Premium Essay

Dlis Information Security Risk Assessment

In:

Submitted By thomas10236
Words 1209
Pages 5
| DLIS Compliance Risk Management Plan | | | Battle Creek, MIRich FranklinMauricio MosqueraHerby ThomasLouis Zayas * 13-Jan-14 |

|

* Table of Contents COVER 1 TABLE OF CONTENTS 2 DOCUMENT CHANGE LOG 3 Project Risk Management Plan Purpose AND SCOPE 4 Key Roles and Responsibilities 4 Risk Management Process and Activities 5 Risk Management Plan Audit Log 5 Risk Assessment and Management Table 6 COMPLIANCE LAWS AND REGULATIONS 8 PROPOSED SCHEDULE 9 Risk Management Plan Approvals 10 *

Department: Information Technology Product or Process: Risk Management Document Owner: Battle Creek, MI IT

Version | Date | Author | Change Description | 0.1 | 1/6/14 | RFranklin | Initial Draft | 0.2 | 01/12/14 | RFranklin | Revision 1 | 0.3 | 1/13/14 | RFranklin | Revision 2 | * Project Risk Management Plan Purpose and Scope
The purpose of this Risk Management Plan is to identify the strategies, methods, and procedures to be used within the Michigan Air National Guard, Battle Creek, Michigan supply chain in identifying, evaluating, and mitigating the risk involved in daily and long term operations. All Department of Defense and federal agencies must at least comply with the minimum standards set forth in Law, DOD directives, branch of service regulations, and local base regulations. This plan provides local guidelines for applying the FISMA standards using the NIST guidelines and procedures.
The Scope of this plan is limited to the Michigan Air National Guard facilities, Battle Creek Michigan Information Technology facilities which need to be in compliance with the Defense Logistics Information Service policy. This limits the scope of this plan to the logistics supply chain regarding this facility, and does not include other systems such as

Similar Documents

Premium Essay

Is3110 Project Plan Part 1

...Risk Management Plan Purpose of this Plan Senior management at the Defense Logistics Information Services (DLIS) has decided to update the former risk management plan and requested for us to develop a new risk management plan. The plan will provide specific guidelines and regulations to ensure risk management is adhered by at all levels. This plan will be developed to reduce the loss of data and prevent any future risks, while complying with all federal and state rules and regulations. Scope This risk management plan will be solely for the use of DLIS, including but not limited to, all operational departments, the organization’s network/remote access, all personnel employed by or under the control of DLIS, including DoD, and any facility and land under the control of DLIS. Any other organizations, not mentioned above, will be denied access due to the high security risk they may present by possibly allowing unauthorized personnel access the DLIS systems, information, files, and/or data. Compliance to laws applicable to our company All federal agencies, including DLIS, are required to abide by all laws and regulations of the Federal Information Security Management Act (FISMA) to allow the protection of sensitive information. Since DLIS provides logistics and information technology services to the U.S. Department of Defense (DoD) and other federal agencies and international partners, they are also provided with standards for risk management including the Defense...

Words: 1341 - Pages: 6

Premium Essay

Risk Management Plan

...------------------------------------------------- Risk Management – Sector I Risk Management Plan Introduction Version 1.2.0 Designed by: Defense Logistics Information Systems Designers: Matthew Gugumuck Michael Mawyer Daryl Giggetts | Overview | * The goal of the Risk Management plan is to design and execute the implementation of various security policies and different counter-measures in the event of any type of risk, threat, and/or vulnerabilities against the organizations daily operations and sensitive information. By combining both hardware devices and software applications will boost the effectiveness of security and preventing unauthorized access and effectively repulsing attacks. | Authority/Ownership | * Any information and sensitive contents contained in this document has been planned and developed by DLA Logistics Information Service and in which is the rightful owner of this document. All materials contained within this document is considered CLASSIFIED and is also copyrighted by DLA Logistics Information Service (DLIS). Any wrongful use of such material and/or reference to this document without the rightful expressed and written consent of the owner(s) may result in criminal prosecution. | Sections contained in DLIS Risk Management Plan | * Risk Management Overview * Planning and Implementation of Risk Management * Key Personnel Roles * Risk Assessment Plan * System Analysis and Characterization ...

Words: 4166 - Pages: 17

Premium Essay

Risk Management

...Part 1: Risk Mgmt. Plan 1. Introduction Risk Mgmt. Plan Well for starters the purpose of this risk management for DLIS (Defense Logistics Information Service) plan will be similar to the purpose of any organization would be and that would be how to better protect and secure the company’s IT environment. The importance of this is major since there is all kind of important data that is on and transmitted throughout our networks on a daily basis. DLIS we must ensure that we implement all necessary preventative security measures as well as policies and procedures. We must do this by first of all ensuring that we have really good antivirus software installed on all of our systems and ensuring that it is always up to date. The next thing is extensively configuring our firewalls making it more difficult for our networks to be hacked. Another thing is data encryption which is very vital in securing all important data for our company and clients especially when we are performing data transmission over the networks. The last thing I want to mention which will be part of policies and procedure is implementing various password and logon policies and procedures for security purposes as well. As I stated the purpose of the development of this plan is to reduce the risk of threats and vulnerabilities on our networks. This is vital because threats and vulnerabilities definitely present risk(s) to any important company and client data. We also must ensure that all DLIS employees...

Words: 2058 - Pages: 9

Premium Essay

Final Project Risk Managment

...Introduction of the purpose and importance of risk management Risk management planning is a critical and often overlooked process on every project.  Allowing for the proper amount of risk planning in your project schedule can mean the difference between project success and project failure when those potential risks become real issues. The plan is only the output of the process. It details how the process will be implemented, monitored, and controlled through the life of this project. It details how the group will manage risks but doesn’t attempt to define the responses to individual risks. Risks come about for many reasons, some are internal to the project, and some are external such as but not limited to the project environment, the management process, planning process, inadequate resources, and other unforseen instances that can contribute to risk. Risks associated with the project generally concern the objectives, which turn to impact time, cost, or quality, or combination of those three things. Risk management provides assurance that an organization can create and implement an effective plan to prevent losses or reduce the impact if the a loss occurs. A good plan includes strategies and techniques for recognizing and confronting the threats, solutions for both preventing and solving the situation and indicates financial opportunities. An effective risk management practice does not terminate risks. However, an effective and operational risk management practice demonstrates that...

Words: 3711 - Pages: 15

Premium Essay

Risk Management Project Part 1 Task 1

...Tony Stark Risk Management Project Part 1 Task 1 Introduction A risk management plan is important for any business or organization regardless of the business’s or organization’s size. In the case of the Defense Logistics Information Service (DLIS), a risk management plan is critical in making sure the data that DLIS handles is protected. Loss or stolen information from DLIS can affect military assets. A plan needs to be made to be able to follow procedures in the event of an incident and to help mitigate data loss. Risk Management Outline 1.0 Introduction 2.1 Purpose and Objectives 2.0 Identify Threats 3.2 Attacks from the Internet 3.3 Hardware or software failures 3.4 Loss of Internet connectivity 3.5 Nature 3.0 Identify Vulnerabilities 4.6 Lack of firewall 4.7 Lack of intrusion detection 4.8 Lack of antivirus software 4.9 Lack of server updates 4.10 Lack of antivirus updates 4.0 Assign Responsibilities 5.0 Identify the cost of an outage 6.0 Provide recommendations 7.0 Identify the cost of recommendations 8.0 Provide a cost-benefit analysis (CBA) 9.0 Document accepted recommendations 10.0 Track implementation 11.0 Create POAM Scope The Scope of this risk management plan is the existing hardware and software currently in place. This is to include the current personnel, contractors, and vendors. The scope will have to be redefined if...

Words: 612 - Pages: 3

Premium Essay

Is3110 Project: Risk Management Plan

...Defense Logistics Information Service (DLIS) Outline I. Introduction a. Scope b. Assign to departments c. Risk Matrix d. Risk mitigation plan e. Impact Analysis II. (BIA) f. Departments g. Business Impact h. Costs Analysis III. Recommendations (BIA) i. Business Impact Analysis Results j. Maximum Acceptable Outage IV. (DLIS) Business Continuity Plan a. Purpose b. Scope c. Plan Objectives d. Disaster definition e. Recovery teams f. Team member responsibilities g. Instructions for using the plan/Invoking the plan h. Data backup policy i. Offsite storage procedures j. In the event of disaster V. Computer Incident Response Team Plan k. Secure funding for relocation l. Notify EMT and corporate business units of recovery Startup m. Operations recovered Introduction: The purpose of the risk assessment plan is to avoid or mitigate the impacts of a threat or vulnerability. The risk assessment plan for the entire DLIS system will help assign responsibilities, identify the costs of an outage, provide recommendations, identify the costs of recommendations, document accepted recommendations, track implementation, and create a plan of action and milestones (POAM). Scope: Risk assessment is used in every career and on every project in all fields of study. There are different types of risks involved depending...

Words: 1790 - Pages: 8

Premium Essay

Dlis Risk Managment Analysis Outline

...Robinson 01/05/2014 Week 2 Project 1 part 1 Purpose: This risk management plan was called into development by the DLIS or the Defense Logistics Information Agency, a sub organization of the Defense Logistics Agency. Senior management at the DLIS has determined that the previous risk management plan for the organization is out of date and that a new risk management plan must be developed. Due to the importance of risk management to our organization, senior management is committed to and supportive of this project to develop a new plan. Scope: This plan as sanctioned by senior management of the DLIS will cover compliance laws and regulations that pertain to our organization. It will identify key roles and responsibilities of individuals and departments within the organization as they pertain to risk management. It will develop a proposed schedule for risk management’s planning process, and finally it will deliver a professional report detailing the information above for any interested parties. Summary of Compliance Laws and Regulations: 1. FISMA: I. FISMA is the Federal Information Security Management act developed to ensure that federal agencies protect their data. II. To be compliant with FISMA we must Develop an agency wide program to provide information security and have annual inspections to determine the effectiveness of our program. 2. COBIT: I. Control Objectives for Information and Related Technology, contains good practices for IT management...

Words: 532 - Pages: 3

Premium Essay

Is305 Project

...Risk Management Plan Project Name: IS305 Project Manager: Paul Bettinger Date: October 1, 2013 RISK management PLAN INTRODUCTION 2 PURPOSE AND SCOPE 2 RISK MANAGEMENT PLANNING 3 RISK MANAGEMENT ASSIGNMENTS 6 RISK MANAGEMENT TIMELINE 7 MITIGATION PLAN Introduction 8 Cosiderations 8 Prioritizing 9 Cost benefit analysis 10 Implementation 11 Follow-up 11 Buisness impact analysis Introduction 12 Scope 12 PURPOSE AND objectives 13 Steps of bia 13 final review 15 BUSINESS CONTINUITY PLAN Introduction 16 oBJECTIVES 16 BCP PLANNING 17 PLAN UPDATES AND TRAINING 21 computer incident response team Introduction 22 Purpose 22 elements of the plan 23 incident handling process 23 cirt members 23 detection 24 containment 24 recovery and review 24 cirt policies 25 FINAL THOUGHT RISK MANAGEMENT PLAN INTRODUCTION A risk management plan is a process for identifying, assessing, and prioritizing risks that could cause the company a loss. Identifying these risks, threats and vulnerabilities and taking action to prevent or control them now and in the future. Creating a risk management consists of measuring and prioritizing risks involved and taking actions to reduce any loss the company may encounter. Being that indirectly we work with the Department of Defense, which as you knows is a department of the United States Government dealing with national security, a well-developed risk management plan is of the upmost importance. Without updating...

Words: 5009 - Pages: 21

Premium Essay

Risk Management Plan

...Introduction: Information security continuous monitoring (ISCM) is defined as maintaining ongoing awareness of information security, vulnerabilities, and threats to support organizational risk management decisions. This publication specifically addresses assessment and analysis of security control effectiveness and of organizational security status in accordance with organizational risk tolerance. Security control effectiveness is measured by correctness of implementation and by how adequately the implemented controls meet organizational needs in accordance with current risk tolerance. Organizational security status is determined using metrics established by the organization to best convey the security posture of an organization’s information and information systems, along with organizational resilience given known threat information. This necessitates: • Maintaining situation awareness of all systems across the organization; • Maintaining an understanding of threats and threat activities; • Assessing all security controls; • Collecting, correlating, and analyzing security-related information; • Providing actionable communication of security status across all tiers of the organization; and • Active management of risk by organizational officials. Purpose: The purpose of this guideline is to assist organizations in the development of an ISCM strategy and the implementation of an ISCM program that provides awareness of threats and vulnerabilities, visibility...

Words: 4395 - Pages: 18

Premium Essay

Risk Management Plan for Defense Logistics Information Service

...Risk Management Plan for Defense Logistics Information Service 1. PURPOSE This Risk Management Plan is an overall look at how Defense Logistics Information Service can protect it’s data. The implication of lost confidential government data is the primary cause for this plan, and will be treated with the utmost importance. 2. GUIDING PRINCIPLES This plan will be presented through a formal, written, written risk management, and security safety program. The Security Safety and Risk Management Program supports the DLIS philosophy that government safety and risk management is everyone’s responsibility. Teamwork and participation among management, providers, and staff are essential for an efficient and effective patient safety and risk management program. The program will be implemented through the coordination of multiple organizational functions and the activities of multiple departments. DLIS supports the establishment of such clauses and best practices. An in depth look at mistakes made and ways we can learn from them will be at the forefront of out investigation. Constructive feedback will play a large part as well. In a just culture, unsafe conditions and hazards are readily and proactively identified, mistakes are openly dicussed, and suggestions for systematic improvements are welcomed. Individuals are still held accountable for compliance with safety and risk management practives. As such, if evaluation and investigation of an error or even reveal reckless behavior...

Words: 829 - Pages: 4

Premium Essay

Lab 6

...Anthony Purkapile Introduction Information security continuous monitoring is defined as maintaining ongoing awareness of information security, vulnerabilities, and threats to support organizational risk management decisions. This publication specifically addresses assessment and analysis of security control effectiveness and of organizational security status in accordance with organizational risk tolerance. Security control effectiveness is measured by correctness of implementation and by how adequately the implemented controls meet organizational needs in accordance with current risk tolerance. Organizational security status is determined using metrics established by the organization to best convey the security posture of an organization’s information and information systems, along with organizational resilience given known threat information. This includes Maintaining situational awareness of all systems across the organization Maintaining an understanding of threats and threat activities Assessing all security controls Collecting, correlating, and analyzing security-related information Providing actionable communication of security status across all tiers of the organization Active management of risk by organizational officials Purpose The purpose of this guideline is to assist organizations in the development of an ISCM strategy and the implementation of an ISCM program that provides awareness of threats and vulnerabilities, visibility into organizational...

Words: 1881 - Pages: 8

Premium Essay

Risk Management Security

...Project Part 1 Task 2 Risk Management Plan Alen Kovacevic C. Wyrick IS3110 January 29, 2013 Purpose The Senior Management of the Defense Logistics Information Services (DLIS) has decided to update the previous risk management plan with a developing, new risk management plan. This new risk management plan will not only minimize the amount of risk for future endeavors, but will also be in compliance with regulations such as the Federal Information Security Management Act (FISMA), Department of Defense (DOD), Department of Homeland Security (DHS), National Institute of Standards and Technology (NIST), Control Objects for Information and Technology (COBIT), and Information Assurance Certification and Accreditation Process (DAICAP). Scope The risk management plan is for the organization use only and its network, including remote access company owned building in United States. Outside sources from this scope and risk management plan may cause the network infrastructure to fail or will make it a high risk structure due to the fact that the outside source may not protected to interact with other outside sources allowing hackers to infiltrate your system and steal important files. Compliances Federal Information Security Management Act (FISMA) compliance is required for federal agencies to protect their important information. Department of Homeland Security (DHS) compliance is to be required for protection to the United States against terrorists. There are other organizations...

Words: 1365 - Pages: 6

Free Essay

Budget

...military mission accomplishments, core functions, and force structure. Key initiatives incorporated in the FY 2014 Defense budget. Our budget is formulated based on aligning program priorities and resources based on the President’s strategic guidance. This year’s budget involves key themes to: achieve a deeper program alignment of our future force structure with resource availability; maintain a mission ready force; continue to emphasize efficiencies by being even better stewards of taxpayer dollars; and continue to take care of our people and their families. Implementing Defense Strategic Guidance. The FY 2014 budget request continues the force structure reductions made in the FY 2013 budget request. Following the President’s National Security Strategy and the January 2012 revisions to that strategy, the Budget continues to make informed choices to achieve a modern, ready, and balanced force to meet the full range of potential military requirements. The restructured force will be balanced by technological advancements to deter and defeat aggression, to maintain flexibility, to ensure surge...

Words: 74297 - Pages: 298

Premium Essay

Word

...Army Regulation 350–1 Training Army Training and Leader Development Rapid Action Revision (RAR) Issue Date: 4 August 2011 Headquarters Department of the Army Washington, DC 18 December 2009 UNCLASSIFIED SUMMARY of CHANGE AR 350–1 Army Training and Leader Development This rapid action revision, 4 September 2011-o Implements the Don’t Ask, Don’t Tell Repeal Act of 2010 by deleting all references to developing and conducting training concerning the Army’s Homosexual Conduct Policy (paras 2-21p and 2-22k.) o Rescinds paragraphs 2-6r, 2-46ac, and G-14e.) o Makes administrative changes (app A: marked obsolete forms and publications; corrected forms and publication titles; and corrected Web site addresses; glossary: deleted unused acronyms and corrected titles/abbreviations as prescribed by Army Records Management and Declassification Agency). *Army Regulation 350–1 Headquarters Department of the Army Washington, DC 18 December 2009 Effective 18 January 2010 Training Army Training and Leader Development History. This publication is a rapid action revision (RAR). This RAR is effective 20 September 2011. The portions affected by this RAR are listed in the summary of change. Summary. This regulation consolidates policy and guidance for Army training and leader development and supports a full-spectrum, force protection, expeditionary Army. Applicability. This regulation applies to the active Army, the Army National ...

Words: 129456 - Pages: 518

Free Essay

Medical Surgical Nursing

...permission from the publisher. No patent liability is assumed with respect to the use of the information contained herein. Although every precaution has been taken in the preparation of this book, the publisher and author assume no responsibility for errors or omissions. Nor is any liability assumed for damages resulting from the use of the information contained herein. ISBN-13:978-0-7897-2706-9 ISBN-10: 0-7897-3706-x Library of Congress Cataloging-in-Publication Data Rinehart, Wilda. NCLEX-PN exam cram / Wilda Rinehart, Diann Sloan, Clara Hurd. -- 2nd ed. p. cm. ISBN 978-0-7897-3706-9 (pbk. w/cd) 1. Practical nursing--Examinations, questions, etc. 2. Nursing--Examinations, questions, etc. 3. National Council Licensure Examination for Practical/Vocational Nurses--Study guides. I. Sloan, Diann. II. Hurd, Clara. III. Title. RT62.R55 2008 610.73'076--dc22 2008000133 Printed in the United States of America First Printing: February 2008 Trademarks All terms mentioned in this book that are known to be trademarks or service marks have been appropriately capitalized. Pearson Education cannot attest to the accuracy of this information. Use of a term in this book should not be regarded as affecting the validity of any trademark or service mark. Warning and Disclaimer Every effort has been made to make this book as complete and as accurate as possible, but no warranty or fitness is implied. The information provided is on an “as is” basis. The...

Words: 177674 - Pages: 711