Need one project documentation

1. Introduction: (2 paragraphs, half page)

Introduce the topic you are going to brief to the board of directors (senior management). In this case, it will be me.

1.1 Purpose : (1 paragraph, half page))

What is the purpose of this report? (Summarize the reason why you are performing this analysis? Why did you perform this analysis? (This is your personal summary explaining the reason for this analysis was to meet the requirements for this class).

1.2 Scope of this analysis: (1 paragraph, half page))

Articulate the scope of the analysis you performed. Add limitations you encountered when performing this analysis. (This section will be completed when you have completed your analysis).

2. Analysis Approach: (2 paragraph, 1 page)

Articulate the steps you took to complete this analysis. What method did you use? (Be specific here. You will complete this section after the report is completed, therefore, you will have all the information needed).

2.2 Risk Model Used

Identify the model you used for this analysis (e.g. your risk assessment table). Discuss your table in detail in this section and how it was used. Preliminary information is found in your instructions for this assignment, to include other tables!

3. System Characterization

Discuss the system or organization you analyzed. Be detailed. Include (if possible) charts, etc.

3.1 Technology components

Identify and discuss the technology in use by the organization you analyzed, to include how it is used. Identify and discuss non-technical processes relating to the technical controls as well (e.g. access controls). Be as detailed as possible.

3.2 Physical Location

Identify and discuss the location of the system and/or organization that was reported on, and why (if possible) the report was done. Basically, why did the auditors assess the organization; routine review?

3.3 Data Used/Produced by the System/s identified in the report you analyzed

Discuss the type of data (or information) being processed by the system/organization. This to itself will help to characterize the threat statement (para. 3.7 below).

3.4 Users

After you review the report, identify who the users were of the system/organization. For instance, their specializations. Or, were they customers?

3.5 Flow Diagram

Draw a flow diagram (if possible) of the system/organization you analyzed. I will discuss this during my lecture at residency.

3.6 Vulnerability Statement

Create a table of the ‘top’ five vulnerabilities found from your analysis of the reported findings, and their description. This section will be completed towards the end.

3.7 Threat Statement

Create a table of the threats that exist to the organization being analyzed, and their description. This section will be completed towards the end.

3.8 Risk Assessment

Cut and paste your risk assessment table here (see residency instructions). You will then update this table as you proceed to complete your analysis.

4. Written Component (minimum 12pages)

Note: This is what you would brief to the board of directors about the findings from your analysis of the report. Remember, senior management is more likely not familiar with technical terms, so you need to articulate the findings in words they can understand. This is the challenge we face when briefing executives.

The following is an example of information to include in your narrative:

4.1 A discussion on the importance of why the risk assessment was performed.

4.2 Discuss each threat the organization is facing, and why these threats are relevant. Use internet sources where applicable to augment your points. Include sources and cite them! Use in-text citation at all times!

4.3 Discuss the top five findings and tie them (if possible) to the identified threats.

4.4 Discuss how the found vulnerabilities/risks can impact the organization’s business objectives or any other objectives of the organization/system.

4.5 Include a discussion on information that ‘you’ feel needs to be addressed. This is the portion of your narrative I will pay very close attention to!

4.6 Discuss the recommendations that were made in the report you analyzed, and include the ‘why’ these recommendations should be implemented. More importantly, what are your thoughts about these recommendations?

4.7 Discuss your team’s recommendations to be considered, to include the ‘why’ it should be implemented.

4.8 Use APA format for this portion of the assignment. It must be at the very least 12 pages long, with in-text citations in each paragraph.

Note: Follow the below mentioned table as reference or example

Template to use for your qualitative risk assessment

You will read through the report and look for findings and recommendations from the FISMA audit of the agency’s security practices. Your team’s job will be to develop a qualitative risk assessment from these findings to assess the likelihood and impact. A listing of threats has been prepopulated for you. These threats have been categorized by type as shown below:

Purposeful threats are launched by threat actors for a variety of reasons and the reasons may never be fully known. Threat actors could be motivated by curiosity, monetary gain, political gain, social activism, revenge or many other driving forces. It is possible that some threats could have more than one threat origination category.

Some threat types are more likely to occur than others. The following table takes threat types into consideration to help determine the likelihood that vulnerability could be exploited. The threat table below is designed to offer typical threats to information systems and these threats have been considered for the organization.

Not all of these will be relevant to the findings in your risk assessment, however you will need to identify those that are or potentially may not be.