Risk Management

  Produce a 3000-word report to address a case study of information risk management, informed by a real-world security incident and demonstrating concepts of IRM. For this assignment, you are provided with the following case study built around a real-world security incident, Case study: Imagine you are in charge of an organisational risk management strategy across three distinct departments of the organisation. The organisation envisions risk as, ‘potential vulnerabilities present across our security landscape leads to exposure which enables a cyber incident against the infrastructure, capability, services and applications, which leads to an impact upon Confidentiality, Integrity and/or Availability resulting in reduced resilience, reduced safety, ineffective capabilities, loss of business services, financial impact and reputational damage to UK Government’. The risk applies to three main business domains: 1. IT & Infrastructure 2. Equipment 3. Logistics & Support services Each business domain is managed by a separate Director, but collectively they (all three) own the risk. There is a separate Director who is accountable for the risk, and they report the status to the Executive Board throughout the year. Given the complexity of the risk and its significant breadth and depth it’s difficult to establish a baseline level of risk exposure – a pre-mitigation level, which represents the whole business (all three domains). Defining the Risk Appetite (RA) is also challenging given the differences across the domains, the views from each Director, the level of resources available etc. Considering all of the above, answer the following questions, 1. How would a baseline risk level be established? How ISMS and FAIR can be applicable to organisation. 2. What approach could be taken to define a risk assessment and can a single approach work or it will be more appropriate to individually assess for each domain? Along with risk analysis and treatment strategies. 3. How would the effectiveness of controls (risk response) be measured? What can be risk quantification measures and metrics? How to monitor ongoing (residual) risk? You are expected to use risk assessment methodologies as covered in this module with critical reflection on your choice of risk methodology, and its strengths and limitations.You have the freedom to select the risk assessment approach. The report should be written as a technical report for the board of directors. The report is expected to be no more than 3000 words.  
We are here to help
We have crazy offers
It’s quick and easy to place an order. We have an efficient customer service that works 24/7 to assist you.It’s quick and easy to place an order. We have an efficient customer service that works 24/7 to assist you.

We are here and ready to help

Order Now

IS IT YOUR FIRST TIME HERE? WELCOME

USE COUPON "11OFF" AND GET 11% OFF YOUR ORDERS

PLACE AN ORDER NOW REGISTER NOW