Security and Risk Management
In order to create a comprehensive and meaningful security risk profile for any organization, you must have proper understanding of the organization in question. This includes: current information, IT, and security environment; risk appetite (at the executive/C-level); risk profile of critical information resources.
The Scenario
Select a company/organization that you can gather information about (this could be your current employer, or an organization with public presence on the internet). For the organization of your choice, create the following questionnaires:
1. IT security questionnaire
2. Enterprise application security risk profile questionnaire
Risk Area Description Required Sections Target Participants
IT Security
Questionnaire
Think of it as an IT check to find out what’s in place and what’s missing regarding security of information. •
•
•
•
•
•
• Site security
Network security
Data security
Device security
Internet security
Applications security Other: malware, policies, procedures, etc. IT Security
Team
(manager)
Application
Security Risk
Profile
Questionnaire
The main goal of this questionnaire is to assess the risk sensitivity of a specific enterprise application for your organization. •
•
• General Information
Information Sensitivity
Regulatory
Requirements
Business Requirements
(CIAA) Application or Resource
Owner
Content Requirements
1. Provide a description of your organization
2. Provide a description of the application for the second questionnaire
3. Develop the 2 questionnaires (using any software or online tool)
4. Provide sample response data for each questionnaire
5. Provide an analysis of your sample response (what do they mean?)
6. Justify each step you do (reason of writing your answer)
Deliverables and Marking
5 = Excellent, 4 = Very good, 3 = Satisfactory, 2 = Not very good, 1 = Poor
Company Description 0= Not done | 1= Poor | 2= Satisfactory |3=Excellent /3
Questionnaire 1 -pre Students submitted preliminary design 0= Not done | 1= Poor | 2= Satisfactory /2
Questionnaire 1 -design /10
Questionnaire 1 –data and analysis /5
Questionnaire 2 –app description 0= Not done | 1= Poor | 2= Satisfactory |3=Excellent /3
Questionnaire 2 -design /10
Questionnaire 2 –data and analysis /5
Total Mark /38