Information risk management

Broadly speaking, the assignment requires you to produce a 3000-word report that provides a critical
reflection on a real-world security incident, with evidence of risk assessment using suitable methodologies,
and how this can inform mitigation of future incidents

Section 1: Overview of Assessment
This assignment assesses the following module learning outcomes:
1. To form a deep and systematic understanding of why cyber security matters, both in terms of the importance on business operations and on our modern society.
2. To apply relevant techniques such as ISMS and FAIR, to formulate effective solutions for Risk Management.
3. To analyse a broad range of real-world security issues that face commercial organisations and other institutions.
4. To identify the shortcomings of real-world security incidents and evaluate and critique how ISMS and FAIR can be utilised to help better inform decisions and mitigate risks.
5. To develop critical reflection skills and analyse of self in the context of proposing suitable ISMS strategy, and to further independent learning ability required for continuing professional development.
The assignment is worth 100% of the overall mark for the module.
Broadly speaking, the assignment requires you to produce a 3000-word report that provides a critical reflection on a real-world security incident, with evidence of risk assessment using suitable methodologies, and how this can inform mitigation of future incidents. The assignment also requires the delivery of a 15-minute presentation to disseminate the findings reported in your journal article, to address the role of Information Risk Management to the wider organisation.
The assignment is described in more detail in section 2. This is an individual assignment.
Working on this assignment will help you to develop your knowledge and understanding of applying risk methodologies to resolve real-world security incidents. It will also help to develop your critical thinking skills for identifying appropriate mitigation strategies to avoid future security incidents. If you have questions about this assignment, please post them to the discussion board “Information Risk Management Assignment” on Blackboard.

Section 2: Task Specification
Part 1 (worth 75% towards the final grade): Produce a 3000-word report to address a case study of information risk management, informed by a real-world security incident and demonstrating concepts of IRM.
For this assignment, you are expected to present a case study for a chosen organisation, informed by a real-world security incident, and provide a narrative that presents a risk assessment and a critical reflection in the form of a journal article. The article will need to address the following aspects:
• Description of the chosen industry and why IRM is important in the given context. This should be justified based on evidence from other related real-world security incidents, with discussion as to why these are significant risk indicators.
• Identification of key assets and personnel within the organisation, with discussion on information asset valuation and relevant risk methodologies (ISMS and FAIR).
• Examples of risk analysis using appropriate methodology to illustrate the potential impact on the chosen organisation. You will need to justify how you derive quantitative and qualitative values for risk assessment.
• Critical reflection on appropriate treatment strategies that address the identified risks, with strong justification for the decisions taken.
You are expected to draw on both ISO27000 and FAIR as discussed within the module to justify your analytical approach in assessing the security incident. You will need to conduct further research into both of these methodologies, beyond the provided lecture material. Your critical reflection should also reflect on your choice of risk methodology, and their relative strengths and limitations.
The report should be written as a journal article for a professional audience using the IEEE template, provided on Blackboard. The article is expected to be no more than 3000 words