Security Plan -Privacy Policies- Risk Assessments
Part 1 Devil’s Canyon
Part A: Ch. 3 Role Playing Sim: Devil’s Canyon
In this simulation, you will evaluate how to design an enterprise architecture for a Mountain Resort. Your job is to utilize the team’s vision to design the enterprise architecture using the interactive map tools while staying within budget. Using the Devil’s Canyon Simulation Access link, complete the interactive before moving to Part B.
Part B: Policies, Plans, and Risks
Now that you’ve seen all of the elements contributing to the Devil’s Canyon enterprise architecture, Justin wants to move forward with developing privacy policies to ensure videos aren’t distributed or uploaded to the net without the consent of the people in them. This opens a much larger conversation: Devil’s Canyon is also in need of a complete security plan, as well as risk assessments.
In a 3- to 4-page rationale and table, prepare the following information to present to the Devil’s Canyon team:
- Outline the importance of a security plan in relation to security roles and safeguards.
- Analyze at least 5 security-related risks/threats that Devil’s Canyon may face.
- Assess the probability and impact to the Devil’s Canyon if each risk occurs. Based on these two factors, determine the overall risk level. For purposes of this assignment, evaluate and categorize each factor as low, medium, or high, and create a table to illustrate the risks. For example, a risk/threat with a low likelihood of occurrence and a high impact would represent an overall medium risk.
- Consider digital elements mentioned in the designing of the enterprise architecture, such as software, hardware, proposed security measures, smart lift tickets, webcam systems, and smartphones.
Part 2 Devil’s Canyon
Using the potential risks for Devil’s Canyon you identified in Part 1, create a 4- to 5-page matrix to share with the team. In your matrix, you should do the following:
- Describe briefly each of the identified risks/threats.
- Evaluate the security controls that mitigate each of the risks/threats identified.
- Provide a rationale for how each of the controls identified mitigates the risk to an acceptable level.
- Research and describe the security technologies and security design that can be used to mitigate each of the identified information security risks.