Unit 3 Assignment Directions: Risk Assessment
Purpose
Using the NIST SP 800-37 (https://csrc.nist.gov/pubs/sp/800/37/r2/final) framework, conduct a thorough analysis of your company’s current security posture to conduct a comprehensive risk assessment. Prepare and submit a detailed risk assessment report summarizing your findings in a maximum of ten (10) pages, double-spaced, and following APA 7th edition guidelines. You may use charts and graphs as needed.
Task
Risk Assessment: Prepare a comprehensive risk assessment report covering all of the following components:
· Scope and Objectives: Define the scope and objectives of the risk assessment.
· Critical Functions: Identify and prioritize critical functions and assets to be protected within your company.
· Identify what items or information needs to be collected and secured.
· Potential Threats and Likelihood: Evaluate potential threats and assess their likelihood of occurrence.
· Vulnerabilities: Identify vulnerabilities within the current security architecture.
· Controls Assessment: Assess existing security controls in place.
· Security Gaps: Identify any gaps in security measures.
· Risk of Uncovered Gaps: Evaluate the risk associated with not covering identified security gaps. For example, perform a Business Impact Analysis, a brief overview detailing what business functions could be impacted as the result of a threat or vulnerability.
· Mitigations: Suggest potential mitigations to address identified risks and gaps.
· Assumptions and Limitations: Document any assumptions or limitations in the assessment process.
