Security Risk Analysis and Assessment Report (350 Points)
Organizations of all sizes should be concerned with the security and confidentiality of their electronic data. Cyber crimes affect individuals and companies alike. However, companies typically have more financial and other assets that can be compromised by various cyber crimes. Establishing an organization-wide information security program is a great start to mitigate cyber-related crimes and attacks. This process typically commences with an honest evaluation of the organization’s vulnerabilities and potential threats. For this assignment, you will read a scenario and develop a report as outlined below.
A contractor for the United States Department of Defense builds proprietary communication devices and peripherals, which allow soldiers in active combat to communicate with central command. These devices are used to transmit highly sensitive information regarding military deployments and battle plans. Once delivered, the devices interface with the U.S. military global communications network. In order to comply with the military’s security requirements, the contractor must conduct a security risk analysis of their internal networks and information systems for intrusion detection and cybercrime prevention.
Please note that the contractor is performing a security risk assessment of its own network and system and not of the military network. After all, a breach of security on the contractor’s computer systems could compromise confidential and sensitive military information. You have been asked to head up the project team that will ultimately perform this security assessment and analysis.
- Provide a brief abstract in narrative form of the contents of this report
- Describe what techniques you will use to begin the investigation
- Identify who should be interviewed first
- Determine what type of log files to review
- Distinguish what methods should be used to preserve the integrity of the evidence
- Identify at least 5 potential threats and explain your rationale and any assumptions you made.
- Identify at least 5 vulnerabilities and explain your rational and any assumptions you made.
- Identify at least 5 risks and explain your rational and any assumptions you made.
- Out of all the potential risks that you have identified, select the three that could be have the largest impact. Justify your reasoning.
- After conducting your investigation, describe three cyber security best practices that you would recommend
You may consider referring to these resources for guidance on federal legislation and standards:
6 Pages, 5 scholarly sources