final Project 1 task 3

Bhanu revath
Chapter11Powerpoint.pptx
Home>Computer Science homework help>final Project 1 task 3

Managing Risk in Information Systems

Lesson 11

Turning Your Risk Assessment

into a Risk Mitigation Plan

© 2015 Jones and Bartlett Learning, LLC, an Ascend Learning Company

www.jblearning.com

All rights reserved.

Page ‹#›

Managing Risk in Information Systems

© 2015 Jones and Bartlett Learning, LLC, an Ascend Learning Company

www.jblearning.com

All rights reserved.

1

Creating a Risk Mitigation Plan

Complete a risk assessment

Identify and evaluate relevant threats

Identify and evaluate relevant vulnerabilities

Identify and evaluate countermeasures

Develop mitigating recommendations

Identify costs

Perform cost-benefit analysis (CBA)

Implement plan

Page ‹#›

Managing Risk in Information Systems

© 2015 Jones and Bartlett Learning, LLC, an Ascend Learning Company

www.jblearning.com

All rights reserved.

Reviewing Risk Assessment Countermeasures

In-place countermeasures

Planned countermeasures

Approved countermeasures

Overlapping countermeasures

Page ‹#›

Managing Risk in Information Systems

© 2015 Jones and Bartlett Learning, LLC, an Ascend Learning Company

www.jblearning.com

All rights reserved.

Calculating Costs

Initial purchase

Facility

Installation

Training

Page ‹#›

Managing Risk in Information Systems

© 2015 Jones and Bartlett Learning, LLC, an Ascend Learning Company

www.jblearning.com

All rights reserved.

Prioritizing Risk Elements

Create the Threat/Vulnerability matrix

Determine likelihood

Determine impact

Prioritize countermeasures

Page ‹#›

Managing Risk in Information Systems

© 2015 Jones and Bartlett Learning, LLC, an Ascend Learning Company

www.jblearning.com

All rights reserved.

Performing a Cost-Benefit Analysis

Identify losses without a countermeasure

Identify losses after implementing countermeasure

Calculating projected benefits:

Project Benefit = Loss Without Countermeasure - Loss After Countermeasure

Determining value of countermeasure:

Countermeasure Value = Projected Benefits - Cost of Countermeasure

Page ‹#›

Managing Risk in Information Systems

© 2015 Jones and Bartlett Learning, LLC, an Ascend Learning Company

www.jblearning.com

All rights reserved.

Implementing a Risk Mitigation Plan

Stay within budget

Ensure costs calculated accurately

Stay on schedule

Use tools to manage project

Use project management tools

Page ‹#›

Managing Risk in Information Systems

© 2015 Jones and Bartlett Learning, LLC, an Ascend Learning Company

www.jblearning.com

All rights reserved.

Risk Management Best Practices

Stay within scope of Risk Assessment

Redo CBAs if new costs identified

Prioritize countermeasures based on importance

Include current countermeasures in analysis

Control costs and schedule

Follow up

Implement approved countermeasures

Ensure countermeasures mitigate the risk

Page ‹#›

Managing Risk in Information Systems

© 2015 Jones and Bartlett Learning, LLC, an Ascend Learning Company

www.jblearning.com

All rights reserved.