Practical Connection Assignment

Colin Horn

Wk4slides.pptx

Home >Information Systems homework help >Practical Connection Assignment

Managing Risk in Information Systems

Lesson 4

Developing a Risk Management Plan

www.jblearning.com

Chapter 4 Slides

Chapter 4: “Developing a Risk Management Plan”

Page ‹#›

Managing Risk in Information Systems

www.jblearning.com

Objectives of a Risk Management Plan

A list of threats

A list of vulnerabilities

Costs associated with risks

A list of recommendations to reduce the risks

Costs associated with recommendations

A cost-benefit analysis

One or more reports

Page ‹#›

Managing Risk in Information Systems

www.jblearning.com

Scope of Plan Dimensions

Extent the plan will be organized

Level of implementation

Range of view and outlook

Degree of application and operation

Measurement of effectiveness

Page ‹#›

Managing Risk in Information Systems

www.jblearning.com

Assignment of Responsibilities

Align resources

Assign responsibilities

Evaluate relationships

Page ‹#›

Managing Risk in Information Systems

www.jblearning.com

Describing Procedures and Schedules for Accomplishment

Include a recommended solution for any threat or vulnerability, with a goal of mitigating the associated risk.

The solution will often include multiple steps.

Page ‹#›

Managing Risk in Information Systems

www.jblearning.com

Describing Procedures and Schedules for Accomplishment

Describe each step in detail.

Include a timeline for completion of each step.

Remember:

Management is responsible for choosing the controls to implement.

Management is responsible for residual risk.

Page ‹#›

Managing Risk in Information Systems

www.jblearning.com

Affinity Diagram

Page ‹#›

Managing Risk in Information Systems

www.jblearning.com

Reporting Requirements

Present recommendations

Document management response to recommendations

Document and track implementation of accepted recommendations

Create plan of action and milestones (POAM)

Page ‹#›

Managing Risk in Information Systems

www.jblearning.com

Reporting Requirements (Cont.)

Report should include:

Findings

Recommendation cost and time frame

Cost-benefit analysis

Reports are often summarized in risk statements

Use risk statements to communicate a risk and the resulting impact

Page ‹#›

Managing Risk in Information Systems

www.jblearning.com

Using a Cause and Criteria Diagram

Evaluating a Web site

Page ‹#›

Managing Risk in Information Systems

www.jblearning.com

Using a Cause and Criteria Diagram

Evaluating HIPAA compliance

Page ‹#›

Managing Risk in Information Systems

www.jblearning.com

Plan of Action and Milestones (POAM)

A document used to track progress

Used to assign responsibility and to allow management follow-up

Is a living document

Page ‹#›

Managing Risk in Information Systems

www.jblearning.com

Milestone Plan Chart

Only lists major milestones

Page ‹#›

Managing Risk in Information Systems

www.jblearning.com

Gantt Chart

Shows a full project schedule

Page ‹#›

Managing Risk in Information Systems

www.jblearning.com

Critical Path Chart

Identifies critical tasks to be managed

Page ‹#›

Managing Risk in Information Systems

www.jblearning.com

Risk Management Functions

Senior management

IT management

System and information owners

Functional management

Information security (IS) management

Security awareness trainers

Page ‹#›

Managing Risk in Information Systems

www.jblearning.com

5/28/2018

Summary

Risk, threats, vulnerabilities, and exploits

Public resources for risk management

Use of threat/vulnerability pairs in managing risk

Fundamental components of a risk management plan

Objectives of a risk management plan

Objectives and scope of a risk management plan

Importance of assigning responsibilities

Significance of planning, scheduling, and documentation

Page ‹#›

Managing Risk in Information Systems