{br} STUCK with your assignment? {br} When is it due? {br} Get FREE assistance. Page Title: {title}{br} Page URL: {url}
UK: +44 748 007-0908, USA: +1 917 810-5386 [email protected]


    Recently, you had a conversation with your boss and discussed the recent highly publicized breach that occurred at the number one competitor of Wellness Technology, Inc. She understands risk assessment, and her department does some of it but by a per-project basis. For this project, she would like you to make a recommendation as to what risk control practice strategy should be adopted by the company as a part of the general information governance program. You will then present to the majority stakeholders of the company.

    You will create a narrated Microsoft PowerPoint presentation with at least 10 slides covering the following:

    Describe why risk management is needed so that nonsecurity/technical personnel can understand it.
    Describe the details of risk identification and how it differs from threat identification.
    Describe what a TVA worksheet entrails and why it, along with other documentation, is needed.
    Describe risk assessment and why it is needed.
    Describe how annual and single loss expectancy are calculated using examples.
    Describe your recommended risk control strategy for the company.
    Submission Details:
    Use Microsoft PowerPoint with a professional theme.
    Presentation should include at least 10 slides.
    Each slide should contain audio narration.
    Name the presentation SU_MIS6250_W5_A3_LastName_FirstInitial.pptx.
    Submit your presentation to the Submissions Area by the due date assigned.




Subject Technology Pages 6 Style APA


Risk Control Practice Strategy for Wellness Technology


  • Introduction
  • This presentation discusses the risk control practice strategy for wellness technology.
  • The areas covered in the presentation are:
  • Description of why risk management is required for comprehension by non-security or non-technical personnel.
  • Description of risk identification details and how it is different from threat identification.
  • Description of what threat-vulnerabilities-assets (TVA) worksheet entails and why it and other documentation are required.
  • Description of risk assessment and why it is required.
  • Description of the calculations of annual and single loss expectancy using examples.
  • Description of the recommended risk control approach for Wellness Technology.
  • Why Risk Management is Required for Comprehension by Non-security or Non-Technical Personnel
  • Risk management; identification of vulnerabilities within a firm’s information systems and embracing carefully reasoned procedures to ensure the availability, integrity, and confidentiality of all components within the company’s information systems. (Borek, 2014)
  • Understandability of risk management by non-technical staff enhances its usefulness (Borek, 2014).
  • Sources of risks; Sources of risks include natural disasters, accidents, strategic management errors, and legal liabilities among others (SearchCompliance, 2019).
  • Risks are primary source of uncertainty in organizations.
  • Why Risk Management is Required for Comprehension by Non-security or Non-Technical Personnel (Continuation)
  • Benefits of understanding of risk management by non-technical staff are (Snedaker & Rima, 2014):

     – Enables them to establish risks and manage them prior to    such risks affecting the company

     – Helps the firms to respond more confidently on their future business decision

     – Grants non-technical personnel various options of dealing with potential challenges or risks

  • Risk Identification Details and how it is Different from Threat Identification
  • Risk identification; determining events associated with the loss of availability, integrity, and confidentiality for all information within the risk management process’ scope (Agrawal, 2014).
  • Risk identification process entails (Snedaker & Rima, 2014):
  • Planning and organizing
  • Creating system component categories
  • Developing inventory of assets-identity threats
  • Specifying vulnerable assets
  • Assigning impact or value rating to assets
  • Assessing likelihood for vulnerabilities
  • Calculating relative risk factor for assets
  • Preliminary reviewing of possible controls
  • Documenting findings.
  • Risk Identification Details and how it is Different from Threat Identification (Continuation)
  • Success factors for risk identification process are (Snedaker & Rima, 2014):
  • Leadership and commitment
  • Sensitization and awareness
  • Education and training
  • Difference between risk identification and threat identification:
  • Risk identification on determining potentials for loss or damage of assets
  • Threat identification focuses on determining sources of vulnerabilities or aspects that exploit vulnerabilities to cause damage or destruction of assets
  • What threat-vulnerabilities-assets (TVA) Worksheet Entails and why it and other Documentations are Required
  • TVA worksheet lists the threats, vulnerabilities, and assets and is established at the end of the risk identification process (Wheeler, 2011).
  • TVA worksheet serves as starting point for the phase of risk assessment and combines prioritized lists of threats and assets.
  • TVA worksheet lists threats on the y-axis in order of severity and assets on x-axis in terms of priority.
  • TVA worksheet and other documentations such as classification worksheet and weighted factor analysis worksheet are important in the process of risk assessment.

     – These documents enhance the classification of assets and listing of threats and assets in order severity and priority.

  • Description of Risk Assessment and Why it is Required
  • Risk assessment involves the quantification or qualitative description of risks (Agrawal, 2014).
  • Risk assessment is needed because of the following:
  • It leads to the prioritization of risks in order of their seriousness.
  • It establishes the value or worth of organizational information assets.
  • It determines the applicable vulnerabilities and threats that exist or could occur.
  • It establishes the prevailing controls and their impact on the risks established.
  • It identifies the potential concerns or consequences and eventually prioritizes them.
  • Description of the Calculations of Annual and Single Loss Expectancy Using Examples
  • The annual loss expectance (ALE) and single loss expectancy (SLE) are significant elements in quantitative assessment of risks (Borek, 2014).
  • The ALE is the expected monetary loss expected for an asset owing to a risk over a year.
  • ALE is obtained by multiplying the annual rate of occurrence (ARO) by the single loss expectancy.
  • The SLE is the product of the exposure factor and the asset value.
  • For an asset valued at $200,000 with an exposure factor of 20% and a 90% chance of risk occurrence within a year

      – SLE = 20% * $200,000 = $40,000

        ALE = SLE * ARO = $40,000 * 0.9 = $36,000

  • Description of the Recommended Risk Control Approach for Wellness Technology
  • Four strategies that can be employed in controlling risks are avoidance, transference, mitigation, and acceptance (Agrawal. 2014).

  – Avoidance; the application of safeguards against perceived risks

  – Transference; the transfer of the risk.

  – Mitigation; the reduction of the impact of the risk

  – Acceptance; embracing the risk without mitigation or control.

  • Avoidance approach is recommended for Wellness Technology
  • Avoidance approach is suitable for the organization because;

   – it focuses on avoiding or preventing risk in its wholeness as opposed to handling it after is has occurred.

  • Description of the Recommended Risk Control Approach for Wellness Technology (Continuation)
  • Avoidance can be accomplished by (Borek, 2014):

     – Countering threats

     – Eliminating vulnerabilities within assets

     – Adding protective safeguards

     – Limiting access to organizational assets

  • Three control measures that Wellness Technology can employ in enhancing the avoidance approach are:

   – Training and education of employees

   – Establishment of robust policies

   – Use of technology such as firewall among others

  • Conclusion
  • Risk management enables organizations to identify vulnerabilities within their information systems and embrace carefully reasoned procedures to address them.
  • Non-security or non-technical staff should be informed about risk management to enhance the effectiveness of organizational risk management.
  • Risk identification is a vital component of risk management as it leads to the determination of potentials for loss of confidentiality, integrity, or availability of information.
  • TVA worksheet and other documentations enhance the process of risk assessment.
  • Annual Expectancy Loss and Single Expectancy Loss are among the calculations involved in risk assessment.
  • Wellness Technology should embrace avoidance approach as its preferred risk control strategy.



  • Agrawal, M. (2014). Information Security and IT Risk Management 1st Edition. Wiley: Hoboken, New Jersey.
  • Borek, A. (2014). Total Information Risk Management : Maximizing the Value of Data and Information Assets (Vol. First edition). Amsterdam: Morgan Kaufmann.
  • (2019). An IT Security Strategy Guide for Chief Information Officers: Risk Management. Retrieved January 4, 2019 from: https://searchcompliance.techtarget.com/definition/risk-management
  • Snedaker, S., & Rima, C. (2014). Business Continuity and Disaster Recovery Planning for IT Professionals (Vol. 2nd ed). Waltham, MA: Syngress.
  • Wheeler, E. (2011). Security Risk Management : Building an Information Security Risk Management Program From the Ground Up. Waltham, MA: Syngress














Appendix A:

Communication Plan for an Inpatient Unit to Evaluate the Impact of Transformational Leadership Style Compared to Other Leader Styles such as Bureaucratic and Laissez-Faire Leadership in Nurse Engagement, Retention, and Team Member Satisfaction Over the Course of One Year

Related Samples

WeCreativez WhatsApp Support
Our customer support team is here to answer your questions. Ask us anything!
👋 Hi, how can I help?