Unit 3 Assignment Directions: Risk Assessment Purpose Using the NIST SP 800-37 (https://csrc.nist.gov/pubs/sp/800/37/r2/final) framework, conduct a thorough analysis

Unit 3 Assignment Directions: Risk Assessment

Purpose

Using the NIST SP 800-37 (https://csrc.nist.gov/pubs/sp/800/37/r2/final) framework, conduct a thorough analysis of your company's current security posture to conduct a comprehensive risk assessment. Prepare and submit a detailed risk assessment report summarizing your findings in a maximum of ten (10) pages, double-spaced, and following APA 7th edition guidelines. You may use charts and graphs as needed.

Task

Risk Assessment: Prepare a comprehensive risk assessment report covering all of the following components:

• Scope and Objectives: Define the scope and objectives of the risk assessment.
• Critical Functions: Identify and prioritize critical functions and assets to be protected within your company.
  • Identify what items or information needs to be collected and secured.
• Potential Threats and Likelihood: Evaluate potential threats and assess their likelihood of occurrence.
• Vulnerabilities: Identify vulnerabilities within the current security architecture.
• Controls Assessment: Assess existing security controls in place.
• Security Gaps: Identify any gaps in security measures.
• Risk of Uncovered Gaps: Evaluate the risk associated with not covering identified security gaps. For example, perform a Business Impact Analysis, a brief overview detailing what business functions could be impacted as the result of a threat or vulnerability.
• Mitigations: Suggest potential mitigations to address identified risks and gaps.
• Assumptions and Limitations: Document any assumptions or limitations in the assessment process.

Follow this Rubric to complete the work.