DQ 1:
There are often projects that initially seem very attractive. However, sometimes it is difficult to fully grasp the financial impact that the project may have on a company. Since modern IT is embedded within an entire organisation, the notion of understanding and managing IT risk is at the forefront of many organisations' leaders' minds. Consider this scenario:
Your boss, the CEO, comes to you and makes the following observation about IT risk: 'I am not happy with our approach to managing risk inside our company. As we continue to rely more heavily on IT and the web for conducting our business, I am fearful we are vulnerable to a security breach'. Then he continues, 'Will you do an assessment of our current IT risk profile and give me your recommendations as to what, if any, changes we should make?'
How should you proceed? What artefacts do you include in your analysis? Why do you include them? For this Discussion, reflect on these questions as they pertain to the given scenario. Then, address this hypothetical CEO's request and present your assessment and procedures to your colleagues.
To complete this Discussion
Post: Create an initial post in which you develop a risk assessment for an organisation of interest to you. Analyse the IT security risks for your chosen organisation and explain what artefacts you include in your risk analysis and why. Using this information, evaluate those IT security risks, in terms of likelihood and impact, and create an IT risk profile. Finally, recommend and explain procedures for mitigating your analysed risks. Fully state and justify any other choices, assumptions or claims that you make using the suggested Learning Resources for this week and/or your own research.