INFORMATION SECURITY, STANDARDS AND CONTROLS

INFORMATION SECURITY, STANDARDS AND CONTROLS

Home work Project

Instructions to Students

3. Standard, acceptable report formatting applies – that is: Margins 1” / Font: Calibri / Font

size: 11 or 12 pt. / Spacing 1.5 or 2.

4. You final submission must not exceed 4 printed pages (exclusive of your personal report)

6. PLAGIARISM SHALL THE SEVERELY PENALIZED

8. You are free to make any assumptions necessary to complete this exercise and can make up

 any information you deem necessary in order to complete this assignment as required.

Assignment Details

Question: After successfully completing 3 years of study at the University, you have been appointed as the Security Manager of your home. You have decided as one of your first tasks is to conduct a risk assessment in order to better understand the various threats and risks facing the home.

You are required to conduct a:-

Risk Assessment (RA) (Qualitative or mixed) employing one of the risk assessment frameworks discussed in class (for example, NIST SP 800‐30)  others mentioned were Cobit, ISO 17799;2005, NIST’s Risk Management guide for information technology system, SP 800-30, OCTAVE, ITIL)            

Your submitted RA report should include the following (10 marks each):

1. Introduction (outlining purpose, supporting policy, framework, methodology, etc.)

2. An identification (and classification) of Asset

3. Threat identification including Likelihood determination and Impact Analysis

4. Vulnerability Identification

5. Controls analysis (i.e. an analysis of existing controls)

6. Overall Risk determination

7. Recommended Mitigation Strategies, including cost benefit analysis

8. Identification of residual risk and decisions wrt. how those risks will be handled   (for example, accept, transfer, avoid

9. Summary

10. Personal report (1 ‐ 2 paragraph) indicating how you have personally benefitted from this assignment.