet internet site is often a walk-through rather than the details you wanted about it and didnt know who ought to. Glimpse here, and youll certainly discover it. 955402

  5. 349192 275413I dont leave lots of comments on plenty of blogs each week but i felt i had to here. A hard-hitting post. 951507

  6. 554530 208825Cheapest speeches and toasts, as effectively as toasts. probably are developed building your personal at the party and is going to be most likely to turn into witty, humorous so new even. greatest man toast 978951

  7. Impression Rapide Jetons De Casino Personnalise Best In Slot Legendary Pala Vindict Dr Pickup Casino De Salies De B Arn

  8. 878321 281391I think so. I think your write-up will give those folks a excellent reminding. And they will express thanks to you later 716325

  9. 807340 629927so much wonderful data on here, : D. 73887

Leave a Reply

Powered by WordPress | Designed by: buy backlinks | Thanks to webdesign berlin, House Plans and voucher codes