CIS 333 WK 8 Assignment 2 – Identifying Potential Risk, Response and Recovery
In Assignment 1: Identifying Potential Malicious Attacks, Threats, and Vulnerabilities, you were recently
hired as an Information Security Engineer for a videogame development company. After viewing a
growing number of reports detailing malicious activity, the CIO requested you identify and draft a report
identifying potential malicious attacks, threats, and vulnerabilities specific to your organization. He asked
you to include a brief explanation of each item and the potential impact it could have on the organization.
After review of your report, the CIO requests that you develop a follow-up plan developing a strategy for
dealing with all risks (i.e., risk mitigation, risk assignment, risk acceptance, or risk avoidance) identified in
Assignment 1. Further, your plan should identify controls (i.e., administrative, preventative, detective, and
corrective) that will be used to mitigate each risk previously identified.
Write a four to five (4-5) page paper in which you:
1. For each malicious attack and threat identified in Assignment 1, choose a strategy for dealing
with the risk (i.e., risk mitigation, risk assignment, risk acceptance, or risk avoidance).
2. For each malicious attack and threat identified in Assignment 1, develop controls (i.e.,
administrative, preventative, detective, and corrective) that will be used to mitigate each risk.
3. For each vulnerability identified in Assignment 1, choose a strategy for dealing with the risk (i.e.,
risk mitigation, risk assignment, risk acceptance, or risk avoidance).
4. For each vulnerability identified in Assignment 1, develop controls (i.e., administrative,
preventative, detective, and corrective) that will be used to mitigate each risk.