Assignment:
NOTE:
1. CONTENT matters here a lot more than anything else - but WILL BE RUN IN A NATIONAL WIDE Dbase - Turnitin for intellectual theft.
2. Please follow the GRADING RUBRIC INSTRUCTIONS (included in attached given fictional scenario of an organization) this way will make the CONTENT to matters.
3. APA format with double space lines will be ideal to make over 15 TO 24 pages
Don't be tempted to use CourseHero or one of the other homework sites. Risk Assessments should have a common set elements. NIST 800-30, Appendix K gives you a template to work from. Your course rubric gives specific details of what must be in the paper for the class.
Lets start with the executive summary. Write this last. Describe the purpose of the assessment, the scope, and the overall level of risk the customer has, as well as listing the risks.
The body of the risk assessment should have the details. For the essential elements of information you must provide for your report, see the grading rubric.
1) Inventory assets and prioritize them in the order of mission criticality - Identify all the components on the network. Which are most critical? Assign them a value from most critical to least critical
2) Evaluate enterprise topology and perimeter protection - Identify the topology and protections in place. Give a detailed description of the same, and describe weaknesses and strengths.
3) Evaluate remote access to the networks - Identify the different ways someone can enter the network remotely. Are there weaknesses that create risk.
4) Evaluate authentication protocols and methodologies - What does the company use? Are there weaknesses? Risks?
5) Evaluate web access protocols and vulnerabilities - What protocols are being used. List them. Are there vulnerabilities?
6) Assign asset values to organization assets for quantitative risk assessment - Perform the appropriate assessment. Table format works well for this type of data.
7) Assess vulnerabilities on each asset - Each asset is vulnerable to something. Out of date O/S, physical protections, improper use. Check the National Vulnerability Database, CVE databse, etc and provide the information
8) Recommend risk mitigation procedures commensurate with asset values - Once you identify a risk to an asset, how do you fix it. You can accept a risk, avoid a risk, limit risk, or transfer risk. Give your rationale for each risk you identify.
Each paper should be approximately 15 to 25 pages written, double space (but single space is ok), 12 pt font for the body of the text, not including figures or illustrations. APA format.