Describe risk response action plans and how they are developed

Purpose

This assignment is intended to help you learn to do the following:

· Describe risk response action plans and how they are developed.

· Describe how controls are designed, implemented, and executed.

· Use project management skills to effectively execute risk response plans.

· Document and assess risk responses.

· Plan how to best train personnel on risk responses.

· Identify the bad actors in cyberspace and compare and contrast their resources, capabilities/techniques, motivations and aversion to risk. [NSA CTH 1]

· Evaluate and categorize risk with respect to technology; with respect to individuals, and in the enterprise, and recommend appropriate responses. [NSA SRA 3]

The Phoenix Project

This assignment is based on a case study of how a cyber attack was handled by a major public research university, the University of Virginia. As you read this case, think about ways that the institution contained and managed the risk given all the research intellectual property that it possessed, and the associated risks with losing such data, stakeholder management, best practices, communication approach and the overall coordination of the different aspects of its response strategy.

Overview

Read the case The Phoenix Project: Remediation of a Cybersecurity Crisis at the University of Virginia. Given your knowledge of the Phoenix case, write a paper that addresses the following:

· Classify the institution’s risk response plan. Was it avoid, accept, reduce/control, or transfer? Explain and justify your classification choice.

· Which prioritization option should the institution choose and why? Prioritization options to consider include quick wins, business cases and deferrals. Explain and justify your choice.

· When you evaluate risk response options, make sure to address specific options relevant to a major public research University, in other words look at risk from an educational context.

· Recommend necessary steps to consider when developing future effective controls for the University.

· Evaluate the institution’s action plan and address any gaps that you identified.

Your paper must be APA-formatted, 1200 to 1500 words, double-spaced, 12-point font size in Times New Roman.

Action Items

1. Read The Phoenix Project: Remediation of a Cybersecurity Crisis at the University of Virginia

2. (Links to an external site.)

3. [Case Study].

4. Write your paper according to the directions in the overview.

5. Submit your assignment. Your work will automatically be checked by Turnitin.