IS/ IT Risk Management Project: The Young Acorn Foundation Assessment 2022
The Young Acorn Foundation is a tier-2 not-for-profit organization focused on community development in marginalized areas in developing countries. They have a significant fund turnover and are on a health growth trajectory. The assignment requires a case study analysis of the organization.
29 Pages6717 Words25 Views
Added on 2022-09-29
IS/ IT Risk Management Project: The Young Acorn Foundation Assessment 2022
The Young Acorn Foundation is a tier-2 not-for-profit organization focused on community development in marginalized areas in developing countries. They have a significant fund turnover and are on a health growth trajectory. The assignment requires a case study analysis of the organization.
Added on 2022-09-29
ShareRelated Documents
Running head: IS/ IT RISK MANAGEMENT
IS/ IT Risk Management Project: The Young Acorn Foundation
Name of the Student
Name of the University
Author’s Note
IS/ IT Risk Management Project: The Young Acorn Foundation
Name of the Student
Name of the University
Author’s Note
1
IS/ IT RISK MANAGEMENT
Executive Summary
ACORN is a non-profit organization that was looking forward to extend and improve its
CDA or the Child Development Activities. Through the utilization of the Community
Development Program or CDP, the organization has been looking forward to the expansion
and operation of the business amongst the different countries. Through this, the organization
is trying to put forward the employment opportunities of the under-developed people as well
along with the business expansions. The operations would also involve the likelihood of the
competitive environment that the NFP organizations are in right-now, even with the threat of
the competitors. Now, since the area of operations is going to spread throughout different
countries, it is essential to identify that the project might have several risks that need to be
identified and mitigated at the same time. The following will be a detailed and demonstrated
if the project would have several associated risks where the information regarding the
provided project about CDP for ACORN would result into risks for the project. The salient
features about a Risk Mitigation Framework would be used for analysing the impending risks
along with the identification and analysis of the threats and vulnerabilities related to the
technical, operational and managerial risks. It would then continue through an impact
analysis of the threats with quantitative methods, thorough control assessment and likelihood
analysis relating to the critical vulnerabilities, and the understanding of the Legal and the
Regulatory requirement as well as the key environmental factors that have been affecting the
organization. In the end, the recommendations would also be made for the effective risk
mitigation strategies of the identified risks.
IS/ IT RISK MANAGEMENT
Executive Summary
ACORN is a non-profit organization that was looking forward to extend and improve its
CDA or the Child Development Activities. Through the utilization of the Community
Development Program or CDP, the organization has been looking forward to the expansion
and operation of the business amongst the different countries. Through this, the organization
is trying to put forward the employment opportunities of the under-developed people as well
along with the business expansions. The operations would also involve the likelihood of the
competitive environment that the NFP organizations are in right-now, even with the threat of
the competitors. Now, since the area of operations is going to spread throughout different
countries, it is essential to identify that the project might have several risks that need to be
identified and mitigated at the same time. The following will be a detailed and demonstrated
if the project would have several associated risks where the information regarding the
provided project about CDP for ACORN would result into risks for the project. The salient
features about a Risk Mitigation Framework would be used for analysing the impending risks
along with the identification and analysis of the threats and vulnerabilities related to the
technical, operational and managerial risks. It would then continue through an impact
analysis of the threats with quantitative methods, thorough control assessment and likelihood
analysis relating to the critical vulnerabilities, and the understanding of the Legal and the
Regulatory requirement as well as the key environmental factors that have been affecting the
organization. In the end, the recommendations would also be made for the effective risk
mitigation strategies of the identified risks.
2
IS/ IT RISK MANAGEMENT
Table of Contents
1. Introduction............................................................................................................................3
1.1 Background of the Organization......................................................................................3
1.2 Purpose.............................................................................................................................3
1.3 Scope................................................................................................................................4
2. Risk Management...................................................................................................................4
2.1 Risk Assessment...............................................................................................................4
2.1.1 System Characterization - Utilizing the salient features of the Risk Mitigation
Framework ISO/IEC 27001...............................................................................................5
2.1.2 Identification of the threats and vulnerabilities, threats and their impacts to the
Company............................................................................................................................6
2.1.3 Control Analysis measures........................................................................................7
2.1.3 Control Analysis........................................................................................................8
2.1.5 Impact Analysis by Qualitative Methods................................................................10
2.1.6 Risk Determination.................................................................................................12
2.1.7 Control Recommendation.......................................................................................18
2.1.8 Laws and Regulations.............................................................................................18
2.2. Risk Mitigation..............................................................................................................18
2.2.1 Risk Mitigation Analysis and Recommendation.....................................................20
3. Conclusion............................................................................................................................21
References................................................................................................................................23
IS/ IT RISK MANAGEMENT
Table of Contents
1. Introduction............................................................................................................................3
1.1 Background of the Organization......................................................................................3
1.2 Purpose.............................................................................................................................3
1.3 Scope................................................................................................................................4
2. Risk Management...................................................................................................................4
2.1 Risk Assessment...............................................................................................................4
2.1.1 System Characterization - Utilizing the salient features of the Risk Mitigation
Framework ISO/IEC 27001...............................................................................................5
2.1.2 Identification of the threats and vulnerabilities, threats and their impacts to the
Company............................................................................................................................6
2.1.3 Control Analysis measures........................................................................................7
2.1.3 Control Analysis........................................................................................................8
2.1.5 Impact Analysis by Qualitative Methods................................................................10
2.1.6 Risk Determination.................................................................................................12
2.1.7 Control Recommendation.......................................................................................18
2.1.8 Laws and Regulations.............................................................................................18
2.2. Risk Mitigation..............................................................................................................18
2.2.1 Risk Mitigation Analysis and Recommendation.....................................................20
3. Conclusion............................................................................................................................21
References................................................................................................................................23
3
IS/ IT RISK MANAGEMENT
1. Introduction
1.1 Background of the Organization
ACORN or Young Acorn Foundation is a tier 2 NFP organization. They are focused
on the community development within marginalized areas. ACORN is mainly operating in
the Asia and Pacific regions and has a presence in every major city of Australia, Asia and
Pacific countries for successful coordination of community development activities or CDA
and fund-raising campaigns. ACORN even launched a new CDP or community development
program for encouraging the under developed communities in working altogether within a
cooperative model and producing products like natural produce or crafts. They have been
operating in multiple countries, however is following Australian laws. It often becomes
difficult when the employees operating in the host country are needed to divulge confidential
information to the respective authority of the host country, which might be deemed as
incorrect under the laws of Australia.
1.2 Purpose
Risk management can be referred to as the procedure to identify, assess as well as
control different types of threats to the earnings and capital of an organization (Lam 2014).
These distinctive threats and risks can easily and promptly stem from a wider variety of
different sources like financial uncertainties, errors in strategic management, natural
disasters, legal liabilities and many more. A successful risk management plan can easily save
the consideration of several potential risks and threats as well as protection of the future of
that particular company (Hopkin 2018). The reason is that a robust risk management plan is
considered as quite helpful for the organization in establishment of processes and avoiding
potential threats to reduce the impacts efficiently.
IS/ IT RISK MANAGEMENT
1. Introduction
1.1 Background of the Organization
ACORN or Young Acorn Foundation is a tier 2 NFP organization. They are focused
on the community development within marginalized areas. ACORN is mainly operating in
the Asia and Pacific regions and has a presence in every major city of Australia, Asia and
Pacific countries for successful coordination of community development activities or CDA
and fund-raising campaigns. ACORN even launched a new CDP or community development
program for encouraging the under developed communities in working altogether within a
cooperative model and producing products like natural produce or crafts. They have been
operating in multiple countries, however is following Australian laws. It often becomes
difficult when the employees operating in the host country are needed to divulge confidential
information to the respective authority of the host country, which might be deemed as
incorrect under the laws of Australia.
1.2 Purpose
Risk management can be referred to as the procedure to identify, assess as well as
control different types of threats to the earnings and capital of an organization (Lam 2014).
These distinctive threats and risks can easily and promptly stem from a wider variety of
different sources like financial uncertainties, errors in strategic management, natural
disasters, legal liabilities and many more. A successful risk management plan can easily save
the consideration of several potential risks and threats as well as protection of the future of
that particular company (Hopkin 2018). The reason is that a robust risk management plan is
considered as quite helpful for the organization in establishment of processes and avoiding
potential threats to reduce the impacts efficiently.
4
IS/ IT RISK MANAGEMENT
1.3 Scope
It is required to maintain risk management plan for all types of IT or IS assets and
resources in a company. ACORN is a tier 2 not for profit organization and they have included
new aspects and features for their business. This report will be outlining a brief discussion on
the case study of ACORN that will discuss in details about the project that ACORN is taking
up as the CDP. The potential risks according to the Risk Mitigation Framework of ISO/IEC
27001 would be considered in this cane along with the segregation of the risks according to
the technical, operational and managerial aspects. The risk mitigation strategies would also be
identified along with the recommendations that the organizations would most likely be taking
up for having a solution to all the impending risks.
2. Risk Management
2.1 Risk Assessment
The primary problem that has been concerning ACORN has been the new Community
Development Program or CDP that ACORN is trying to achieve. This is going to aim at the
encouragement of the under-developed communities such that they can come forward and
work together for achieving a cooperative model. This was also because, with this
collaboration, the organization wanted to enable the manufacturing of certain products as
well as put forward the encouragement of the under-developed people. The program was
unique and it was operating for multiple countries. Therefore, as per the countries where the
project and the organization would operate in, there would be legislative variances for the
operations as well. The market is competitive enough in this particular area where NFPs are
trying to innovate strategies to bring forth the people who are less privileged in the society.
IS/ IT RISK MANAGEMENT
1.3 Scope
It is required to maintain risk management plan for all types of IT or IS assets and
resources in a company. ACORN is a tier 2 not for profit organization and they have included
new aspects and features for their business. This report will be outlining a brief discussion on
the case study of ACORN that will discuss in details about the project that ACORN is taking
up as the CDP. The potential risks according to the Risk Mitigation Framework of ISO/IEC
27001 would be considered in this cane along with the segregation of the risks according to
the technical, operational and managerial aspects. The risk mitigation strategies would also be
identified along with the recommendations that the organizations would most likely be taking
up for having a solution to all the impending risks.
2. Risk Management
2.1 Risk Assessment
The primary problem that has been concerning ACORN has been the new Community
Development Program or CDP that ACORN is trying to achieve. This is going to aim at the
encouragement of the under-developed communities such that they can come forward and
work together for achieving a cooperative model. This was also because, with this
collaboration, the organization wanted to enable the manufacturing of certain products as
well as put forward the encouragement of the under-developed people. The program was
unique and it was operating for multiple countries. Therefore, as per the countries where the
project and the organization would operate in, there would be legislative variances for the
operations as well. The market is competitive enough in this particular area where NFPs are
trying to innovate strategies to bring forth the people who are less privileged in the society.
5
IS/ IT RISK MANAGEMENT
2.1.1 System Characterization - Utilizing the salient features of the Risk Mitigation
Framework ISO/IEC 27001
This particular Risk Mitigation framework has several features that is used for
developing the risk mitigation strategies for the Information Security Management System or
ISMS that involves the procedures to analyse the legal, technical and physical controls during
the risk management process for an organization (Sweeting 2017). In the case for the
ACORN organization as well, there are several forms of the framework that would be
followed for the identification and the approach towards the risk mitigation plan, beginning
with the following:
Providing the definition for a security policy
Defining the scope for the ISMS utility in the CDP project
Conducting the risk assessment and the management of the identified risks
Selection of the Control Objectives that need to be implemented
Preparation of the statement of applicability
There are several features of the framework that need to be addressed in this case as
well, continuing with the sections including the following features:
Assessing the risk
Maintaining the security policy
IS for the organization
Management of asset
Securing the Human Resource
Ensuring the physical and environmental security during the CDP
Access Control
Acquisition of the information security
IS/ IT RISK MANAGEMENT
2.1.1 System Characterization - Utilizing the salient features of the Risk Mitigation
Framework ISO/IEC 27001
This particular Risk Mitigation framework has several features that is used for
developing the risk mitigation strategies for the Information Security Management System or
ISMS that involves the procedures to analyse the legal, technical and physical controls during
the risk management process for an organization (Sweeting 2017). In the case for the
ACORN organization as well, there are several forms of the framework that would be
followed for the identification and the approach towards the risk mitigation plan, beginning
with the following:
Providing the definition for a security policy
Defining the scope for the ISMS utility in the CDP project
Conducting the risk assessment and the management of the identified risks
Selection of the Control Objectives that need to be implemented
Preparation of the statement of applicability
There are several features of the framework that need to be addressed in this case as
well, continuing with the sections including the following features:
Assessing the risk
Maintaining the security policy
IS for the organization
Management of asset
Securing the Human Resource
Ensuring the physical and environmental security during the CDP
Access Control
Acquisition of the information security
End of preview
Want to access all the pages? Upload your documents or become a member.
Related Documents
Cyber and Digital Risklg...
|11
|3145
|1
Report on Risk and Threat to Caduceuslg...
|25
|5698
|242
Sales Projection: Risk Management, Time Management, Implementationlg...
|19
|5015
|70
Risk Management Strategy for Westpac Banklg...
|16
|3773
|434
Network security Assignment PDFlg...
|25
|1745
|28
Manage Risk Assessment Tasklg...
|9
|1537
|85