27 Aug Risk Assessment Report Write a comprehensive risk assessment report, using the?Risk Assessment Reports Template?as a guide. You will complete three different sections of this report over th
*** Here is the topic I have selected risk assessment on the Healthcare system. This is a tier 3 assessment***
About the Risk Assessment Report
Write a comprehensive risk assessment report, using the Risk Assessment Reports Template as a guide. You will complete three different sections of this report over the duration of this course. Feel free to edit minor components of the template depending on your report subject choice. However, every section of the report must be completed.
This risk assessment report, adapted from NIST’s Special Publication 800-30, provides the essential elements of information that organizations can use to communicate the results of risk assessments. Risk assessment results provide decision makers with an understanding of the information security risk to organizational operations and assets, individuals, other organizations, or the nation that derive from the operation and use of organizational information systems and the environments in which those systems operate.
Use the library to find scholarly sources for information and support; use them where applicable. Use APA citation style for your report. All sources consulted must be appropriately cited. The Purdue OWL APA Formatting and Style Guide (https://owl.purdue.edu/owl/research_and_citation/apa_style/apa_formatting_and_style_guide/general_format.html) is an excellent resource for this.
Overview
Complete the Executive Summary section of your report:
- Choose one of the following to conduct a risk assessment on: an organization (Tier 1), a mission/business process (Tier 2), or an information system (Tier 3). If possible, base your report on a real case. In the absence of this, base your report on a hypothetical case.
- If your report is based on a real case, please discuss and gain necessary approval from the company’s leadership, business process owner, or whomever needs to approve the collection of data before posting your choice.
- Follow the guidance in the Executive Summary section of the Risk Assessment Reports Template when writing your report. Note: You may need to revise this section during Module 6 when you submit your full report in order to provide other relevant details.
- Read the Risk Assessment Reports Template.
2. Conduct research as needed to obtain information and support.
3. Complete the Executive Summary section of your report according to the Risk Assessment Reports Template guidelines.
Risk Assessment Reports Template Name: ______________
Risk Assessment Reports
This risk assessment report, adapted from NIST’s Special Publication 800-30, provides the essential elements of information that organizations can use to communicate the results of risk assessments. Risk assessment results provide decision makers with an understanding of the information security risk to organizational operations and assets, individuals, other organizations, or the Nation that derive from the operation and use of organizational information systems and the environments in which those systems operate.
The essential elements of information in a risk assessment can be described in three sections of the risk assessment report (or whatever vehicle is chosen by organizations to convey the results of the assessment): (i) an executive summary; (ii) the main body containing detailed risk assessment results; and (iii) supporting appendices.
Reference NIST 800-30 Guide for Conducting Risk Assessments as you complete this report, paying special attention to Section 2.4 Application of Risk Assessments.
*Your report should focus on either Tier 1, Tier 2 or Tier 3.
Tip: Search for “Tier 1” or “Tier 2” or “Tier 3” throughout the NIST 800-30 document for references to these Tiers.
1. Executive Summary
· List the date of the risk assessment.
· Summarize the purpose of the risk assessment.
· Describe the scope of the risk assessment.
· For Tier 1 and Tier 2 risk assessments, identify: organizational governance structures or processes associated with the assessment (e.g., risk executive [function], budget process, acquisition process, systems engineering process, enterprise architecture, information security architecture, organizational missions/business functions, mission/business processes, information systems supporting the mission/business processes).
· For Tier 3 risk assessments, identify: the information system name and location(s), security categorization, and information system (i.e., authorization) boundary.
· State whether this is an initial or subsequent risk assessment. If a subsequent risk assessment, describe the circumstances that prompted the update and include a reference to the previous Risk Assessment Report.
· Describe the overall level of risk (e.g., Very Low, Low, Moderate, High, or Very High).
· List the number of risks identified for each level of risk (e.g., Very Low, Low, Moderate, High, or Very High).
2. Body of the Report: Part 1
Include the following:
· Describe the purpose of the risk assessment, including questions to be answered by the assessment. For example:
· How the use of a specific information technology would potentially change the risk to organizational missions/business functions if employed in information systems supporting those missions/business functions; or
· How the risk assessment results are to be used in the context of the RMF (e.g., an initial risk assessment to be used in tailoring security control baselines and/or to guide and inform other decisions and serve as a starting point for subsequent risk assessments; subsequent risk assessment to incorporate results of security control assessments and inform authorization decisions; subsequent risk assessment to support the analysis of alternative courses of action for risk responses; subsequent risk assessment based on risk monitoring to identify new threats or vulnerabilities; subsequent risk assessments to incorporate knowledge gained from incidents or attacks).
· Identify assumptions and constraints.
· Describe risk tolerance inputs to the risk assessment (including the range of consequences to be considered).
· Identify and describe the risk model and analytic approach; provide a reference or include as an appendix, identifying risk factors, value scales, and algorithms for combining values.
· Provide a rationale for any risk-related decisions during the risk assessment process.
· Describe the uncertainties within the risk assessment process and how those uncertainties influence decisions.
3. Body of the Report: Part 2
Include the following:
· If the risk assessment includes organizational missions/business functions, describe the missions/functions (e.g., mission/business processes supporting the missions/functions, interconnections and dependencies among related missions/business functions, and information technology that supports the missions/business functions).
· If the risk assessment includes organizational information systems, describe the systems (e.g., missions/business functions the system is supporting, information flows to/from the systems, and dependencies on other systems, shared services, or common infrastructures).
· Summarize risk assessment results (e.g., using tables or graphs), in a form that enables decision makers to quickly understand the risk (e.g., number of threat events for different combinations of likelihood and impact, the relative proportion of threat events at different risk levels).
· Identify the time frame for which the risk assessment is valid (i.e., time frame for which the assessment is intended to support decisions).
· List the risks due to adversarial threats (see Table F-1 in Appendix F).
· List the risks due to non-adversarial threats (see Table F-2 in Appendix F).
Our website has a team of professional writers who can help you write any of your homework. They will write your papers from scratch. We also have a team of editors just to make sure all papers are of HIGH QUALITY & PLAGIARISM FREE. To make an Order you only need to click Ask A Question and we will direct you to our Order Page at WriteDemy. Then fill Our Order Form with all your assignment instructions. Select your deadline and pay for your paper. You will get it few hours before your set deadline.
Fill in all the assignment paper details that are required in the order form with the standard information being the page count, deadline, academic level and type of paper. It is advisable to have this information at hand so that you can quickly fill in the necessary information needed in the form for the essay writer to be immediately assigned to your writing project. Make payment for the custom essay order to enable us to assign a suitable writer to your order. Payments are made through Paypal on a secured billing page. Finally, sit back and relax.
About Wridemy
We are a professional paper writing website. If you have searched a question and bumped into our website just know you are in the right place to get help in your coursework. We offer HIGH QUALITY & PLAGIARISM FREE Papers.
How It Works
To make an Order you only need to click on “Order Now” and we will direct you to our Order Page. Fill Our Order Form with all your assignment instructions. Select your deadline and pay for your paper. You will get it few hours before your set deadline.
Are there Discounts?
All new clients are eligible for 20% off in their first Order. Our payment method is safe and secure.