I need major help with my risk assessment, based on the provided scenario inform

Question

I need major help with my risk assessment, based on the provided scenario information, include an analysis of the security risks in the areas listed below. Never don this before and I am lost.

I have been hired as a consultant to conduct a comprehensive risk assessment and provide a risk assessment and mitigation report for an airport.

The airport has four different organizations:

Airport authority

Four flight service providers (four airlines)

Airport restaurant

Guest

Security and Business Processes. Summarize the impact of confidentiality, integrity, availability, and privacy on business processes.

Legal, Regulatory, Ethical, and Social Issues. Discuss key ethical, social, and legal issues related to IT security. Identify at least three laws or regulations that pertain to the organization.

Viruses and Malicious Software. Identify how the organization detects, controls, and prevents viruses and other malicious software.

Web Server Security Strategies. Assess the usage of browsers, cryptographic posture, and server and protocol securities such as IPsec, SSL, and VPN.

External Threats. Analyze necessary firewalls, intrusion detection, and intrusion prevention systems.

Explanation / Answer

According to my knowledge.

The airport authority maintains a system that handles the flight management controls. This system is made up of a database server, an application server, and
a web server.
The four flight service providers have only back-end access to their own dedicated server in the airport authority network and not to any other provider’s
back-end systems. Each flight service provider has a system made up of a database server, an application server, and a web server that allows patrons to
reserve and purchase tickets.
The restaurant provides food for both airport employees as well as travelers. The restaurant’s systems are used to maintain customer transactions, human
resource functions (payroll and benefits information), and vendor ordering.
Guest users have wireless access to a high-speed internet connection, which is also shared among all the users in all organizations.
The wireless access uses a common password. Guest users should not have access to the other organizations within the airport. The users obtain IP addresses
automatically. The airport authority has 27 users, and the flight service providers have 85 users. The maximum number of guests is estimated to be 100.

Software updates that address security vulnerabilities are assessed by the airport security team. The team verifies whether the vulnerability is applicable to
their environment. If it is, they analyze the circumstances under which vulnerabilities could be exploited and the possible business impact on organizational
assets and business continuity.
After the evaluations are complete, the security team works with the configuration management administrator to manage software updates. The administrator reviews the security team’s list of critical security updates and runs a report to see how many computers on the network are potentially vulnerable to the
exploit addressed in the security update.
The organization has a content-filtering firewall in place; however, there are currently no filtering rules. There has been some discussion in the past to mitigate
this, but the organization is looking for recommendations on how this should be configured.
Critical Elements: Your 8- to 10-page risk assessment and mitigation strategy must include the following critical elements:
1. Team Information
a. Identification of all stakeholders.
b. Job Description. Create a job description for the chief security officer the airport plans to hire. Include desired qualifications and experiences,
as well as responsibilities and daily tasks.
c. Security Certification Recommendations. Recommend certifications for the current IT staff. Provide a brief rational for your recommendations.
2. Risk Assessment
As part of your risk assessment, based on the provided scenario information, include an analysis of the security risks in the areas listed below.
a. Security and Business Processes. Summarize the impact of confidentiality, integrity, availability, and privacy on business processes.
b. Legal, Regulatory, Ethical, and Social Issues. Discuss key ethical, social, and legal issues related to IT security. Identify at least three laws or
regulations that pertain to the organization.
c. Viruses and Malicious Software. Identify how the organization detects, controls, and prevents viruses and other malicious software.
d. Web Server Security Strategies. Assess the usage of browsers, cryptographic posture, and server and protocol securities such as IPsec, SSL,
and VPN.
e. External Threats. Analyze necessary firewalls, intrusion detection, and intrusion prevention systems.
The results of the risk assessment will guide the development of the company’s risk mitigation strategy.

3. Mitigation Strategy
As a result of the items identified in the risk assessment, develop a mitigation strategy that addresses the security risks outlined in the risk assessment.
As part of your strategy, address the following:
a. Employee Guidelines. Develop guidelines to share with employees. The guidelines should summarize the proposed approach to confidentiality, integrity, availability, and privacy.
b. Legal, Regulatory, Ethical, and Social Issues. Provide a detailed explanation of how the IT department will mitigate identified ethical, social, or
legal issues. Be sure to address legal or regulatory gaps.
c. Viruses and Malicious Software. Describe new approaches for the detection, control, and prevention of viruses and other malicious software.
d. Web Server Security Strategies. Detail necessary changes to the websites, browser settings, and remote access.
e. External Threats. Develop a comprehensive plan to address risks from external threats.
4. References
Your paper should include a reference page in APA format with 8 to 10 sources that extend on the information presented in Security Pro. References
should include professional journals and publications.

Milestones

Milestone One: Initial Security Planning Report
In task 3-3, you will submit the initial security planning report that provides an initial foundation for your final risk assessment and mitigation strategy. This
milestone will be graded with the Milestone One Rubric.
Milestone Two: Draft of Risk Assessment and Mitigation Strategy
In task 5-3, you will submit a risk assessment and mitigation strategy draft that includes the critical elements for the final report. Although there is no rubric
specific to the grading of this milestone, points and feedback will reflect the elements included in the Final Project Rubric (below).
Final Project Submission: Risk Assessment and Mitigation Strategy
In task 7-3, you will submit your final risk assessment and mitigation strategy for the provided scenario. It should be a complete, polished artifact containing
all of the critical elements of the final product. It should reflect the incorporation of feedback gained throughout the course. This will be graded with the
Final Project Rubric (below).

Final Project Rubric

Format: Written components of projects must follow these formatting guidelines when applicable: double spacing, 12-point Times New Roman font, one-inch
margins, and citations in APA format. The report should be 8–10 pages in length, not including cover page and resources.
Instructor feedback: Students can find their feedback in the Grade Center.
Critical Elements
Team Information:
Identification of All
Stockholders

Team Information:
Job Description

Team Information:
Security
Certification
Recommendations

Risk Assessment:
Security and
Business Processes
Risk Assessment:
Legal, Regulatory,
Ethical, and Social
Issues

Exemplary
Provides an accurate
identification of the key
stakeholders and explains the
vested interest of each
stakeholder
(5)
Provides a complete and accurate job description for the chief
security officer position that is
tailored to the specific needs of
the company
(5)
Recommends appropriate
security certifications for airport
IT staff and provides a thorough
explanation for the
recommendations, exploring the
pros and cons of alternate
certifications
(6)
Provides a thorough, detailed
assessment of the risks related
to security and business
processes
(8)
Provides an accurate description
of the key legal, regulatory,
ethical, and social issues related
to IT security and supports ideas
by citing specific laws
(6)

Proficient
Provides an accurate
identification of the key
stakeholders

Needs Improvement
Identifies the key stakeholders
but lacks specific details or some
stakeholders are misidentified

Not Evident
Does not identify stakeholders

(4.25)
Provides an accurate job description for the chief security officer
position that includes all required elements

(2.75)
Provides a job description for the
chief security officer position,
but some elements are missing
or lack specificity

(0)
Does not provide a job
description for the chief security
officer position

(4.25)
Recommends appropriate
security certifications for airport
IT staff and provides an accurate
explanation for the
recommendations

(2.75)
Recommends appropriate
security certifications for airport
IT staff but does not provide an
accurate or complete
explanation for the
recommendations

(0)
Does not recommend
appropriate security
certifications for airport IT staff

(5.1)
Provides an accurate assessment
of the risks related to security
and businesses processes

(0)
Does not provide an assessment
of the risks related to security
and business processes

(6.8)
Provides an accurate description
of the key legal, regulatory,
ethical, and social issues related
to IT security

(3.3)
Provides a cursory or incomplete
assessment of the risks related
to security and business
processes
(4.4)
Includes the key legal,
regulatory, ethical, and social
issues related to IT security but
lacks specific details

(5.1)

(3.3)

(0)

(0)
Does not include the key legal,
regulatory, ethical, and social
issues related to IT security

Value
5

5

6

8

6

Risk Assessment:
Viruses and
Malicious Software
Risk Assessment:
Web Server
Security Strategies
Risk Assessment:
External Threats
Mitigation Strategy:
Employee
Guidelines

Mitigation Strategy:
Legal, Regulatory,
Ethical, and Social
Issues
Mitigation Strategy:
Viruses and
Malicious Software

Mitigation Strategy:
Web Server
Security Strategies

Provides a thorough, detailed
assessment of the risks related
to viruses and malicious
software
(6)
Provides a thorough, detailed
assessment of the risks related
to web and wireless
technologies and protocols
(6)
Provides a thorough, detailed
assessment of the risks related
to external threats
(6)
Effectively summarizes proposed
employee guidelines for all identified issues related to confidentiality, integrity, availability, and
privacy

Provides an accurate assessment
of the risks related to viruses and
malicious software

(8)
Recommends a well-developed
mitigation strategy that
effectively addresses all
identified legal, regulatory,
ethical, and social issues
(8)
Recommends a well-developed
mitigation strategy that
effectively addresses all
identified risks related to viruses
and malicious software
(8)
Recommends a well-developed
mitigation strategy that
effectively addresses all
identified risks related to web
and wireless technologies and
protocols
(8)

(6.8)
Recommends a mitigation
strategy that effectively
addresses most of the identified
legal, regulatory, ethical, and
social issues
(6.8)
Recommends a mitigation
strategy that effectively
addresses most of the identified
risks related to viruses and
malicious software
(6.8)
Recommends a mitigation
strategy that effectively
addresses most of the identified
risks related to web and wireless
technologies and protocols

(5.1)
Provides an accurate assessment
of the risks related to web and
wireless technologies and
protocols
(5.1)
Provides an accurate assessment
of the risks related to external
threats
(5.1)
Summarizes proposed employee
guidelines for most identified issues related to confidentiality,
integrity, availability, and privacy

(6.8)

Provides a cursory or incomplete
assessment of the risks related
to viruses and malicious
software
(3.3)
Provides a cursory or incomplete
assessment of the risks related
to web and wireless
technologies and protocols
(3.3)
Provides a cursory or incomplete
assessment of the risks related
to external threats
(3.3)
Provides an incomplete or
cursory summary of proposed
employee guidelines for
identified issues related to
confidentiality, integrity,
availability, and privacy
(4.4)
Recommends an incomplete or
cursory mitigation strategy for
identified legal, regulatory,
ethical, and social issues

Does not provide an assessment
of the risks related to viruses and
malicious software

(4.4)
Recommends an incomplete or
cursory mitigation strategy for
identified risks related to viruses
and malicious software

(0)
Does not recommend a
mitigation strategy for identified
risks related to viruses and
malicious software

(4.4)
Recommends an incomplete or
cursory mitigation strategy for
identified risks related to web
and wireless technologies and
protocols

(0)
Does not recommend a
mitigation strategy for identified
risks related to web and wireless
technologies and protocols

(4.4)

(0)

(0)
Does not provide an assessment
of the risks related to web and
wireless technologies and
protocols
(0)
Does not provide an assessment
of the risks related to external
threats
(0)
Does not provide employee
guidelines for issues related to
confidentiality, integrity,
availability, and privacy
(0)
Does not recommend a
mitigation strategy for identified
legal, regulatory, ethical, and
social issues

6

6

6

8

8

8

8

Mitigation Strategy:
External Threats

References

Articulation of
Response

Recommends a well-developed
mitigation strategy that
effectively addresses all
identified external threats
(8)
Provides varied and appropriate
references that meet all project
requirements, including APA
formatting
(6)
Submission is free of errors
related to citations, grammar,
spelling, syntax, and organization
and is presented in a
professional and easy to read
format
(6)

Recommends a mitigation
strategy that effectively
addresses most identified
external threats
(6.8)
Provides appropriate references
that generally meet project
requirements, including APA
formatting
(5.1)
Submission has no major errors
related to citations, grammar,
spelling, syntax, or organization

(5.1)

Recommends an incomplete or
cursory mitigation strategy for
identified external threats

Does not recommend a
mitigation strategy for external
threats

(4.4)
Provides references that are
inappropriate or do not
adequately meet project
requirements
(3.3)
Submission has major errors
related to citations, grammar,
spelling, syntax, or organization
that negatively impact
readability and articulation of
main ideas
(3.3)

(0)
Does not include references as
specified in the project
requirements
(0)
Submission has critical errors
related to citations, grammar,
spelling, syntax, or organization
that prevent understanding of
ideas

8

6

6

(0)
Earned Total

100%

Related Questions

Navigate

• Browse (All)
• Browse I
• Subjects