Executive Summary On Risk Mitigation Given the information presented in Lesson 1 and the materials from “Assignment: Executive Summary on Risk Analysis,” your task for this assignment is to:
Identify at least five risks to the IT resources.
Write an executive summary report that describes:
The importance of a security policy
Methodology to implement the policies to mitigate the identified risks
Required ResourcesMaterials from Assignment: Executive Summary on Risk AnalysisSubmission Requirements
Format: Microsoft Word
Font: Arial 10-point size, Double-space
Citation Style: Follow your school’s preferred style guide
Length: 500 words minimum
Evaluation Criteria and Rubric
Incorporate the risk analysis executive summary from Lesson 1
Support the importance of a security policy in the executive summary
Suggest methodology to implement the policies to mitigate the identified risks IT Asset Description
Privacy Data Impact
(Critical, Major- minor)
Administration Staff and Teacher’s Desktop Computers
Principal Notebook Computer
Computer Lab Desktops
Network Access (Wired / Wireless)
Lan – Wan Domain
Users (Students and Staff)
PURPOSE OF ANALYSIS
Having analyzed the school’s assets, Ashton Symonds, the principal, drafted an asset list that prioritizes each school’s assets based on how much protection each requires. An analysis of risks has the following objectives:
· To protect the schools’ critical assets
· To prepare an asset list and prioritize the assets based on their importance to the function of the school.
SCOPE OF ANALYSIS
A risk analysis of the school’s critical assets, such as servers and network infrastructure was conducted. However, the scope did not include buildings and facilities. The documentation that we leveraged to assist in the risk analysis from the school included;
· Previous risk assessment Report
· Internal controls that were relevant to this assessment
During the risk analysis, the following steps were used to analyze the schools’ system.
· We combined a list of all the resources that were critical to the school and accompanied it with a brief description of its business value to the school
· By using a series of different techniques to test the system, we identified all the vulnerabilities of the critical resources and included a description of the weakness and how this weakness could affect the school and finally, we had the threats categorized.
· A severity and likelihood rating was done on the threats and a final rating was done based on the CIA triad. The confidentiality (Schaefer et al 2018), integrity, and availability needs of each critical resource.
· For every risk that we identified we recommended an action that would bring the risks into an acceptable range of exposure.
The following assessment was taken,
· The schools’ computers were identified and their business value documented.
· Based on the criticality of the resources the computers were elevated using Confidentiality, Integrity, Availability, and Accountability individual aspects (Livraga & Viviani 2019).
· The most likely and severe risk exposure were identified, and this data used to determine the overall risk exposure
· The ratings on the risk were used to determine recommended safeguards that eventually led to the formation of risking mitigation strategies.
Information exposure by weak authentic that risked the security of the schools’ data. The users should be trained on the importance of security and having secure passwords in place.
Remote access vulnerabilities due to user’s access of data over the internet to the server. there should be malware installed and antivirus installed to ensure safety during the wireless connections.
Unlocked workstations or user machines could lead to the manipulation of data by unauthorized users. Workstations should always be shut down when not in use. Users need to be taught and aware of the importance of data security.
The servers are the most important based on their ability to store the schools’ data, the teachers’ workstations are next as they enable teachers to perform data entry and the rest follow in the order of necessity to everyday use.
Livraga, G., & Viviani, M. (2019, November). Data confidentiality and information credibility in online ecosystems. In Proceedings of the 11th International Conference on Management of Digital EcoSystems (pp. 191-198).
Schaefer, I., Runge, T., Knüppel, A., Cleophas, L., Kourie, D., & Watson, B. W. (2018, November). Towards confidentiality-by-construction. In International Symposium on Leveraging Applications of Formal Methods (pp. 502-515). Springer, Cham.
US Department of Education (ED). (2021, August 25). Family educational rights and Privacy act (ferpa). Home. https://www2.ed.gov/policy/gen/guid/fpco/ferpa/index.html.