Part I – Answer the module review questions listed below. These questions were chosen to demonstrate your understanding and help you assess your progress. 

1. What is risk management? Why is identification of risks, by listing assets and their vulnerabilities, so important to the risk management process? 
2. What are the strategies from controlling risk as described in this chapter? 
3. What is a Cost Benefit Analysis?
4. If an organization has three information assets to evaluate for risk management as shown in the accompanying data, which vulnerability should be evaluated for additional controls first? Which one should be evaluated last?

Part II – Suppose XYZ Software Company has a new application development project with project revenues of $1,200,000. Using the following table, calculate ARO and ALE for each threat category that XYZ Software Company faces for this project. TABLE IN ATTATCHMENT!!!

Part 3:

Your organization is considering a new project that would involve developing a Human Resource Management System. The proposed system would allow employees to access and maintain their personal and tax-related information. The main benefits of the system would be a reduction in human resources personnel and more accurate information.

Identify five potential risks for this project. Make sure that you list both positive and negative risks. Provide a detailed description of each risk and propose strategies for addressing each risk.

Part 4: s you learn about information security, it is important that you put what you learn to practice. An information security manager should be able to put together an information security plan. The information security plan establishes and states the policies governing IT standards and practices. These policies define the organization’s objectives for managing operations and controlling activities, and represent the plans or protocols for achieving and maintaining internal control over information systems as well as compliance with the requirements imposed. In general, an information security plan covers several security areas such as access control, security policies, risk management, business continuity, etc.

Starting with this module, and for the next few modules, you will create a component of an information security plan each week. At the end of this project, you will combine those components to create your completed information security plan. The plan is:

• Module 3: Risk Management Plan
• Module 4: Security Policy Plan
• Module 5: Access Control Policy
• Module 7: Physical Security Policy
• Module 8: Implementation Plan and Complete Information Security Plan

You are expected to use the assigned text and conduct research to be able to respond effectively to your weekly deliverables. You may use the Information Security Plan Template (.docx) to assist with completing each component of the plan. Additionally, separate templates will be provided for each component. 

***This week, you will create a Risk Management Plan based on the following case:

You are an information systems security manager in a small airport and you were asked to conduct a security threat risk assessment for the airport’s web site and applications’ infrastructure. The airport has apparent weaknesses in its system of controls. Your predecessor did not have a security management plan in place because he was not sure which threats to address and in what order because he did not have a good handle on the information systems assets nor their value. You were asked to create a Security Threat Risk Assessment Plan. Use the Risk Management Template(.docx) to create your Risk Management Plan. The template is already populated with a lot of information to help you. Modify the template as appropriate for your project. Make sure to include the following in your plan: 

1. A list of assets and their values. Describe the assets within the scope of your assessment. (Asset, category, value, controls in place, etc.). Your table should include at minimum 6 assets.
2. A Threat Assessment Table (Assets/Likelihood/Gravity)
3. Recommendations based on your findings. (High Risk Areas)

Part 4:: Answer the Module Review Questions listed below. These questions were chosen to demonstrate your understanding and help you assess your progress.

1. Describe what is meant by Synthesis”. How do the function of analysis, synthesis, and evaluation relate to each other?
2. What is a model? Identify some of the basic characteristics of a model. List some of the benefits associated with the use of mathematical models in system analysis, what are some of the concerns?
3. What is meant by sensitivity analysis? What are some of the objectives of performing sensitivity analysis? What are some of the benefits?
4. How is a system validated in terms of compliance with the initially specified requirements?

Part 5: Module Practice: Select a system of your choice and develop a comprehensive outline for a test

and evaluation plan. Identify the categories of test, and describe the inputs and outputs of each category. 

 Part 6: Discuss the challenges associated with the day-to-day design process that must be addressed for successful implementation of the system engineering process.

Part 7: Research the following key terms:

1. System Testing
2. Software Testing
3. Systems Disposal

Find a journal publication pertaining to the subject, and write a 2 page APA format report, summarizing the paper. Make sure to include references. The last section of your paper should be titled Author Reflection.” This last section should be reflection on why you have selected that particular publication and your critique of the publication examined.