Assignment
2: Organizational Risk Appetite and Risk Assessment
Due
Week 4 and worth 100 points
Imagine
that a software development company has just appointed you to lead a risk
assessment project. The Chief Information Officer (CIO) of the organization has
seen reports of malicious activity on the rise and has become extremely
concerned with the protection of the intellectual property and highly sensitive
data maintained by your organization. The CIO has asked you to prepare a short
document before your team begins working. She would like for you to provide an
overview of what the term “risk appetite” means and a suggested process for
determining the risk appetite for the company. Also, she would like for you to
provide some information about the method(s) you intend to use in performing a
risk assessment.
Write
a two to three (2-3) page paper in which you:
1.
Analyze the term “risk
appetite”. Then, suggest at least one (1) practical example in which it
applies.
2.
Recommend the key method(s) for
determining the risk appetite of the company.
3.
Describe the process of
performing a risk assessment.
4.
Elaborate on the approach you
will use when performing the risk assessment.
5.
Use at least three (3) quality
resources in this assignment. Note: Wikipedia
and similar Websites do not qualify as quality resources.
Your
assignment must follow these formatting requirements:
·
Be typed, double spaced, using
Times New Roman font (size 12), with one-inch margins on all sides; citations
and references must follow APA or school-specific format. Check with your
professor for any additional instructions.
·
Include a cover page containing
the title of the assignment, the student’s name, the professor’s name, the
course title, and the date. The cover page and the reference page are not included
in the required assignment page length.
The
specific course learning outcomes associated with this assignment are:
·
Describe the components and
basic requirements for creating an audit plan to support business and system
considerations.
·
Describe the parameters
required to conduct and report on IT infrastructure audit for organizational
compliance.
·
Use technology and information
resources to research issues in security strategy and policy formation.
·
Write clearly and concisely
about topics related to information technology audit and control using proper
writing mechanics and technical style conventions.
Clickhereto
view the grading rubric.
