Please see instruction below.
W15A1 – Final Assignment The final assignment represents a culmination of this course. You are to choose a high level system or process within the IT realm of an organization. This can be an email system, web server system, network infrastructure (physical included) or ERP system. (Notice I use the word system, which includes all 7 domains such as user, LAN, workstations and servers/application domains.) I want you to go above the level of one computer for this project. You are assessing the strength of a work flow based on an IT system such as the full holistic view of email and office communications. Please contact me if you think your scope is too narrow. ***You are allowed (and ENCOURAGED) to turn in rough drafts to your professor during your process of developing this project. These “spot checks” will help determine your scope and content for the final deliverable. You will need to complete the following documentation:
Risk Management Plan o Develop and provide an introduction to the plan by explaining its purpose and
importance. o Create an outline for the completed risk management plan. o Define the scope and boundaries of the plan. o Research and summarize compliance laws and regulations that pertain to the
organization. o Identify the key roles and responsibilities of individuals and departments within the
organization as they pertain to risk management. o Create a professional report detailing the information above as an initial draft of the risk
management plan.
Risk Assessment Plan o Develop an introduction to the plan explaining its purpose and importance. o Use the attached RA form. o Define the scope and boundaries for the plan. o Identify the key roles and responsibilities of individuals and departments within the
organization as they pertain to RA. o Create a professional report detailing the information above as an initial draft of the RA
plan, this will include a Word document for your narrative and the RA form.
Business Impact Analysis o Use the attached BIA form or use your own form from a previous course. o Define the scope and boundaries of the plan. o Determine the impacted domain(s) and describe the impact on various resources as
outlined in the attached form.
Disaster Recovery Plan o Use the attached DR form or use your own form from a previous course.
Business Continuity Plan o For the BCP, incorporate all of the documents into a portfolio with your narrative
The portfolio can be a single PDF, Word document or a zip of all documents. The narrative needs to be an overview of the entire project, use APA formatting
for the narrative document, if you are unsure of a format. The narrative needs to include the system scope, overview of the above
documentation and a final recommendation for an action plan to management. You are allowed to use your own words for this document.
The above documentation can be performed on a real company or a fictitious scenario given by the instructor. If you need the fictitious scenario, please let the instructor know your preference as soon as possible. The full assignment will be graded on the following:
Did the student demonstrate an understanding of the competencies covered in the course?
Did the student include all important components of this project, as outlined?
Did the student demonstrate good research, reasoning, and decision-making skills in identifying key risk components, mitigation techniques, compliance laws and regulations and impact on business process across the 7 domains?
Did the student create a professional, well-developed draft with proper grammar, spelling, and punctuation?
Course Outcomes:
1. Identify and define risk and risk management techniques. 2. Summarize compliance laws relevant to IT within a given industry. 3. Develop a risk management plan. 4. Perform a risk assessment. 5. Identify and evaluate threats, vulnerabilities, countermeasures, and mitigation recommendations. 6. Identify administrative, technical, and physical controls to reduce risk. 7. Perform a business impact analysis. 8. Create a business continuity and disaster recovery plan.