For each of the three (3) or more malicious attacks and / or threats that you identified in
Assignment 1, choose a strategy for addressing the associated risk (i.e., risk mitigation, risk
assignment, risk acceptance, or risk avoidance). Explain your rationale.
For each of the three (3) or more malicious attacks and / or threats identified in Assignment 1,
develop potential controls (i.e., administrative, preventative, detective, and corrective) that the
company could use to mitigate each associated risk.
Explain in detail why you believe the risk management, control identification, and selection
processes are so important, specifically in this organization.
Draft a one (1) page Executive Summary that details your strategies and recommendations to
the CIO (Note: The Executive Summary is included in the assignment’s length requirements).
Use at least three (3) quality resources in this assignment (no more than two to three [2-3]
years old) from material outside the textbook. Note: Wikipedia and similar Websites do not
qualify as quality resources.
Your assignment must follow these formatting requirements:
Be typed, double spaced, using Times New Roman font (size 12), with one-inch margins on all
sides; references must follow APA or school-specific format. Check with your professor for any
additional instructions.
Include a cover page containing the title of the assignment, the student’s name, the professor’s
name, the course title, and the date. The cover page and the reference page are not included in
the required page length.
The specific course learning outcomes associated with this assignment are:
Explain the concepts of information systems security as applied to an IT infrastructure.
Describe the principles of risk management, common response techniques, and issues related
to recovery of IT systems.
Describe how malicious attacks, threats, and vulnerabilities impact an IT infrastructure.
Explain the means attackers use to compromise systems and networks, and defenses used by
organizations.