Assignment:
The purpose of this assignment is to develop a risk model, define the risk program goals, and communicate the program implementation strategy.
Using the company selected for the assignments, establish a comprehensive security risk program for the organization. Write a 750 to 1,000 word executive summary that contains the following information.
Introduction
1. Summarize the company security profile developed for the Topic 5 assignment.
2. Identify the regulatory compliance and control standards to which the company must adhere.
Risk Management Framework
1. Justify the selected risk management framework (e.g., NIST 800-37, OCTAVE Allegro, FAIR, FRAAP, NIST 800-30).
2. Define the steps within the risk management framework being adopted.
3. Include a workflow diagram (created from MS Vision, OpenDraw, or other drawing software) that illustrates how management will make effective decisions for each stage.
4. Describe how architecture and system updates will be selected and applied.
Risk Management Program
1. Explain how the SRR and TVM integrate into the framework (i.e. which steps are they integrated within, or which step do they follow after).
2. Discuss the life cycle for the program, including activities such as vulnerability management, risk identification, risk rating/prioritization, security risk review, architecture changes audits, etc.
Conclusion
Summarize the benefits of applying the framework for the company.
Prepare this assignment according to the guidelines found in the APA Style Guide, located in the Student Success Center. An abstract is not required.
You are required to submit this assignment to LopesWrite. A link to the LopesWrite technical support articles is located in Course Materials if you need assistance.
Benchmark Information
This benchmark assignment assesses the following programmatic competencies:
MS Information Technology Management
Evaluate the components of IT governance frameworks to ensure regulatory compliance within organizations.
MS Information Assurance and Cybersecurity
Evaluate the components of IT governance frameworks to ensure regulatory compliances within organizations.