EEGR483 SPRING 2022 Project 3 You are a candidate for hire by Morgan State University Information Technology Department
Posted: Wed Apr 27, 2022 3:10 pm
EEGR483 SPRING 2022 Project 3
You are a candidate for hire by Morgan State University
Information Technology Department as a Cybersecurity Risk Manager.
They have asked you to submit a White Paper on the Cyber Risk to
the Registrar’s operation. You are to follow the NIST 800-30 Risk
Assessment Guide to accomplish this assessment illustrated by the
figure1 below.
1. Begin your analysis with an explanation of the three tiers of
the organization wide assessment as shown in figure 2. (25
Points)
2. Limit your assessment to two possible scenarios: Penetration
of the system by a phishing attack and Penetration of the system
from another MSU domain. Use the NIST model shown below to assess
the cybersecurity risks. Follow each of the above scenario using
the model shown below in figure 3. (25 Points)
3. Perform the risk assessment using the process from figure 4
below. (25 Points)
4. Complete your work by addressing how the elements of figure 1
would operate to provide continuous Risk Management. (25 Points)
Make general assumptions about the sensitive data and processes
involved in the registrar’s office such as posting grades, creating
transcripts, degree completion. Compile a report to the MSU Chief
Information Officer that organizes and presents the material. It
should demonstrate your understanding of Cybersecurity Risk
Management.
ASSESS Information and Communications Flows Information and Communications Flows FRAME MONITOR RESPOND FIGURE 1: RISK MANAGEMENT PROCESS
STRATEGIC RISK - Traceability and Transparency of Risk-Based Decisions - Organization-Wide Risk Awareness TIER1 ORGANIZATION - Inter-Tier and Intra-Tier Communications - Feedback Loop for Continuous Improvement TIER2 MISSION / BUSINESS PROCESSES TIER 3 INFORMATION SYSTEMS TACTICAL RISK FIGURE 2: MULTITIERED ORGANIZATION-WIDE RISK MANAGEMENT
Threat Source initiates Threat Event exploits Vulnerability causing Adverse Impact with with Likelihood of Success with Degree with Likelihood of Characteristics Initiation (eg, Capability. Intent, and Targeting for Adversanal Threats) with Sequence of actions, activities or scenarios with Severity In the context of with Risk as a combination of Impact and Likelihood Predisposing Conditions producing with Pervasiveness Inputs from Risk Framing Step (Risk Management Strategy or Approach) Influencing and Potentially Modifying Key Risk Factors Security Controls Planned Implemented ORGANIZATIONAL RISK To organizational operations (mission, functions, image, reputation), organizational assets, individuals, other organizations, and the Nation with Effectiveness FIGURE 3: GENERIC RISK MODEL WITH KEY RISK FACTORS
Step 1: Prepare for Assessment Derived from Organizational Risk Frame Step 2: Conduct Assessment Expanded Task View Identify Threat Sources and Events Identify Vulnerabilities and Predisposing Conditions Step 3: Communicate Results Step 4: Maintain Assessment Determine Likelihood of Occurrence Determine Magnitude of Impact Determine Risk
You are a candidate for hire by Morgan State University
Information Technology Department as a Cybersecurity Risk Manager.
They have asked you to submit a White Paper on the Cyber Risk to
the Registrar’s operation. You are to follow the NIST 800-30 Risk
Assessment Guide to accomplish this assessment illustrated by the
figure1 below.
- Eegr483 Spring 2022 Project 3 You Are A Candidate For Hire By Morgan State University Information Technology Department 1 (54.27 KiB) Viewed 36 times
the organization wide assessment as shown in figure 2. (25
Points)
- Eegr483 Spring 2022 Project 3 You Are A Candidate For Hire By Morgan State University Information Technology Department 2 (66.95 KiB) Viewed 36 times
of the system by a phishing attack and Penetration of the system
from another MSU domain. Use the NIST model shown below to assess
the cybersecurity risks. Follow each of the above scenario using
the model shown below in figure 3. (25 Points)
- Eegr483 Spring 2022 Project 3 You Are A Candidate For Hire By Morgan State University Information Technology Department 3 (503.6 KiB) Viewed 36 times
below. (25 Points)
- Eegr483 Spring 2022 Project 3 You Are A Candidate For Hire By Morgan State University Information Technology Department 4 (177.28 KiB) Viewed 36 times
would operate to provide continuous Risk Management. (25 Points)
Make general assumptions about the sensitive data and processes
involved in the registrar’s office such as posting grades, creating
transcripts, degree completion. Compile a report to the MSU Chief
Information Officer that organizes and presents the material. It
should demonstrate your understanding of Cybersecurity Risk
Management.
ASSESS Information and Communications Flows Information and Communications Flows FRAME MONITOR RESPOND FIGURE 1: RISK MANAGEMENT PROCESS
STRATEGIC RISK - Traceability and Transparency of Risk-Based Decisions - Organization-Wide Risk Awareness TIER1 ORGANIZATION - Inter-Tier and Intra-Tier Communications - Feedback Loop for Continuous Improvement TIER2 MISSION / BUSINESS PROCESSES TIER 3 INFORMATION SYSTEMS TACTICAL RISK FIGURE 2: MULTITIERED ORGANIZATION-WIDE RISK MANAGEMENT
Threat Source initiates Threat Event exploits Vulnerability causing Adverse Impact with with Likelihood of Success with Degree with Likelihood of Characteristics Initiation (eg, Capability. Intent, and Targeting for Adversanal Threats) with Sequence of actions, activities or scenarios with Severity In the context of with Risk as a combination of Impact and Likelihood Predisposing Conditions producing with Pervasiveness Inputs from Risk Framing Step (Risk Management Strategy or Approach) Influencing and Potentially Modifying Key Risk Factors Security Controls Planned Implemented ORGANIZATIONAL RISK To organizational operations (mission, functions, image, reputation), organizational assets, individuals, other organizations, and the Nation with Effectiveness FIGURE 3: GENERIC RISK MODEL WITH KEY RISK FACTORS
Step 1: Prepare for Assessment Derived from Organizational Risk Frame Step 2: Conduct Assessment Expanded Task View Identify Threat Sources and Events Identify Vulnerabilities and Predisposing Conditions Step 3: Communicate Results Step 4: Maintain Assessment Determine Likelihood of Occurrence Determine Magnitude of Impact Determine Risk