...Introduction: Information security continuous monitoring (ISCM) is defined as maintaining ongoing awareness of information security, vulnerabilities, and threats to support organizational risk management decisions. This publication specifically addresses assessment and analysis of security control effectiveness and of organizational security status in accordance with organizational risk tolerance. Security control effectiveness is measured by correctness of implementation and by how adequately the implemented controls meet organizational needs in accordance with current risk tolerance. Organizational security status is determined using metrics established by the organization to best convey the security posture of an organization’s information and information systems, along with organizational resilience given known threat information. This necessitates: • Maintaining situation awareness of all systems across the organization; • Maintaining an understanding of threats and threat activities; • Assessing all security controls; • Collecting, correlating, and analyzing security-related information; • Providing actionable communication of security status across all tiers of the organization; and • Active management of risk by organizational officials. Purpose: The purpose of this guideline is to assist organizations in the development of an ISCM strategy and the implementation of an ISCM program that provides awareness of threats and vulnerabilities, visibility...
Words: 4395 - Pages: 18
...SAMPLE RISK MANAGEMENT PLAN INTRODUCTION The following guidelines have been developed to assist employees to meet the intent and to gain the benefits of our organisations Risk Management Policy. The overall aim of the risk management program is to ensure that our organisation is able to meet its strategic, operational and compliance goals and objectives in an environment of possible risks. We recognise that our organisation will have to incur risks in the pursuit of its business and corporate objectives. The purpose of these guidelines is to provide a consistent framework which will assist all employees to recognise and manage risks inherent in the conduct of their activities We encourage all employees to act in ways which controls and treat risks in order to minimise potential injures, damage to assets and setbacks which will adversely affect our organisations pursuit of excellence and leadership. SCOPE These guidelines apply to all departments within our organisation and its controlled entities. They apply to all Departments, Divisions, Centres, controlled entities and joint ventures. RESPONSIBILBITIES As per the Risk Management Policy, risk management is a whole-of-organisation activity. All members of our organisation have a role to play; in particular, staff should take an active role in the identification of potential business and operational risks facing their department or Division, programs, research, business or work unit and take steps to successfully...
Words: 4957 - Pages: 20
...IS3110 IT RISK MANAGEMENT PROJECT Henry Smigielski, Steven Martin, Benjamin Yau, Ulises Martinez IS3110 IT RISK MANAGEMENT PROJECT Henry Smigielski, Steven Martin, Benjamin Yau, Ulises Martinez TABLE OF CONTENTS 1.0 PURPOSE AND SCOPE 4 2.0 RISK PLANNING 4 2.1 ROLES AND RESPONSIBILITIES 6 2.2 RISK IDENTIFICATION 7 2.2.1 Methods for Risk Identification 7 2.2.2 Identified Risks 7 2.3 RISK ASSESMENT 28 2.3.1 Qualitative Risk Assessment 28 Probability 28 Impact 29 Threat Matrix 30 2.3.2 Quantitative Risk Assessment 33 2.4 RISK RESPONSE PLANNING 34 Avoid 35 Mitigate 35 Accept 35 Contingency 35 Transfer 35 2.5 RISK MITIGATION 35 2.6 RISK MONITORING 39 Pulse Meetings 39 Variance Reports 40 Program Reviews 41 Technical Reviews 42 Project Forecasting 43 Problem Solving 45 2.6.1 Project Management Information System 46 Management Reviews 47 Project Dashboards 48 Change Management Log 50 3.0 Computer Incident Response Team Plan 51 3.1 Have an incident response plan. 52 3.2 Pre-define your incident response team 53 3.3 Define your approach: watch and learn or contain and recover. 54 3.4 Pre-distribute call cards. 55 3.5 Forensic and incident response data capture. 56 3.6 Get your users on-side. 56 3.7 Know how to report crimes and engage law enforcement. 57 3.8 Practice makes perfect. 58 4.0 Disaster Recovery versus Business Continuity Planning 59 4.1 Define Key...
Words: 14207 - Pages: 57
...Due on Sunday : Case Study : YieldMore Risk Management Team | Instructions | | Introduction:Risk management is critical to protect organizational assets and to ensure compliance with laws and regulations. Many individuals and departments in organizations are involved in risk management; this is especially true when creating a risk management plan. You, as an employee of YieldMore, are asked to create a risk management plan for the organization. Scenario:In order to help protect the company and ensure it maintains compliance with laws and regulations, senior management at YieldMore has decided to develop a formal risk management plan. As an employee of YieldMore, your team has been given the task of creating a risk management plan for the organization. Tasks:You will initiate a kick off meeting to discuss YieldMore’s risk management plan with your team. 10 points 1. Review the responsibilities associated with your assigned role. 2. Explain the specific responsibilities of your assigned role within the project. 3. Explain your role and the roles of the other team members to senior management. | Due on feb 25 : Scenario You are an information technology (IT) intern working for the Defense Logistics Information Service (DLIS) in Battle Creek, Michigan. DLIS is an organization within the Defense Logistics Agency (DLA), which is the largest logistics combat support agency for the Department of Defense. DLIS creates, manages, and disseminates logistics information...
Words: 552 - Pages: 3
...Risk Management Plan YIELDMORE Version 1.0.1 Table of Contents Executive Summary...………………………………………………………..3 1.0 Introduction..……………………………………………………………..4 1.1 Purpose of the Risk Management Plan……………..…….....4 2.0 Risk Management Procedure……….…………………………………...4 2.1 Objectives……………………………………………………4 2.2 Scope………………………………………………………...4 2.3 Compliance Laws and Regulations…………….………………….…....5 2.3.1 PCI DSS Summary ………………………………..…....…5 2.3.2 Sarbanes Oxley Act Summary ………………………..…..6 2.4 Roles and Responsibilities……………………………………..….…..6 2.4.1 Threat Identification………………………………………..7 2.4.2 Methods for Risk Identification……………………...…….7 2.4.3 Vulnerability Identification...………………………...…….7 2.4.4 Pair Threats & Vulnerabilities……………………...………8 2.5 Risk Analysis………………………………………………….……......8 2.6 Risk Monitoring……………………………………………....………..9 2.6.1 Risk Management Plan Approval………………………….10 Executive Summary A risk is an event or condition that if a threat exploits vulnerability there could be a positive or negative effect on a business or project. Risk Management is the practice of identifying, assessing, controlling and mitigating risks. This document is a guideline in completing a Risk Management Plan. The Risk Management Plan describes the vulnerabilities and threat pairs that could be a potential risk, and outlines a plan to be performed, recorded, and monitored with control measures. The Risk Management Plan is important because it outlines...
Words: 1648 - Pages: 7
...BA 562 Risk Management Plan Project: MBA Program Branch in Portland Section: Wed 9:00 am Team Member: Menghui Lin, Yu Chen, Jun Yang and Xiaoyi Ji Introduction Based on the success of MBA program in Corvallis (OSU main campus), we are planning to establish the MBA program branch in Portland. It will be a good choice to expand our MBA program in Portland because Portland is the biggest city in Oregon and there are a lot of business corporations which can provide many potential business opportunities. The primary objective of our project is to get more students involving our MBA program, build a high quality education program and improve the influence of OSU in the whole Oregon, no matter in education or in the business realm. Meanwhile, we must admit that there are several potential risks we will face in implementing the practical program. There is more specific information and analysis as follow. Risk Identification Through the analysis of the whole parts of the new program, we identify the following risks: competition risk, financial problem, teaching quality and reputation impairment. OSU is not the only one who provides MBA programs in Portland. So it may face the fiercely competition with other school like Portland State University. And starting a new program in Portland that is far away from the main campus, the program may need a lot of money to operate. The financial problem is the core that decides the normal operation of the MBA program in Portland...
Words: 1441 - Pages: 6
...Cisco: Supply chain RISK MANAGEMENT PLAN VERSION 5 01/13/2014 TABLE OF CONTENTS 1. INTRODUCTION 1. Executive Summary 2. Purpose of the Risk Management Plan 2. Risk Management Procedure 1. What is a Risk? 1. Risk Identification 2. Risk Assessment 3. Risk Mitigation 4. Risk Monitoring 5. Risk Planning 2. Qualitative Risk Analysis 3. Quantitative Risk Analysis 4. Risk Reporting 3. Tools and Practices 4. Conclusion 1. Risk Contingency Planning 2. Processes to Address Immediate Unforeseen Risks 5. Risk Management Plan Approval 6. Appendix A: References 7. Appendix B: Key Terms INTRODUCTION 1 EXECUTIVE SUMMARY THIS RISK MANAGEMENT PLAN DOCUMENTS A PRESENTATION MADE AT YEILDMORE ON HOW CISCO MANAGES THE RISKS ASSOCIATED WITH SUPPLY CHAIN DISRUPTIONS. YEILDMORE ASSESSES CISCO'S SUPPLY CHAIN RESILIENCY PROGRAM AS ONE OF THE BETTER-EXECUTED PROGRAMS WE HAVE SEEN, AND RECOMMENDS OTHER CLIENTS STUDY IT TO UNDERSTAND HOW THEY MIGHT "DERISK" THEIR OWN SUPPLY CHAINS. THEY OFFER A PRODUCT-CENTRIC APPROACH WHICH PROVIDES MORE BUSINESS VALUE THAN AN INCIDENT-CENTRIC APPROACH TO RISK ASSESSMENT FOR MOST BUSINESSES. Cisco’s transparency is critical to both internal and external support for supply chain resiliency. Objective metrics contribute...
Words: 4662 - Pages: 19
...Risk Management Plan Table of Contents 1 Executive Summary.......................................................................................................... 1.1 Purpose.......................................................................................................................... 2 Risk Management Strategy............................................................................................... 2.1 Risk Identification........................................................................................................... 2.2 Risk Responsibilities....................................................................................................... 2.3 Risk Assessment ............................................................................................................. 2.4 Risk Response................................................................................................................. 2.5 Risk Mitigation ............................................................................................................... 2.6 Risk Contingency Planning............................................................................................. 2.7 Tracking and Reporting .................................................................................................. 2.8 Processes to Address Immediate Unforeseen Risks ....................................................... 1 Executive Summary Risk is defined as an event that has...
Words: 3635 - Pages: 15
...------------------------------------------------- Risk Management – Sector I Risk Management Plan Introduction Version 1.2.0 Designed by: Defense Logistics Information Systems Designers: Matthew Gugumuck Michael Mawyer Daryl Giggetts | Overview | * The goal of the Risk Management plan is to design and execute the implementation of various security policies and different counter-measures in the event of any type of risk, threat, and/or vulnerabilities against the organizations daily operations and sensitive information. By combining both hardware devices and software applications will boost the effectiveness of security and preventing unauthorized access and effectively repulsing attacks. | Authority/Ownership | * Any information and sensitive contents contained in this document has been planned and developed by DLA Logistics Information Service and in which is the rightful owner of this document. All materials contained within this document is considered CLASSIFIED and is also copyrighted by DLA Logistics Information Service (DLIS). Any wrongful use of such material and/or reference to this document without the rightful expressed and written consent of the owner(s) may result in criminal prosecution. | Sections contained in DLIS Risk Management Plan | * Risk Management Overview * Planning and Implementation of Risk Management * Key Personnel Roles * Risk Assessment Plan * System Analysis and Characterization ...
Words: 4166 - Pages: 17
...Risk Management Plan Everyone faces risk whether it is in everyday life or in the workforce. There are many risks associated with owning a business. Many new businesses fail because they don’t have an effective risk management plan in place. Risk is defined as “an uncertainty concerning the occurrence of a loss” (Rejda, page 2). Owners when first starting a business prioritize what needs to be done first, without thinking about a risk management plan. The type of business that I would like to own someday would be a coffee shop. The reason I would choose a coffee shop is because I am passionate about coffee. I am very particular on the coffee grounds I use, the smells, and I am always inventing new recipes that I like to share with family. There are many risks associated with running a coffee shop though. Risks can be internal and external. Risk management can affect many aspects of a business. If a business owner can identify internal risks within a business they can be controlled. Internal risks that I would face as the owner of a coffee shop would include human risks, theft, and breakdown of equipment. Human risk can include employees or I as the owner becoming ill and not being able to perform the assigned job duties. Having employees also will increase the chances for employee theft. Theft can include cash, product, and wages. Another internal risk that I would face would be with the equipment. Equipment will breakdown and will need to be fixed or replaced...
Words: 975 - Pages: 4
...Project Part 1 Task 1: Risk Management Plan EC-Council University Introduction A risk management plan (RMP) is important to the DLIS and DLA because it will help us to identify and mitigate IT risks before they become catastrophic issues. This RMP will outline the objectives of the DLIS, the risks associated with the DLIS IT infrastructure, quantify these risks, develop a response plan to these risks by identifying roles and responsibilities of individuals, and control these risks. Controlling the risks that have been identified will happen in one of two methods: establish a reserve by allocating risk contingencies for known risks or through the continuous monitoring established as part of this plan. Outline for RMP 1) Identify the objectives of the DLIS a) Organizational financial goals b) Organizational risk acceptance levels c) Organizational business goals 2) Identify risks d) Identify potential risks to the DLIS infrastructure e) Review previous RMP’s for identified risks and their priority levels 3) Develop a Response Plan f) Define each risk, to include probability and potential negative impact g) Identify roles and responsibilities of individuals and organizations to mitigate risks 4) Quantify Each Risk Identified h) Identify high cost objectives i) Identify high cost mitigation techniques j) Identify high loss critical infrastructure 5) Control Risk k) Establish Reserve ...
Words: 723 - Pages: 3
...<Project Name> Risk Management Plan <Insert Project Logo here> <Month, Year> Health and Human Services Agency, Office of Systems Integration | Revision History Revision History | Revision/WorkSite # | Date of Release | Owner | Summary of Changes | SID Docs #3164v4 | 06/23/2004 | SID - PMO | Initial Release | OSIAdmin 3283 | 08/29/2008 | OSI - PMO | Major revisions made. Incorporated tailoring guide information into this template | Remove template revision history and insert Project Risk Management Plan revision history. Approvals Name | Role | Date | | | | Insert Project Approvals here. Template Instructions: This template is color coded to differentiate between boilerplate language, instructions, sample language, and hyperlinks. In consideration of those reviewing a black and white hard copy of this document we have also differentiated these sections of the document using various fonts and styles. Details are described below. Please remove the template instructions when the document is finalized. Standard boilerplate language has been developed for this management plan. This language is identified in black Arial font and will not be modified without the prior approval of the OSI Project Management Office (PMO). If the project has identified a business need to modify the standard boilerplate language, the request must be communicated to the PMO for review. Instructions for using this template are provided in purple Arial font...
Words: 10663 - Pages: 43
...RISK MANAGEMENT PLAN PROJECT: Re-design County Animal Shelter PROJECT DESCRIPTION SUMMARY: This County is in need of a re-developed animal shelter. My project entails redesigning the local animal shelter by making it more efficient and safer for the shelter animals and staff. The building is over thirty years old and is in need of a lot of reconstruction to make it a safe environment and something that will ensure disease protection to all the animals at the shelter. PROJECT MANAGER: Michael Pastore DATE: September 29, 2011 Risk Identification I have made a list of all areas that might cause project delays or failure with their respective outcomes (see numerical list below). The five risks I have chosen as key risks are bolded below and appear in the Risk Assessment Table. 1. Delay in getting appropriate permits approved. Department Form # AW-1 needs approved, IACUC inspection for animal safety and welfare needed as well. 2. Delay in caging material and other needed materials for project completion. This is lack of needed items to re-build shelter cages inside and outside. 3. Weather issues causing delay in outside work. This could cause construction delays on the roof and the outside fencing area. 4. Cost risk-over budget. This would include running out of money to fund the entire project if more money is needed. This is a non-profit organization and the amount of funding is being donated to re-design the shelter. 5. Equipment delay. Equipment...
Words: 1424 - Pages: 6
...------------------------------------------------- ------------------------------------------------- ------------------------------------------------- Risk Management Plan ------------------------------------------------- Project Manager: Revision History Version | Date | Author(s) | Revision Notes | 1.0 | 09/27/2014 | | First Draft | | | | | | | | | | | | | | | | | Table of Contents Purpose and Scope 1 Risk Plan Objectives 1 Deliverables Produced 1 Deliverable 1: 1 Deliverable 2: 1 Deliverable 3: 2 Project Risks 2 Risk I 2 Risk II 2 Risk III 2 Disaster Recovery Plan 2 Types of Teams 2 In the Event of a Disaster 2 Recovery Scenarios 3 Recovery Activities 3 Purpose and Scope The risks that we can incur for this project are as follows: Injury when installing cables and towers, possible electrical issues with a number of systems drawing power around the same time, someone tapping into the company’s network as we slowly bring it up before it’s fully secured, possible attacks on the servers as they come online, or critical failure of servers as they are brought online. We are going to go over these and how we will mitigate the risks from a high risk to a lower risk. Risk Plan Objectives This project will meet the following objectives: * Objective 1 – Working in pairs so that workers can check over each other’s work to make sure it is done right the first time without injury. * Objective 2 – Before bringing networking...
Words: 764 - Pages: 4
... Assign to departments c. Risk Matrix d. Risk mitigation plan e. Impact Analysis II. (BIA) f. Departments g. Business Impact h. Costs Analysis III. Recommendations (BIA) i. Business Impact Analysis Results j. Maximum Acceptable Outage IV. (DLIS) Business Continuity Plan a. Purpose b. Scope c. Plan Objectives d. Disaster definition e. Recovery teams f. Team member responsibilities g. Instructions for using the plan/Invoking the plan h. Data backup policy i. Offsite storage procedures j. In the event of disaster V. Computer Incident Response Team Plan k. Secure funding for relocation l. Notify EMT and corporate business units of recovery Startup m. Operations recovered Introduction: The purpose of the risk assessment plan is to avoid or mitigate the impacts of a threat or vulnerability. The risk assessment plan for the entire DLIS system will help assign responsibilities, identify the costs of an outage, provide recommendations, identify the costs of recommendations, document accepted recommendations, track implementation, and create a plan of action and milestones (POAM). Scope: Risk assessment is used in every career and on every project in all fields of study. There are different types of risks involved depending on what you are doing. An architect has to assess all risks involved with weather, natural resources...
Words: 1790 - Pages: 8