Assessing Risks

Risk management begins with first identifying risks, threats, and vulnerabilities to then assess them. Assessing risks means to evaluate risk in terms of two factors. First, evaluate each risk’s likelihood of occurring. Second, evaluate the impact or consequences should the risk occur. Both likelihood and impact are important for understanding how each risk measures up to other risks. How the risks compare with one other is important when deciding which risk or risks take priority. In short, assessing is a critical step toward the goal of mitigation.

Assessing risks can be done in one of two ways: quantitatively or qualitatively. Quantitatively means to assign numerical values or some objective, empirical value. For example, “Less than $1,000 to repair” or “Biweekly.” Qualitatively means to assign wording or some quasi-subjective value. For example, a risk could be labeled critical, major, or minor.

In this lab, you will define the purpose of an IT risk assessment, you will align identified risks, threats, and vulnerabilities to an IT risk assessment that encompasses the seven domains of a typical IT infrastructure, you will classify the risks, threats, and vulnerabilities, and you will prioritize them. Finally, you will write an executive summary that addresses the risk assessment findings, risk assessment impact, and recommendations to remediate areas of noncompliance.

Learning Objectives

Upon completing this lab, you will be able to:

Define the purpose and objectives of an IT risk assessment. Align identified risks, threats, and vulnerabilities to an IT risk assessment that encompasses

the seven domains of a typical IT infrastructure. Classify identified risks, threats, and vulnerabilities according to a qualitative risk assessment

template. Prioritize classified risks, threats, and vulnerabilities according to the defined qualitative risk

assessment scale. Craft an executive summary that addresses the risk assessment findings, risk assessment

impact, and recommendations to remediate areas of noncompliance.

Deliverables

Upon completion of this lab, you are required to provide the following deliverables to your instructor:

1. Lab Report file;

2. Lab Assessments file.

Evaluation Criteria and Rubrics

The following are the evaluation criteria for this lab that students must perform:

1. Define the purpose and objectives of an IT risk assessment. – [20%]

2. Align identified risks, threats, and vulnerabilities to an IT risk assessment that encompasses the seven domains of a typical IT infrastructure. – [20%]

3. Classify identified risks, threats, and vulnerabilities according to a qualitative risk assessment template. – [20%]

4. Prioritize classified risks, threats, and vulnerabilities according to the defined qualitative risk assessment scale. – [20%]

5. Craft an executive summary that addresses the risk assessment findings, risk assessment impact, and recommendations to remediate areas of noncompliance. – [20%]

The post Assessment risk appeared first on Essaysholic.

Would you like to get in touh with us?
Contact Us