Identifying Potential Risk,
Response, and Recovery
A videogame development company recently hired you
as an Information Security Engineer. After viewing a growing number of reports
detailing malicious activity, the CIO requested that you draft a report in
which you identify potential malicious attacks and threats specific to your
organization. She asked you to include a brief explanation of each item and the
potential impact it could have on the organization.
After reviewing your report, the CIO requests that
you develop a follow-up plan detailing a strategy for addressing all risks
(i.e., risk mitigation, risk assignment, risk acceptance, or risk avoidance)
identified in Assignment 1. Further, your plan should identify controls (i.e.,
administrative, preventative, detective, and corrective) that the company will
use to mitigate each risk previously identified.
Write a four to five (4-5) page paper in which you:
1
For each of the three (3) or more malicious attacks
and / or threats that you identified in Assignment 1, choose a strategy for
addressing the associated risk (i.e., risk mitigation, risk assignment, risk
acceptance, or risk avoidance). Explain your rationale.
2
For each of the three (3) or more malicious attacks
and / or threats identified in Assignment 1, develop potential controls (i.e.,
administrative, preventative, detective, and corrective) that the company could
use to mitigate each associated risk.
3
Explain in detail why you believe the risk
management, control identification, and selection processes are so important,
specifically in this organization.
4
Draft a one (1) page Executive Summary that details
your strategies and recommendations to the CIO (Note: The Executive Summary is
included in the assignment’s length requirements).
5
Use at least three (3) quality resources in this
assignment (no more than 2-3 years old) from material outside the textbook.
Note: Wikipedia and similar Websites do not qualify as quality resources.
Your assignment must follow these formatting
requirements:
•
Be typed, double spaced, using Times New Roman font
(size 12), with one-inch margins on all sides; references must follow APA or
school-specific format. Check with your professor for any additional
instructions.
•
Include a cover page containing the title of the
assignment, the student’s name, the professor’s name, the course title, and the
date. The cover page and the reference page are not included in the required
page length.
The specific course learning outcomes associated with
this assignment are:
•
Explain the concepts of information systems
security as applied to an IT infrastructure.
•
Describe the principles of risk management, common
response techniques, and issues related to recovery of IT systems.
•
Describe how malicious attacks, threats, and
vulnerabilities impact an IT infrastructure.
•
Explain the means attackers use to compromise
systems and networks, and defenses used by organizations.
•
Use technology and information resources to
research issues in information systems security.
•
Write clearly and concisely about network security
topics using proper writing mechanics and technical style conventions.
