Premium Essay

Is3110 Project: Risk Management Plan

In: Computers and Technology

Submitted By stephengeer
Words 1790
Pages 8
Defense Logistics Information Service

Outline I. Introduction a. Scope b. Assign to departments c. Risk Matrix d. Risk mitigation plan e. Impact Analysis II. (BIA) f. Departments g. Business Impact h. Costs Analysis III. Recommendations (BIA) i. Business Impact Analysis Results j. Maximum Acceptable Outage IV. (DLIS) Business Continuity Plan a. Purpose b. Scope c. Plan Objectives d. Disaster definition e. Recovery teams f. Team member responsibilities g. Instructions for using the plan/Invoking the plan h. Data backup policy i. Offsite storage procedures j. In the event of disaster V. Computer Incident Response Team Plan k. Secure funding for relocation l. Notify EMT and corporate business units of recovery Startup m. Operations recovered

The purpose of the risk assessment plan is to avoid or mitigate the impacts of a threat or vulnerability. The risk assessment plan for the entire DLIS system will help assign responsibilities, identify the costs of an outage, provide recommendations, identify the costs of recommendations, document accepted recommendations, track implementation, and create a plan of action and milestones (POAM).

Risk assessment is used in every career and on every project in all fields of study. There are different types of risks involved depending on what you are doing. An architect has to assess all risks involved with weather, natural resources they may run into underground, the slightest miscalculation could throw the entire project off!
Networking security personnel play a major role in the security of anything and everything within the network. There are risks involved with keeping servers secured when people try to...

Similar Documents

Premium Essay

Risk Management Security

...Project Part 1 Task 2 Risk Management Plan Alen Kovacevic C. Wyrick IS3110 January 29, 2013 Purpose The Senior Management of the Defense Logistics Information Services (DLIS) has decided to update the previous risk management plan with a developing, new risk management plan. This new risk management plan will not only minimize the amount of risk for future endeavors, but will also be in compliance with regulations such as the Federal Information Security Management Act (FISMA), Department of Defense (DOD), Department of Homeland Security (DHS), National Institute of Standards and Technology (NIST), Control Objects for Information and Technology (COBIT), and Information Assurance Certification and Accreditation Process (DAICAP). Scope The risk management plan is for the organization use only and its network, including remote access company owned building in United States. Outside sources from this scope and risk management plan may cause the network infrastructure to fail or will make it a high risk structure due to the fact that the outside source may not protected to interact with other outside sources allowing hackers to infiltrate your system and steal important files. Compliances Federal Information Security Management Act (FISMA) compliance is required for federal agencies to protect their important information. Department of Homeland Security (DHS) compliance is to be required for protection to the United States against terrorists. There are other......

Words: 1365 - Pages: 6

Premium Essay

Risk Management

...Reggie Thurman. Project 1 IS3110 Mr. Rivers October 19, 2013 Project 1 Part 1: Risk Mgmt. Plan 1. Introduction Risk Mgmt. Plan Well for starters the purpose of this risk management for DLIS (Defense Logistics Information Service) plan will be similar to the purpose of any organization would be and that would be how to better protect and secure the company’s IT environment. The importance of this is major since there is all kind of important data that is on and transmitted throughout our networks on a daily basis. DLIS we must ensure that we implement all necessary preventative security measures as well as policies and procedures. We must do this by first of all ensuring that we have really good antivirus software installed on all of our systems and ensuring that it is always up to date. The next thing is extensively configuring our firewalls making it more difficult for our networks to be hacked. Another thing is data encryption which is very vital in securing all important data for our company and clients especially when we are performing data transmission over the networks. The last thing I want to mention which will be part of policies and procedure is implementing various password and logon policies and procedures for security purposes as well. As I stated the purpose of the development of this plan is to reduce the risk of threats and vulnerabilities on our networks. This is vital because threats and vulnerabilities definitely present risk(s) to any......

Words: 2058 - Pages: 9

Premium Essay


...include analysis of the security architecture of Windows systems. Students will identify and examine security risks and apply tools and methods to address security issues in the Windows environment. Windows Security Syllabus Where Does This Course Belong? This course is required for the Bachelor of Science in Information Systems Security program. This program covers the following core areas:    Foundational Courses Technical Courses BSISS Project The following diagram demonstrates how this course fits in the program:    IS4799 NT2799 IS4670 ISC Capstone Project Capstone ProjectCybercrime Forensics NSA    NT2580 NT2670  Introduction to  Information Security IS4680 IS4560 NT2580 NT2670 Email and Web Services Hacking and Introduction to  Security Auditing for Compliance Countermeasures Information Security Email and Web Services      NT1230 NT1330 Client-Server Client-Server  Networking I Networking II  IS3230 IS3350 NT1230 NT1330  Issues Client-Server Client-Server  SecurityContext in Legal Access Security Networking I Networking II   NT1110  NT1210 Structure and Introduction to  ComputerLogic Networking    IS3120 IS3110 NT1210 Network  Risk Management in Introduction to General Education / General Studies NT2580 NT2799 Communications Information Technology Introduction to Information Security NSANetworking Capstone Project IS4550 NT2640 Security Policies and Implementation IP NT2640 Networking IP Networking PT2520...

Words: 2305 - Pages: 10

Premium Essay

It Risk Management Plan

...IS3110 IT RISK MANAGEMENT PROJECT Henry Smigielski, Steven Martin, Benjamin Yau, Ulises Martinez IS3110 IT RISK MANAGEMENT PROJECT Henry Smigielski, Steven Martin, Benjamin Yau, Ulises Martinez TABLE OF CONTENTS 1.0 PURPOSE AND SCOPE 4 2.0 RISK PLANNING 4 2.1 ROLES AND RESPONSIBILITIES 6 2.2 RISK IDENTIFICATION 7 2.2.1 Methods for Risk Identification 7 2.2.2 Identified Risks 7 2.3 RISK ASSESMENT 28 2.3.1 Qualitative Risk Assessment 28 Probability 28 Impact 29 Threat Matrix 30 2.3.2 Quantitative Risk Assessment 33 2.4 RISK RESPONSE PLANNING 34 Avoid 35 Mitigate 35 Accept 35 Contingency 35 Transfer 35 2.5 RISK MITIGATION 35 2.6 RISK MONITORING 39 Pulse Meetings 39 Variance Reports 40 Program Reviews 41 Technical Reviews 42 Project Forecasting 43 Problem Solving 45 2.6.1 Project Management Information System 46 Management Reviews 47 Project Dashboards 48 Change Management Log 50 3.0 Computer Incident Response Team Plan 51 3.1 Have an incident response plan. 52 3.2 Pre-define your incident response team 53 3.3 Define your approach: watch and learn or contain and recover. 54 3.4 Pre-distribute call cards. 55 3.5 Forensic and incident response data capture. 56 3.6 Get your users on-side. 56 3.7 Know how to report crimes and engage law enforcement. 57 3.8 Practice makes perfect. 58 4.0 Disaster Recovery versus Business Continuity Planning 59 4.1 Define......

Words: 14207 - Pages: 57

Premium Essay


...| June 2012 | | | | | | | | | | | | | | | | | | | | | | | | | | ------------------------------------------------- ------------------------------------------------- Credit hours: 4.5 Contact/Instructional hours: 60 (30 Theory, 30 Lab) Prerequisite: IS3110 Risk Management in Information Technology Security or equivalent Corequisite: None Table of Contents Course Overview 5 Course Summary 5 Critical Considerations 5 Instructional Resources 6 Required Resources 6 Additional Resources 6 Course Management 8 Technical Requirements 8 Test Administration and Processing 8 Replacement of Learning Assignments 9 Communication and Student Support 9 Academic Integrity 10 Grading 11 Course Delivery 13 Instructional Approach 13 Methodology 13 Facilitation Strategies 14 Unit Plans 15 Unit 1: Information Security Policy Management 15 Unit 2: Risk Mitigation and Business Support Processes 25 Unit 3: Policies, Standards, Procedures, and Guidelines 33 Unit 4: Information Systems Security Policy Framework 42 Unit 5: User Policies 50 Unit 6: IT Infrastructure Security Policies 58 Unit 7: Risk Management 66 Unit 8: Incident Response Team Policies 74 Unit 9: Implementing and Maintaining an IT Security Policy Framework 83 Unit 10: Automated Policy Compliance Systems 90 Unit 11: Course Review and Final Examination 97 Course Support Tools 101 Evaluation of Student Learning 102 STUDENT...

Words: 18421 - Pages: 74