March 2017 Assignment 2 Page 1 of 1 SWINBURNE UNIVERSITY OF TECHNOLOGY RSK80004 Introduction to Risk and Due Diligence ASSIGNMENT 2: Due Diligence Review of an organisation or project This assignment has two parts (10 points each). If possible workshop the process with colleagues, or as a minimum consult with them, on at least the vulnerability assessment. Both parts could be researched as two workshops as outlined in Chapter 21 of the R2A text, Engineering Due Diligence. 1. Vulnerability Assessment Apply the Vulnerability Assessment technique to your enterprise (or part thereof), or to a business, contract or project of interest to you. If you are a full time student, choose a business or project with which you would like to be personally involved or need to achieve. In doing so: • clearly document the assets (or critical success factors) and the reason why these were selected • document the threats and the method of selection of these threats • determine the critical vulnerabilities 2. Precautionary Analysis Using the Vulnerability Assessment undertaken in the above, develop precautionary recommendations for the assessed vulnerabilities. You may use a technique described in the lectures or one sourced from elsewhere. The purpose is to demonstrate that all reasonable practical precautions are in place based on the balance of the significance of the risk vs the effort required to reduce it. The assignment is to comprise circa 2000 words plus supporting information/diagrams as required. However, there is no penalty for submitting a (reasonably!) larger analysis. The final outcome could be a corporate or project risk profile, and ranked investment action list for your organisation, business unit or project.