write a research paper on the facebook cambridge analytica data scandal: answer the following questions in your research paper Part I: Description of the Risk Event

$$ What happened?

$$ How is the event IT$-$related?

$$ When did it happen?

$$ What company did it occur in$?$

$$ In which of the seven Basel II $$Detailed Loss Event Type$$ categories should the event be

classified? $($Basel II operational risk event categories are detailed in the document

$$Working Paper on the Regulatory Treatment of Operational Risk$,$ September $2001,$

Annex $2,$ pages $21-23.$ This document is available in the $$Content$$ section of D$2$L$.)$

Part II: Risk Factors

A risk factor is defined as a characteristic of an IT system or its contextual environment that

increases the probability that a risk event will occur and$/$or affects its impact.

$$ Identify the risk factors that contributed to the event

$$ Specify whether the risk factors affected the probability that the event occurred, its

resulting impact, or both

$$ Classify the risk factors within the appropriate elements of Alter$$s $$Work System

Framework$($The elements of the Work System Framework are defined in $$The Work

System Method for Understanding Information Systems and Information System

Research$$ by S$.$ Alter, September $2002$ see Figure $1.$ This document is available in the

$$Content$$ section of D$2$L$.)$

$2$

Part III: Risk Assessment

In evaluating its risk exposure, a company will evaluate: $(1)$ the probability that an event will

occur, and $(2)$ the impact that the event could have.

$$ Given the facts of the risk event, do you believe that the organization would have rated

the probability of such an occurrence to be high, medium, or low before it actually

happened? Why?

$$ Given the facts of the risk event, do you believe that the organization would have rated

the impact of such an occurrence to be high, medium, or low before it actually happened?

Why?

$$ Now that the organization has actually experienced the event, how do you think that its

assessment of the probability and impact of such an occurrence has changed? Why?

Part IV: Controls

$$ Identify controls which failed to mitigate the risk event.

$$ Could the event have been prevented?

$$ Suggest at least one preventative, detective, and corrective control to help protect against

similar risk events in the future. Which risk factors $($identified in the $$Risk Factors$$

section$)$ would these controls seek to mitigate?

$$ Identify any changes that the organization is planning to make to its control structure $($or

business practices$)$ as a response to the risk event.