Overview
In today’s world, you are surrounded by technology at school, work, home and even on the go. Have you ever thought about the risks you face from your use of technology and how you could/should implement solutions to reduce your greatest risks?
Task
Your assignment is to perform a cybersecurity risk assessment of yourself–of your personal exposure to technology (hint…not just devices). For this assignment, I recommend you use a risk framework, such as risk scenario as discussed in our readings. Another framework to use could be the NIST Cybersecurity Risk Assessment Process (Links to an external site.) (NIST 800-30r1).
Your paper should be 4-5 pages and use the formatting guidelines described in Module 1. Your assessment can include diagrams and or risk matrix charts to help explain the findings, but should not be considered part of the 4-5 pages. Please refer to the Personal Technology Risk Assessment Template download to structure your paper. Use this as an outline for your paper.
Your paper should include the following elements:
Part 1 (25 points)
- The first step is to establish what is in scope for the security assessment; an inventory of your personal technology footprint. What technology do you use in your life? Please do not include any personal or confidential information in this inventory
- Definition and documentation of your personal risk appetite
Part 2 (50 points)
- Identify threat sources that are relevant to your personal technology use
- Identify threat events that could be produced by those sources
- Identify vulnerabilities within your personal technology footprint that could be exploited by threat sources through specific threat events
- Determine the likelihood that the identified threat sources would cause specific threat events and the likelihood that the threat events would be successful
- Determine the adverse impacts to you resulting from the exploitation of vulnerabilities by threat sources (through specific threat events)
- Determine information security risks as a combination of likelihood of threat exploitation of vulnerabilities and the impact of such exploitation
Part 3 (25 points)
- Identification of at least three improvements you would recommend for your personal technology use based on the risk assessment you performed and why you chose these three improvements.
Rubric
Personal Technology Risk Assessment
| Criteria | Ratings | Pts | |
|---|---|---|---|
|
This criterion is linked to a Learning OutcomeDescribes a sufficient, if not complete, inventory of your personal technology footprintPlease do not include any personal or confidential information in this inventory |
15 pts |
||
|
This criterion is linked to a Learning OutcomeDefines and documents personal risk appetite |
10 pts |
||
|
This criterion is linked to a Learning OutcomeIdentifies threat sources and threat events |
10 pts |
||
|
This criterion is linked to a Learning OutcomeIdentifies exploitable vulnerabilitiesIdentify vulnerabilities within your personal technology footprint that could be exploited by threat sources through specific threat events |
10 pts |
||
|
This criterion is linked to a Learning OutcomeLikelihood of successful threat events describesDetermine the likelihood that the identified threat sources would cause specific threat events and the likelihood that the threat events would be successful |
10 pts |
||
|
This criterion is linked to a Learning OutcomeProvides potential adverse impacts of threat eventDetermine the adverse impacts to you resulting from the exploitation of vulnerabilities by threat sources (through specific threat events) |
10 pts |
||
|
This criterion is linked to a Learning OutcomeDescribes risks of threat events as combination of likelihood and impactDetermine information security risks as a combination of likelihood of threat exploitation of vulnerabilities and the impact of such exploitation |
10 pts |
||
|
This criterion is linked to a Learning OutcomeDescribes recommended improvements and whyIdentification of at least three improvements you would recommend for your personal technology use based on the risk assessment you performed and why you chose these three improvements |
25 pts |
||
|
Total Points: 100 |
|||
0 comments