You are enjoying your position as system administrator and can foresee a future

You are enjoying your position as system administrator and can foresee a future here. However, you have determined that there are very few risk management security controls in place, such as risk policies and procedures to protect against risks like ransomware and social media. Based upon your readings from Chapter 4 in the Antonucci book, you know that you will need to implement the appropriate controls in a cost-effective manner by applying the risk management process, which is part of creating an IT security policy framework.
There are five basic steps in the risk management process, which are as follows:
Identify risks, threats, and vulnerabilities.
Assess risks, threats, and vulnerabilities.
Plan risk response.
Implement risk response.
Monitor and control risk responses.
After completing the risk management process, you will then need to discuss implementing some of the proposed risk responses.
For this assignment, create a report illustrating the implementation of the risk management process within one of the seven domains of the IT infrastructure for your fictitious organization. Use any of the resources provided to you in this course (e.g., the CYB301 Data Classification Matrix you completed in Week 3 or any other resources from the course) as you complete each of the following steps.
Complete the following:
Provide a scenario for a threat that could occur at your fictitious organization within one of the seven domains.
Explain the method(s) that you would use to identify the risk of the threat occurring. Methods might include brainstorming, surveys, historical information, or others.
Apply either a qualitative or quantitative risk assessment approach to your identified threat (for either method, real or realistically estimated values may be used).
If performing a quantitative risk assessment,
Calculate a risk’s loss expectancy.
Include the asset value (AV), exposure factor (EF), single loss expectancy (SLE), annualized rate of occurrence (ARO), and annualized loss expectancy (ALE) in the calculation.
If performing a qualitative risk assessment,
Justify if you will reduce, transfer, accept, or avoid the risk.
Justify the type of control(s) that you wish to implement (e.g., detective, preventative, corrective, deterrent, or compensating) and if the control(s) are administrative or technical.
Explain how you are going to ensure that the recommended control(s) are beneficial versus detrimental.
The Risk Management in an Organization paper
Must be three to five double-spaced pages in length (not including title and references pages) and formatted according to APA Style 7th edition as outlined in the Writing Center’s APA Style
(Links to an external site.)
.
Must include a separate title page with the following:
Title of paper (in bold font)
Student’s name
UAGC
Course name and number
Instructor’s name
Due date

Posted in Uncategorized

Place this order or similar order and get an amazing discount. USE Discount code “GET20” for 20% discount