Module 1 – Case
Review these documents on systematic risk assessment frameworks, fundamentals, and processes for risk assessment. Matrixes are also suggested to guide detailed risk assessment of threats, their likelihood, and impacts, etc.
(2017) NIST Document: Security and privacy controls for information systems and organizations. Draft NIST Special Publication 800-53 Revision 5, Chapter 3 (p. 15-80).
Allen, B. J. and Loyear, R. (2018). Enterprise security risk management: Concepts and applications. Rothstein Publishing. ISBN:9781944480448 Chapters 4 – Chapter 9. Books 24/7 Version. Available in the Trident Online Library.
After reviewing the above materials, write a 3- to 5-page paper titled:
“How to Systematically Conduct Risk Assessments of Information Systems Security Risks — Fundamentals and Methods”
Address the following issues in your paper:
- The importance of risk management for information systems security
- The principles and fundamentals of risk management of information system security
- The methods of risk assessments including processes, matrix, calculations, etc.
- The challenges and solutions to risk assessments that are particularly interesting to you