- Overview of the Business Information Technology System selected (e.g., system description, system boundary) (2 pages), that includes:
- Identification of the assets involved (i.e. hardware, software)
- Identification of the business impacts (data, information, financial)
- Existing risks that pertain to the system i.e. threats and vulnerabilities (1/2 page)
- Existing gaps in reducing risk (1/2 page)
- Impact of these risks and why remediation or mitigation is needed (1 pages)
- Remediation or mitigation approach based on risk management or information security literature, frameworks, methodologies (1 pages)
- Conclusion (1 page)
- Reference list (10 or more scholarly sources; no Websites or Internet articles)
- Include your annotated bibliography (working bibliography) as an appendix