Get Instant Help From 5000+ Experts For

Writing: Get your essay and assignment written from scratch by PhD expert

Rewriting: Paraphrase or rewrite your friend's essay with similar meaning at reduced cost

Editing:Proofread your work by experts and improve grade at Lowest cost

And Improve Your Grades
Phone no. Missing!

Enter phone no. to receive critical updates and urgent messages !

Attach file

Error goes here

Files Missing!

Please upload all relevant files for quick & complete assistance.

Guaranteed Higher Grade!
Free Quote
Information Risk Management Assignment: Addressing Real-World Security Incidents with Risk Assessmen

Overview of Assessment

This assignment assesses the following module learning outcomes:
1. Form deep and systematic understanding of relevant standards, such as ISO27001, in the context of Information Security Management.
2. Analyse a broad range of issues related to real-world security issues that face commercial organisations and other institutions.
3. Evaluate and critique the shortcomings of real-world security incidents, and provide clear justification and innovation solutions for how ISMS could help mitigate future incidents.
4. Assess and evaluate the appropriateness of security laws and regulations.
5. Reflect on personal capabilities for the proposal of an ISMS, providing a strong rationale for the methods adopted.

The assignment is worth 75% of the overall mark for the module.
Broadly speaking, the assignment requires you to produce a 3000-word report that provides a critical reflection on a real-world security scenario provided in the case study, with evidence of risk assessment using suitable methodologies, and how this can inform mitigation of future incidents. The assignment also requires the delivery of a 10-minute presentation to disseminate the findings reported in your report, to address the role of 

Management to the wider organisation.
The assignment is described in more detail in section 2. This is an individual assignment.
Working on this assignment will help you to develop your knowledge and understanding of applying risk methodologies to resolve real-world security incidents. It will also help to develop your critical thinking skills for identifying appropriate mitigation strategies to avoid future security incidents. If you have questions about this assignment, please post them to the discussion board “Information Risk Management Assignment” on Blackboard.

Produce a 3000-word report to address a case study of information risk management, informed by a real-world security incident and demonstrating concepts of IRM.

For this assignment, you are provided with the following case study built around a real-world security incident,
Case study: A government organisation has a corporate level risk associated with ‘cyber’.

The organisation envisions risk as, ‘potential vulnerabilities present across our security landscape leads to exposure which enables a cyber incident against the infrastructure, capability, services and applications, which leads to an impact upon Confidentiality, Integrity and/or Availability resulting in reduced resilience, reduced safety, ineffective capabilities, loss of business services, financial impact and reputational damage to UK Government’.

The risk applies to three main business domains:
1. IT & Infrastructure
2. Equipment
3. Logistics & Support services
Each business domain is managed by a separate Director, but collectively they (all three) own the risk. There is a separate Director who is accountable for the risk and they report the status to the Executive Board throughout the year.

Given the complexity of the risk and its significant breadth and depth it’s difficult to establish a baseline level of risk exposure – a pre-mitigation level, which represents the whole business (all three domains). Defining the Risk Appetite (RA) is also challenging given the differences across the domains, the views from each Director, the level of resources available etc.

Considering all of the above, answer the following questions,
1. How would a baseline risk level be established? How can the organisation establish it’s current risk landscape?
2. What approach could be taken to define a risk assessment and risk appetite estimation for the organisation? Can a single approach work or it will be more appropriate to individually assess for each domain?
3. How would the effectiveness of controls (risk response) be measured? What can be risk quantification measures and metrics? How to monitor ongoing (residual) risk?

You have the freedom to select the risk assessment approach. Your critical reflection should also reflect on your choice of risk methodology, and its strengths and limitations.

Prepare an individual videoed PowerPoint presentation for the board of directors’ pitch that reports your findings The presentation should be considered as a pitch to the board of directors to impress the importance and relevance of information risk management in context of the three questions focussed in the report. You should expand beyond what is included in the report to provide greater detail if deemed necessary. The presentation should be delivered as a recorded PowerPoint presentation. The presentation should be designed so that it can be delivered within a time of 10 minutes. This contributes towards 25% of the module’s assessment.

sales chat
sales chat