OverviewAs you learned from this module’s resources, one of the most important steps in a systems planning phase involves analyzing a business case. A business case provides background information on the organization that plans to implement a new system. It often includes an organizational mission statement, a problem statement for the current system, and stakeholder interviews. Analyzing the business case allows an IT project team to develop a system requirements specification (SRS) and an implementation plan that addresses the needs of the business.PromptImagine that you are the systems engineer leading a project to implement a new software system for a healthcare organization, Millennia HealthCenter (MHC). In order to plan for the project, you have to better understand the organization and its needs for a new system. Review the following documents to strategize how your team can implement an IT solution:Business case for Millennia HealthCenter (Document Attached Below***)Interviews with the stakeholders: (Skateholders Interviews Document Attached Below***)DoctorNurseBusiness AdminPharmacistThe workflow of existing system and processes (Document Attached Below***)By thoroughly reviewing these documents, you will have a better idea as to why MHC plans to implement a new system. You will use the information you learned about the organization, its processes, and the users to help you develop an SRS. For the purpose of this activity, you will work on the Introduction section of your SRS for Millennia HealthCenter’s new IT system.After you have reviewed all of the files:Download the Systems Requirements Specification Template (Template Attached Below***)Create the Introduction content, which must include:System purposeSystem scopeSystem overviewSystem contextSystem functionsUser characteristicsGuidelines for SubmissionUpload and submit your template with the Introduction section completed.If you want to get ahead or take notes on the sections after the introduction, you have the option to do so. Only the Introduction section will be graded by your instructor for this activity.Activity RubricCriteriaExemplary (100%)Proficient (85%)Needs Improvement (55%)Not Evident (0%)ValueSystem PurposeExceeds proficiency in an exceptionally clear, insightful, sophisticated, or creative mannerIdentifies the purpose of the system and its intended audienceShows progress toward proficiency, but with errors or omissions; areas for improvement may include providing more detail so a project team can understand the purposeDoes not attempt criterion10System ScopeExceeds proficiency in an exceptionally clear, insightful, sophisticated, or creative mannerDefines the problems that the system will resolve, the vision for the system, and what the system may or may not be able to doShows progress toward proficiency, but with errors or omissions; areas for improvement may include addressing more completely the limitations of the systemDoes not attempt criterion15System OverviewExceeds proficiency in an exceptionally clear, insightful, sophisticated, or creative mannerProvides an overview of the system, such as its important aspectsShows progress toward proficiency, but with errors or omissions; areas for improvement may include highlighting multiple components of the systemDoes not attempt criterion10System ContextExceeds proficiency in an exceptionally clear, insightful, sophisticated, or creative mannerDescribes the context of the system, such as who will be using the system, where the system will be used, the industry and organizations that will use the system, and the various interfaces that will interact with the systemShows progress toward proficiency, but with errors or omissions; areas for improvement may include greater consideration as to how the system will interact with users and other systemsDoes not attempt criterion15System FunctionsExceeds proficiency in an exceptionally clear, insightful, sophisticated, or creative mannerDescribes the main functionality of the system, such as how the current system functions and how the new system will differ from the current systemShows progress toward proficiency, but with errors or omissions; areas for improvement may include more ways in which the system will functionDoes not attempt criterion20User CharacteristicsExceeds proficiency in an exceptionally clear, insightful, sophisticated, or creative mannerDescribes the characteristics of the users who will be using the system once it is implementedShows progress toward proficiency, but with errors or omissions; areas for improvement may include descriptions of more key usersDoes not attempt criterion20Articulation of ResponseExceeds proficiency in an exceptionally clear, insightful, sophisticated, or creative mannerClearly conveys meaning with correct grammar, sentence structure, and spelling, demonstrating an understanding of audience and purposeShows progress toward proficiency, but with errors in grammar, sentence structure, and spelling, negatively impacting readabilitySubmission has critical errors in grammar, sentence structure, and spelling, preventing understanding of ideas5Citations and AttributionsUses citations for ideas requiring attribution, with few or no minor errorsUses citations for ideas requiring attribution, with consistent minor errorsUses citations for ideas requiring attribution, with major errorsDoes not use citations for ideas requiring attribution5Total:100%

Cybersecurity is all about managing risk. Risk cannot be totally eliminated in most cases but you need to understand your internal environment and the various threats against it. Then you need to take the necessary steps to mitigate or control them based on the risk appetite of the company. In the class session and with the learning activities you have learned a great deal about Risk Management, Risk Analysis, Risk Identification, and Risk Controls (NIST documents). This is an opportunity for you as the CISO to practice your Risk Management skills. This is a “hands-on” experiential learning experience. In this assignment, you will be identifying and describing assets, vulnerabilities and mitigation strategies. Select (5) information assets from your company inventory that you feel are important to the success of your company. Provide a high level description of each information asset and then briefly explain why each of these information assets is important. An information asset can be just about anything that is important to your company such as: Hardware: ex. Your company’s web server Software: ex. A new mobile app Company Information: ex. Your product’s secret recipe Customer Data: ex. Customer’s credit card numbers, PII, others For each of the (5) identified assets, determine its appropriate classification category and corresponding value to the profitability of the company. You must also include an explanation of your classification scheme and how you are determining the profit value so your audience understands your reasoning. Use visual elements to display your information. A portion of your grade will be based on how you communicate your information. For each Asset, select (1) vulnerability that you believe is most worrisome for that particular Asset. Provide a high level description of the vulnerability and then briefly explain why you chose it. You should have a total of (5) vulnerabilities when this part of the analysis is complete: 1 vulnerability per asset. For each of the (5) identified vulnerabilities, determine their corresponding probability and impact consequence. You decide how to represent the probability and impact consequence but you must also include an explanation of your decision process so your audience understands your reasoning. Use visual elements to display your information. You can use a numerical score, a color scheme or even High/Medium/Low type system. A portion of your grade will be based on how you communicate your information. 1 Finally, determine the appropriate risk mitigation strategy and the appropriate security controls for each of the (5) identified vulnerabilities. You must also include an explanation of your controls and why they are the best choice for the particular vulnerability. Most risks will require more than a single control to mitigate them. Your 5 assets, 5 vulnerabilities, 5+ controls (recommendations) should be listed in a table. Remember CIA and data classification are important. Additionally, likelihood of occurrence is a good way to highlight critical and high risk items in an effort to prioritize and focus the executives attention and budget priorities. Once your tables(s) are created they are also a good way to summarize your risk report and ask for their permission to move forward with the recommended plans. Your assignment should be in a “Word” document (not .pdf) format to allow me to provide feedback within the document. Upload your Risk Project in the word file in the Risk information assignment box. Please be sure to name the word file document using the following naming convention to make it easier for everyone to manage: <lastname_Risk> (ex: Blanke_Risk) Grading Metrics – Risk Report 100 points The Asset portion of this assignment will be worth (30 pts)The Vulnerability portion of this assignment will be worth (30 pts)The Mitigation portion of this assignment will be worth (20 pts)Keep in mind that how well you visually represent all this information in an easy to understand format will be part of the grading criteria. You will not receive full credit if all you use is text to complete this assignmentProvide a Reference List and use APA formatting within your report. I should see that you are using at least 10 references for your report and your book plus a specific part of the lecture should be one of those references (20 pts) Grading Metrics – Risk Presentation – 50 points Prepare 3-5 .ppt slides (30 points)These should be professionally developed (10 points)Each slide should have notes of what you are saying to the Executives (10) 2