Explain how to solve write a research paper on the facebook cambridge analytica data scandal: answer the following questions in your research paper Part I: Description of the Risk Event What happened? How is the event IT$-$ related? When did it happen? What company did it occur in$?$ In which of the seven Basel II "Detailed Loss Event Type" categories should the event be classified? $($ Basel II operational risk event categories are detailed in the document "Working Paper on the Regulatory Treatment of Operational Risk". September $2001.$ Annex

$2.$ pages $21-23.$ This document is available in the $"$ Content" section of D$2$L$.)$ Part II: Risk Factors A risk factor is defined as a characteristic of an IT system or its contextual environment that increases the probability that a risk event will occur and$/$or affects its impact. Identify the risk factors that contributed to the event Specify whether the risk factors affected the probability that the event occurred, its resulting impact, or both Classify the risk factors within the appropriate elements of Alter's "Work System Framework" $($The elements of the Work System Framework are defined in "The Work System Method for Understanding Information Systems and Information System Research" by S$.$ Alter, September $2002$ see Figure $1.$ This document is available in the "Content" section of D$2$L$.)2$ Part III: Risk Assessment In evaluating its risk exposure, a company will evaluate: $(1)$ the probability that an event will occur, and $(2)$ the impact that the event could have. Given the facts of the risk event, do you believe that the organization would have rated the probability of such an occurrence to be high, medium, or low before it actually happened? Why? Given the facts of the risk event, do you believe that the organization would have rated the impact of such an occurrence to be high, medium, or low before it actually happened? Why? Now that the organization has actually experienced the event, how do you think that its assessment of the probability and impact of such an occurrence has changed? Why? Part IV: Controls Identify controls which failed to mitigate the risk event. Could the event have been prevented? Suggest at least one preventative, detective, and corrective control to help protect against similar risk events in the future. Which risk factors $($identified in the "Risk Factors" section$)$ would these controls seek to mitigate? Identify any changes that the organization is planning to make to its control structure $($or business practices$)$ as a response to the risk

event.