The purpose of this assignment is to analyze an organization’s tolerance for risk and develop an appropriate security policy
The purpose of this assignment is to analyze an organization's tolerance for risk and develop an appropriate security policy to address risk.
Part 1:
Using the assigned reading and your own research, write a 500-word paper that defines the three levels of risk tolerance (risk-averse, risk-neutral, and risk-seeking). Include the following in your discussion.
- Provide a real-world organization that is an example of each level of risk tolerance. Include the company name and industry for each. Include an explanation of whether the company is risk-averse, risk-neutral, or risk-seeking.
- Summarize the advantages and disadvantages each organization faces while engaging in the form of risk tolerance it exhibits.
- Using one of the three organizations profiled, explain how the pillars of information security (confidentiality, integrity, and availability) influenced the risk tolerance perspective of the organization in your discussion, consider the regulations the organization must adhere to, relationships with third-party organizations with remote access, customer expectations of security, and the level of availability the organization must sustain.
Part 2:
Using the "Information Security Policy Template," complete the policy in alignment with one of the three organizations you explored in Part 1 of the assignment. Ensure you design the policy in accordance with the risk tolerance of the organization. Include the following in your design:
- Identify 20 potential risks, defining both threat (condition) and impact (consequence). Review Chapter 1 in Information Security Risk Assessment Toolkit: Practical Assessments Through Data Collection and Data Analysis when completing this portion of the assignment.
- Define a policy to monitor (risk-seeking), control (risk-neutral), or remove (risk-averse) the risk.
Submit the 500-word paper and completed "Information Security Policy Template."
Prepare this assignment according to the guidelines found in the APA Style Guide, located in the Student Success Center. An abstract is not required.
This assignment uses a rubric. Please review the rubric prior to beginning the assignment to become familiar with the expectations for successful completion.
You are required to submit this assignment to LopesWrite. A link to the LopesWrite technical support articles is located in Course Materials if you need assistance.
Information Security Policy Template
Complete the policy in alignment with one of the three organizations you explored in Part 1 of the assignment. Ensure you design the policy in accordance with the risk tolerance of the organization. The following should be included in your design.
1. Identify 20 potential risks, defining both threat (condition) and impact (consequence). Review Chapter 1 in Information Security Risk Assessment Toolkit: Practical Assessments Through Data Collection and Data Analysis when completing this portion of the assignment.
2. Define a policy to monitor (risk-seeking), control (risk-neutral), or remove (risk-averse) the risk.
Risk Assessment Table
|
Number |
Risk Name |
Threat (Condition) |
Impact (Consequence) |
|
Example |
No Anti-Virus Updates |
Malicious virus, worms, Trojans, hackers gaining unauthorized access |
Exploiting and extracting sensitive data from end-user systems |
|
1 |
|||
|
2 |
|||
|
3 |
|||
|
4 |
|||
|
5 |
|||
|
6 |
|||
|
7 |
|||
|
8 |
|||
|
9 |
|||
|
10 |
|||
|
11 |
|||
|
12 |
|||
|
13 |
|||
|
14 |
|||
|
15 |
|||
|
16 |
|||
|
17 |
|||
|
18 |
|||
|
19 |
|||
|
20 |
Information Security Policy
|
Number |
Risk Name |
Policy |
Monitor/Control/Remove |
|
Example: |
No Anti-Virus Updates |
All systems will receive daily anti-virus updates via enterprise-wide application. |
Control: Security analyst will monitor (report) on update status for all systems and remediate any systems missing updates. |
|
1 |
|||
|
2 |
|||
|
3 |
|||
|
4 |
|||
|
5 |
|||
|
6 |
|||
|
7 |
|||
|
8 |
|||
|
9 |
|||
|
10 |
|||
|
11 |
|||
|
12 |
|||
|
13 |
|||
|
14 |
|||
|
15 |
|||
|
16 |
|||
|
17 |
|||
|
18 |
|||
|
19 |
|||
|
20 |
© 2017. Grand Canyon University. All Rights Reserved.
2
,
1391646 – Elsevier Health Sciences ©
Table of Contents
Cover image
Title page
Copyright
Dedication
Acknowledgements
About the Technical Editor
About the Authors
Introduction
Chapter 1. Information Security Risk Assessments
Introduction
What is Risk?
What is an Information Security Risk Assessment?
Drivers, Laws, and Regulations
Summary
References
Chapter 2. Information Security Risk Assessment: A Practical Approach
Introduction
A Primer on Information Security Risk Assessment Frameworks
Summary
Chapter 3. Information Security Risk Assessment: Data Collection
Introduction
The Sponsor
The Project Team
1391646 – Elsevier Health Sciences ©
Data Collection Mechanisms
Executive Interviews
Document Requests
IT Asset Inventories
Asset Scoping
The Asset Profile Survey
The Control Survey
Survey Support Activities and Wrap-Up
Consolidation
Chapter 4. Information Security Risk Assessment: Data Analysis
Introduction
Compiling Observations from Organizational Risk Documents
Preparation of Threat and Vulnerability Catalogs
Overview of the System Risk Computation
Designing the Impact Analysis Scheme
Designing the Control Analysis Scheme
Designing the Likelihood Analysis Scheme
Putting it Together and the Final Risk Score
Chapter 5. Information Security Risk Assessment: Risk Assessment
Introduction
System Risk Analysis
Chapter 6. Information Security Risk Assessment: Risk Prioritization and Treatment
Introduction
Organizational Risk Prioritization and Treatment
System Specific Risk Prioritization and Treatment
Issues Register
Chapter 7. Information Security Risk Assessment: Reporting
Introduction
1391646 – Elsevier Health Sciences ©
Outline
Risk Analysis Executive Summary
Methodology
Results
Risk Register
Conclusion
Appendices
Chapter 8. Information Security Risk Assessment: Maintenance and Wrap Up
Introduction
Process Summary
Key Deliverables
Post Mortem
Index
,
1391646 – Elsevier Health Sciences ©
PART I
Introduction to Risk Management 1 The Security Evolution 2 Risky Business 3 The Risk Management Lifecycle
Collepals.com Plagiarism Free Papers
Are you looking for custom essay writing service or even dissertation writing services? Just request for our write my paper service, and we'll match you with the best essay writer in your subject! With an exceptional team of professional academic experts in a wide range of subjects, we can guarantee you an unrivaled quality of custom-written papers.
Get ZERO PLAGIARISM, HUMAN WRITTEN ESSAYS
Why Hire Collepals.com writers to do your paper?
Quality- We are experienced and have access to ample research materials.
We write plagiarism Free Content
Confidential- We never share or sell your personal information to third parties.
Support-Chat with us today! We are always waiting to answer all your questions.
