18 Jan The purpose of this assignment is to analyze an organization’s tolerance for risk and develop an appropriate security policy
The purpose of this assignment is to analyze an organization's tolerance for risk and develop an appropriate security policy to address risk.
Part 1:
Using the assigned reading and your own research, write a 500-word paper that defines the three levels of risk tolerance (risk-averse, risk-neutral, and risk-seeking). Include the following in your discussion.
- Provide a real-world organization that is an example of each level of risk tolerance. Include the company name and industry for each. Include an explanation of whether the company is risk-averse, risk-neutral, or risk-seeking.
- Summarize the advantages and disadvantages each organization faces while engaging in the form of risk tolerance it exhibits.
- Using one of the three organizations profiled, explain how the pillars of information security (confidentiality, integrity, and availability) influenced the risk tolerance perspective of the organization in your discussion, consider the regulations the organization must adhere to, relationships with third-party organizations with remote access, customer expectations of security, and the level of availability the organization must sustain.
Part 2:
Using the "Information Security Policy Template," complete the policy in alignment with one of the three organizations you explored in Part 1 of the assignment. Ensure you design the policy in accordance with the risk tolerance of the organization. Include the following in your design:
- Identify 20 potential risks, defining both threat (condition) and impact (consequence). Review Chapter 1 in Information Security Risk Assessment Toolkit: Practical Assessments Through Data Collection and Data Analysis when completing this portion of the assignment.
- Define a policy to monitor (risk-seeking), control (risk-neutral), or remove (risk-averse) the risk.
Submit the 500-word paper and completed "Information Security Policy Template."
Prepare this assignment according to the guidelines found in the APA Style Guide, located in the Student Success Center. An abstract is not required.
This assignment uses a rubric. Please review the rubric prior to beginning the assignment to become familiar with the expectations for successful completion.
You are required to submit this assignment to LopesWrite. A link to the LopesWrite technical support articles is located in Course Materials if you need assistance.
Information Security Policy Template
Complete the policy in alignment with one of the three organizations you explored in Part 1 of the assignment. Ensure you design the policy in accordance with the risk tolerance of the organization. The following should be included in your design.
1. Identify 20 potential risks, defining both threat (condition) and impact (consequence). Review Chapter 1 in Information Security Risk Assessment Toolkit: Practical Assessments Through Data Collection and Data Analysis when completing this portion of the assignment.
2. Define a policy to monitor (risk-seeking), control (risk-neutral), or remove (risk-averse) the risk.
Risk Assessment Table
|
Number |
Risk Name |
Threat (Condition) |
Impact (Consequence) |
|
Example |
No Anti-Virus Updates |
Malicious virus, worms, Trojans, hackers gaining unauthorized access |
Exploiting and extracting sensitive data from end-user systems |
|
1 |
|||
|
2 |
|||
|
3 |
|||
|
4 |
|||
|
5 |
|||
|
6 |
|||
|
7 |
|||
|
8 |
|||
|
9 |
|||
|
10 |
|||
|
11 |
|||
|
12 |
|||
|
13 |
|||
|
14 |
|||
|
15 |
|||
|
16 |
|||
|
17 |
|||
|
18 |
|||
|
19 |
|||
|
20 |
Information Security Policy
|
Number |
Risk Name |
Policy |
Monitor/Control/Remove |
|
Example: |
No Anti-Virus Updates |
All systems will receive daily anti-virus updates via enterprise-wide application. |
Control: Security analyst will monitor (report) on update status for all systems and remediate any systems missing updates. |
|
1 |
|||
|
2 |
|||
|
3 |
|||
|
4 |
|||
|
5 |
|||
|
6 |
|||
|
7 |
|||
|
8 |
|||
|
9 |
|||
|
10 |
|||
|
11 |
|||
|
12 |
|||
|
13 |
|||
|
14 |
|||
|
15 |
|||
|
16 |
|||
|
17 |
|||
|
18 |
|||
|
19 |
|||
|
20 |
© 2017. Grand Canyon University. All Rights Reserved.
2
,
1391646 – Elsevier Health Sciences ©
Table of Contents
Cover image
Title page
Copyright
Dedication
Acknowledgements
About the Technical Editor
About the Authors
Introduction
Chapter 1. Information Security Risk Assessments
Introduction
What is Risk?
What is an Information Security Risk Assessment?
Drivers, Laws, and Regulations
Summary
References
Chapter 2. Information Security Risk Assessment: A Practical Approach
Introduction
A Primer on Information Security Risk Assessment Frameworks
Summary
Chapter 3. Information Security Risk Assessment: Data Collection
Introduction
The Sponsor
The Project Team
1391646 – Elsevier Health Sciences ©
Data Collection Mechanisms
Executive Interviews
Document Requests
IT Asset Inventories
Asset Scoping
The Asset Profile Survey
The Control Survey
Survey Support Activities and Wrap-Up
Consolidation
Chapter 4. Information Security Risk Assessment: Data Analysis
Introduction
Compiling Observations from Organizational Risk Documents
Preparation of Threat and Vulnerability Catalogs
Overview of the System Risk Computation
Designing the Impact Analysis Scheme
Designing the Control Analysis Scheme
Designing the Likelihood Analysis Scheme
Putting it Together and the Final Risk Score
Chapter 5. Information Security Risk Assessment: Risk Assessment
Introduction
System Risk Analysis
Chapter 6. Information Security Risk Assessment: Risk Prioritization and Treatment
Introduction
Organizational Risk Prioritization and Treatment
System Specific Risk Prioritization and Treatment
Issues Register
Chapter 7. Information Security Risk Assessment: Reporting
Introduction
1391646 – Elsevier Health Sciences ©
Outline
Risk Analysis Executive Summary
Methodology
Results
Risk Register
Conclusion
Appendices
Chapter 8. Information Security Risk Assessment: Maintenance and Wrap Up
Introduction
Process Summary
Key Deliverables
Post Mortem
Index
,
1391646 – Elsevier Health Sciences ©
PART I
Introduction to Risk Management 1 The Security Evolution 2 Risky Business 3 The Risk Management Lifecycle
Our website has a team of professional writers who can help you write any of your homework. They will write your papers from scratch. We also have a team of editors just to make sure all papers are of HIGH QUALITY & PLAGIARISM FREE. To make an Order you only need to click Ask A Question and we will direct you to our Order Page at WriteDemy. Then fill Our Order Form with all your assignment instructions. Select your deadline and pay for your paper. You will get it few hours before your set deadline.
Fill in all the assignment paper details that are required in the order form with the standard information being the page count, deadline, academic level and type of paper. It is advisable to have this information at hand so that you can quickly fill in the necessary information needed in the form for the essay writer to be immediately assigned to your writing project. Make payment for the custom essay order to enable us to assign a suitable writer to your order. Payments are made through Paypal on a secured billing page. Finally, sit back and relax.