Image of a target with darts at the bulls eye and the text Case Study against a wall background
Image Source: www.istockphoto.com

This activity will address module outcomes 1, 3, 4, and 5. Upon completion of this activity, you will be able to:

Identify the need for effective risk management. (CO 1, 4, 5, 6)
Analyze how leaders and organizations may manage risk differently. (CO 1, 5)
Define the term risk. (CO 4)
Evaluate what is a threat. (CO 1, 2, 3)
A case study is a short description of a real situation. Analyzing a case study can provide the opportunity to apply course concepts to a real scenario. The following case illustrates how one organization manages risk.

General Instructions for Case Study Assignment:

Read the following case study:

National Institute of Standards and Technology. (2015). Exelon corporation cybersecurity supply chain risk management [PDF file size 101 KB]. Retrieved from https://web.archive.org/web/20170101182253/https://www.nist.gov/sites/default/files/documents/itl/csd/NIST_USRP-Exelon-Case-Study.pdf

Write a short paper on the following:

Give an overview of Exelon.
What does it do?
Why is security, cybersecurity in particular, so essential to this company?
How is this different from another organization like the Office of Personnel Management?
Do the corporate objectives differ or are they the same?
What are some steps that Exelon has taken to address the changing risk landscape?
What are some challenges it faces?
How does it manage cyber risk?
What are the processes and best practices that Exelon relies on to narrow the scope of risk?
How will the organization know that its process is working?
What should the organization do if it does not work?