Assignment 6
Outcomes addressed in this Assignment:
Unit Outcomes:
• Conduct a risk assessment
• Develop security standards documentation
Course Outcomes:
IT499-5: Business Analysis: Evaluate the potential impact of
information systems and technology on business
processes.
IT499-6: Project Management: Apply project management
practices, tools, and methods.
Assignment Instructions:
Prepare the Risk Assessment and Security Standards
documentation for your project.
The risk assessment report will range from physical threats,
lack of policy implementation, and malicious
security attacks. For example, a fire and subsequent sprinkler
system could damage servers, cabling, and the
workstations. System vulnerabilities could be exposed due to
not implementing remote OS authentication,
providing unauthorized access to customer data. The lost
laptop left at the airport security scanner with the
passwords disabled could result in any number of
circumstances for compromised data integrity.
Security Standards documentation include identification of
organizational objectives, strategies, and policies,
as well as determination of organizational security
requirements. Discuss the controls and safeguards that are
put in place by the organization to protect against threats,
reduce vulnerabilities, risk, and support
organizational objectives.
This document should follow a structured approach, and you
should use the following outline. The items in
bold should be your paragraph headings. What follows the
headings should be the content of that section.
Make sure that all of the following are covered in your
paper:
• Risk Assessment: Document the vulnerabilities, threats and
risks associated with your project.
• Risk Likelihood and Impact: Rate the possibility of risk
taking place and impact it would have upon
organization, data integrity, public trust, and company
value.
• Organizational requirements: Security requirements of the
organization. Topics may include
administrative and physical safeguards to protect company
and customer data.
• Key Individuals and Access Rights: The key individuals who
should have access to the system. Also
address access rights for sub-contractors and any policies
necessary to grant access on temporary basis.
• Security Policies: Proposed security polices for the new
system and details of any organization security
requirements needed.
• Security Items: Detailed suggestions of software,
hardware, and other security measures required.
• Budget Impact: How will the security costs increase the
proposed budget, if at all?
• Conclusion: Conclusion and reference page.