Defining the Scope and Structure for an IT Risk Management Plan, computer science homework help

Defining the Scope and Structure for an IT Risk Management Plan, computer science homework help

Assessment Worksheet

Use file:///C:/Users/Jamie/Downloads/Lab03_SLMx_Risk20%20(3).pdf

Defining the Scope and Structure for an IT Risk Management Plan

Course Name and Number: _____________________________________________________

Student Name: ________________________________________________________________

Instructor Name: ______________________________________________________________

Lab Due Date: ________________________________________________________________

Overview

In this lab, you defined the purpose of an IT risk management plan, you defined the scope for an

IT risk management plan that encompasses the seven domains of a typical IT infrastructure, you

related the risks, threats, and vulnerabilities to the plan, and you created an IT risk management

plan outline that incorporates the five major parts of an IT risk management process.

Lab Assessment Questions & Answers

1. What is the goal or objective of an IT risk management plan?

2. What are the five fundamental components of an IT risk management plan?

The five fundamentals to risk management plan are identifying, analyzing, evaluating, and ultimately responding to and monitoring risk.

3. Define what risk planning is.

4. What is the first step in performing risk management?

5. What is the exercise called when you are trying to gauge how significant a risk is?

6. What practice helps address a risk?

7. What ongoing practice helps track risk in real time?

8. True or False: Once a company completes all risk management steps (identification, assessment,

response, and monitoring), the task is done.

9. Given that an IT risk management plan can be large in scope, why is it a good idea to develop a

risk management plan team?

10. In the seven domains of a typical IT infrastructure, which domain is the most difficult to plan,

identify, assess, treat, and monitor?

11. Which compliance laws or standards does the health care organization mentioned in the HandsOn

Steps have to comply with (consider these: Health Insurance Portability and Accountability

Act [HIPAA], Gramm-Leach-Bliley Act [GLBA], and Family Educational Rights and Privacy Act

[FERPA])? How does this impact the scope and boundary of its IT risk management plan?

12. How did the risk identification and risk assessment of the identified risks, threats, and

vulnerabilities contribute to your IT risk management plan outline?

13. What risks, threats, and vulnerabilities did you identify and assess that require immediate risk

mitigation given the criticality of the threat or vulnerability?

14. For risk monitoring, what are some techniques or tools you can implement in each of the seven

domains of a typical IT infrastructure to help mitigate risk?

15. For risk mitigation, what processes and procedures can help streamline and implement riskmitigation

solutions to the production IT infrastructure?

16. What is the purpose of a risk register?

17. How does risk response impact change control management and vulnerability management?

Part 2

file:///C:/Users/Jamie/Downloads/Lab04_SLMx_Risk20%20(1).pdf

Lab Assessment Questions & Answers

1. What is an IT risk assessment’s goal or objective?

2. Why is it difficult to conduct a quantitative risk assessment for an IT infrastructure?

3. What was your rationale in assigning a “1” risk impact/risk factor value of “Critical” to an

identified risk, threat, or vulnerability?

4. After you had assigned the “1,” “2,” and “3” risk impact/risk factor values to the identified risks,

threats, and vulnerabilities, how did you prioritize the “1,” “2,” and “3” risk elements? What

would you say to executive management about your final recommended prioritization?

5. Identify a risk-mitigation solution for each of the following risk factors:

a. User downloads and clicks on an unknown e-mail attachment

b. Workstation OS has a known software vulnerability

c. Need to prevent eavesdropping on WLAN due to customer privacy data access

d. Weak ingress/egress traffic-filtering degrades performance

e. DoS/DDoS attack from the WAN/Internet

f. Remote access from home office

g. Production server corrupts database

"You need a similar assignment done from scratch? Our qualified writers will help you with a guaranteed AI-free & plagiarism-free A+ quality paper, Confidentiality, Timely delivery & Livechat/phone Support.


Discount Code: CIPD30


WHATSAPP CHAT: +1 (781) 253-4162


Click ORDER NOW..

order custom paper