• +1 (682) 502-2471
Order Paper
  • +1 (682) 502-2471
Order Paper

write:Supplemental Guidance: The purpose of the risk assessment is explicitly stated in sufficient detail to ensure that the assessment produces the appropriate information and supports

organizational information regarding policies and requirements for conducting risk assessments
specific assessment methodologies to be employed
procedures for selecting risk factors to be considered
scope of the assessments
rigor of analyses
degree of formality
and requirements that facilitate consistent and repeatable risk determinations across the organization. Organizations use the risk management strategy to the extent practicable to obtain information to prepare for the risk assessment. Preparing for a risk assessment includes the following tasks: • Identify the purpose of the assessment; • Identify the scope of the assessment; • Identify the assumptions and constraints associated with the assessment; • Identify the sources of information to be used as inputs to the assessment; and • Identify the risk model and analytic approaches (i.e.
assessment and analysis approaches) to be employed during the assessment. STEP 1: PREPARE FOR THE ASSESSMENT IDENTIFY PURPOSE TASK 1-1: Identify the purpose of the risk assessment in terms of the information that the assessment is intended to produce and the decisions the assessment is intended to support. Supplemental Guidance: The purpose of the risk assessment is explicitly stated in sufficient detail to ensure that the assessment produces the appropriate information and supports the intended decisions. Organizations can provide guidance on how to capture and present information produced during the risk assessment (e.g.
using a defined organizational template). Appendix K provides an exemplary template for a risk assessment report or the preferred vehicle for risk communication. At Tier 3
risk assessments support: (i) authorization-related decisions throughout the system development life cycle; (ii) reciprocity
particularly for reuse of assessment information; (iii) risk management activities at Tier 2; and (iv) programmatic risk management activities throughout the system development life cycle. At Tier 2
risk assessments enable organizations to: (i) understand dependencies and ways in which risks are accepted
rejected
shared
transferred
or mitigated among information systems that support organizational mission/business processes; (ii) support architectural and operational decisions for organizational risk responses (e.g.
reducing dependencies
limiting connectivity
enhancing or focusing monitoring
and enhancing information/system resiliency); (iii) identify trends
so that proactive risk response strategies and courses of action for mission/business processes can be defined; and (iv) support reciprocity
particularly to enable information sharing. At Tier 1
risk assessments: (i) support the risk executive (function); and (ii) serve as a key input to the risk management strategy. In addition to these common purposes
risk assessments may have a very specific purpose
to answer a specific question (e.g.
What are the risk implications of a newly discovered vulnerability or class of vulnerabilities
allowing new connectivity
outsourcing a specific function
or adopting a new technology?). Risk assessment results from all tiers can be used by organizations to inform the acquisition process by helping to ensure information security requirements are clearly specified. The purpose of the risk assessment is influenced by whether the assessment is: (i) an initial assessment; or (ii) a subsequent assessment initiated from the risk response or monitoring steps in the risk management process. For initial assessments
the purpose can include
for example: (i) establishing a baseline assessment of risk; or (ii) identifying threats and vulnerabilities
impacts to organizational operations and assets
individuals
other organizations
and the Nation
and other risk factors to be tracked over time as part of risk monitoring. For a reassessment initiated from the risk response step
the purpose can include
for example
providing a comparative analysis of alternative risk responses or answering a specific question (see discussion of targeted risk assessments above). Alternatively
for a reassessment initiated from the risk monitoring step
the purpose can include
for example
updating the risk assessment based on: (i) ongoing determinations of the effectiveness of security controls in organizational information systems or environments of operation; (ii) changes to information systems or environments of operation (e.g.
changes to hardware
firmware
software; changes to system-specific
hybrid
or common controls; changes to mission/business processes
common

 

Are you looking for This or a Similiar Assignment? 

From essays to dissertations, term papers to thesis projects, our expert team can handle all types of assignments with utmost precision and expertise. No matter the subject or complexity, we are here to provide you with top-quality work tailored to your needs. Your success is our mission.

Click here to ▼ Order NOW

WRITE MY PAPER

Writermypaper.com helps students by improving the content of their academic papers and even creating such content from scratch. Our professionals are trustworthy and committed to writing top-notch academic reports, creative essays, and compositions. They will cover all the required instructions and passionately write your paper.

Contacts:

Offices: 415 Grand Avenue 8251 Bacliff, Tx 77518

Call or Text: +1 (682) 502-2471

Email:support@writermypaper.com