Risk Management Report IT & Computer Science Coursework (Coursework Sample)

Swinburne University of TechnologyFaculty of Business and LawGroup Assessment FormGeneral AspectSpecific AspectAHMADJASHANSATINDERPALAMRITPALGroup ProcessAttended a large majority of group meetings5444Maintained contact with other group members5555Communicated constructively to discussion4544Generally was cooperative in group activities5554Encouraged and assisted other group members4445The TasksMade a genuine attempt to complete all jobs agreed by the group5554Made an intellectual contribution to the completion of tasks5554Did their fair share of the work5454Read and commented in a timely manner on any documents4445Contributed a significant amount (measured in ideas as well as in writing) to any required documents e.g. reports or presentations4544OverallBased on your ratings and comments above, this student’s contribution overall since the last assessment? 46464543Assume that your group receives $100 for you project. How would you divide this money among all the group members (including yourself) based on the contribution to the project since the last assessment?26262523 Executive SummaryThis report is dedicated towards providing risk analysis of Caduceus Partner Pty Ltd. A dedicated team has reviewed the risks associated with IS/IT/ information security management practices and their impact, by identifying the key source of threats, threat events, vulnerabilities in existing practices and controls. In addition to IT risks, risks related to business strategy of company, management, legal, regulatory and compliance issues have also been reviewed. A safeguard implementation plan has been proposed by prioritizing the risks. For risk assessment, team has utilized qualitative analysis guided by NIST SP 800-30 Revision 1 framework. It has been found that the company has some high strategic, managerial and technical risks. The strategy of Outsourcing of IT, future outsourcing of medical services and non-alignment of business expansion strategy with already strained systems have potential to cause serious risks, if adequate controls are not imposed. Similarly, the regulatory compliance and not practicing due diligence can lead to various risks; overloaded IT systems and inadequate back up contracts are also high-risk issues. The controls have been recommended in safeguard plan. It is recommended that management should practice due care and due diligence, where needed on their parts.The risk review is only based on the information provided in the case study. Given nature of project does not allow for exploration or observation of organisational operations. Therefore, in absence of detailed information and observation, certain assumptions have been made with regards to assuming the current controls implemented by Caduceus.Table of Contents TOC \o "1-3" \h \z \u Executive Summary PAGEREF _Toc495692802 \h 21.Introduction PAGEREF _Toc495692803 \h 42.Risk Assessment Approach PAGEREF _Toc495692804 \h 43.Scope and Limitations PAGEREF _Toc495692805 \h 44.System Characterization and Scope PAGEREF _Toc495692806 \h 55.Risk Assessment PAGEREF _Toc495692807 \h 75.1 Threat, Vulnerability Identification and Predisposing Conditions PAGEREF _Toc495692808 \h 75.2 Control Analysis PAGEREF _Toc495692809 \h 175.3Likelihood Determination and Impact Analysis PAGEREF _Toc495692810 \h 205.4 Risk Determination PAGEREF _Toc495692811 \h 326.Risk Mitigation PAGEREF _Toc495692812 \h 336.1 Prioritize Action PAGEREF _Toc495692813 \h 336.2 Safeguard Implementation Plan PAGEREF _Toc495692814 \h 336.3 Residual Risk PAGEREF _Toc495692815 \h 367.Summary PAGEREF _Toc495692816 \h 36References PAGEREF _Toc495692817 \h 36Appendices PAGEREF _Toc495692818 \h 37
1 Introduction
This report is dedicated towards providing risk analysis to the senior executives of Caduceus Partner Pty Ltd. A dedicated team has reviewed the risks associated with company’s IS/IT/ information security and management practices and their impact, by identifying the key source of threats, threat events, vulnerabilities in existing practices and controls. In addition to IT risks, team has also reviewed risks related to business strategy of company, management, legal, regulatory and compliance issues. A safeguard implementation plan has been proposed by prioritizing the risks. Controls have been recommended to mitigate the risks.
The report has been divided into four main sections. The first section provides an overview of the risk assessment approach adopted in report, followed by providing the system characterization and setting the scope of the analysis. The subsequent section provides detailed risk assessment, followed by risk mitigation strategy with discussion of residual risks.
2 Risk Assessment Approach
The risks have been assessed in accordance with the National Institute of Standards and Technology’s Special Report 800-30 (2012). The threat sources, events, vulnerabilities, predisposing conditions have been defined in accordance with the definitions provided in NIST 800-30 Revision 1. The qualitative assessment of likelihood of occurrence, impact and risk determination has been formulated from NIST 800-30 Revision 1.
3 Scope and Limitations