Dr Nick
$14/per page/Negotiable
Module 1 - Case
RISK ASSESSMENT
Assignment Overview
Information Systems have become the foundational platforms for many organizations and businesses to carry out their missions and business functions. Hence, managing the security risk related to the use and operation of the information systems has also become a critical component of managing organizational risks. The following article provides an overview of managing information security risk, especially from the managerial perspective.
NIST (2011), "Managing Information Security Risk -- Organization, Mission and Information System View," National Institute of Standards and Technology Special Publication 800-39.
Effective risk management of information system security first asks for systematic risk assessment. The following article provides frameworks, fundamentals, and processes for risk assessment. Matrix are also suggested to guide detailed risk assessment of threats, their likelihood, and impacts, etc.
NIST (2011). Information Security -- Guide for Conducting Risk Assessments. National Institute of Standards and Technology Special Publication 800-30 Revision 1.
The following chapter in the Handbook of Information Security Management also covers the similar topics such as the risk assessment of threats and likelihood, qualitative and quantitative considerations of risk assessment and even some accounting methods. Even speaking in slightly different languages, the fundamentals and methods are similar.
Ozier, W. Section 3-1—Risk Analysis. Handbook of Information Security Management.
Case Assignment
After reading the above articles (the first two are documentations with many pages, please selectively read the important content rather than read word-by-word), please write a 3-5 page paper titled:
"How to Systematically Conduct Risk Assessments of Information System Security Risks? -- Fundamentals and Methods"
Assignment Expectations
Please address the following issues in your paper: