I. Introduction - Pennsylvania State Web viewquantify the importance of the risk assessment ... of the approach to hazard identification ... Use Word’s paragraph option “hanging

UrRISK04SRA 311.00x

SP15

Table/Row # ____

1st Student Name [abc123]

2nd Student Name [def456]

Table of ContentsI. Introduction..............................................................................................................................................3

A) Purpose............................................................................................................................................3

B) Scope of the Risk Assessment..........................................................................................................3

II. Risk Assessment Approach......................................................................................................................4

III. System Characterization.........................................................................................................................5

IV. Threat Statement...................................................................................................................................6

V. Risk Assessment Results..........................................................................................................................6

A. Vulnerability Analysis.......................................................................................................................6

B. Existing Risk Controls.......................................................................................................................6

C. Risk Scenario Likelihood: Discussion and Evaluation......................................................................6

D. Risk Scenario Impact: Discussion and Evaluation............................................................................7

E. Risk Rating.......................................................................................................................................7

F. Recommended Treatments/Controls..............................................................................................7

VI. Summary................................................................................................................................................7

Reference List..............................................................................................................................................8

Appendix A: Literature Evidence................................................................................................................9

Appendix B: Structured Analytic Evidence................................................................................................10

Appendix C: Threat Analysis.....................................................................................................................11

Appendix D: Vulnerability Analysis...........................................................................................................12

Appendix E: Risk Scenario Likelihood Scorecard.......................................................................................13

Appendix F: Risk Scenario Impact Scorecard............................................................................................14

Appendix G: Risk Matrix...........................................................................................................................15

Appendix H: Risk Rating............................................................................................................................16

Appendix I: Safeguard Implementation Plan............................................................................................17

TIP

To update the above “table of contents” (TOC), simply 1) Right-click the TOC, 2) Select “Update Field,” and 3) “Update Entire Table.” Note that typing on this TOC will not work!

This TOC is linked to Word Styles Heading1 and Heading2 that appear in the paper

2

I. IntroductionIt is recommended to complete this introduction paragraph(s) last. Using full sentences and paragraphs to briefly introduce and summarize contents of this paper. Note that the introduction changes for each UrRISK project!

A) Purpose Pick and describe a real location (e.g., Atherton Hotel) that can either be visited in person, or by photograph/video. Indicate a fictitious name and credible title of the protector that has “hired” your team as a consultant to conduct the risk assessment. In this section you could cross-reference Appendix A: Literature Evidence.

Explain why this risk assessment is important. From the literature that provides the information you CITE, quantify the importance of the risk assessment (i.e., use data, such as number of hotel rooms, number of guests, annual revenue).

It is often easier to select a familiar protector’s point of view, such as hotel guest. Hotel Manager might be more difficult.

B) Scope of the Risk AssessmentSpecify what is within and not within the scope of your risk assessment.

Select a very narrow scope area that is supported by your literature (e.g., for topic “hotel,” scope area could be pest control in hotel guest rooms).

Also specify what is not within your scope statement. For example, reference the top level categories from the general enterprise risk map at http://bit.ly/1icMuln to indicate areas that are NOT within scope. If desired, you may include this image in your scope statement, or build your own image.

3

http://bit.ly/1icMuln

Figure 1 below should NOT be included in your submission. It is only included here to illustrate how to cross-reference a figure, and include a full caption below the figure! A figure is not required for UrRISK.

Figure 1: The Four-Step Risk Assessment Process (McGill, 2010, p. 1)

II. Risk Assessment ApproachParagraph(s) should introduce the research assessment team by presenting student bios including: Names, Education, Internships, Certifications and other qualifications

Introduce and describe all three parts of the approach to hazard identification (i.e., literature review, structured analytics, and virtual site visit). This is a good place to cite references, as well as cross-reference Appendix 2.

Cross-reference and include the risk matrix you will be using to evaluate the risk impacts and likelihoods, such as Figure 1. It is better if each axis includes a numerical scale, and the cells include the product of these numbers. Note that you can right-click on a figure or table and select “insert caption.” A full caption includes the APA source (if not original), and since specific, also needs to include the page number!

4

EXAMPLE: Required to create your own color-coded/gray-scaled matrix with values; please do NOT copy/paste this one

Figure 2: Risk Matrix (Johnson, 2012, p. 3)

III. System CharacterizationDescribe the system you will be evaluating as an input-process-output (IPO) model. A different figure, similar to Figure 2 (e.g., Word Shapes), might be used to help illustrate the system. The IPO diagram helps to focus the threat/vulnerability and asset identification.

For example, if my risk assessment is for a hot tub in a hotel, I might focus on physical access and safety. The input would be people getting into the tub, the process is being in the tub, and output getting out of the tub. Railings, slipping, storage, cracks in floor, steps/treads, etc. all start to become more visible!

EXAMPLE: Required to build your own IPO model; do NOT copy this one. IPO needs to be narrowly limited to your project scope.

Figure 3: Input Process Output Diagram (Binduswetha, 2010, p. 3)

5

IV. Threat StatementDefine threat, and describe threats being considered in your assessment. Note that NIST references three types of threats: natural, human, and environmental (NIST 800-30, 2002, pg. 13).

Natural Threats—Floods, earthquakes, tornadoes, landslides, avalanches, electrical storms, and other such events.

Human Threats—Events that are either enabled by--or caused by--human beings, such as unintentional acts (e.g., inadvertent data entry), or deliberate actions (e.g., network based attacks, malicious software upload, unauthorized access to confidential information).

Environmental/System Threats—Long-term power failure, pollution, chemicals, liquid leakage.

Appendix C: Threat Analysis should be a summary of your threat analysis including threat sources, motivations, and actions. Threat motivations can be accidental, intentional, or other (e.g., system failure, weather-related). Threat actions describe how the threats may occur.

Cross-reference Appendix C: Threat Analysis in this section of your paper, and include a brief summary paragraph in the top of that Appendix.

V. Risk Assessment ResultsSummarize the following sections that reference hazards identified in Appendix A: Literature Evidence in UrRISK01, and Appendix B: Structured Analytic Evidence in UrRISK02.

A. Vulnerability AnalysisDefine vulnerability, and describe vulnerabilities being considered in your assessment.

Appendix D: Vulnerability Analysis is the summary of your vulnerability analysis, including vulnerability sources, corresponding threats, and vulnerability actions. Vulnerability actions describe how the threat/vulnerability pairs (i.e., “risk scenarios”) may occur.

Cross-reference Appendix D: Vulnerability Analysis in this section of your paper listing all vulnerabilities, sources of vulnerabilities, and actions from the perspective of your specific assessment. Include a brief summary paragraph in the top of that appendix.

B. Existing Risk ControlsFrom your research, indicate any known existing risk controls in use at the location you are using for your risk assessment, if any. Although not required, an appendix could be used to explain existing risk controls in detail.

C. Risk Scenario Likelihood: Discussion and EvaluationDiscuss and evaluate the likelihood of each risk scenario. Likelihoods are often qualitatively scaled, such as high, medium, and low, but also need to include a quantitative scale. The quantitative scale should match the one used in the risk matrix likelihood axis. Cross-reference Appendix E: Risk Scenario Likelihood Scorecard in this section of your paper, and include a brief summary paragraph in the top of that Appendix.

6

D. Risk Scenario Impact: Discussion and Evaluation Discuss and evaluate the impact of each risk scenario. Impacts are often qualitatively scaled, such as high, medium, and low, but also need to include a quantitative scale. The quantitative scale should match the one used in the risk matrix impact axis. Cross-reference Appendix F: Risk Scenario Impact Scorecard, in this section of your paper, and include a brief summary paragraph in the top of that Appendix.

E. Risk RatingIn this section, explain how Appendix G: Risk Matrix was used to rank the final risk scenario results in Appendix H: Risk Rating. Cross-reference both Appendix G and Appendix H in this section of your paper. Also include a brief summary paragraph in the top of each of those Appendices. Note that Appendix H should list the ranked risks, highest to lowest.

F. Recommended Treatments/ControlsThis is the most important section of the risk analysis. Recommend controls for the most critical (i.e., highest ranked) risk scenarios. Cross-reference Appendix I: Safeguard Implementation Plan in this section of your paper, and include a brief summary paragraph in the top of that Appendix.

VI. SummarySummarize the entirety of the risk assessment results into a BLUF summary. DO NOT be overly wordy here. Use very clear and succinct language as this will the part of the assessment that many people will look at first before diving into the report.

7

Reference ListEuchner, J. (2014). Occupational hazards. Research Technology Management, 57(2), 9-10. Retrieved

from http://search.proquest.com/docview/1507798819?accountid=13158

McComb, S. D. (1932). HAZARDS. Marine Engineering & Shipping Age (1923-1935), 37(12), 514. Retrieved from http://search.proquest.com/docview/855857303?accountid=13158

REFERENCE TIPS

Start reference list on a new page. Use Word’s paragraph option “hanging indent” for each reference. Double-space between each reference, and single-space each reference itself. Sort list alphabetically by author’s last name. Sources listed here must be cited in the text. Move others to Appendix A: Literature Evidence as needed.

CITATION TOOLS

APA reference list: http://www.calvin.edu/library/knightcite/index.php?standard=APA APA end-of-text reference: https://owl.english.purdue.edu/owl/resource/560/05/ APA in-text citations: https://owl.english.purdue.edu/media/pdf/20110928111055_949.pdf

8

https://owl.english.purdue.edu/media/pdf/20110928111055_949.pdf

https://owl.english.purdue.edu/owl/resource/560/05/

http://www.calvin.edu/library/knightcite/index.php?standard=APA

http://search.proquest.com/docview/1507798819?accountid=13158

Appendix A: Literature EvidenceYou may use as many appendices as necessary. Start each appendix on a new page. Note that the title (above) includes a letter and description. Some appendices are required, such as this one.

Be sure to cross-reference all appendices in the body of the paper (i.e. Appendix A: Literature Evidence shows…). Also, each appendix itself must begin with an explanatory paragraph, as some people read these papers from back to front!

Three quality supporting references need to be listed, using APA end-of-paper citation style described in UrRISK folder. Beneath each reference list appropriate information that might be used later to complete the body of the paper.

At least one (1) location-specific source should be included. This will be general information regarding the chosen location.

At least two (2) other sources should be risk-related to the sub-topic. For example, a study of commercial kitchen fire control might include National Fire Prevention Association white papers describing commercial kitchen fire control. NOTE: Do NOT expect to find resources describing risks and risk controls specifically at your chosen location.

9

Appendix B: Structured Analytic EvidenceYou may use as many appendices as necessary. Start each appendix on a new page. Note that the title above includes a number and description. Some appendices are required, such as this one. Be sure to cross-reference appendices in the body of the paper (i.e. Appendix B: Structured Analytic Evidence shows…). Also, each appendix itself must begin with an explanatory paragraph (i.e., some people read these papers from back to front!).

It is required to include and complete this appendix. In Appendix B, present the divergent/convergent creative results for your topic of investigation. Cross-reference (i.e., refer to) this appendix in the main body of the paper as Appendix B.

This would be a good appendix to include a photo of your whiteboard divergent structured analytic technique!

Dish Washing Hazards 1

Divergent Results

Cut Slip Pruning hands Water too cold, bacteria not killed Water too hot, burns Water contaminated with e. Coli Earthquake Hurricane Hail storm Tornado Electric shock

Convergent Results

1. Physical harm Electric shock Water too hot, burns Cut

2. Environmental Tornado Earthquake Hurricane

1 This is an abbreviated example; consider more extensive results, as well as information on how the hazards were grouped/prioritized. Also consider including a photo of your activity process (e.g., whiteboard)

10

Appendix C: Threat AnalysisStart each appendix on a new page. In Appendix C, provide a table listing threat sources, motivations, and actions. Cross-reference (i.e., refer to) this appendix in the main body of the paper as Appendix C: Threat Analysis.

Each appendix must begin with at least one introductory/explanatory paragraph (i.e., for people that read the appendices first, or read these reports backwards).

TIP

Refer to the NIST 800-30 for guidance on finding and creating your appendices. This document is critical in completing UrRISK and provides excellent examples of required appendices.

11

Appendix D: Vulnerability AnalysisStart each appendix on a new page. In Appendix D, list vulnerabilities, corresponding threats, and actions needed for the risk scenario to occur. Cross-reference (i.e., refer to) this appendix in the main body of the paper as Appendix D: Vulnerability Analysis.


TIP


12

Appendix E: Risk Scenario Likelihood ScorecardStart each appendix on a new page. In Appendix E, provide a table that ranks, from highest to lowest, the likelihood of each vulnerability and threat (i.e., “risk scenario”).

Cross-reference (i.e., refer to) this appendix in the main body of the paper as Appendix E: Risk Scenario Likelihood.


TIP


13

Appendix F: Risk Scenario Impact ScorecardStart each appendix on a new page. In Appendix F, provide a table that ranks potential impact, from highest to lowest, for each vulnerability and threat (i.e., risk scenario).

Cross-reference (i.e., refer to) this appendix in the main body of the paper as Appendix F: Risk Scenario Impact.


TIP


14

Appendix G: Risk MatrixStart each appendix on a new page. In Appendix G, include the risk matrix from UrRISK02. Cross-reference (i.e., refer to) this appendix in the main body of the paper as Appendix G: Risk Matrix.

The risk matrix must include a quantitative scale for impact and likelihood, and the cells must include the product of those scales. The scales must increase from left-to-right, and bottom-to-top. The cells should be color-coded, although gray-scales are acceptable for black and white printing.

Each appendix must begin with at least one introductory/explanatory paragraph (i.e., for people that read the appendices first, or read these reports backwards). Cross reference items, such as Figure 1, in the preceding paragraph.

Figure 4: Risk Matrix used to determine risk rating (NIST 800-30, 2002)

15

Appendix H: Risk RatingStart each appendix on a new page. In Appendix H, provide a table that ranks from highest-to-lowest the risk scenarios (impact x likelihood). Cross-reference (i.e., refer to) this appendix in the main body of the paper as Appendix H: Risk Rating.

Rank the listed risk scenarios from highest (top), to lowest (bottom) risk rating.


TIP


16

Appendix I: Safeguard Implementation PlanStart each appendix on a new page. In Appendix I, present a summary table of your findings from your assessment. Cross-reference (i.e., refer to) this appendix in the main body of the paper as Appendix I: Safeguard Implementation Plan.

List ranked risk scenarios from highest (top), to lowest (bottom). Include columns Risk Scenario, Risk Rating, Recommended Control, Action Priority, Required Resources, Responsible Party, and Maintenance Requirement.


TIP


17

GRADING RUBRIC Peer Reviewer: Assign total points here for composition, contribution, subject knowledge and APA citations. Write specific comments into student’s paper.

Section _________

1st Author Name (Print): __________________ 2nd Author Name (Print): __________________

1st Peer Reviewer Name (Print): ________________ 2nd Peer Reviewer Name (Print): ________________

Peer ReviewerPoints

Max PossiblePoints

Instructor TotalPoints

Item

25 Composition - Business professional writing with no grammatical or spelling errors, stapled hardcopy, and softcopy to Angel dropbox.

25 Topic Knowledge - Improves class learning by providing new information or approach to chosen risk assessment topic.

25 Risk Knowledge - Knowledge of course content is illustrated by integrating concepts into the essay. Does it appear that you know what you are writing about? Are you aware of aspects of this covered in class?

15 Captions, References and APA Citations - Reference to article, book, or magazine where new information or approach is provided, and appropriate citation in text. Must follow APA format!!!

In-Text Cite: Includes author/year, sometimes page number Reference List: Each single-spaced with hanging indent, double-

space between citations Captions: Tables/ figures must include complete captions with

citation(blank) 10 In-class peer review - Thorough and complete with specific comments (i.e.

NOT "good job" or "great opening") for what has been done well or what could be done to improve the paper

(blank) 100 Total

INSTRUCTOR/LA GRADER INITIALS ________

18

Documents

I. Introduction - Pennsylvania State Web viewquantify the importance of the risk assessment ... of the approach to hazard identification ... Use Word’s paragraph option “hanging