risk managment 3
The goal of the Risk Management Report is to identify, assess and control the risks facing your organization. This report is meant to be a representation of an the risk management process, and not a comprehensive evaluation of a real organization. For this reason, we will not consider all risks, but only a few representative ones that demonstrate how the process works.
Report Requirements: The Risk Management Report will be divided into three parts, each including one or more worksheets and a description of the contents of the worksheets.
Save your time - order a paper!
Get your paper written from scratch within the tight deadline. Our service is a reliable solution to all your troubles. Place an order on any task and we will take care of it. You won’t have to worry about the quality and deadlines
Order Paper Now
Part One
- Risk Identification – In the Risk Identification stage of risk management, you will identify the assets, the threats and the vulnerabilities facing your organization. In the proposal, you were asked to list assets and threats. In this report you will provide more detail and analysis for these.
- Risk Assessment – In the Risk Assessment stage of risk management, you will assess and compute the risk posed by the vulnerabilities to the assets of your organization. Since this report is meant to be a demonstration of how this process works, and not a comprehensive risk management process, you will consider only three assets in the risk assessment.
Asset Analysis Worksheet:
- Fill out the Asset Analysis Worksheet with the ten most critical assets in your organization. Be sure that you include various types of assets (technology, people, physical, etc.).
- Follow the instructions on the worksheet.
- Provide a written explanation of the following:
- The criteria you have chosen to use.
- The weighting of each criterion.
- The value chosen for the impact on the criterion of losing the asset. Vulnerability Assessment Worksheet:
- Fill out the Vulnerability Assessment Worksheet based on the instructions provided.
- Provide a written explanation of the following:
• Each threat and each vulnerability and why you think they may cause harm to the organization.
Part Two
Ranked Vulnerability Risk Worksheet:
- Fill out the Ranked Vulnerability Risk Worksheet with three of the assets you have identified to be most critical to your organization.
- Follow the instructions on the worksheet.
- Provide a written explanation of the following:
- The likelihood specified for each vulnerability. Sometimes this can be found in statistical information about threats. In other cases, you will have to make an educated guess at the probability that the vulnerability will be exploited. In either case, justify the values that you specify.
Part 3
Risk Control – The Risk Control stage of risk management involves choosing control strategies to manage the risk that faces your organization. You will consider the three assets listed in the Ranked Vulnerability Risk Worksheet and choose a control strategy to mitigate the associated risk. You will perform a Cost Benefit Analysis for each control strategy and determine whether or not it is feasible to implement this control.
Cost Benefit Analysis Worksheet:
- Fill out the Cost Benefit Analysis Worksheet with the three assets addressed in the Vulnerability Risk Worksheet.
- Follow the instructions on the worksheet.
- Provide a written explanation of the following:
- The Exposure Factor for each Asset/Vulnerability pair. This represents the percentage loss that would occur from a given vulnerability being exploited.
- The Annualized Rate of Occurrence for each vulnerability. This may be found through statistical information, or you may need to make an educated guess about how often to expect the vulnerability to be exploited.
- The computation of ALE (post). This represents the Annualized Loss Expectancy after the control has been put into place. Since you have not implemented the control, you do not have this data. However, you can estimate it by considering how the Exposure Factor will be reduced by implementing the control. Please explain how you derived the value for ALE (post) for each vulnerability.
- Provide a written explanation of the following: