Write a comprehensive risk assessment report, using the Risk Assessment Reports Template as a guide. You will complete three different sections of this report over the duration of this course. Feel free to edit minor components of the template depending on your report subject choice. However, every section of the report must be completed.
This risk assessment report, adapted from NIST’s Special Publication 800-30, provides the essential elements of information that organizations can use to communicate the results of risk assessments. Risk assessment results provide decision makers with an understanding of the information security risk to organizational operations and assets, individuals, other organizations, or the nation that derive from the operation and use of organizational information systems and the environments in which those systems operate.
Use the library to find scholarly sources for information and support; use them where applicable. Use APA citation style for your report. All sources consulted must be appropriately cited. The Purdue OWL APA Formatting and Style Guide (https://owl.purdue.edu/owl/research_and_citation/apa_style/apa_formatting_and_style_guide/general_format.html) is an excellent resource for this.
Overview
Complete the Executive Summary section of your report:
Choose one of the following to conduct a risk assessment on: an organization (Tier 1), a mission/business process (Tier 2), or an information system (Tier 3). If possible, base your report on a real case. In the absence of this, base your report on a hypothetical case.
If your report is based on a real case, please discuss and gain necessary approval from the company’s leadership, business process owner, or whomever needs to approve the collection of data before posting your choice.