Solved by verified expert:The objective of the research project is to develop an Information Asset Risk Assessment Report for an organization of your choosing. ***I will let you choose the organization base on what you feel comfortable writing on***. The analysis should be conducted using only publicly available information (that is, information obtainable on the Internet, company reports, news reports, journal articles, etc.) The risk analysis should consider legitimate, known threats that pertain to the subject organization. Based on the information gathered, presumed vulnerabilities of the company or organization’s computing and networking infrastructure will be identified. Then, based on the identified threats and vulnerabilities, you will describe the risk profile for the subject organization and suggest recommendations to mitigate the risks.*****Whomever I decide will write this proposal should also keep in mind i will need them to also write the paper down the line. I will compensate 30$ for the proposal and 60$ for the paper itself. I will need the proposal by the end of this week 2/23/2018. The paper which will be reposted separately once I receive approval from my professor. 3/16/2018. *********What I need by the end of the week.Prior to writing your report, you must submit a short (a page and half) Project Proposal, indicating the name and relevant aspect(s) of the organization you intend to use as a subject for your report. The proposal must be accompanied by an annotated bibliography. The project proposal should be a page and half (double spaced) description of the organization that you propose to analyze, with a summary of the scope (e.g., entire organization, key business area, major system, etc.) for the risk assessment you are expected to conduct. The proposal should identify the subject organization with a brief explanation of why you chose the subject for this assignment. The proposal should also describe the research methods to be used and anticipated sources of research information sources. The annotated bibliography will consist of 100-250 words per article, that describe the main ideas of the article, a discussion of the usefulness of such an article in understanding various aspects of you report, and other comments you might have after reading the article. For each article, there should be a complete reference in APA format. Your Annotated Bibliography will then form the basis of the sources for your report. I am attaching a an example of what I EXPECT BY THE END OF THE WEEK for which organization you choose to write on. Please run the organizations by me prior to starting the assignment.
nfl_sample_abstract_and_annotated_bibliography.doc
Unformatted Attachment Preview
Risk Assessment
1
Running Head: RISK ASSESSMENT ON THE NATIONAL FOOTBALL LEAGUE
Risk Assessment on National Football League
Student Name
University
Risk Assessment
2
Abstract
The National Football League (NFL) is the largest and most prestigious professional
American football league. It was formed by eleven teams in 1920 as the American
Professional Football Association and adopted the name National Football League in
1922. The league currently consists of thirty two from U.S. cities and regions, divided
evenly into two conferences (AFC and NFC), with four, four-team divisions. The NFL
has the highest per-game attendance of any domestic professional sports league in the
world, drawing over 67,000 spectators per game in 2006.
The scope of this risk assessment will focus on the entire organization from the many
venues (or stadiums) where NFL games are played (to include venues outside of the
United States), to merchandising and licensing, electronic commerce, team operations (i.e.
ticket sales). The intent is to attempt a holistic view of the organization and then select
several key areas for assessment. An example for assessment could be NFL which
stadiums are a major system make up the organizational infrastructure. NFL stadiums are
also exposed to various risks like the recent fires in San Diego, CA. Qualcomm Stadium
which hosts the San Diego Chargers is currently being used to house evacuees from the
devastating fires that are currently taking place there.
My anticipated research method will be the Internet and the source of research
information will include corporate and federal security organizations (i.e. NIST, SANS,
Symantec, etc.), periodicals, journals, and magazines as well as the NFL and other
professional sports leagues (i.e. Major League Baseball, The National Basketball League,
The National Hockey League, etc.) .
Risk Assessment
3
Annotated Bibliography:
Garfinkel, S., Spafford, G. – 2nd Ed. “Web Security, Privacy and Commerce”
(Sebastolpol, CA: OReilly and Associates, 2002).
This book covers the fundamentals of web security, but is not designed to be a primer on
computer security, operating systems or the Internet. This is a book about how to enhance
security, privacy and commerce on the Internet. Information is aimed at three distinct but
related audiences: the ordinary users of the Internet, the individuals who operate the
Internet’s infrastructure (web servers, hosts, routers, and long-distance data
communications links), and finally the people who publish information on the Internet.
For users, the book explains threats to your privacy and your computer that await you on
the Web and how you can protect yourself against these threats. For people operating the
infrastructure, this book discusses how to lessen the chances that your server will be
compromised and how you can use encryption to protect your data as well as selected
legal issues. For content providers, this book discusses the risks and threats facing your
data, procedures that you should institute so you can recover quickly if your server is
compromised, and security issues arising from the use of Java, JavaScript, and ActiveX.
Moore, Paula. (2001). FBI Works to Reduce Local Security Risks. Retrieved October 12,
2007 from http://www.bizjournals.com/denver/stories/2001/11/26/story8.html
This article recognizes the significance of key facilities such as airports, government
buildings, banks and even major sporting venues as targets for terrorism. The city being
discussed in the article is Denver, Colorado. The article was written shortly after the
terrorist attacks on the World Trade Center and Pentagon on September 11, 2001. It
captures the early reactions by the FBI on how to reduce local security risks with
cooperation between private industry and the federal government. In the article, the FBI
acknowledges that the bureau was scrambling after 9/11 to update information on key
assets to help assess vulnerabilities. The FBI asserts that all the terrorism events we’ve
experienced have made us aware of ensuring the continuity of the country’s infrastructure.
Risk Assessment
4
Ringler, Rodney. (n.d.). Dedicated Servers – Backup and Recovery Strategies for Web
Hosting Companies. Retrieved October 18, 2007 from http://www.datastrong
hold.com/security-articles/web-hosting-articles/dedicated-servers—backup-andrecovery-strategies-for-web-hosting-companies.html
This article discusses the kind of backup recovery strategy a company should have for it’s
dedicated server. The article does acknowledge that there can be many right solutions
based on a company’s ability to handle downtime. This article is specifically focused on
strategies to backup and recover your server’s data. Some of the options discussed in the
article include: creating a partition on the hard drive, contracting a remote backup service
to set up offsite backups, using a second local hard drive, using a web hosting company
utilizing RAID drives, and finally, mirrored servers. The article points out that the correct
solution will need to factor in the amount of redundant protection you need against the
overall cost.
Maxcer, Chris. (2007). Patriots Pummel StubHub – 13,000 to Nothing. Retrieved October
23, 2007 from http://www.technewsworld.com/story/59918.html
Following a Massachusetts Superior Court ruling, the New England Patriots are now in
possession of customer data from 13,000 users of ticket reseller site StubHub. The NFL
team forbids ticket holders to resell their passes. The Patriots, however, asked for details
surrounding not only sellers and buyers, but those who made bids as well. Massachusetts
Superior Court Judge Allan van Gestel ruled that StubHub had to turn the information
over to the Patriots. The decision was the result of a court case lobbed by the Patriots in an
effort to crack down on season ticket holders who resell their tickets to other people. The
Patriots have a policy against reselling tickets, and the team alleged that StubHub was
encouraging its fans to violate the team’s policies. Massachusetts has a law against
scalping tickets — ticket holders can only resell their tickets at a nominal US$2 over the
face value of the ticket. Regardless of anti-scalping laws, the customer data collected by
StubHub as part of its business is now in the hands of the Patriots, who are widely
expected to revoke tickets from their StubHub-selling season ticket holders. The big
question, then, is whether this kind of court case presents a problem for online consumers.
Risk Assessment
5
Bollerman, Dan. (2007). Chargers to Decide if Game to be in San Diego After Wildfires.
Bloomberg.com. Retrieved October 25, 2007 from http://www.bloomberg.com/
apps/news?pid=20601079&sid=aUMh6lHDMc7Q&refer=home
This article talks about the decision that must be made on whether the San Diego Chargers
will play their game against the Houston Texans in San Diego or another city due to the
wildfires taking place in southern California. Currently, Qualcomm stadium is being used
to house fire evacuees. Wildfires in California have always been a risk but this time the
wildfires have forced almost a million people from their homes in the biggest evacuation
in California’s history. At least 719 square miles (1,861 square kilometers) from Santa
Barbara to San Diego have been burned since Oct. 21, destroying almost 3,000 homes and
businesses, and leaving several people dead. The Chargers have the final say whether
they play at home or another venue. If they play at home, many people will be displaced
as they prepare the stadium for game day. If they play at another venue, they may not
attract the usual fan base. Either way, these wildfires will definitely have an impact on
revenue for the team and the NFL.
Risk Assessment
6
http://www.cert.org
The Computer Emergency Response Team is recognized as the Internet’s official
emergency team. It was established in the USA by the Defense Advanced Research
Projects Agency (DARPA) in 1988 following the Morris computer Worm incident, which
crippled approximately 10% of all computers connected to the Internet. CERT is located
at the Software Engineering
CIAC provides leading edge cyber security solutions for the nation. Through its strategic
alliances, CIAC is the recognized focal point for the DOE/NNSA and other national
stakeholders. CIAC responds quickly with personalized solutions employing our trusted
relationships and technical competency. The mission of CIAC is to apply cyber security
expertise to prevent, detect, react to, and recover from cyber incidents for DOE/NNSA
and other national stakeholders. We value teamwork, integrity, competency,
communication, responsibility and reliability.
http://www.isc.org
Internet Systems Consortium, Inc. (ISC) is a nonprofit public benefit corporation
dedicated to supporting the infrastructure of the universal connected self-organizing
Internet—and the autonomy of its participants—by developing and maintaining core
production quality software, protocols, and operations.
http://www.securityfocus.com
SecurityFocus is the most comprehensive and trusted source of security information on
the Internet. SecurityFocus is a vendor-neutral site that provides objective, timely and
comprehensive security information to all members of the security community, from end
users, security hobbyists and network administrators to security consultants, IT Managers,
CIOs and CSOs.
Risk Assessment
7
Agile Data. (2006). The Process of Database Refactoring. Retrieved July 20, 2006 from
American Society for Quality. (n.d.). Software Quality. Retrieved July 16, 2006 from
http://www.asq.org/learn-about-quality/software-quality/overview/overview.html
Pressman, R. (2005). Software Engineering. A Practinioners Approach, 6th Ed. New
York: McGraw-Hill.
Refactoring.com. (n.d.). What is Refactoring? Retrieved July 18, 2006 from
http://www.refactoring.com/
Six Sigma. (2006). What is Six Sigma? Retrieved July 16, 2006 from
http://www.isixsigma.com/sixsigma/six_sigma.asp
Tyrell, Sebastian. 2000, The Many Dimensions of the Software Process. Retrieved March
15, 2006 from http://www.acm.org/crossroads/xrds6-4/software.html
Wells, D. (1999). Refactor Mercilessly. Retrieved July 18, 2006 from
http://www.extremeprogramming.org/rules/refactor.html
Wikipedia. (2006). Cohesion (Computer Science). Retrieved July 27, 2006 from
http://en.wikipedia.org/wiki/Cohesion_%28computer_science%29
Wikipedia. (2006). Coupling (Computer Science). Retrieved July 27, 2006 from
http://en.wikipedia.org/wiki/Cohesion_%28computer_science%29
Risk Assessment
8
Figure Caption
Figure 1. Jpeg image of characteristics of quality systems.
Figure 2. Jpeg image of the Radio Shack TRS-80.
Figure 3. The 320×200 4 color mode with its default colors — title screen from Alley Cat.
Figure 4. Jpeg image of the World EGA game Darnit showing 16 color display.
Figure 5. Jpeg image of a PCI Graphic Card with Components noted.
Figure 6. Jpeg image of an AGP graphics Card.
Figure 7. Jpeg image of a PCI Express graphics card.
Figure 8. Jpeg image of the package for the N7800GT Dual,
…
Purchase answer to see full
attachment
