Adnan Ali HWR2IS 433

Resource considerations

I believe the EIT framework would take the shortest amount of time to apply.Why?

The assessment method is broken down into 3 tasks.I can decide how much time each task will require to see the assessment through to finish.The depth and coverage of each task in the assessment can be determined based on the needs of Globex. The examination, interviewing and testing can be basic if there is a time constraint to comprehensive if time isnt an issue.

The EIT method would also be the least expensive framework to apply.Why?

The process can be looked at as just 3 tasks needing to be completed instead of 5 for the RIIOT method, even though both processes consist of practically the same thing. The EIT method can be done in a shorter timeframe.The depth and coverage can be adjusted to meet the budget.

Effectiveness considerations

The RIIOT framework would yield the most complete and thorough results.Why?

The assessment is broken down into more tasks to allow for more thorough work.There arent adjustable attributes associated with each task, which allow a standard procedure to be followed regardless of the magnitude of the assessment.Even if a comprehensive assessment is in order with the EIT framework, there is still a slack factor that exists that can cost the organization time and money if the job isnt done right.

Other considerations

The biggest difference between the two frameworks is the complexity. The methodology in RIIOT stays consistent with every assessment, which can be both a good thing and a bad thing. Good if the organization requires extensive research and data gathering because there most likely wont be a time constraint and the budget should be adequate. On the other hand, it would be bad if the organization will not require such a thorough assessment because then there would be a time constraint and budget may become an issue. The EIT framework on the other hand allows for the attribute values of each task to correlate with the assurance requirements specified by the organization, which eliminate time and budget concerns and the level of complexity is consistent with the organizations needs.

Final analysis

I would use the EIT framework to gather data to assess the risk for Globex.Why?

In the case of Globex, the CEO is specifically concerned about the security of the companys proprietary information. The EIT framework will enable me to decide which attribute value I need to assign to each task.The focused approach would make the most sense in this case, so I could emphasize on protecting the proprietary information during my assessment.