Order from us for quality, customized work in due time of your choice.
Files are attached below. Rubric is below. Citing and references used must be in APA 7th. Thank you!
In this coursework, you will demonstrate your mastery of the following competencies:
Analyze the design of a risk mitigation plan for its inclusion of best practices in the field
Identify legal and ethical considerations in risk analysis and mitigation within an information technology environment
Scenario
You are a risk management consultant and have been contacted by the
chief information officer (CIO) of Workers Werks Credit Union (WWCU), a
mid-size but growing credit union, to conduct an evaluation of its
current IT cybersecurity risk management plan. Data privacy is a big
concern in the banking sectors, and the CIO is concerned that WWCU’s
current plan is outdated and has significant weaknesses.
In your conversation with the CIO, you gather the following information about the situation:
Current plan: The credit union adopted the current
cybersecurity risk plan three years ago, but the CIO is concerned about
possible gaps in the plan and would like to update it.
Workforce: The credit union has experienced
significant revenue growth, and the number of employees with access to
its IT infrastructure has grown exponentially in the last five years.
WWCU now has nearly 1,000 users with different levels of access to its central database.
Strategy: The credit union is looking to expand
into new markets in the coming year and will need to make significant
changes to its IT infrastructure.
Compliance: The CIO is concerned not only about
legal compliance but also ethical issues related to the protection of
personally identifiable information (PII) of its customers. The company
has set these priorities related to legal and ethical compliance:
Address the current legal environment (domestic and international)
Anticipate emerging issues
Meet industry ethical standards (e.g., SANS IT code of ethics)
Match best practices for risk planning within the industry
Directions
Risk Analysis Report
The CIO is asking you to
prepare a 3–4 page report that evaluates the company’s current IT
Security Risk Management Plan, linked in the Supporting Materials
section.
The report should contain the following:
Scope: Evaluate the scope and comprehensiveness of the current plan.
How does the plan describe its objectives?
How does the plan balance risk and cost?
In what ways does the plan cover the business objectives end to end?
How does the plan address all stakeholders who could be impacted by a cybersecurity attack?
Risk: Determine how the current plan identifies risks.
How does the plan identify the risks, vulnerabilities, and threats
that could impact mission-critical business functions and processes?
How does the plan identify industry-related risks (internal and external)?
Impact: Analyze how the identified risks might impact the organization’s assets.
How does the plan identify key assets and activities that need to be protected?
How does the plan estimate the financial impact of losses?
How does the plan address business continuity and asset replacement?
Mitigation: Evaluate the current plan’s mitigation recommendations.
How effectively does the plan translate the risk assessment into a risk mitigation plan?
How does the plan prioritize risk elements?
Legal Compliance: Assess how the plan addresses legal considerations.
Non-Compliance: Determine how the plan anticipates the implications of non-compliance.
Ethical Considerations: Assess how the plan aligns with current ethical codes within the cybersecurity field.
What to Submit
To complete this project, you must submit the following:
Risk Analysis Report (3–4 pages)
Your report should be 3–4 pages, double spaced, and submitted on a file that your instructor can easily access (.PDF, .doc).
Supporting Materials
The following resource(s) may help support your work on the project:
WORKERS WERKS CREDIT UNION (WWCU) IT Security Risk Management Plan
Description:
This document contains the security risk management plan for software
and hardware implementations throughout WWCU. It covers the management
of all security-related risks during the implementation life cycle. This
is the document you will use to create your analysis report.
Rubric
Criteria Exemplary (100%)
Scope Exceeds proficiency in an exceptionally clear, insightful, sophisticated, or creative manner
Risk Exceeds proficiency in an exceptionally clear, insightful, sophisticated, or creative manner
Impact Exceeds proficiency in an exceptionally clear, insightful, sophisticated, or creative manner
Mitigation Exceeds proficiency in an exceptionally clear, insightful, sophisticated, or creative manner
Legal Compliance Exceeds proficiency in an exceptionally clear, insightful, sophisticated, or creative manner
Non-Compliance Exceeds proficiency in an exceptionally clear, insightful, sophisticated, or creative manner
Ethical Considerations Exceeds proficiency in an exceptionally clear, insightful, sophisticated, or creative manner
Articulation of Response Exceeds proficiency in an exceptionally clear, insightful, sophisticated, or creative manner
Citations and Attributions Uses citations for ideas requiring attribution, with few or no minor errors
Total: 100%
Order from us for quality, customized work in due time of your choice.