Introduction:
As discussed so far in this course, risk management is an important process for all organizations. This is particularly true in information systems, which provides critical support for organizational missions. The heart of risk management is a formal risk management plan. This activity allows you to fulfill the role of an employee participating in the risk management process in a specific business situation.
Scenario:
You are an information technology (IT) intern working for the Defense Logistics Information Service (DLIS) in Battle Creek, Michigan. DLIS is an organization within the Defense Logistics Agency (DLA), which is the largest logistics combat support agency for the Department of Defense. DLIS creates, manages, and disseminates logistics information to military and government customers using the latest technology.
Senior management at DLIS decided that the existing risk management plan for the organization is out of date, and that a new risk management plan must be developed. Because of the importance of risk management to the organization, senior management is committed to and supportive of the project to develop a new plan. You have been assigned to develop this new plan.
Project Part 1
Project Part 1 Task 1: Draft Risk Management Plan
For the first part of the assigned project, you must create an initial draft of the final risk management plan.
To do so, you must:
1. Develop and provide an introduction to the plan by explaining its purpose and importance.
2. Create an outline for the completed risk management plan.
3. Define the scope and boundaries of the plan.
4. Research and summarize compliance laws and regulations that pertain to the organization.
5. Identify the key roles and responsibilities of individuals and departments within the organization as they pertain to risk management.
6. Develop a proposed schedule for the risk management planning process.
7. Create a professional report detailing the information above as an initial draft of the risk management plan.
Write an initial draft of the risk management plan as detailed in the instructions above. Your plan should be made using a standard word processor format compatible with Microsoft Word.
IS3110 Risk Management in Information Technology Security STUDENT COPY: Project © ITT Educational Services, Inc.
All Rights Reserved.
Project Part 1 Task 2: Risk Assessment Plan
After creating an initial draft of the risk management plan, the second part of the assigned project requires you to create an initial draft of the final RA plan. To do so, you must:
1. Develop an introduction to the plan explaining its purpose and importance.
2. Create an outline for the completed RA plan.
3. Define the scope and boundaries for the plan.
4. Research and summarize RA approaches.
5. Identify the key roles and responsibilities of individuals and departments within the organization as they pertain to RA.
6. Develop a proposed schedule for the RA process.
7. Create a professional report detailing the information above as an initial draft of the RA plan.
Project Part 1 Task 3: Risk Mitigation Plan
Senior management at DLIS decided that the risk manager and his/her team should continue and develop a risk mitigation plan based on inputs provided by the team in earlier project deliverables.
Management has also allocated funds for a risk mitigation plan. Because of the importance of risk management to the organization, senior management is committed to and supportive of the project to develop a new plan. You have been assigned to develop this new plan.
Project Part 2
Project Part 2 Task 1: Introduction and Business Impact Analysis Plan
As discussed so far in this course, risk management is an important process for all organization. This is particularly true for information systems, which provide critical support for organizational missions. The heart of risk management is a formal risk management plan.
This part of the project is a continuation of the Project Part 1 where you prepared RA plan and a risk mitigation plan for the DLIS. Senior management at DLIS decided that the risk manager and his/her team should continue and develop a RA plan based on inputs provided by the team in earlier project deliverables. Management has also allocated funds for a risk mitigation plan and a BIA plan. Because of the importance of risk management to the organization, senior management is committed to and supportive of the project to develop a new plan. You have been assigned to develop this new plan.
IS3110 Risk Management in Information Technology Security STUDENT COPY: Project © ITT Educational Services, Inc.
All Rights Reserved.
Project Part 2 Task 2: Business Continuity Plan
After having reviewed and being impressed by your Project Part 1 on Risk Management, the senior management at DLIS decided that your team must also develop a BCP as your team is doing so well.
Management has also allocated all funds for a BCP and your team has their full support, as well as free reign to call on any of them for participation or inclusion in your BCP plan. You have been assigned to develop this new plan after taking into consideration the following additional information on DLIS IT infrastructure.
DLIS has a global reach and at least 50 file servers and various databases (12) running everything from an enterprise resource planning (ERP) system to the organization payroll system that has an electronic funds transfer (EFT) capability. Other things worth noting are a warm site within 50 miles of the headquarters data center. No plans exist for it. You will want to use it in your BCP planning. Currently back-ups are done with an outside vendor. However your team will want to recommend a new process (vendor), and develop a new back-up plan for approximately five terabyte (TB) of critical classified data.
Do not forget to develop a testing plan for your team's BCP.
You can refer to the following additional resources that will help you and your team to develop a BCP