Name
Strayer University
Security Risk Assessment and Mitigation Plan Implementation
CIS 359 – Disaster Recovery Management
Assignment 15: Security Risk Assessment and Mitigation Plan Implementation
Due Week 7 and worth 75 points
In a previous assignment, you conducted a security risk assessment and developed a comprehensive
security risk mitigation plan for a medium-sized organization. Your task is to implement the risk
mitigation plan and ensure that the organization's security posture is improved.
Write a paper in which you:
1. Implementation Plan: Develop a detailed implementation plan for the security risk mitigation
measures outlined in your previous risk assessment and mitigation plan assignment. Include
specific tasks, responsible parties, timelines, and resources required for each mitigation
measure.
2. Prioritization: Prioritize the implementation of the security risk mitigation measures based on
their criticality and potential impact on the organization's security. Explain the rationale for the
prioritization.
3. Communication and Training: Describe how you will communicate the implementation plan to
relevant stakeholders, including employees and management. Explain the importance of
training and awareness programs to support the successful implementation of security
measures.
4. Monitoring and Reporting: Discuss how you will monitor the progress of the implementation
plan. Describe the key performance indicators (KPIs) and metrics that will be used to measure
the effectiveness of the security risk mitigation measures. Explain how incidents and issues will
be reported and addressed.
5. Incident Response Preparedness: Explain how the organization's incident response capabilities
will be improved as part of the risk mitigation plan implementation. Discuss procedures for
detecting and responding to security incidents.
6. References: Use at least three (3) quality resources to support your implementation plan. Ensure
that your sources are reputable and relevant to security risk mitigation best practices.
Your assignment must follow these formatting requirements:
Be typed, double-spaced, using Times New Roman font (size 12), with one-inch margins on all sides;
citations and references must follow APA or school-specific format. Check with your professor for any
additional instructions.
Include a cover page containing the title of the assignment, your name, the professor's name, the course
title, and the date. The cover page and the reference page are not included in the required assignment
page length.
Use appropriate headings and subheadings to organize the content.
Use visual aids, such as tables or flowcharts, to illustrate key elements of the implementation plan.
The specific course learning outcomes associated with this assignment are:
Develop a detailed implementation plan for security risk mitigation measures.
Prioritize security risk mitigation measures based on criticality and potential impact.
Communicate and train relevant stakeholders on security risk mitigation measures.
Monitor and report on the progress and effectiveness of security risk mitigation measures.
Enhance incident response preparedness as part of security risk mitigation.
Use technology and information resources to research issues in security risk mitigation planning.
Write clearly and concisely about security risk mitigation planning using proper writing mechanics and
technical style conventions.
Grading for this assignment will be based on answer quality, logic / organization of the paper, and
language and writing skills, using the following rubric.
Points: 75 Assignment 15: Security Risk Assessment and Mitigation Plan
Implementation
Criteria Unacceptable
Below 60% F
Meets
Minimum
Expectation
s
60-69% D
Fair
70-79% C
Proficient
80-89% B
Exemplary
90-100% A
1. Detail the DR team
roles, responsibilities,
and sub teams that
would be implemented
and construct an
organizational chart for
the team through the
use of graphical tools
in Visio, or an open
source alternative such
as Dia.
Weight: 35%
Did not submit or
incompletely
detailed the DR
team roles,
responsibilities,
and sub teams
that would be
implemented and
did not submit or
incompletely
constructed an
organizational
chart for the team
through the use
of graphical tools
in Visio, or an
open source
alternative such
as Dia.
Insufficiently
detailed the DR
team roles,
responsibilities,
and sub teams
that would be
implemented
and
insufficiently
constructed an
organizational
chart for the
team through
the use of
graphical tools
in Visio, or an
open source
alternative
such as Dia.
Partially
detailed the DR
team roles,
responsibilities,
and sub teams
that would be
implemented