Part 2 - Risk Assessment Report
Your deliverable for this ITC596 task is an IT Risk Assessment report, written for the intended audience of management providing a risk assessment of a project. The project can be in any of the following areas:
- Cybersecurity
- Internet of Things
- Cloud security
- Mobile health devices
- Bring Your Own Device
- Smart vehicles
- Or an area in your profession
Scenario options:
1.You can work towards the scenario provided below; or
2.You also have the opportunity to choose your own scenario-based risk assessment that could potentially be drawn from your own professional experience or context. The second option requires a discussion with and approval by your Subject Coordinator. The report structure requirements and criteria should be the same regardless of your scenario.
Provided Scenario
You have been hired as the IT Risk Assessment lead consultant for Gigantic Corporation (your specialisation is based on the area you have chosen above). Your role is to be the interface between business stakeholders and technologists, translating potential technical difficulties into risk language to facilitate effective decision-making by stakeholders. You have been engaged to assess a project that falls into your specialised area. Once you complete a full assessment, you are required to provide the IT assessment report to the management in the department or section that is running the project for Gigantic.
How to complete this task:
1.You will write a report on the project IT risks based on the scenario.
2.Your report must be a Microsoft Word document, 10 – 15 pages in length at 12 point font and single spacing. The report must address the following criteria:
•An Executive Summary at the beginning of the report which provides a clear statement of the technology project that is being assessed, and an overview of your recommendations to management as to the merits of the project based on your risk assessment (2 – 3 pages in length).
•A risk assessment based on threats, vulnerabilities and consequences derived from an IT control framework and any existing industry risk recommendations for the project. Identify and discuss the key threat agents. What could be done to mitigate the risks and their impact on the system? (4 – 10 pages in length).
•Provide a brief summary (literature review) of protection mechanisms you could employ for the website security. (2 – 4 pages in length).
3.The report is worth 15 marks of the overall marks available for assessment 3.
Engaging with scenario-based tasks provides you with the opportunity to simulate real world application of your learning in this subject.
Rationale
This assignment is for students to meet the following learning outcomes.
- be able to justify the goals and various key terms used in risk management and assess IT risk in business terms;
- be able to critically analyse the various approaches for mitigating security risk, including when to use insurance to transfer IT risk;
- be able to critically evaluate IT security risks in terms of vulnerabilities targeted by hackers and the benefits of using intrusion detection systems, firewalls and vulnerability scanners to reduce risk.