Once you respond, I will send you the link to my electronic book with the password.
Read Otero (2018) text, Appendix 5—IT Risk Assessment Example. This example includes nine steps to perform a risk assessment. Study the example using the guide, NIST SP 800-30 at https://nvlpubs.nist.gov/nistpubs/Legacy/SP/nistspecialpublication800-30r1.pdf. This guide is consistent with the policies presented in the Office of Management and Budget Circular A-130, Appendix III, “Security of Federal Automated Information Resources;” the Computer Security Act of 1987; and the Government Information Security Reform Act of October 2000.
*NIST SP 800-30’s risk assessment includes the following nine steps:
1. System Characterization
2. Threat Identification
3. Vulnerability Identification
4. Control Analysis
5. Likelihood Determination
6. Impact Analysis
7. Risk-level Determination
8. Control Recommendations
9. Results Documentation
Explain Steps 1–9 of the the risk assessment used in Otero (2018) text, Appendix 5—IT Risk Assessment Example, which is based on the National Institute of Standards and Technology (NIST) SP 800-30 guide, “Guide for Conducting Risk Assessments.”*
Submit a word file with a cover page, responses to the tasks above, and a reference section at the end. The submitted file should be at least five (5) pages long (double line spacing), including the cover page and the references page using APA formatting.
For information on how you will be evaluated, refer to the MSIA684_Assignment3_Rubric linked here and and also located in the Course Resources folder for easy access throughout this course.