Assessment Description

The purpose of this assignment is to show how business decisions can be made by using rigorous decision-making techniques.

Using specified data files, chapter example files, and templates from the “Topic 8 Student Data, Template, and Example Files” topic material, complete Chapter 6, Problems 2, 31 (part a), 32, and 33 from the textbook. Use Microsoft Excel to complete Problem 2. Use the Palisade DecisionTools software to complete Problems 31, 32, and 33, and ensure that all Palisade software output is included in your files. The Palisade DecisionTools Excel software needs to be used to create the decision trees.

To receive full credit on the assignment, complete the following.

1. Ensure that the Palisade software output is included with your submission.
2. Ensure that Excel files include the associated cell functions and/or formulas if functions and/or formulas are used.
3. Include a written response to all narrative questions presented in the problem by placing it in the associated Excel file.
4. Place each problem in its own Excel file. Ensure that your first and last name are in your Excel file names.

Discuss in 500 words or more the differences between and advantages of MAC, DAC, and RBAC.

Use at least three sources.   Use the Research Databases available from the Danforth Library not Google. Include at least 3 quotes from your sources enclosed in quotation marks and cited in-line by reference to your reference list.  Example: “words you copied” (citation) These quotes should be one full sentence not altered or paraphrased. Cite your sources using APA format. Use the quotes in your paragaphs.  Stand alone quotes will not count toward the 3 required quotes.

 Incident Response Planning involves the creation of three sets of standard operating procedures (SOP); During the Incident, After the Incident and Before the Incident. As the CISO of a small manufacturing business what are the tasks you would assign to both the Users and Technology Services in the SOP for During the Incident? Who are the key personnel that need to be notified? 

 Risk Assessment of Home Depot Malware Attack

Reading: Krebs, B. (2014).Home Depot Hit By Same Malware as Target. （https://krebsonsecurity.com/2014/09/home-depot-hit-by-same-malware-as-target/）

Instructions: For this assignment you need to read the linked article and discuss vulnerabilities, threats, and risks that played a role in these data breaches. You do not have to provide an overly technical answer. There is not much detail available to specifics of data breaches that impacted both Target and Home Depot. Focus on the definitions of risk, threat, and vulnerabilities and look for connections between both breaches. Your answer for each of the following questions should be in approximately 200 words. Include at least three references. Both in-text citations and the bibliography should be in the APA format. 

Case Study Questions:1.As you read through the linked article, first write a brief description of the Home Depot case. 

2.List vulnerabilities, threats, and resulting risks that both Target and Home Depot may have faced.

3.What are the benefits of quantitative risk assessment over qualitative risk assessment? What are the disadvantages of quantitative risk assessment compared with qualitative assessment? Connect your discussion to the Home Depot case.

4.How can identification of risk help Home Depot with organizational decision making? Provide another example(cyberattack incident, e.g.)that effective cyber risk identification helped organizational decision making?

 5.Which of the three (3) risk assessment techniques (quantitative, qualitative, hybrid) could have helped with early identification of data breach risks at affected stores?