Assignment 2: Organizational Risk Appetite and Risk Assessment
Due Week 4 and worth 50 points
Imagine that a software development company has just appointed you to lead a risk assessment project. The Chief Information Officer (CIO) of the organization has seen reports of malicious activity on the rise and has become extremely concerned with the protection of the intellectual property and highly sensitive data maintained by your organization. The CIO has asked you to prepare a short document before your team begins working. She would like for you to provide an overview of what the term “risk appetite” means and a suggested process for determining the risk appetite for the company. Also, she would like for you to provide some information about the method(s) you intend to use in performing a risk assessment.
Write a two to three page paper in which you:
1. Analyze the term “risk appetite”. Then, suggest at least one practical example in which it applies.
2. Recommend the key method(s) for determining the risk appetite of the company.
3. Describe the process of performing a risk assessment.
4. Elaborate on the approach you will use when performing the risk assessment.
5. Use at least three quality resources in this assignment. Note: Wikipedia and similar Websites do not qualify as quality resources.
Your assignment must follow these formatting requirements:
· This course requires use of Strayer Writing Standards (SWS). The format is different than other Strayer University courses. Please take a moment to review the SWS documentation for details.
· Include a cover page containing the title of the assignment, the student’s name, the professor’s name, the course title, and the date. The cover page and the reference page are not included in the required assignment page length.
The specific course learning outcomes associated with this assignment are:
· Describe the components and basic requirements for creating an audit plan to support business and system considerations.
· Describe the parameters required to conduct and report on IT infrastructure audit for organizational compliance.
· Use technology and information resources to research issues in security strategy and policy formation.
· Write clearly and concisely about topics related to information technology audit and control using proper writing mechanics and technical style conventions.
Assignment 3: Evaluating Access Control Methods
Due Week 6 and worth 50 points
Imagine that you are the Information Systems Security Specialist for a medium-sized federal government contractor. The Chief Security Officer (CSO) is worried that the organization's current methods of access control are no longer sufficient. In order to evaluate the different methods of access control, the CSO requested that you research: mandatory access control (MAC), discretionary access control (DAC), and role-based access control (RBAC). Then, prepare a report addressing positive and negative aspects of each access control me.
Assignment 2 Organizational Risk Appetite and Risk AssessmentDu.docx
1. Assignment 2: Organizational Risk Appetite and Risk
Assessment
Due Week 4 and worth 50 points
Imagine that a software development company has just
appointed you to lead a risk assessment project. The Chief
Information Officer (CIO) of the organization has seen reports
of malicious activity on the rise and has become extremely
concerned with the protection of the intellectual property and
highly sensitive data maintained by your organization. The CIO
has asked you to prepare a short document before your team
begins working. She would like for you to provide an overview
of what the term “risk appetite” means and a suggested process
for determining the risk appetite for the company. Also, she
would like for you to provide some information about the
method(s) you intend to use in performing a risk assessment.
Write a two to three page paper in which you:
1. Analyze the term “risk appetite”. Then, suggest at least one
practical example in which it applies.
2. Recommend the key method(s) for determining the risk
appetite of the company.
3. Describe the process of performing a risk assessment.
4. Elaborate on the approach you will use when performing the
risk assessment.
5. Use at least three quality resources in this
assignment. Note: Wikipedia and similar Websites do not
qualify as quality resources.
Your assignment must follow these formatting requirements:
· This course requires use of Strayer Writing Standards (SWS).
The format is different than other Strayer University courses.
Please take a moment to review the SWS documentation for
details.
· Include a cover page containing the title of the assignment, the
student’s name, the professor’s name, the course title, and the
date. The cover page and the reference page are not included in
2. the required assignment page length.
The specific course learning outcomes associated with this
assignment are:
· Describe the components and basic requirements for creating
an audit plan to support business and system considerations.
· Describe the parameters required to conduct and report on IT
infrastructure audit for organizational compliance.
· Use technology and information resources to research issues in
security strategy and policy formation.
· Write clearly and concisely about topics related to information
technology audit and control using proper writing mechanics
and technical style conventions.
Assignment 3: Evaluating Access Control Methods
Due Week 6 and worth 50 points
Imagine that you are the Information Systems Security
Specialist for a medium-sized federal government contractor.
The Chief Security Officer (CSO) is worried that the
organization's current methods of access control are no longer
sufficient. In order to evaluate the different methods of access
control, the CSO requested that you research: mandatory access
control (MAC), discretionary access control (DAC), and role-
based access control (RBAC). Then, prepare a report addressing
positive and negative aspects of each access control method.
This information will be presented to the Board of Directors at
their next meeting. Further, the CSO would like your help in
determining the best access control method for the organization.
Write a three to five page paper in which you:
1. Explain in your own words the elements of the following
methods of access control:
a. Mandatory access control (MAC)
b. Discretionary access control (DAC)
c. Role-based access control (RBAC)
2. Compare and contrast the positive and negative aspects of
employing a MAC, DAC, and RBAC.
3. Suggest methods to mitigate the negative aspects for MAC,
3. DAC, and RBAC.
4. Evaluate the use of MAC, DAC, and RBAC methods in the
organization and recommend the best method for the
organization. Provide a rationale for your response.
5. Speculate on the foreseen challenge(s) when the organization
applies the method you chose. Suggest a strategy to address
such challenge(s).
6. Use at least three quality resources in this
assignment. Note: Wikipedia and similar Websites do not
qualify as quality resources.
Your assignment must follow these formatting requirements:
· This course requires use of Strayer Writing Standards (SWS).
The format is different than other Strayer University courses.
Please take a moment to review the SWS documentation for
details.
· Include a cover page containing the title of the assignment, the
student's name, the professor's name, the course title, and the
date. The cover page and the reference page are not included in
the required assignment page length.
The specific course learning outcomes associated with this
assignment are:
· Analyze information security systems compliance
requirements within the User Domain.
· Use technology and information resources to research issues in
security strategy and policy formation.
· Write clearly and concisely about topics related to information
technology audit and control using proper writing mechanics
and technical style conventions.
8 DISCUSSIONS (200 words each)
1
"Audit Findings and Business Processes"
· Per the text, audit findings focus on four areas: criteria,
circumstance, cause, and impact. Determine the area that you
believe might be the most difficult to complete. Justify your
4. response. Then, propose a method to address the difficulties you
identified.
2
"Monitoring the User Domain"
· It is common knowledge that employees are a necessary part
of any business. Identify three best practices in the user domain
and suggest the control type(s) (technical or manual) that are
best suited to monitor each best practice.
· Determine the impact that factors such as physical security,
device type, and open source software might have on the
choices that are made.
3
"Forming the CSIRT" Please respond to the following:
· Determine what you believe are the top two considerations
that should be addressed when forming the CSIRT in terms of
skills, abilities, procedures, training, deployment, etc.
· Explain what you believe to be the most critical flaw or failure
when it comes to CSIRT organization and preparation. Suggest
ways management can avoid this pitfall altogether.
4
"Team Communication…Tested!" Please respond to the
following:
· From the e-Activity, explain in your own words the purpose of
the Software Engineering Institute’s (SEI) exercises regarding
team communication, and determine whether or not you believe
this type of testing and analysis is a beneficial use of resources.
Justify your answer.
· Based on the testing and analysis described in the e-Activity,
indicate the two most important things that you believe are
needed in order for cross-team communication to be successful
when dealing with potential widespread incidents.
5
"Containment and IR Strategies" Please respond to the
following:
· Explain why it is important for a business to have a specific
plan of action, processes, and / or a set of guidelines to manage
5. potential security incidents that may arise. Support your answer
with a real-life example. Be sure to clearly identify the business
as well as the potential security incident in your example.
· Discuss the role of incident containment in an incident
response strategy and how a lack of planning for containment is
a potential pitfall for any response strategy.
6
"SIEM and Incident Response" Please respond to the following:
· From the e-Activity, explain in your own words the purpose of
security information and event management (SIEM) solutions
and how this category of tools can assist an incident response
team. Also determine whether or not you believe the “golden
hour” is a realistic and attainable response goal. Justify your
answer.
· Compare and contrast two SIEM tools of your choice based on
their common uses and market reputation. Determine which of
these tools you would prefer to use as part of an incident
response strategy and explain why.
7
"Encryption in Investigations" Please respond to the following:
· Discuss in your own words the effects that encryption can
have on incident response activities, and explain how the use of
encryption technologies could prove to be detrimental to an
investigation.
· Devise an example of an incident where encryption could be
used as protection from an intruder or attacker, and determine
the actions that could be taken by the incident responders to
manage the situation.
8
"e-Discovery in Action" Please respond to the following:
· From the e-Activity, explain the top three reasons why you
believe organizations may be unprepared to manage incidents
effectively and in a timely fashion. Provide real-world examples
to support your chosen reasons.
· From the e-Activity, determine which of the seven
recommendations to improve e-Discovery and incident
6. management you would consider the most important for
organizations to address. Justify your answer.
Communicating professionally and ethically is one of the
essential skill sets we can teach you at Strayer. The following
guidelines will ensure:
· Your writing is professional
· You avoid plagiarizing others, which is essential to writing
ethically
· You give credit to others in your work
Visit Strayer’s Academic Integrity Center for more information.
Winter 2019
https://pslogin.strayer.edu/?dest=academic-support/academic-
integrity-center
Strayer University Writing Standards 2
� Include page numbers.
� Use 1-inch margins.
� Use Arial, Courier, Times New Roman, or Calibri font style.
� Use 10-, 11-, or 12-point font size for the body of your text.
� Use numerals (1, 2, 3, and so on) or spell out numbers (one,
two, three, and so on).
Be consistent with your choice throughout the assignment.
7. � Use either single or double spacing, according to assignment
guidelines.
� If assignment requires a title page:
· Include the assignment title, your name, course title, your
professor’s name, and the
date of submission on a separate page.
� If assignment does not require a title page (stated in the
assignment details):
a. Include all required content in a header at the top of your
document.
or b. Include all required content where appropriate for
assignment format.
Examples of appropriate places per assignment: letterhead of a
business letter
assignment or a title slide for a PowerPoint presentation.
� Use appropriate language and be concise.
� Write in active voice when possible. Find tips here.
� Use the point of view (first, second, or third person) required
by the assignment
guidelines.
� Use spelling and grammar check and proofread to help
ensure your work is error free.
� Use credible sources to support your ideas/work. Find tips
here.
� Cite your sources throughout your work when you borrow
8. someone else’s words or ideas.
Give credit to the authors.
� Look for a permalink tool for a webpage when possible
(especially when an electronic
source requires logging in like the Strayer Library). Find tips
here.
� Add each cited source to the Source List at the end of your
assignment. (See the Giving
Credit to Authors and Sources section for more details.)
� Don’t forget to cite and add your textbook to the Source List
if you use it as a source.
� Include a Source List when the assignment requires research
or if you cite the textbook.
� Type “Sources” centered on the first line of the page.
� List the sources that you used in your assignment.
� Organize sources in a numbered list and in order of use
throughout the paper. Use the
original number when citing a source multiple times.
� For more information, see the Source List section.
General Standards
Use Appropriate
Formatting
Title Your Work
Write Clearly
9. Cite Credible
Sources
Build a
Source List
https://owl.english.purdue.edu/owl/resource/539/01/
http://libdatab.strayer.edu/login?url=http://search.ebscohost.co
m/login.aspx?direct=true&db=ers&AN=98402046&site=eds-
live&scope=site
https://cdnapisec.kaltura.com/index.php/extwidget/preview/part
ner_id/956951/uiconf_id/38285871/entry_id/1_w9soryj6/embed/
dynamic
Strayer University Writing Standards 3
Writing Assignments
Strayer University uses several different types of writing
assignments. The Strayer University
Student Writing Standards are designed to allow flexibility in
formatting your assignment and
giving credit to your sources. This section covers specific areas
to help you properly format
and develop your assignments. Note: The specific format
guidelines override guidelines in the
General Standards section.
Paper and Essay
Specific Format
Guidelines
PowerPoint or
Slideshow Specific
Format Guidelines
10. � Use double spacing throughout the body of your assignment.
� Use a consistent 12-point font throughout your assignment
submission. (For
acceptable fonts, see General Standards section.)
� Use the point of view (first or third person) required by the
assignment guidelines.
� Section headings can be used to divide different content
areas. Align section
headings (centered) on the page, be consistent, and include at
least two section
headings in the assignment.
� Follow all other General Standards section guidelines.
� Title slides should include the project name (title your work
to capture attention if
possible), a subtitle (if needed), the course title, and your name.
� Use spacing that improves professional style (mixing single
and double spacing as
needed).
� Use a background color or image on slides.
� Use Calibri, Lucida Console, Helvetica, Futura, Myriad Pro,
or Gill Sans font styles.
� Use 28-32 point font size for the body of your slides (based
on your chosen font
style). Avoid font sizes below 24-point.
� Use 36-44 point font size for the titles of your slides (based
11. on chosen font style).
� Limit content per slide (no more than 7 lines on any slide
and no more than 7
words per line).
� Include slide numbers when your slide show has 3+ slides.
You may place the
numbers wherever you like (but be consistent).
� Include appropriate images that connect directly to slide
content or presentation
content.
� Follow additional guidelines from the PowerPoint or
Slideshow Specific Format
Guidelines section and assignment guidelines.
Strayer University Writing Standards 4
Giving Credit to Authors and Sources
When quoting or paraphrasing another source, you need to give
credit by using an in-text
citation. An in-text citation includes the author’s last name and
the number of the source from
the Source List. A well-researched assignment has at least as
many sources as pages (see
Writing Assignments for the required number of sources). Find
tips here.
Option #1: Paraphrasing
Rewording Source Information in Your Own Words
· Rephrase the source information in your words.
12. Be sure not to repeat the same words of the author.
· Add a number to the end of your source (which will tie
to your Source List).
· Remember, you cannot just replace words of the
original sentence.
ORIGINAL SOURCE
“Writing at a college level requires informed
research.”
PARAPHRASING
As Harvey wrote, when writing a paper for
higher education, it is critical to research and
cite sources (1).
When writing a paper for higher education,
it is imperative to research and cite sources
(Harvey, 1).
Option #2: Quoting
Citing Another Person’s Work Word-For-Word
· Place quotation marks at the beginning and the end of
the quoted information.
· Add a number to the end of your source (which will tie
to your Source List).
· Do not quote more than one to two sentences
(approximately 25 words) at a time.
13. · Do not start a sentence with a quotation.
· Introduce and explain quotes within the context of
your paper.
ORIGINAL SOURCE
“Writing at a college level requires informed
research.”
QUOTING
Harvey wrote in his book, “Writing at a college
level requires informed research” (1).
Many authors agree, “Writing at a college
level requires informed research” (Harvey, 1).
http://libdatab.strayer.edu/login?url=http://search.ebscohost.co
m/login.aspx?direct=true&db=ers&AN=98402046&site=eds-
live&scope=site
Strayer University Writing Standards 5
Page Numbers
When referencing multiple pages in a text book or other
large book, consider adding page numbers to help the
reader understand where the information you referenced
can be found. You can do this in three ways:
a. In the body of your paper;
or b. In the citation;
14. or c. By listing page numbers in the order they were
used in your paper on the Source List.
Check with your instructor or the assignment guidelines to
see if there is a preference based on your course.
Example
IN-TEXT CITATION
(Harvey, 1, p. 16)
In the example, the author is Harvey, the source list number
is 1, and the page number that this information can be
found on is page 16.
Multiple Sources (Synthesizing)
Synthesizing means using multiple sources in one sentence
or paragraph (typically paraphrased) to make a strong
point. This is normally done with more advanced writing,
but could happen in any writing where you use more than
one source.
The key here is clarity. If you paraphrase multiple sources
in the same sentence (of paragraph if the majority of the
information contained in the paragraph is paraphrased),
you should include each source in the citation. Separate
sources using semi-colons (;) and create the citation in
the normal style that you would for using only one source
(Name, Source Number).
SYNTHESIZED IN-TEXT CITATION
(Harvey, 1; Buchanan, 2)
In the example, the authors Harvey and Buchanan were
15. paraphrased to help the student make a strong point.
Harvey is the first source on the source list, and Buchanan is
the second source on the source list.
Traditional Sources
Strayer University Writing Standards 6
Discussion Posts
When quoting or paraphrasing a source for discussion
threads, include the source number in parenthesis after the
body text where you quote or paraphrase. At the end of
your post, type the word “Sources” and below that include
a list of any sources that you cited.
If you pulled information from more than one source,
continue to number the additional sources in the order that
they appear in your post.
For more information on building a Source List Entry, see
Source List section.
SAMPLE POST
The work is the important part of any writing
assignment. According to Smith, “writing
things down is the biggest challenge” (1).
This is significant because…
The other side of this is also important. It is
noted that “actually writing isn’t important as
much as putting ideas somewhere useful” (2).
16. SOURCES
1. William Smith. 2018. The Way Things Are.
http://www.samplesite.com/writing
2. Patricia Smith. 2018. The Way Things Really
Are. http://www.betterthansample.com/tiger
A web source is any source accessed through an internet
browser. Before using any source, first determine its credibility.
Then decide if the source is appropriate and relevant for your
project. Find tips here.
Home Pages
A home page is the main page that loads when you type
a standard web address. For instance, if you type Google.
com into the web browser, you will be taken to Google’s
home page.
If you do need to cite a home page, use the webpage’s
title from the browser. This found by moving your mouse
cursor over the webpage name at the top of the browser.
When citing a homepage, it is likely because there is a news
thread, image, or basic piece of information on a company
that you wish to include in your assignment.
Specific Web Pages
If you are using any web page other than the home page,
include the specific title of the page and the direct link (when
possible) for that specific page in your Source List Entry.
If your assignment used multiple pages from the same author/
source, create separate Source List Entries for each page
when possible (if the title and/or web address is different).
Web Sources
17. https://owl.purdue.edu/owl/research_and_citation/conducting_re
search/evaluating_sources_of_information/index.html
Strayer University Writing Standards 7
Effective Internet Links
When sharing a link to an article with your instructor and
classmates, start with a brief summary and why you chose
to share it.
Be sure to check the link you’re posting to be sure it will
work for your classmates. They should be able to just click
on the link and go directly to your shared site.
Share vs. URL Options
Cutting and pasting the URL (web address) from your browser
may not allow others to view your source. This makes it hard
for people to engage with the content you used.
To avoid this problem, look for a “share” option and choose
that when possible so your classmates and professor
get the full, direct link. Always test your link(s) before
submitting to make sure they work.
If you cannot properly share the link, include the article as an
attachment. Interested classmates and your professor can
reference the article shared as an attachment. Find tips here.
POOR EXAMPLE
Hey check out this article: http://www.
Jobs4You.FED/Jobs_u_can_get
18. BETTER EXAMPLE
After reading the textbook this week, I
researched job sites. I found an article on how
to find the best job site depending on the job
you’re looking for. The author shared some
interesting tools such as job sites that collect job
postings from other sites and ranks them from
newest to oldest, depending on category. Check
out the article at this link: http://www.Jobs4You.
FED/Jobs_u_can_get
Charts, images, and tables should be centered and followed by
an in-text citation. Design your page and place a citation
below the chart, image, or table. When referring to the chart,
image, or table in the body of the assignment, use the citation.
On your Source List, provide the following details of the visual:
· Author’s name (if created by you, provide your name)
· Date (if created by you, provide the year)
· Type (Chart, Image, or Table)
· How to find it (link or other information – See Source List
section for additional details).
Charts, Images, and Tables
https://nyti.ms/24L5XkV
Strayer University Writing Standards 8
Source List
The Source List (which includes the sources that you used in
your assignment) is a new page
19. you add at the end of your paper. The list has two purposes: it
gives credit to the authors that
you use and gives your readers enough information to find the
source without your help. Build
your Source List as you write.
· Type “Sources” at the top of a new page.
· Include a numbered list of the sources you used in your paper
(the numbers
indicate the order in which you used them).
1. Use the number one (1) for the first source used in the paper,
the number
two (2) for the second source, and so on.
2. Use the same number for a source if you use it multiple
times.
· Ensure each source includes five parts: author or
organization, publication date,
title, page number (if needed), and how to find it. If you have
trouble finding
these details, then re-evaluate the credibility of your source.
· Use the browser link for a public webpage.
· Use a permalink for a webpage when possible. Find tips here.
· Instruct your readers how to find all sources that do not have
a browser link
or a permalink.
· Separate each Source List Element with a period on your
Source List.
AUTHOR PUBLICATION DATE TITLE PAGE NO. HOW TO
20. FIND
The person(s) who
published the source. This
can be a single person,
a group of people, or an
organization. If the source
has no author, use “No
author” where you would
list the author.
The date the source was
published. If the source
has no publication date,
use “No date” where you
would list the date.
The title of the
source. If the
source has no title,
use “No title”
where you would
list the title.
The page
number(s) used. If
the source has no
page numbers,
omit this section
from your Source
List Entry.
Instruct readers how to find
all sources. Keep explanations
simple and concise, but
provide enough information
22. Source List Elements
Strayer University Writing Standards 9
1. Michael Harvey. 2013. The Nuts & Bolts of College Writing.
p. 1. http://libdatab.strayer.edu/
login?url=http://search.ebscohost.com/login.aspx
1. Michael Harvey, 2013, The Nuts & Bolts of College Writing,
http://libdatab.strayer.edu/login?url=http://search.
ebscohost.com/login.aspx
2. William R. Stanek. 2010. Storyboarding Techniques chapter
in Effective Writing for Business, College and Life. http://
libdatab.strayer.edu/login?url=http://search.ebscohost.com/login
.aspx?direct=true&db=nlebk&AN=359141&site=e
ds-live&scope=site&ebv=EB&ppid=pp_23
3. Zyad Hicham. 2017. Vocabulary Growth in College-Level
Students’ Narrative Writing. http://libdatab.strayer.edu/
login?url=http://search.ebscohost.com/login.aspx?direct=true&d
b=edsdoj&AN=edsdoj.9b7fad40e529462bafe3a936
aaf81420&site=eds-live&scope=site
4. Anya Kamenetz. July 10, 2015. The Writing Assignment That
Changes Lives. https://www.npr.org/sections/
ed/2015/07/10/419202925/the-writing-assignment-that-changes-
lives
23. 5. Brad Thor. June 14, 2016. The Best Writing Advice I Ever
Got. http://time.com/4363050/brad-thor-best-writing-advice/
6. Karen Hertzberg. June 15, 2017. How to Improve Writing
Skills in 15 Easy Steps. https://www.grammarly.com/blog/
how-to-improve-writing-skills/
7. Roy Peter Clark. 2008. Writing Tools: 55 Essential Strategies
for Every Writer. p.55-67. Book on Amazon.com.
8. C.M. Gill. 2014. The Psychology of Grading and Scoring
chapter in Essential Writing Skills for College & Beyond.
Textbook.
9. ABC Company’s Policy & Procedures Committee. No Date.
Employee Dress and Attendance Policy. Policy in my office.
10. Henry M. Sayre. 2014. The Humanities: Culture, Continuity
and Change, Vol. 1. This is the HUM111 textbook.
11. Savannah Student. 2018. Image. http://www.studentsite.com
12. Don Dollarsign. 2018. Chart.
http://www.allaboutthemoney.com
13. Company Newsletter Name. 2018. Table. Company
Newsletter Printed Copy (provided upon request).
C1: OffC2: OffC3: OffC6: OffC9: OffC13: OffC16: OffC4:
OffC7: OffC10: OffC14: OffC17: OffC18: OffC19: OffC20:
OffC21: OffC22: OffC5: OffC8: OffC11: OffC15: OffC12:
OffButton 1: Button 2: C23: OffC28: OffC25: OffC29: OffC24:
OffC30: OffC26: OffC31: OffC33: OffC27: OffC32: OffC35:
OffC36: OffC37: OffC34: Off