Mis 657 The purpose of this assignment is to create an information security risk assessment report for an organization. Using the company selected for the

Click here to Order a Custom answer to this Question from our writers. It’s fast and plagiarism-free.


The purpose of this assignment is to create an information security risk assessment report for an organization.

Using the company selected for the Topics 5-7 assignments, write a security risk assessment report. Use the outline presented in Chapter 7 of Information Security Risk Assessment Toolkit: Practical Assessments Through Data Collection and Data Analysis, including the sections outlined below. Use information from the Topic 4-7 assignments to create the report.

Executive Summary


  1. Organizational Assessment
  2. System Specific Assessment


  1. Organizational Risk Analysis, including review of emerging threats and trends, third-party assessments, and security metrics.
  2. System Specific Analysis, including system characterization, threat identification, vulnerability identification, impact analysis, control analysis, likelihood determination, risk determination, control recommendations, and results documentation.

Risk Register


Prepare this assignment according to the guidelines found in the APA Style Guide, located in the Student Success Center. An abstract is not required.

This assignment uses a rubric. Please review the rubric prior to beginning the assignment to become familiar with the expectations for successful completion. 

You are required to submit this assignment to LopesWrite. A link to the LopesWrite technical support articles is located in Course Materials if you need assistance. 


Case Study Analysis: Evaluating Risk Focused on Industry

Ivie, Omobhude

MIS- 657- Information Security and Risk Management

Grand Canyon University

Professor Tonia Canada

February 3, 2022


Risk Management Executive Summary


In the current technological world of business, data and system security have been a phenomenal element that has increased their popularity due to their importance in providing adequate data and system governance. Organizations specializing in information systems for operation, production, marketing, and customer service delivery are always dedicated to providing adequate security measures to ensure data and information system security. Enhancing data and system security offers competitive advantages to organizations in provisions of effective services that lure more customers into using particular organization services.

This executive summary paper will discuss the risk management procedures and vulnerability assessment of data and information systems with references to the “2016 Data Breach Investigations Report” that was documented to outline the various security mitigation procedures and elimination of system vulnerabilities to achieve data and system security. The report was developed under the collaboration of various information security departments and organizations who provided all possible measures and policies to enhance data and information system security. The main trend identified from this report illustrates that the desires triggered the main motive of significant investigated risks and threats for financial resources and espionage with attackers using the dynamic capabilities and infrastructures to launch attacks.

The following figure is a graphical representation of the percentage breaches per threat actor motives over time between 2009 and 2015 according to the “2016 Data Breach Investigations Report”. This graph clearly illustrates that the main motive of attackers is financial, closely followed by espionage. These motives are critical to organizations since their impacts are severe and cause delayed business operations and the potential collapse of organizations. From the graph, we can observe the high motive for financial resources. The attackers are always focused on getting money from these attacks, which is a critical aspect of financial management and running organization processes(Suzanne et al., 2016). Therefore, all organizations must enhance effective security practices to protect their resources and eliminate risks and threat vulnerabilities.

Fig 1.1 Motives of Security Attacks(Suzanne et al., 2016).

Chart Description automatically generated

Threat Definition

Data and system security threats are of various categories. Their effectiveness is triggered by the ability of the attacker to implement a particular attack on a network or information system. Different security threats have varying impacts on information systems, such that there are more critical threats with adverse effects such as entire system breakdown and total destruction of confidential data in an organized database. From the 2016 Data Breach Investigations Report, various threats occasionally affected system operations and compromised data and information security. The multiple threats include hacking, malware programs, software and hardware failures, human error, misuse, and natural/environmental factors(Ciza, 2020). As part of our discussion, we will discuss hacking threats in information systems since it was the main threat identified from the 2016 Data Breach Investigations Report.

Hacking is the process by which malicious individuals known as hackers attempt to intrude an information system and computing devices to acquire unauthorized access to confidential and sensitive data and information for personal gains. Hackers launch attacks on systems through prolonged observation of a target’s network infrastructure to identify potential vulnerabilities exploited to launch attacks. Hacking and related threats adversely affect organizations and information systems, so ineffective deployment of hack defense measures and strategies may result in organization collapse and loss of significant amounts of financial resources. The various impacts of hacking include Massive security breaches, unauthorized system access to private information, privacy violation, denial of service attacks, and malicious attack on the system (Ciza, 2020). Organizations are therefore recommended to deploy all applicable defense techniques to mitigate cases of system hacking and eliminate all related vulnerabilities. These practices guarantee protected networks and information system infrastructures conducive to organization operations and transactions.

Risk Identification

Potential security threats transform to the existence of security risks to information systems that are likely to impact businesses and organization operations. The risks outlined in the 2016 Data Breach Investigations Report include malware, Denial of Service, Man in the Middle, phishing, SQL Injection, password attacks, etc. These risks exist due to the availability of potential system threats and vulnerabilities that attackers easily exploit to initiate attacks on devices and information systems(Leandros et al., 2019). The various risks related to hacking as the discussed threat include access of unauthorized data and information, data theft, data destruction, loss of financial resources, system hijacking, impersonation to commit crimes, and many other malicious practices.

In organizations that use information systems and technological resources for their operations, several systems, resources, application programs, and processes may be subject to attacks and malicious activities. For instance, organization systems such as Supply Chain Management, Customer Relationship Management, Management Information Systems, workstations, production hardware, and other systems are subject to security risks. Therefore, all systems users must comply with all documented measures and policies to enhance data and system security. Application programs are also vital subjects to attacks and threats since hackers can perform malicious actions to acquire security credentials to access private data. Some application programs prone to attacks include mobile banking application programs, e-commerce application programs, etc. In addition, browsers are prone to attacks such as Cross-Site Scripting, which forces insecure websites to run scripted codes that possibly create a breakthrough to access all user activities and credentials in a particular website or web application.

The likelihood and impacts of security threats are adverse to organizations, which presents greater importance for organizations to develop risk and threat management plans to eliminate the possibilities of their occurrence. The risk matrix below represents the likelihood and impact analysis of the various security risks. The table also includes the estimated value or costs related to the particular risk in organization information systems.

Table 1. Risk Comparison Matrix

Potential Risk

Threat Likelihood


Approx. Value/Cost



damage to digital data or even to physical equipment




loss of money, loss of intellectual property, damage to reputation, and disruption of operational activities


Distributed Denial of Service


data loss, slow page load times, downtime, loss of research rankings


SQL Injection


unauthorized viewing of user lists, the deletion of entire database information

$100, 000

Malware attacks


steal passwords, delete files and render computers inoperable


Risk Measured

The risks discussed in this executive summary have different impacts on organizations in the event of an occurrence, forcing particular organizations to experience losses and adverse effects of attacks. For instance, hacking, the major security threat in our discussion, has various negative impacts on organizations. These impacts are triggered by the launch of malicious programs or incompatible system capabilities to force access to information systems. Users of information systems must be aware of all security best practices to mitigate these threats in information systems. Hacking impacts an organization in such a way that if someone hacks an organization information system, the person can access and steal sensitive and confidential data such as business documentation processes, organization secrets, and acquirement of customer and user credentials that are used to gain access to personal accounts leading to compromise of user privacy and confidentiality(Paul & Karen & Murugiah, 2018). The occurrence measure of hacking attacks is most likely to occur at all times when vulnerabilities are identified in an organization’s network and information systems.

As we all know, all security breaches and successful system attacks have cost impacts on organizations. Some attacks are expensive to finance and recover from, leading to organizational collapse. For instance, the cost associated with hacking attacks is very high considering the attacks may result in theft of financial resources or damage of critical data operation hardware that requires a lot of funds to finance. The estimated cost value of hacking attacks is $133,000, which sums too much money that may force an organization to shut down its operations.

In practice, to mitigate hacking attacks and all other related attacks, an organization must observe all risk management best practices such as developing a cybersecurity plan, deployment of cyber defense strategies such as firewall systems, implementation of a defense-in-depth strategy, etc. The organization must also ensure that all users and employees comply with the documented policies and measures by outlining the potential consequences of non-compliance with the policies. These practices will always ensure that data information systems are secure from all forms of attacks and risks. An organization that observes all the discussed measures and recommendations is guaranteed a conducive and safe operating environment for operations, leading to the organization’s achievements of its set goals and objectives.


Suzanne, W & Marc, S & David, H & Gabriel, B. (2016). 2018 Verizon Data Breach Investigations Report.

Ciza, T. (2020). Introductory Chapter: Computer Security Threats. 10.5772/intechopen.93041.

Leandros, M & Ferrag, Mohamed Amine & Derhab, Abdelouahid & Mukherjee, Mithun & Janicke, Helge. (2019). Cyber Security: From Regulations and Policies to Practice. 10.1007/978-3-030-12453-3_88.

Paul, B & Karen, S & Murugiah, S. (2018). Cyber Security Metrics and Measures. 10.1002/9780470087923.hhs440.

Place your order now for a similar assignment and have exceptional work written by one of our experts, guaranteeing you an A result.

Need an Essay Written?

This sample is available to anyone. If you want a unique paper order it from one of our professional writers.

Get help with your academic paper right away

Quality & Timely Delivery

Free Editing & Plagiarism Check

Security, Privacy & Confidentiality