1. What is the goal or objective of an IT risk management plan?
2. What are the five fundamental components of an IT risk management plan?
3. Define what risk planning is.
4. What is the first step in performing risk management?
5. What is the exercise called when you are trying to gauge how significant a risk is?
6. What practice helps address a risk?
7. What ongoing practice helps track risk in real time?
8. True or False: Once a company completes all risk management steps (identification, assessment,
response, and monitoring), the task is done.
9. Given that an IT risk management plan can be large in scope, why is it a good idea to develop a
risk management plan team?
10. In the seven domains of a typical IT infrastructure, which domain is the most difficult to plan,
identify, assess, treat, and monitor?
11. Which compliance laws or standards does the health care organization mentioned in the HandsOn Steps have to comply with (consider these: Health Insurance Portability and Accountability
Act [HIPAA], Gramm-Leach-Bliley Act [GLBA], and Family Educational Rights and Privacy Act
[FERPA])? How does this impact the scope and boundary of its IT risk management plan?
12. How did the risk identification and risk assessment of the identified risks, threats, and
vulnerabilities contribute to your IT risk management plan outline?
13. What risks, threats, and vulnerabilities did you identify and assess that require immediate risk
mitigation given the criticality of the threat or vulnerability?
14. For risk monitoring, what are some techniques or tools you can implement in each of the seven
domains of a typical IT infrastructure to help mitigate risk?
15. For risk mitigation, what processes and procedures can help streamline and implement riskmitigation solutions to the production IT infrastructure?
16. What is the purpose of a risk register?
17. How does risk response impact change control management and vulnerability management?