Select Page

Step 1. Place your order

Fill in the order form and provide all details of your assignment.

Step 2. Make Payment

Choose the payment system that suits you most.

Step 3. Receive your paper

Once your paper is ready, we will email it to you.

Risk Identification Assignment

by | Apr 26, 2022 | IT, Web | 0 comments

 

Place your order now for a similar assignment and have exceptional work written by our team of experts, At affordable rates

For This or a Similar Paper Click To Order Now

ASSIGNMENT – Risk Identification Assignment
****For this order you will simply fill in the banks for the 3 IT assets on the Risk Assessment tab on the Excel****
PURPOSE AND BACKGROUND OF ASSIGNMENT
According to NIST, the goal of a risk assessment is for an organization to understand “the cybersecurity risk to organizational operations.” This exercise will take you through performing a quick and easy risk assessment on IT assets using a Vulnerability Oriented Analysis Approach based on NIST SP800-30R1 Guide for Conducting Risk Assessments at https://nvlpubs.nist.gov/nistpubs/Legacy/SP/nistspecialpublication800-30r1.pdf
For this assignment, imagine the IT Director requested a cybersecurity vulnerability assessment on some of the older IT assets still in use today. The results of the vulnerability scans identified that each of the assets has a known vulnerability that is listed in the National Vulnerability Database (NVD) at https://nvd.nist.gov/vuln
You will use attached excel workbook for this assignment, it has 4 tabs:
Risk Assessment (complete the assessment using this tab): The IT assets are listed, along with the associated known CVE SCORE Reference and CVSS SCORE Reference vulnerability that was identified as part of the vulnerability scanning process.
Other relevant information that you will need to conduct your assessment:
Reference Information: Confidentiality, Integrity and Availability Criteria are listed, along with the Score. A Threat Matrix is provided that identifies the Agent and the Action that Agent has the ability to take. You can supplement this with Threat Actor information found in SP800-30.
Asset List Audit Results: The audit results provides you with a results score for each of the security controls that have been implemented for each of the IT assets.
Protection Controls: The security control families are listed with the score value for the condition of that control.
INSTRUCTIONS FOR CONDUCTING RISK ASSESSMENT AND ANALYSIS
You will use the 4 step Risk Assessment below to conduct the assessment:
***Step 1: Prepare for Assessment
(Derived from Organizational Risk Frame)
***Step 2: Conduct Assessment
(Expanded Task View)
-Identify Threat Sources and Events
-Identify Vulnerabilities and Predisposing Conditions
-Determine Likelihood of Occurrence
-Determine Magnitude of Impact
-Determine Risk
***Step 3: Communicate Results
***Step 4: Maintain Assessment
1) Open the RISK ASSESSMENT TAB worksheet of the excel file
2) Please Review the example provided – Pulse Secure VPN Server 8.2R1.0 gateways Appliance. See column descriptions comments for helpful hints.
3) You are to assess the identified vulnerability using the provided NIST National Vulnerability Database and the Common Vulnerability Exploit web site links. Information on CVSS 3.1, a scoring rubric, and a glossary is available at https://www.first.org/cvss/user-guide
4) Using the information from the CVE, CVSS scores, and referencing the appropriate NIST SP 800-30 Appendices and Tables, Please complete the columns for each IT asset.
– Assess the inherent risk given the existing set of controls.
– Make a recommendation on how to manage the risk.
– Assess the residual risk of each asset.
5) When you have completed your assessment, save the file

Confidentiality

We encrypt everything. It’s all confidential.

Secure Payment

Sleep tight: each transaction is encrypted and 100% secure.

Ready to get started?