Risk Assessment Report Instructions
The objective of the research project is to develop an Information Asset Risk Assessment Report for an organization of your choosing.
The analysis should be conducted using only publicly available information (that is, information obtainable on the Internet, company reports, news reports, journal articles, etc.). The risk analysis should consider legitimate, known threats that pertain to the subject organization. Based on the information gathered, presumed vulnerabilities of the company or organizationâ€™s computing and networking infrastructure will be identified. Then, based on the identified threats and vulnerabilities, you will describe the
risk profile for the subject organization and suggest recommendations to mitigate the risks.
Your report should be 12 pages, double-spaced, exclusive of cover, title page, table of contents, endnotes and bibliography. Your paper must use APA formatting with the exception that tables and figures can be inserted at the appropriate location rather than added at the end.
Prior to writing your report, you must submit a short (a page and half) Project Proposal, indicating the name and relevant aspect(s) of the organization you intend to use as a subject for your report. The proposal must be accompanied by an annotated bibliography. A feedback will be provided as to the suitability of your subject and bibliography.Â
Additional details are provided below.
You will submit a project proposal of your Risk Assessment Report.
The project proposal should be a page and half (double spaced) description of the organization that you propose to analyze, with a summary of the scope (e.g., entire organization, key business area, major system, etc.) for the risk assessment you are expected to conduct. The proposal should identify the subject organization with a brief explanation of why you chose the subject for this assignment. The proposal should also describe the research methods to be used and anticipated sources of research information sources. Your instructor will use the proposal to provide feedback on theÂ
suitability of the proposed subject organization and the scope you propose, as well as the suitability of the proposed research methods and information sources. If you do not provide a proposal, you will be preparing their Risk Assessment Reports “at risk;” i.e., they will run the risk of delivering a report that is not suitable for this course.
An important step in developing your Risk Assessment Report will be the construction of an Annotated Bibliography. Having developed and described a subject organization and scope of analysis in the proposal, the next step is to identify and assess the value ofÂ
potential research material. You should identify five (5) to six (6) significant articles relevant to your subject organization and to identifying and assessing risks in a context similar to the scope of your report. For a report of this nature you may expect to find useful sources in both business-focused (e.g., Business Source Premier, Business and Company Resource Center, ABI/Inform) and technically-focused databases (e.g., ACM Digital Library, IEEE, Gartner.com). The annotated bibliography will consist of 100-250Â
words per article, that describe the main ideas of the article, a discussion of the usefulness of such an article in understanding various aspects of you report, and other comments you might have after reading the article. For each article, there should be aÂ
Your Annotated Bibliography will then form the basis of the sources for your report. (You may also supplement the references used in yourÂ
report with additional reference material.)
Some excellent guidance on how to prepare an annotated bibliography can be found at https://www.library.cornell.edu/research/citation/tutorial.