Assignment 2: Identifying Potential Risk, Response, and
Due Week 8 and worth 75 points
In Assignment 1, a videogame development company recently hired you as an
Information Security Engineer. After viewing a growing number of reports
detailing malicious activity, the CIO requested that you draft a report in which
you identify potential malicious attacks and threats specific to your
organization. She asked you to include a brief explanation of each item and the
potential impact it could have on the organization.
After reviewing your report, the CIO requests that you develop a follow-up
plan detailing a strategy for addressing all risks (i.e., risk mitigation, risk
assignment, risk acceptance, or risk avoidance) identified in Assignment 1.
Further, your plan should identify controls (i.e., administrative, preventative,
detective, and corrective) that the company will use to mitigate each risk
Write a four to five (4-5) page paper in which you:
- For each of the three (3) or more malicious attacks and / or threats that
you identified in Assignment 1, choose a strategy for addressing the associated
risk (i.e., risk mitigation, risk assignment, risk acceptance, or risk
avoidance). Explain your rationale.
- For each of the three (3) or more malicious attacks and / or threats
identified in Assignment 1, develop potential controls (i.e., administrative,
preventative, detective, and corrective) that the company could use to mitigate
each associated risk.
- Explain in detail why you believe the risk management, control
identification, and selection processes are so important, specifically in this
- Draft a one (1) page Executive Summary that details your strategies and
recommendations to the CIO (Note: The Executive Summary is included in the
assignment’s length requirements).
- Use at least three (3) quality resources in this assignment (no more than
2-3 years old) from material outside the textbook. Note: Wikipedia and similar
Websites do not qualify as quality resources.
Your assignment must follow these formatting requirements:
- Be typed, double spaced, using Times New Roman font (size 12), with one-inch
margins on all sides; references must follow APA or school-specific format.
Check with your professor for any additional instructions.
- Include a cover page containing the title of the assignment, the student’s
name, the professor’s name, the course title, and the date. The cover page and
the reference page are not included in the required page length.
The specific course learning outcomes associated with this assignment
- Explain the concepts of information systems security as applied to an IT
- Describe the principles of risk management, common response techniques, and
issues related to recovery of IT systems.
- Describe how malicious attacks, threats, and vulnerabilities impact an IT
- Explain the means attackers use to compromise systems and networks, and
defenses used by organizations.
- Use technology and information resources to research issues in information
- Write clearly and concisely about network security topics using proper
writing mechanics and technical style conventions.