Security and Risk Management

Security and Risk Management COURSE CODE: CSF 4003 Security and Risk Management NAME: _________________________________________ ID #: __________________ NAME: _________________________________________ ID #: __________________ NAME: _________________________________________ ID #: __________________ DUE DATE: 1 Nov 2015 Percentage Value against total grade: 10% ACADEMIC HONESTY DECLARATION: This assignment is entirely my own work except where I have duly acknowledged other sources in the text and listed those sources at the end of the assignment. I have not previously submitted this work to the HCT. I understand that I may be orally examined on my submission. I understand that I must not attempt to gain marks dishonestly during an assessed task as this is considered cheating. Helping another student gain marks during an assessed task is also considered cheating. THE PENALTY FOR CHEATING AT HCT IS SEVERE AND INCLUDES PERMANENT DISMISSAL FROM THE COLLEGE. I have read the above information and understand my responsibilities with regard to academic honesty during this assignment. SIGNED: __________________________________________ DATE: ___________________ SIGNED: __________________________________________ DATE: ___________________ SIGNED: __________________________________________ DATE: ___________________ CSF 4003 Assignment 2 Introduction In order to create a comprehensive and meaningful security risk profile for any organization, you must have proper understanding of the organization in question. This includes: current information, IT, and security environment; risk appetite (at the executive/C-level); risk profile of critical information resources. The Scenario Select a company/organization that you can gather information about (this could be your current employer, or an organization with public presence on the internet). For the organization of your choice, create the following questionnaires: 1. IT security questionnaire 2. Enterprise application security risk profile questionnaire Risk Area Description Required Sections Target Participants IT Security Questionnaire Think of it as an IT check to find out what’s in place and what’s missing regarding security of information. • Site security ( three question each with description of the section ) • Network security ( three question each with description of the section) • Data security ( three question each with description of the section) • Device security ( three question each with description of the section) • Internet security ( three question each with description of the section) • Applications security Other: ( three question each with description of the section) • malware, policies, ( three question each with description of the section) • procedures, etc. ( three question each with description of the section) IT Security Team (manager) (The target Required Sections questions will be IT security Team) Application Security Risk Profile Questionnaire The main goal of this questionnaire is to assess the risk sensitivity of a specific enterprise application for your organization. ] • General Information ( three question each with description of the section) • Information Sensitivity Regulatory Requirements ( three question each with description of the section) • Business Requirements (CIAA) ( three question each with description of the section) Application or Resource Owner (The target Required Sections questions will be Application) Content Requirements 1. Provide a description of your organization 2. Provide a description of the application for the second questionnaire 3. Develop the 2 questionnaires (using any software or online tool) 4. Provide sample response data for each questionnaire 5. Provide an analysis of your sample response (what do they mean?) Deliverables and Marking 5 = Excellent, 4 = Very good, 3 = Satisfactory, 2 = Not very good, 1 = Poor Company Description 0= Not done | 1= Poor | 2= Satisfactory |3=Excellent /3 Questionnaire 1 -pre Students submitted preliminary design 0= Not done | 1= Poor | 2= Satisfactory /2 Questionnaire 1 -design /10 Questionnaire 1 –data and analysis /5 Questionnaire 2 –app description 0= Not done | 1= Poor | 2= Satisfactory |3=Excellent /3 Questionnaire 2 -design /10 Questionnaire 2 –data and analysis /5 Total Mark /38