blog




  • Essay / Sprout Foundation Case Study - 2486

    Summary The Sprout Foundation (TSF) has grown over the years into a large Tier 2 charitable organization. The mission of this company is to help third world communities to sustainably improve their lives, through education, clean water and health facilities. Although the organization has grown significantly, with a turnover of AUD 117 million per year, the management, technical and operational areas of TSF's IT systems and policies are under-resourced and not well maintained. TSF has not conducted a risk assessment in the past. , the identification of threats and vulnerabilities and the prioritization of risks are non-existent. TSF's head office is located in Australia. It has many local and global partners. In this case, many different local and international laws will need to be followed but may conflict, particularly privacy law. A problem for TSF, a confidentiality problem because they hold certain data in the United States. (by one of TSF's US-based partners), due to US law (Patriot Act), they have the right to access any data on any computer system, inside American borders, in certain but broad situations. (I will add more at the end)(Cover sheet will be added later by PDF joins)Change Record/Version HistoryChange/Version NumberChange DateModified SectionsDescriptionPerson entering changeDraft-V15/04/2014N/AFirst draftN /AFinal version (current document)04/17/2014No. 6Calculation correctionsAnthony Gagliano1. IntroductionRisk assessment report completed by Anthony Gagliano and Joshua Chu, April 2014, with future risk assessments recommended for each Sprout Foundation (TSF) budget cycle. ObjectifTSF is a large Tier 2 charity. The mission of this company is to help third world communities sustain...... middle of paper ......7. ConclusionFinal prioritized list of risksOther risk assessment opportunities (Total the number of observations. Summarize the observations (risks and prioritize them in a list due to the final numbers)ReferencesNational Institute of Standards and Technology (NIST): Risk Management Guide for Information Technology Systems. Special Publication 800-30, 2002. Table 3-4, National Institute of Standards and Technology (NIST): Risk Management Guide for Information Technology Systems, 2002. Table 3-5. Definitions, National Institute of Standards and Technology (NIST): Risk Management Guide for Information Technology Systems. Special Publication 800-30, 2002. Appendix AList of threats (possibly or keep in the body of the report)List of vulnerabilitiesAppendix BAcronymsGlossary.