Assignment: Role- Computer Security Program Manager (CSPM)
Management Briefing
The PowerPoint will be a briefing to senior management that could be used to present the findings of the risk assessment to management. The briefing will identify the system that was assessed, provide a brief description of the assessment process used, state the conclusions of the assessment, and recommend a course of action to management.
At the end of Week 6, the senior management-level briefing will be posted to the Project Discussion topic in the Week 7 Discussion forum and discussed among class members during that week. Differences in approach and findings will be identified and the ramifications of those differences will be discussed. Discussion, however, is not limited to these two topics but is expected to be "freewheeling" (where anything is fair game, but please use discretion).
Risk Assessment Report
The risk assessment report will contain a simple risk management matrix that can be easily read and understood by senior management so that management can make an appropriate risk management decision.
Risk Management Matrix
The risk management matrix will be a matrix with at least the following columns.
1. Risk description
2. What adversary might exploit this risk
3. Estimated likelihood of exploitation
4. Impact if the risk is exploited
5. Recommended course of action
At least three risks must be identified. Students are at liberty to add columns and rows to the risk management matrix if deemed necessary. Keep in mind this matrix is for senior management's use.
The following table is a sample to use.
|
Brief Description of Risk
|
Adversary (Who Might Exploit this Risk)
|
Likelihood
|
Impact
|
Course of Action
|
|
Risk 1
|
|
|
|
|
|
Risk 2
|
|
|
|
|
|
Risk 3
|
|
|
|
|