The purpose of this assignment is to develop a risk model, define the risk program goals, and communicate the program implementation strategy.
Using the company selected for the Topic 5 and Topic 6 assignments, establish a comprehensive security risk program for the organization. Write a 750-1,000 word executive summary that contains the following information.
Introduction
Summarize the company security profile developed for the Topic 5 assignment.
Identify the regulatory compliance and control standards to which the company must adhere.
Risk Management Framework
Justify the selected risk management framework (e.g., NIST 800-37, OCTAVE Allegro, FAIR, FRAAP, NIST 800-30).
Define the steps within the risk management framework being adopted.
Include a workflow diagram (created from MS Vision, OpenDraw, or other drawing software) that illustrates how management will make effective decisions for each stage.
Describe how architecture and system updates will be selected and applied.
Risk Management Program
Explain how the SRR and TVM integrate into the framework (i.e. which steps are they integrated within, or which step do they follow after).
Discuss the life cycle for the program, including activities such as vulnerability management, risk identification, risk rating/prioritization, security risk review, architecture changes audits, etc.
Conclusion
Summarize the benefits of applying the framework for the company.
Prepare this assignment according to the guidelines found in the APA Style Guide, located in the Student Success Center. An abstract is not required.
You are required to submit this assignment to LopesWrite. A link to the LopesWrite technical support articles is located in Course Materials if you need assistance.
Benchmark Information
This benchmark assignment assesses the following programmatic competencies:
MS Information Technology Management
3.3: Evaluate the components of IT governance frameworks to ensure regulatory compliance within organizations.
MS Information Assurance and Cybersecurity
1.4: Evaluate the components of IT governance frameworks to ensure regulatory compliances within organizations.