The purpose of this assignment is to analyze an organization’s tolerance for risk and develop an appropriate security policy to address risk.
Save your time - order a paper!
Get your paper written from scratch within the tight deadline. Our service is a reliable solution to all your troubles. Place an order on any task and we will take care of it. You won’t have to worry about the quality and deadlinesOrder Paper Now
Using the assigned reading and your own research, write a 500-word paper that defines the three levels of risk tolerance (risk-averse, risk-neutral, and risk-seeking). Include the following in your discussion.
- Provide a real-world organization that is an example of each level of risk tolerance. Include the company name and industry for each. Include an explanation of whether the company is risk-averse, risk-neutral, or risk-seeking.
- Summarize the advantages and disadvantages each organization faces while engaging in the form of risk tolerance it exhibits.
- Using one of the three organizations profiled, explain how the pillars of information security (confidentiality, integrity, and availability) influenced the risk tolerance perspective of the organization in your discussion, consider the regulations the organization must adhere to, relationships with third-party organizations with remote access, customer expectations of security, and the level of availability the organization must sustain.
Using the “Information Security Policy Template,” complete the policy in alignment with one of the three organizations you explored in Part 1 of the assignment. Ensure you design the policy in accordance with the risk tolerance of the organization. Include the following in your design:
- Identify 20 potential risks, defining both threat (condition) and impact (consequence). Review Chapter 1 in Information Security Risk Assessment Toolkit: Practical Assessments Through Data Collection and Data Analysis when completing this portion of the assignment.
- Define a policy to monitor (risk-seeking), control (risk-neutral), or remove (risk-averse) the risk.
Submit the 500-word paper and completed “Information Security Policy Template.”
Prepare this assignment according to the guidelines found in the APA Style Guide, located in the Student Success Center. An abstract is not required.
This assignment uses a rubric. Please review the rubric prior to beginning the assignment to become familiar with the expectations for successful completion.
You are required to submit this assignment to LopesWrite. A link to the LopesWrite technical support articles is located in Course Materials if you need assistance.