Discussion

Risk Assessment

Risk assessment covers all the steps that you typically follow to identify, evaluate and analyze risk. The process of risk identification includes some of the risk elements that we touched on during Module 1. These include identifying threats, vulnerabilities, assets, and controls that currently exist in the organization. Risk evaluation includes the process of determining the likelihood and impact to an organization, business, or government entity, if vulnerabilities are exploited by the threats, resulting in damage to the asset. Risk analysis helps the organization, business, or government entity to have a comprehensive and realistic view of the risks, and especially determine the effectiveness of existing controls and the gaps that exist between the existing controls and the desired controls. When you assess risks, remember that risks can be man-made or natural. Risk Assessments can and are often conducted employing frameworks such as NIST RMF, ISACA’s Risk IT framework, and COBIT 2019

Overview

Complete your discussion based on the scenario below. Please note that the scenario mirrors a natural event (world-wide pandemic), the COVID-19 outbreak, but is based on a fictitious company. Feel free to make some assumptions as you work on this module’s discussion. 

The scenario:

You work for a U.S.-based company called Hintel, an IT company that manufactures computer chips. The company’s factories handle over 70 percent of its manufacturing operations. The factories are geographically located in China, Italy, and South Africa.

In January 2020, the U.S. Centers for Disease Control (CDC) announced that they were responding to “an outbreak of respiratory disease caused by a novel (new) coronavirus that was first detected in China and which has now been detected in more than 100 locations internationally, including in the United States. The virus has been named SARS-CoV-2 and the disease it causes has been named Coronavirus Disease 2019 (abbreviated COVID-19). On January 30, 2020, the International Health Regulations Emergency Committee of the World Health Organization (WHO) declared the outbreak a public health emergency on International concern.1

Since January 30, 2020 when the outbreak was declared a public health emergency, many businesses have suffered major financial losses due to a temporary loss of confidence in financial markets, restricted movements, and in the case of “Hintel”, the closures of its major factories in China and Italy. The company currently reports approximately $75m in losses per day as a result of this pandemic.”

 1  https://www.cdc.gov/coronavirus/2019-ncov/cases-updates/summary.html (Links to an external site.)

Include the following in your post:

· As the CIO of “Hintel”, identify and describe 3 to 5 focal points that your risk assessment strategy should cover. Justify why you have chosen these focal points.

· What risk assessment framework would you employ? Identify and describe at least 3 significant reasons to justify your choice.

· Besides the financial losses, in what other ways do you see this pandemic impacting “Hintel?” Identify and categorize 3 to 5 risks to “Hintel” in terms of its employees and the overall health of the organization.

Action Items

1. Create discussion post according to the directions in the overview.

2. Read the assignment rubric to understand how your work will be assessed.

Module:

· Chapter 4, Risk Assessment and Analysis (Links to an external site.) , in Rogers & Dunkerley (2016)

· The Phoenix Project: Remediation of a Cybersecurity Crisis at the University of Virginia (Links to an external site.)  Case Study

· NIST Guide for Conducting Risk Assessments (Links to an external site.)

· Risk Assessment Reports Template