Research Paper Project

The objective of this project is to develop a Risk Assessment Report for a company, government agency, or other organization. The analysis will be conducted using only publicly available information (that is, information obtainable on the Internet (using a browser), company reports, news reports, journal articles, etc.). The risk analysis should consider legitimate, known threats that pertain to the subject organization. Based on the information gathered, presumed vulnerabilities of the company or organization’s computing and networking infrastructure will be identified. Then, based on the identified threats and vulnerabilities you will describe the risk profile for the subject organization and suggest recommendations to mitigate the risks. The students will demonstrate in the Research Paper project their ability to communicate clearly and acquisition, application and integration of knowledge skills. We will have rubrics to evaluate risk analysis subject matter competency and communications and knowledge competencies.

You will submit a brief proposal (page and half long, double-spaced) in session 4. The proposal should include description of the organization you are proposing to analyze, scope (e.g., entire organization, key business area, major system, etc.) for the risk assessment, research methods to be used and preliminary list of research information sources and references. Your instructor will provide feedback on the suitability of the proposed subject organization and the scope, as well as the suitability of the proposed research methods and information sources.

The final output is a paper 12 pages (double-spaced) long, exclusive of cover, title page, table of contents, endnotes and bibliography. The paper must use APA formatting and reference citations with the exception that tables and figures can be inserted at the appropriate location rather than added at the end. This report is due during the 11th week of the course.

Here is my additional instruction for your risk assessment report. I recommend you use figures/numbers (hypothetical ones) to drive your analysis in your report. You are encouraged to create multiple tables to host these figures/numbers. Your report should consist of the following sections: (1) Background: Network Layout; (2) Assets that Need to Be Protected [Choose only 2-3 items]; (3) Threat Analysis; (4) Vulnerability Analysis ; (5) Risk Analysis: (5.1) Likelihood Analysis; (5.2) Impact Analysis; (6) Countermeasures and Their Cost; (7) Cost-Benefit Analysis; (8) Decision; (9) Conclusion. For each analysis above, you only analyze the 2-3 asset items selected. However, you need to perform analysis on each item in each section. The decision that you are going to make is related to mitigating risks, transferring risks, accepting risks, or avoiding risks. I am certain that you will enjoy your analysis