IT 438

IT 438 IT Risk Management

Security Risk Assessment

You will be completing a security risk assessment for a small organization. For the security risk assessment, you will be using the Octave-Allegro methodology. This methodology is explained in Introducing OCTAVE Allegro: Improving the Information Security Risk Assessment Process.

This report also provides guidance on how to conduct a security risk assessment with OctaveAllegro and contains The worksheets That you Will be Required to complete and turn in. This report also provides sample threat scenario questionnaires that you will need to tailor to the organization you choose, complete, and then turn in.

All deliverables should be in APA format.

In addition to reading these reports, be sure to review the rubrics for each assignment.


Select Organization

o 5 points

o Select a small business or a small organizational unit within a larger business

o The organization must have an information asset on a computer

o Receive permission from the manager of the organization

o The organization should not have created or updated a risk assessment or BCP in the last

12 months.

o You may not use an organization where you are employed if your primary duty is risk assessment or business continuity.

o You should turn in:

 Name of the organization§

 Name of the manager§

 The information asset(s) you plan to assess§

IT 438 IT Risk Management

Security Risk Assessment

Octave-Allegro Worksheets and Octave-Allegro Threat Scenario Questionnaires

Following the steps outlined in the Octave Allegro Guidebook, you should:

 Complete each of the 10 worksheets§

 Complete the threat scenario questionnaires§

o You should tailor the worksheets and questionnaires as necessary for the organization you chose.

o All information must be typed on these worksheets and questionnaires. This means that you may need to transcribe the information from any handwritten notes that you may have taken.

o You should turn in:

 All Octave Allegro worksheets.§

 You should be filling out at least one but no more than two Worksheet 8s·

 For each Worksheet 8, you will need a complete set of Worksheets 9a-c·

 You will need at least five Worksheet 10s·

 All Octave Allegro threat scenario questionnaires§

Security Risk Assessment

o 75 points

o The report should:

IT 438 IT Risk Management

Security Risk Assessment

 Be targeted to the manager of the organization, NOT the professor of this class§

 Be based on the information you gathered using the Octave-Allegro methodology.§

 Provide the details of your assessment, including your findings and recommended mitigation efforts.§

 All security controls must cite the appropriate source(s), regardless of whether the organization has implemented the controls or not.§

 Any recommended mitigation efforts must cite the appropriate source(s).§

 Throughout the report, you should demonstrate understanding of the material covered throughout the quarter.§

o Report format

 If your organization has a risk assessment report template, you should use that.§

 All fonts, spacing, etc. should follow the template·

 You will need to add an APA-formatted reference list to the report for any citations you make·

 If your organization does not have a template, use the provided one.§

 All narrative text should be 12-point Times New Roman font·

 One inch margins·

 All citations and references should be in APA format·

o You should turn in:

 A completed report§

 All Octave Allegro worksheets with updates as needed§

 If you do not update the worksheets based on the feedback I provide from Deliverable 2, you will receive a zero for this deliverable.·

 All Octave Allegro threat scenario questionnaires with updates as needed§

Powered by