Recent Question/Assignment

Organizations exist in a globally competitive environment where there are threats such as natural disasters, geopolitical threats, and cybersecurity risks. As such, organization leaders must develop a business continuity plan to ensure the successful continuation of the organization during a period of disruption. Students will conduct a risk assessment, business impact analysis, and create a business continuity plan for their selected organization. Students will use the virtual system and vulnerability assessment tools to simulate systems security vulnerabilities within the organization's business application systems.
Part 1:
In 750-1,000 words, conduct a qualitative risk assessment and assess the impact the risk will have on the organization after conducting a vulnerability scanning of the provided systems. Address the following:
Identify critical systems and their impact on the organization.
Highlight high-risk findings and recommend mitigation strategies.
Explain what is to be done in each case identified above to compensate for controls that cannot be implemented (an alternate control).
Part 2:
In 750-1,000 words, develop a contingency plan to include: business continuity, disaster recovery, and incident response. This will not be a technical risk assessment, but an assessment of the organization selected. Address the following:
Explain the contingency plan to address and prioritize compliance gaps.
Provide a cost/benefit analysis.
Describe when some controls cannot be implemented (because implementing these controls will reduce business functionality or endanger human lives).
Demonstrate how compensating controls can ensure the non-compliant system can continue to operate within the secure and compliant environment.
Differentiate the likelihood of a cybersecurity breach within the compliant environment and its impact on the organization (make sure to consider emerging risks, threats, and vulnerabilities).
Part 3:
For your organization, take the NIST cybersecurity framework controls and reduce them to system configuration requirements and system test cases with pass/fail criteria.