Organizational Risk Appetite and Risk
Question Description
Assignment: Organizational Risk Appetite and Risk Assessment
Imagine that a software development company has just appointed you to lead a risk assessment project. The Chief Information Officer (CIO) of the organization has seen reports of malicious activity on the rise and has become extremely concerned with the protection of the intellectual property and highly sensitive data maintained by your organization. The CIO has asked you to prepare a short document before your team begins working. She would like for you to provide an overview of what the term “risk appetite” means and a suggested process for determining the risk appetite for the company. Also, she would like for you to provide some information about the method(s) you intend to use in performing a risk assessment.
Write a two to three page paper in which you:
- Analyze the term “risk appetite”. Then, suggest at least one practical example in which it applies.
- Recommend the key method(s) for determining the risk appetite of the company.
- Describe the process of performing a risk assessment.
- Elaborate on the approach you will use when performing the risk assessment.
- Use at least three quality resources in this assignment. Note: Wikipedia and similar Websites do not qualify as quality resources.
Your assignment must follow these formatting requirements:
- Be typed, double spaced, using Times New Roman font (size 12), with one-inch margins on all sides; citations and references must follow APA or school-specific format. Check with your professor for any additional instructions.
- Include a cover page containing the title of the assignment, the student’s name, the professor’s name, the course title, and the date. The cover page and the reference page are not included in the required assignment page length.
The specific course learning outcomes associated with this assignment are:
- Describe the components and basic requirements for creating an audit plan to support business and system considerations.
- Describe the parameters required to conduct and report on IT infrastructure audit for organizational compliance.
- Use technology and information resources to research issues in security strategy and policy formation.
- Write clearly and concisely about topics related to information technology audit and control using proper writing mechanics and technical style conventions.
Note:The assignment will be check for plagiarism.
- The grading rubric for this assignment attached below.
Grading for this assignment will be based on answer quality, logic / organization of the paper, and language and writing skills, using the following rubric.
Points: 50 | Assignment 2: Organizational Risk Appetite and Risk Assessment | ||||
Criteria | UnacceptableBelow 60% F | Meets Minimum Expectations60-69% D | Fair70-79% C | Proficient80-89% B | Exemplary90-100% A |
1. Analyze the term “risk appetite”. Then, suggest at least one practical example in which it applies.Weight: 21% | Did not submit or incompletely analyzed the term “risk appetite”. Then, did not submit or incompletely suggested at least one practical example in which it applies. | Insufficiently analyzed the term “risk appetite”. Then, insufficiently suggested at least one practical example in which it applies. | Partially analyzed the term “risk appetite”. Then, partially suggested at least one practical example in which it applies. | Satisfactorily analyzed the term “risk appetite”. Then, satisfactorily suggested at least one practical example in which it applies. | Thoroughly analyzed the term “risk appetite”. Then, thoroughly suggested at least one practical example in which it applies. |
2. Recommend the key method(s) for determining the risk appetite of the company. Weight: 21% | Did not submit or incompletely recommended the key method(s) for determining the risk appetite of the company. | Insufficiently recommended the key method(s) for determining the risk appetite of the company. | Partially recommended the key method(s) for determining the risk appetite of the company. | Satisfactorily recommended the key method(s) for determining the risk appetite of the company. | Thoroughly recommended the key method(s) for determining the risk appetite of the company. |
3. Describe the process of performing a risk assessment.Weight: 21% | Did not submit or incompletely described the process of performing a risk assessment. | Insufficiently described the process of performing a risk assessment. | Partially described the process of performing a risk assessment. | Satisfactorily described the process of performing a risk assessment. | Thoroughly described the process of performing a risk assessment. |
4. Elaborate on the approach you will use when performing the risk assessment.Weight: 21% | Did not submit or incompletely elaborated on the approach you will use when performing the risk assessment. | Insufficiently elaborated on the approach you will use when performing the risk assessment. | Partially elaborated on the approach you will use when performing the risk assessment. | Satisfactorily elaborated on the approach you will use when performing the risk assessment. | Thoroughly elaborated on the approach you will use when performing the risk assessment. |
5. Three referencesWeight: 6% | No references provided | Does not meet the required number of references; all references poor quality choices. | Does not meet the required number of references; some references poor quality choices. | Meets number of required references; all references high quality choices. | Exceeds number of required references; all references high quality choices. |
6. Clarity, writing mechanics, and formatting requirementsWeight: 10% | More than eight errors present | Seven to eight errors present | Five to six errors present | Three to four errors present | Zero to two errors present |