Unit 3 Assignment Directions: Risk Assessment
Purpose
Using the NIST SP 800-37 (https://csrc.nist.gov/pubs/sp/800/37/r2/final) framework, conduct a thorough analysis of your company’s current security posture to conduct a comprehensive risk assessment. Prepare and submit a detailed risk assessment report summarizing your findings in a maximum of ten (10) pages, double-spaced, and following APA 7th edition guidelines. You may use charts and graphs as needed.
Task
Risk Assessment: Prepare a comprehensive risk assessment report covering all of the following components:
- Scope and Objectives: Define the scope and objectives of the risk assessment.
- Critical Functions: Identify and prioritize critical functions and assets to be protected within your company.
- Identify what items or information needs to be collected and secured.
- Potential Threats and Likelihood: Evaluate potential threats and assess their likelihood of occurrence.
- Vulnerabilities: Identify vulnerabilities within the current security architecture.
- Controls Assessment: Assess existing security controls in place.
- Security Gaps: Identify any gaps in security measures.
- Risk of Uncovered Gaps: Evaluate the risk associated with not covering identified security gaps. For example, perform a Business Impact Analysis, a brief overview detailing what business functions could be impacted as the result of a threat or vulnerability.
- Mitigations: Suggest potential mitigations to address identified risks and gaps.
- Assumptions and Limitations: Document any assumptions or limitations in the assessment process.
Follow this Rubric to complete the work.
