Describe your risk management approach for Azumer Water based on the likelihood, severity, and impact of the risks in the case study.
4043.3.1 : Information Security Governance
The graduate recommends modifications to established information security
governance to increase information assurance levels within an organization.
4043.3.2 : Threat & Vulnerability Management
The graduate recommends risk mitigation strategies that meet regulatory and ethical compliance.
4043.3.3 : Information Security Management
The graduate recommends changes to established security management programs in
response to a cyber- related incident on an organization.
4043.3.4 : Incident Response
The graduate develops security incident response plans that align to an organization’s
security goals and objectives and maintain business continuity.
Many organizations marginalize the management of the security of their infrastructure
in hopes that they will not be the target of cyberattacks. However, cyberattacks
happen frequently and tend to become more sophisticated over time. In reality, every
organization is a likely target of malicious actors. These attacks result in a range of
impacts on an organization and its core business and could significantly interrupt
To be proactive, organizations need to have structures, processes, and plans in place to
counter and respond to potential attacks and to deal with the consequences of
successful attacks. A suitable security management plan and well-defined security goals
that support the overall goals of the organization can ensure a reasonable level of
business continuity, even in the case of security incidents.
In any organization, the individuals on the IT staf must work together to support the
security goals of the organization. These individuals play significant roles in detecting and
preventing security incidents before they occur. In the case of successful attacks, security
management professionals are tasked with acting quickly to mitigate the attack’s efects.
In this assessment, you will refer to the attached “Case Study,” which contains details
regarding a security incident at a small non-governmental organization (NGO). In part one
of this task, you will analyze the security incident and provide specific examples and
details from the case study to support your risk assessment. In part two, you will create a plan to efectively address the aftermath of the incident and manage the NGO’s ongoing
Your submission must be your original work. No more than a combined total of 30% of the submission
and no more than a 10% match to any one individual source can be directly quoted or closely
paraphrased from sources, even if cited correctly. An originality report is provided when you submit
your task that can be used as a guide.
You must use the rubric to direct the creation of your submission because it provides detailed
criteria that will be used to evaluate your work. Each requirement below may be evaluated by
more than one rubric aspect. The rubric aspect titles may contain hyperlinks to relevant
portions of the course.
Part I: Incident Analysis and Response
A. Determine why the attack on Azumer Water’s infrastructure was successful,
including the specific vulnerabilities that allowed the attack to occur. Provide
details from the case study to support your claims.
B. Explain how the confidentiality, integrity, and availability of Azumer Water’s operations
and PII (personally identifying information) data have been compromised, using NIST,
ISO 27002, or another industry-standard framework to support your claims.
C. Identify the federal regulations this NGO violated, providing specific examples from
the case study as evidence of Azumer Water’s noncompliance.
D. Recommend immediate steps to mitigate the impact of the incident, using specific
examples from the case study to justify how these steps would mitigate the impact.
E. Explain how having an incident response plan in place will benefit Azumer Water, using
details from the case study to support your explanation.
Part II: Risk Assessment and Management
F. Recommend processes to increase information assurance levels within the
organization and bring Azumer Water into compliance with the violated federal
G. Recommend technical solutions to counter the remaining efects of the attack in
the case study and to prevent future attacks.
H. Recommend an organizational structure for IT and security management, including a
logical delineation of roles and adequate coverage of responsibilities, to support the
efficient discovery and mitigation of future incidents.
I. Describe your risk management approach for Azumer Water based on the likelihood,
severity, and impact of the risks in the case study.
J. Acknowledge sources, using APA in-text citations and references, for content that is
quoted, paraphrased, or summarized.
K. Demonstrate professional communication in the content and presentation of your