Module 1 - SLP

RISK ASSESSMENT

The following two examples demonstrate how risk assessment can be conducted in certain situations. Read briefly to get some basic ideas.

NIST (2010). Piloting Supply Chain Risk Management Practices for Federal Information Systems.

CDS Case Study. Making Information Risk Mitigation Decisions. Vincent Larcote Case Series. Case #6-0029. Center for Digital Strategies. Tuck School of Business at Dartmouth.

Practicing risk assessment fundamentals, processes and matrixes to one's own experiences offers an opportunity to apply the learning in the real world. Can you choose a particular information system security domain of your organization or industry and apply what you learned from the case readings and SLP examples? You can choose to assess comprehensively, or you can choose not to cover all the aspects of risk assessment but to focus on two or three major perspectives and go much more in depth.

SLP Assignment Expectations

Please write a 2-5 page paper titled:

"Risk Assessment for ______ (your chosen information system security domain in your chosen organization/industry): Challenges and Solutions"

Please address the following issues:

1. Special requirements of risk assessment in your chosen information system security domain in your chosen organization/industry if there are any.
2. Two or three major perspectives of risk assessment that you choose to go in depth to discuss.
3. One or two major lessons learned from the examples that you'd like apply in your own risk assessment issue here.
4. Key challenges and solutions of risk assessment.

Your assignment will be graded according to the MSITM SLP Grading Rubric, which aligns with the following expectations. (To see the rubric, go to Assessments>Rubrics. Click the arrow next to the rubric name and choose Preview.)