Scribd Logo
Upload

Welcome to Scribd!

  • 115 views

    Course Name: IAA202 Student Name: Chế Công Đại: Risk planning Risk identification

    Uploaded by

    Công Đại
    The document discusses the scope and structure for an IT risk management plan. It covers topics such as risk planning, identification, assessment, mitigation and monitoring. It provides examples of risks, threats and vulnerabilities that should be considered in a risk management plan.

    Copyright:

    © All Rights Reserved
    Download as DOCX, PDF, TXT or read online from Scribd

    Course Name: IAA202 Student Name: Chế Công Đại: Risk planning Risk identification

    Uploaded by

    Công Đại
    115 views3 pages
    The document discusses the scope and structure for an IT risk management plan. It covers topics such as risk planning, identification, assessment, mitigation and monitoring. It provides examples of risks, threats and vulnerabilities that should be considered in a risk management plan.

    Original Title

    IAA202-Lab03-SE150684

    Copyright

    © © All Rights Reserved

    Available Formats

    DOCX, PDF, TXT or read online from Scribd

    Did you find this document useful?

    Is this content inappropriate?

    The document discusses the scope and structure for an IT risk management plan. It covers topics such as risk planning, identification, assessment, mitigation and monitoring. It provides examples of risks, threats and vulnerabilities that should be considered in a risk management plan.

    Copyright:

    © All Rights Reserved
    Download as DOCX, PDF, TXT or read online from Scribd
    Download as docx, pdf, or txt
    115 views3 pages

    Course Name: IAA202 Student Name: Chế Công Đại: Risk planning Risk identification

    Uploaded by

    Công Đại
    The document discusses the scope and structure for an IT risk management plan. It covers topics such as risk planning, identification, assessment, mitigation and monitoring. It provides examples of risks, threats and vulnerabilities that should be considered in a risk management plan.

    Copyright:

    © All Rights Reserved
    Download as DOCX, PDF, TXT or read online from Scribd
    Download as docx, pdf, or txt
    You are on page 1of 3

    Course Name: IAA202

    Student Name: Chế Công Đại

    Lab #3: Assessment Worksheet


    Define the Scope & Structure for an IT Risk Management Plan

    c. Nationwide retailer under PCI DSS standard requirements


    Risk planning Organizations should maximize the benefits of a risk assessment by incorporating
    the PCI DSS risk assessment into their overall organization-wide risk
    management program.
    Risk identification -Context Establishment:
    The risk assessment team needs to understand the internal and external
    parameters when defining the scope of the risk assessment and/or have
    access to the persons in the organization who can provide this information
    -Asset identification :
    In the context of PCI DSS, assets include the people, processes, and technologies
    that are involved in the processing, storage, transmission, and protection of CHD.
    - Threat identification :
    Ex: External hackers, malicious individuals, cyber criminals, Thief/intruder
    intending to cause physical damage or steal assets
    -Vulnerability identification :
    Lack of network security—e.g., properly configured firewalls, lack of intrusion
    detection . Weak password policy . Transmission of unprotected CHD . Lack of
    security awareness to social engineering, phishing . Insufficient system
    hardening, malware protection

    Risk assessment Quantitative Risk Assessments:


    Single loss expectancy (SLE)
    Annual rate of occurrence (ARO)
    Annual loss expectancy (ALE)
    Qualitative Risk Assessments:
    Probability:
    The likelihood that a threat will exploit a vulnerability.
    Impact:
    The negative result if a risk occurs.
    Risk Level = Probability * Impact
    Defining the scale:
    Based on current known threats and vulnerabilities, as well as current controls.

    Risk mitigation Risk reduction – Taking the mitigation steps necessary to reduce the overall risk
    to an asset.
    Risk sharing/transference– The organization shares its risk with third parties
    through insurance and/or service providers
    Risk avoidance
    Risk acceptance
    Risk monitoring A risk-monitoring dashboard should monitor the following attributes related to
    risk:
    Risk type: Technical or business or operations
    Risk priority: Technical or business priority of the risk
    Risk probability: The likeliness of risk occurrence
    Risk impact: Material impact on software/business due to risk occurrence
    Risk mitigation plan: A comprehensive plan to mitigate or minimize the risk
    occurrence.
    Course Name: IAA202
    Student Name: Chế Công Đại

    1.What is the goal or objective of an IT risk management plan?


    Essentially, the goal of risk management is to identify potential problems before they occur and have a plan
    for addressing them
    2. What are the five fundamental components of an IT risk management plan?
    The components of a Risk Management Plan are: Risk Identification, Risk Analysis, Risk Evaluation, Risk
    Monitoring and Review.

    3. Define what risk planning is.


    Risk planning is developing and documenting organized, comprehensive, and interactive strategies and
    methods for identifying risks.
    4. What is the first step in performing risk management?
    - One of the most important first steps for a risk management plan is to establish the objectives.
    5. What is the exercise called when you are trying to identify an organization’s risk health?
    Health Risk Assessment
    6. What practice helps reduce or eliminate risk?
    Risk Assessment
    7. What on-going practice helps track risk in real-time?
    Risk Mitigation
    8. Given that an IT risk management plan can be large in scope, why is it a good idea to development a
    risk management plan team?
    -Scope identifies boundaries. So, if the plan is that large in scope, a team would work obviously together and
    not against to maintain its structure in nature and have consensus.
    9. Within the seven domains of a typical IT infrastructure, which domain is the most difficult to plan,
    identify, assess, remediate, and monitor?
    LAN-to-WAN

    10. From your scenario perspective, with which compliance law or standard does your organization have
    to comply? How did this impact the scope and boundary of your IT risk management plan?
    Compliance
    11. How did the risk identification and risk assessment of the identified risks, threats, and vulnerabilities
    contribute to your IT risk management plan table of contents?
    -It was detailed properly to locate provided information needed.
    12. What risks, threats, and vulnerabilities did you identify and assess that require immediate risk
    mitigation given the criticality of the threat or vulnerability?
    - Among other things, faculty and/or students weak or being subject to falling short to financial, pleasure or
    any other immoral selfish gain.
    Course Name: IAA202
    Student Name: Chế Công Đại

    13. For risk monitoring, what techniques or tools can you implement within each of the seven domains of
    a typical IT infrastructure to help mitigate risk?
    - Anything possible, man or man-made to properly assess, identify and deal with possible risks.
    14. For risk mitigation, what processes and procedures are needed to help streamline and implement risk
    mitigation solutions to the production IT infrastructure?
    -Control, remediation, assess and reporting are key
    15. How does risk mitigation impact change control management and vulnerability management?
    - Change control is a systematic approach to change within an organization that can prevent services from
    being disrupted and, if they are, provide a plan to restore them as quickly as possible.

    You might also like