Module 11: IT Security Controls, Plans, and Procedures
Risk Assessment (100 points)
You are a senior information technology analyst at your company, or at a company you are familiar with. You have
been charged with the task of developing a detailed risk assessment methodology. For this assignment, you should
submit a report in which you discuss various risk assessments methodologies, then adopt a methodology and
strongly justify your selection.
Your well-written paper should meet the following requirements:
Be 3-4 pages in length, not including the title and reference pages.
Include two external references in addition to the textbook. The Saudi Digital Library is a good
source for resources.
Your paper must follow APA style guidelines, citing references as appropriate.
Below the nots and requirement we have to meet.
Risk assessment methodology. Chapter 14 & 15 mostly have all the answers have a look there to
Please read carefully the below notes highlighted with green color, and make sure you give an answers with full details
for each one of them I received from the professor.
Find appropriate place for each question and note.
-The question is; what can they do to mitigate risk? Consider outsourcing and having another company take the risks.
-Insuring against the risk, just like we purchase car, home and health insurance.
-Risk cannot be avoided. The company wants to understand all the possible risks and categorize them, so they can be
-Sometimes we get a group together and have posits and ask the question: “what if”. This helps us to think outside the
box and look at risks that we did not initially consider.
-The company can look at best practices like NIST.
-Consider what you can do with risk: Assume the risk, avoid it, mitigate and/or transfer it.
-Even the lowest risk can be exploited by hackers. All the risks should be addressed and mitigated.
Please follow the headlines below if you see it’s a good or you can make better one.
Support all your answers from the 4 below standards with details.
Risk Assessment Methodologies
Give a good Introduction about the 4 below Standards, and provide more details about
"Risk Assessment" in the other section in the CT.
1-National Institute of Standards and Technology (NIST)
2-Facilitated Risk Assessment Process (FRAP)
4-Operationally, Critical, Threat, Asset and Vulnerability Evaluation (OCTAVE)
Identification of Threats/Risks/Vulnerabilities:
1- Analyzing System Threats
Support the answers from the 4 above standards
Risk = (Probability that threat occurs) * (Cost to organization)
Environmental and Physical Threats:
How to treat the risk if accrue
Risk Treatment: Give introduction
2- Analyze Existing Controls
Table 14.2 Risk Likelihood in the Book
Please add 3 modern REFERENCES which is after 2014-2016
And 3 REFERENCES 2005-2010
Purchase answer to see full