Assignment: Executive Summary on Risk Analysis
Given the information presented in Lesson 1 and the materials from “Assignment: Executive Summary on Risk Analysis,” your task for this assignment is to:
- Identify at least five risks to the IT resources.
- Write an executive summary report that describes:
- The importance of a security policy
- Methodology to implement the policies to mitigate the identified risks
Required ResourcesMaterials from Assignment: Executive Summary on Risk AnalysisSubmission Requirements
- Format: Microsoft Word
- Font: Arial 10-point size, Double-space
- Citation Style: Follow your school’s preferred style guide
- Length: 500 words minimum
Evaluation Criteria and Rubric
- Incorporate the risk analysis executive summary from Lesson 1
- Support the importance of a security policy in the executive summary
- Suggest methodology to implement the policies to mitigate the identified risks
| Asset Description | IT
Infrastructure domain |
Privacy Data Impact | Assessment
(Critical, Major- minor) |
Quantitative value
|
| Administration Server | Systems/Application Domain | FERPA | Critical | $10,000 |
| Student’s Server | Systems/Application Domain | FERPA | Critical | $10,000 |
| Administration Staff and Teacher’s Desktop Computers | Workstation Domain | FERPA | Critical | $5,000 |
| Principal Notebook Computer | Workstation Domain | FERPA | Critical | $1,500 |
| Computer Lab Desktops | Workstation Domain | FERPA | Minor | $5,000 |
| Student’s Laptops | Workstation Domain | FERPA | Major | $1,000 |
| Network Access (Wired / Wireless) | Lan – Wan Domain | FERPA | Major | $5,000 |
| Users (Students and Staff) | User Domain | FERPA | Critical |
EXECUTIVE SUMMARY
PURPOSE OF ANALYSIS
Having analyzed the school’s assets, Ashton Symonds, the principal, drafted an asset list that prioritizes each school’s assets based on how much protection each requires. An analysis of risks has the following objectives:
· To protect the schools’ critical assets
· To prepare an asset list and prioritize the assets based on their importance to the function of the school.
SCOPE OF ANALYSIS
A risk analysis of the school’s critical assets, such as servers and network infrastructure was conducted. However, the scope did not include buildings and facilities. The documentation that we leveraged to assist in the risk analysis from the school included;
· Previous risk assessment Report
· Internal controls that were relevant to this assessment
ASSESSMENT STEPS
During the risk analysis, the following steps were used to analyze the schools’ system.
· We combined a list of all the resources that were critical to the school and accompanied it with a brief description of its business value to the school
· By using a series of different techniques to test the system, we identified all the vulnerabilities of the critical resources and included a description of the weakness and how this weakness could affect the school and finally, we had the threats categorized.
· A severity and likelihood rating was done on the threats and a final rating was done based on the CIA triad. The confidentiality (Schaefer et al 2018), integrity, and availability needs of each critical resource.
· For every risk that we identified we recommended an action that would bring the risks into an acceptable range of exposure.
The following assessment was taken,
· The schools’ computers were identified and their business value documented.
· Based on the criticality of the resources the computers were elevated using Confidentiality, Integrity, Availability, and Accountability individual aspects (Livraga & Viviani 2019).
· The most likely and severe risk exposure were identified, and this data used to determine the overall risk exposure
· The ratings on the risk were used to determine recommended safeguards that eventually led to the formation of risking mitigation strategies.
FINDINGS SUMMARY
Information exposure by weak authentic that risked the security of the schools’ data. The users should be trained on the importance of security and having secure passwords in place.
Remote access vulnerabilities due to user’s access of data over the internet to the server. there should be malware installed and antivirus installed to ensure safety during the wireless connections.
Unlocked workstations or user machines could lead to the manipulation of data by unauthorized users. Workstations should always be shut down when not in use. Users need to be taught and aware of the importance of data security.
The servers are the most important based on their ability to store the schools’ data, the teachers’ workstations are next as they enable teachers to perform data entry and the rest follow in the order of necessity to everyday use.
References
Livraga, G., & Viviani, M. (2019, November). Data confidentiality and information credibility in online ecosystems. In Proceedings of the 11th International Conference on Management of Digital EcoSystems (pp. 191-198).
Schaefer, I., Runge, T., Knüppel, A., Cleophas, L., Kourie, D., & Watson, B. W. (2018, November). Towards confidentiality-by-construction. In International Symposium on Leveraging Applications of Formal Methods (pp. 502-515). Springer, Cham.
US Department of Education (ED). (2021, August 25). Family educational rights and Privacy act (ferpa). Home. https://www2.ed.gov/policy/gen/guid/fpco/ferpa/index.html.
