Overview

How do you make a good risk$-$informed decision? In this project, you will look at how you craft and evaluate risk$-$based recommendations. You will examine the processes and methods you can use to make risk$-$based recommendations, their impact, and the quality of the decisions you$$ve made.

Throughout this course and the overall program, you have encountered many real$-$world breaches. Think about the breaches we have explored and the role risk management and risk planning played in the outcomes. It is important to review previous breaches across different industries and find commonalities $($similar software usage, for example$)$ to make good decisions when evaluating or reevaluating your own organization$$s risks. The OPM, Sony, and Target breaches are all useful examples that can help you learn better ways to manage risk and vulnerabilities.

When making risk$-$informed recommendations, you should look to resources in the form of standards, guidelines, and best practices to help make and assess your decisions. Some resources you might consider are the NIST, the CIS Controls, or the Fundamental Security Design Principles; but there are other tools that help classify and quantify risk, like the risk register or business impact analysis. When you assess the quality of a decision you have made, also consider how it will affect everyone in the organization.

The project will be submitted in Module Seven.

In this assignment, you will demonstrate your mastery of the following competency:

Apply decision$-$quality principles in making risk$-$informed recommendations

Prompt

You must address the critical elements listed below. The codes shown in brackets indicate the competency to which each critical element is aligned.

Risk$-$Informed Recommendations

Discuss how you can use tools to make risk$-$informed recommendations. Justify your response with a relevant example.

Discuss how you can use resources to make risk$-$informed recommendations. Justify your response with a relevant example.

Consider how you can identify and minimize your own bias when making risk$-$informed recommendations.

Explain how you can use systems thinking to consider the impact of your decision on people, processes, and technology.

Explain what evidence you would use to evaluate whether you made a good decision.

What to Submit

Your submission should be $2$ to $3$ pages in length. Use double spacing, $12-$point Times New Roman font, and one$-$inch margins. Cite any references according to APA style. Use a file name that includes the course code, the assignment title, and your name$$for example, CYB$\_123\_$Assignment$\_$Firstname$\_$Lastname.docx.