[Recommended] Quantitative Risk Assessment Justifying
The purpose of this assignment is to identify an appropriate information security (InfoSec) governance program for a company, using a quantitative risk assessment to justify the investment in the program and an executive summary to concisely present findings.
Using the case study company selected for the Topic 1 assignment, write a paper (1,250-1,500 words) that recommends and justifies a particular InfoSec governance to C-suite (executive-level) management.
Be sure to include the following:
Description of an InfoSec governance program appropriate for the selected company.
- Recommend a governance program.
- Describe the security strategy used.
- Explain the risk management methodology.
- Identify security policies.
- Identify how ethics plays a role in the InfoSec governance program.
Explanation of a quantitative risk assessment justifying investments in information security. Include a cost-benefit analysis using the annual loss expectancy.
Description of findings in the form of an executive summary (150-200 words).
Include at least three academic references for this assignment.
Prepare this assignment according to the guidelines found in the APA Style Guide, located in the Student Success Center. An abstract is not required.