Section 4 Professor’s Notes: You did a fair job on the Unit Four IP assignment. You described a methodology that can be used to conduct a risk assessment for an organization. You did not describe the 4 methods for dealing with identified risk. This was discussed in the CHAT session. (Accept, Transfer, Mitigate, Avoid). You explained what Vulnerabilities, Threats & Exploits are. You also included a discussion about how they apply to a risk assessment. You made some good use of APA. You have a lot of references from Wikipedia which is not an approved scholarly source. All references should be in APA format as well. Please remove these and replace with scholarly references. You have met all of the other requirements for this assignment.
Section 5: Controlling Risk
Section 4: Assessing Risk
This week will focus understanding the risk that an organization’s information systems face. You will review the risk assessment methodology and understand some of the basic terms that are associated with risk.
Describe a methodology that can be used to conduct a risk assessment for an organization.
Describe the 4 methods for dealing with identified risk.
Describe the following terms:
Include a discussion about how they apply to a risk assessment.
Section 3: Security Policies
Include appropriate examples of the following:
Include a distribution plan.
Section 2: Security Program
Create a data classification scheme.
Include at least 3 levels.
Discuss the need for management support.
Describe the security organization, including reporting structure.
Discuss reporting methods that are used to inform management of the program status.
Section 1: Information Security Management
Describe an organization of your choosing, for which you will implement a security program.
Describe the principles of security management, including the following:
Describe the role of project management with respect to implementing security management.
Describe how you plan to instill a secure mentality into an organization, including a tie into the project management discussion about when security concepts should be introduced into the project lifestyle.
Only need section 4 corrected and section 5 completed but I posted the other sections that information just FYI.