Assignment:
For the final assignment, you must design a corporate risk management plan for FSB as part of their corporate security program. The format for the plan must be as follows:
Introduction - State of the Organization
corporate management of systems and applications
threats every organization or institution faces in the era of mobile and cloud computing
Organizational chart
Network diagram
Objectives of the Risk Management Plan - Risk Statement with a definition of IT emergencies, ranking the nature of incidents-whether they are natural, technical, human resources, or cyber-threats.
Business Impact Analysis (BIA) for FSB
Plan of Action and Milestones (POAM) - Action Plan for Incident
Risk Reduction Strategies for Mobile Device Management (MDM)
Tool recommendations
Response and Risk Management
Strategies to assess and mitigate risk and maintain privacy when cloud computing is used in a production environment.
Sequence, workflow, or flowchart illustrating the steps to follow when responding to an incident.
Steps to follow and recommended tools to use to perform a vulnerability assessment.
Disaster Recovery Sites - Remote Locations
IP lines redirect to a different location inside the organization (cold site).
Temporary IT center contracted for the purposes of partial recovery of business functions (hot site).
Inventory - Hardware and network architecture, databases, and applications-classified in criticality levels.
Backup Strategy that documents protection and electronic files replication.
Transfer Strategy - Steps to follow to transfer operations to a remote location.
Testing Plan for implementing drills, including frequency and results reporting.
Plan Distribution
User Awareness and Training of Emergency Committee Personnel
Length: 15 to 17 page technical paper - APA
References: Minimum of 10 scholarly resources
Resources:
Ali, M., Khan, S. U., & Vasilakos, A. V. (2015, June 1). Security in cloud computing: Opportunities and challenges. Information Science, 305, 357-383.
Brennan, J. (2018). The role of intelligence in corporate security. Security Solutions for Enterprise Security Leaders, 55(5), 22.
Georg, L. (2017). Information security governance: Pending legal responsibilities of non-executive boards. Journal of Management & Governance, 21(4).