Cyber Risk Plan
helpmeplease1
RiskManagementTaskTemplate.docxJIT2/RISK MANAGEMENT
TASK TEMPLATE: Carefully read and re-read the scenario, the task instructions, and the rubric for this task, before using this template.
A. Company Overview
Pick a REAL company with some global marketplace activities, and then fictionalize the name. Give a brief overview of the company (a paragraph is fine), omitting any proprietary information.
A1. through A3a. Risk Register
.
|
|
Description |
Source |
Likelihood of Occurrence* |
Severity of Impact* |
Controllability* |
|
1. |
|
|
|
|
|
|
2. |
|
|
|
|
|
|
3. |
|
|
|
|
|
|
4. |
|
|
|
|
|
|
5. |
|
|
|
|
|
|
6. |
|
|
|
|
|
|
7. |
|
|
|
|
|
|
8. |
|
|
|
|
|
· First, choose a real company, not a fictional company. And some aspect of its business must involve global marketplace activities. Then you will change the name of the company and avoid using any proprietary information.
· Use the risk register template above to create a risk register for the company and help you organize the information required for prompts A1-A3 (place all information for prompts A1-A3 right into the register).
· As you identify the eight risks required for the register, you will want to ensure that one of the eight risks identified is a global marketplace risk and include a description of HOW this risk emanates from one of the company’s global marketplace activities.
· You can certainly have more than one global risk in your register. But carefully note that all global risks don’t necessarily relate to global marketplace activities. So make sure your identified global risk fits that criteria, to pass the rubric criteria for A1.
· Rate each risk in the last three columns as high, medium or low and include a well-supported justification for each (in other words, a specific example, etc.).
· Finally, the rows and columns in the register will expand to fit your typing, so don’t skimp on details!
B. Risk Responses
(Include a paragraph or two for each risk response, thoroughly discussing what the organization should do or can do to respond to each risk should it occur, in an effort to reduce the possible damage to the company).
Risk 1: Insert text here
Risk 2: Insert text here
Risk 3: Insert text here
Risk 4: Insert text here
Risk 5: Insert text here
Risk 6: Insert text here
Risk 7: Insert text here
Risk 8: Insert text here
C. Business Contingency Plan
Be sure and include all section headers (there is one for each rubric prompt).
C1. Strategic Pre-Incident Changes
Aim for at least one page of content (a few paragraphs) that clearly explains strategic changes the company could make in advance of any risk incidents, to ensure the well-being of the company.
C2a. Sensitive Data
Write a paragraph or two discussing what constitutes sensitive data for this company.
C2b. Normal Data Protection
Provide a paragraph or two explaining how data will be physically protected during normal business operations in this company.
C2c. Disruption Data Protection
Provide a paragraph or two explaining how data will be physically protected in the event of a disruption.
C2d. Ethical Use of Data
Write a paragraph or two explaining how the company will ensure all data is used ethically in the event of a risk event.
C3a. Customer Records
Provide a couple of paragraphs that discuss and explain customer records in the company (how they are kept and what they include, etc.)
C3b. Normal Security Measures
Provide a couple of paragraphs that explain the systems or security measures the company has in place to protect customer records during normal business operations.
C3c. Disruption Security Measures
Provide a paragraph or two that describe the systems or security measures the company has in place to protect customer records during a risk disruption.
C3d. Ethical Use Protections
Provide a couple of paragraphs that explain how the company will ensure all data is used ethically during and after a risk event.
C4. Communication Plan
Provide a few paragraphs (one page or more) that thoroughly discusses the Communication Plan the company has in place to be used during and following a risk event/disruption.
C4a. Stakeholders
Here you must list and identify all the stakeholders who will need to be contacted in the event of a disruption or risk event.
C4ai. Stakeholder Communications
Explain in detail the methods or modes of communication that will be used to contact each stakeholder, and you must include an explanation of the specific actions that will need to take place to communicate with each stakeholder. You can add in a flow chart, phone tree, etc., if relevant. But you must provide the explanation as well.
C5. Restoration of Operations
Provide a detailed discussion (at least a page or more) that explains exactly how the company will restore normal business operations across the various aspects of the business after a disruption has occurred. Be specific.
D. BCP Implementation Plan
D1. Implementation of the BCP
Provide a few paragraphs describing HOW you will implement the BCP into the company.
D2. Communication of the BCP
Provide a few paragraphs describing HOW the BCP will be communicated within the organization. How will everyone know about it and how to implement when/if the time comes?
D3. Monitoring and Testing of the BCP
Provide a few paragraphs describing HOW the BCP will be tested before any incidents and monitored during any incidents, to ensure the plan will be effective in the event of any risk events.
D4. Adjustment of the BCP
Provide a few paragraphs describing procedures in place to assure that the BCP will be adjusted or revised over time, to adapt to changing risk environments.
D4a. Communication of Changes
Provide a few paragraphs describing HOW any changes made to the BCP over time will be communicated within the company and to all stakeholders.
References
Make sure that all your references are included, and that they are properly cited within the text of your paper. Below are two correctly formatted references, per APA formatting guidelines.
ISO (2008). ISO 9001:2008. Retrieved from http://www.iso.org/iso/catalogue_detail?csnumber=46486
In the body of your paper, these references would be cited like this for the online article with a named author (Krishnan, 2014). Or like this for the ISO reference (ISO, 2008).
NOW … be sure to delete all tips and pointers (everything in red, and the references above) from your finished document. Make sure that all your actual text is in APA formatting, which means black Times New Roman 12-point font, double-spaced throughout. The section headers should remain just as they are given in the template, because they align with the task rubric.
