WEEK 4 CIS 349 Assignment 2

Assignment 2: Organizational Risk Appetite and Risk Assessment ..
Due Week 4 and worth 70 points
Imagine you have just been hired as an Information Assurance Officer and the leader of business impact analysis (BIA) and risk assessment team for a video game development company. The organization network structure is identified in the network diagram below and specifically contains:
  • 2 firewalls
  • 3 file servers
  • 1 Web / FTP server
  • 1 wireless access point (WAP)
  • 1 exchange email server
  • 100 desktop / laptop computers
  • 1 Network Intrusion Detection System (NIDS)
  • In-house PKI environment
  • 2 Windows 2008 Active Directory Domain Controllers (DC)
  • VoIP telephone system
The Chief Information Officer (CIO) has seen reports of malicious activity on the rise and has become extremely concerned with the protection of the intellectual property and highly sensitive data maintained by your organization. As one of your first tasks with the organization, the CIO requests your help.
Write a three (300 words per page) page paper in which you:
  1. Conduct an organizational business impact analysis (BIA) and determine which information assets need to have a risk assessment performed.
  2. Conduct an organizational risk assessment and provide an initial report that includes the following:
    1. Identify information assets and prioritize identified assets.
    2. Define risks and prioritize the risks.
    3. Identify the critical asset(s) and its associated risks.
  3. Based on your BIA and risk assessment initial report, evaluate the current network and organizational requirements and complete the following:
    1. Identify one (1) risk that should be accepted by the organization. Explain why.
    2. Identify one (1) risk that should be avoided by the organization. Explain why and how it should be avoided.
    3. Identify one (1) risk that should be shared by the organization. Explain why and how it should be shared.
    4. Identify one (1) risk that should be controlled by the organization. Explain why and how it should be controlled.
  4. Identify the organization’s risk appetite. Provide the organization with recommendations of where action(s) need to be planned and your approach to mitigate the risks.
  5. Explain why you have chosen the approach and how it can be completed.
  6. Use at least three (3) quality resources in this assignment. Note: Wikipedia and similar Websites do not qualify as quality resources.
Your assignment must follow these formatting requirements:
  • Be typed, double spaced, using Times New Roman font (size 12), with one-inch margins on all sides; citations and references must follow APA or school-specific format. Check with your professor for any additional instructions.
  • Include a cover page containing the title of the assignment, the student’s name, the professor’s name, the course title, and the date. The cover page and the reference page are not included in the required assignment page length.



preview of the answer..

Organizational Risk Appetite and Risk Assessment

Business Impact Analysis helps to establish the significance of company activities by assessing or evaluating the impact overtime. When undertaking a Business Impact Analysis, there is a great need to take into consideration all the resources available to the company as well as their use (Hiles, 2002). As the Information Assurance Officer of the organization, I believe it is critical to start the risk assessment process by examining the 3 file servers because they act as the central data storage and are used to manage the organization’s data files. In fact, these servers are used in storing confidential company information as well as customer data. In an instance …

1044 words APA

Share this paper
Open Whatsapp chat
Can we help you?