Security and Risk Management

Security and Risk Management

COURSE CODE: CSF 4003
Security and Risk Management
NAME: _________________________________________ ID #: __________________
NAME: _________________________________________ ID #: __________________
NAME: _________________________________________ ID #: __________________
DUE DATE: 1 Nov 2015
Percentage Value against total grade: 10%
ACADEMIC HONESTY DECLARATION:
This assignment is entirely my own work except where I have duly acknowledged other sources in the text and listed those sources at the end of the assignment. I have not previously submitted this work to the HCT. I understand that I may be orally examined on my submission.
I understand that I must not attempt to gain marks dishonestly during an assessed task as this is considered cheating. Helping another student gain marks during an assessed task is also considered cheating. THE PENALTY FOR CHEATING AT HCT IS SEVERE AND INCLUDES PERMANENT DISMISSAL FROM THE COLLEGE.
I have read the above information and understand my responsibilities with regard to academic honesty during this assignment.

SIGNED: __________________________________________ DATE: ___________________
SIGNED: __________________________________________ DATE: ___________________
SIGNED: __________________________________________ DATE: ___________________

CSF 4003 Assignment 2
Introduction
In order to create a comprehensive and meaningful security risk profile for any organization, you must have proper understanding of the organization in question. This includes: current information, IT, and security environment; risk appetite (at the executive/C-level); risk profile of critical information resources.
The Scenario
Select a company/organization that you can gather information about (this could be your current employer, or an organization with public presence on the internet). For the organization of your choice, create the following questionnaires:
1. IT security questionnaire
2. Enterprise application security risk profile questionnaire
Risk Area Description Required Sections Target Participants
IT Security
Questionnaire
Think of it as an IT check to find out what’s in place and what’s missing regarding security of information.

• Site security ( three question each with description of the section )
• Network security ( three question each with description of the section)
• Data security ( three question each with description of the section)
• Device security ( three question each with description of the section)
• Internet security ( three question each with description of the section)
• Applications security Other: ( three question each with description of the section)
• malware, policies, ( three question each with description of the section)
• procedures, etc. ( three question each with description of the section)
IT Security
Team
(manager)
(The target Required Sections questions will be IT security Team)
Application
Security Risk
Profile
Questionnaire
The main goal of this questionnaire is to assess the risk sensitivity of a specific enterprise application for your organization. ]
• General Information ( three question each with description of the section)
• Information Sensitivity Regulatory Requirements ( three question each with description of the section)
• Business Requirements (CIAA) ( three question each with description of the section)
Application or Resource
Owner (The target Required Sections questions will be Application)

Content Requirements
1. Provide a description of your organization
2. Provide a description of the application for the second questionnaire
3. Develop the 2 questionnaires (using any software or online tool)
4. Provide sample response data for each questionnaire
5. Provide an analysis of your sample response (what do they mean?)

Deliverables and Marking
5 = Excellent, 4 = Very good, 3 = Satisfactory, 2 = Not very good, 1 = Poor
Company Description 0= Not done | 1= Poor | 2= Satisfactory |3=Excellent /3
Questionnaire 1 -pre Students submitted preliminary design 0= Not done | 1= Poor | 2= Satisfactory /2
Questionnaire 1 -design /10
Questionnaire 1 –data and analysis /5
Questionnaire 2 –app description 0= Not done | 1= Poor | 2= Satisfactory |3=Excellent /3
Questionnaire 2 -design /10
Questionnaire 2 –data and analysis /5
Total Mark /38