INFORMATION SYSTEMS RISK AND SECURITY

151 views 7:45 am 0 Comments March 1, 2023

Please refer to the Green Genie 2022 Case Study for INF30020 Information Systems Risk and Security assignment

You are an Information Systems Security Auditor who has been assigned to Green Genie to carry out an extensive information risk assessment of the solar energy specialist’s information management practices and information assets. Your task is to produce a 2500-word auditors report (in business report format). Your report should address the following specified components:

Prepare an information security risk assessment. To do so, you must:

  1. Clearly and concisely assess Green Genie’s strategic environment, their value creating activities and current risk posture; propose a target risk appetite and risk tolerance level,
  2. Identify the key roles and responsibilities of individuals and departments within the organisation as they pertain to the management of information and assess associated information risks,
  3. Carefully audit the case study to identify and prepare an inventory (descriptive list) of information assets that includes Green Genies most significant, physical &/or logical information resources, information of value and the information systems/process required for sound information security management and risk management,
  4. Identify risks for the information assets identified: provide an analysis of the threats and vulnerabilities for Green Genies most important information assets (both information and information systems/processes),
  5. Present a likelihood and impact analysis for the five (5) most significant information (asset) risks you have identified, in doing so,
  6. Evaluate and prioritise the 5 most significant risks for Green Genie to manage in order in your risk assessment table.

In preparing your risk assessment report you are NOT TO extend beyond this brief, i.e. you are not to prepare any other components of a risk management plan. In prioritising your risks, you may table all other information assets and risks that you have identified, but do not undertake a likelihood and impact analysis or prioritisation of any except your chosen top 5.

At this stage, do not propose any risk treatment (management solutions or internal controls), that will come later in your group assignment

Following the completion of the risk assessment report part A, Green Genie will evaluate the next steps for your consultancy. The risk assessment needs to be conducted in accordance with best practice and should apply (one, or a hybrid combination of) the leading standards, guidelines or frameworks pertaining to IS risk and security management. Your report must articulate clearly which standards/guidelines it has followed and how they have been used.

You are to prepare your risk assessment report for Green Genie’s Directors and your report should be written as a formal business report that is suitable for your audience. Guidelines for business report writing can be found at the Faculty of Business and Law, Swinburne subject guide:

https://www.swinburne.edu.au/current-students/study-support/resources- materials/assignment-writing-guides/

In addition to your use of standards and guidelines for the risk assessment report, you should research and consult secondary sources in your work and in presenting your report follow standard academic referencing procedures for the Harvard Style: http://www.swinburne.edu.au/lib/studyhelp/referencing.htm