...Project Part 1 Task 2 Risk Management Plan Alen Kovacevic C. Wyrick IS3110 January 29, 2013 Purpose The Senior Management of the Defense Logistics Information Services (DLIS) has decided to update the previous risk management plan with a developing, new risk management plan. This new risk management plan will not only minimize the amount of risk for future endeavors, but will also be in compliance with regulations such as the Federal Information Security Management Act (FISMA), Department of Defense (DOD), Department of Homeland Security (DHS), National Institute of Standards and Technology (NIST), Control Objects for Information and Technology (COBIT), and Information Assurance Certification and Accreditation Process (DAICAP). Scope The risk management plan is for the organization use only and its network, including remote access company owned building in United States. Outside sources from this scope and risk management plan may cause the network infrastructure to fail or will make it a high risk structure due to the fact that the outside source may not protected to interact with other outside sources allowing hackers to infiltrate your system and steal important files. Compliances Federal Information Security Management Act (FISMA) compliance is required for federal agencies to protect their important information. Department of Homeland Security (DHS) compliance is to be required for protection to the United States against terrorists. There are other organizations...
Words: 1365 - Pages: 6
...Risk Management Plan Purpose of this Plan Senior management at the Defense Logistics Information Services (DLIS) has decided to update the former risk management plan and requested for us to develop a new risk management plan. The plan will provide specific guidelines and regulations to ensure risk management is adhered by at all levels. This plan will be developed to reduce the loss of data and prevent any future risks, while complying with all federal and state rules and regulations. Scope This risk management plan will be solely for the use of DLIS, including but not limited to, all operational departments, the organization’s network/remote access, all personnel employed by or under the control of DLIS, including DoD, and any facility and land under the control of DLIS. Any other organizations, not mentioned above, will be denied access due to the high security risk they may present by possibly allowing unauthorized personnel access the DLIS systems, information, files, and/or data. Compliance to laws applicable to our company All federal agencies, including DLIS, are required to abide by all laws and regulations of the Federal Information Security Management Act (FISMA) to allow the protection of sensitive information. Since DLIS provides logistics and information technology services to the U.S. Department of Defense (DoD) and other federal agencies and international partners, they are also provided with standards for risk management including the Defense...
Words: 1341 - Pages: 6
...Case Study : YieldMore Risk Management Team | Instructions | | Introduction:Risk management is critical to protect organizational assets and to ensure compliance with laws and regulations. Many individuals and departments in organizations are involved in risk management; this is especially true when creating a risk management plan. You, as an employee of YieldMore, are asked to create a risk management plan for the organization. Scenario:In order to help protect the company and ensure it maintains compliance with laws and regulations, senior management at YieldMore has decided to develop a formal risk management plan. As an employee of YieldMore, your team has been given the task of creating a risk management plan for the organization. Tasks:You will initiate a kick off meeting to discuss YieldMore’s risk management plan with your team. 10 points 1. Review the responsibilities associated with your assigned role. 2. Explain the specific responsibilities of your assigned role within the project. 3. Explain your role and the roles of the other team members to senior management. | Due on feb 25 : Scenario You are an information technology (IT) intern working for the Defense Logistics Information Service (DLIS) in Battle Creek, Michigan. DLIS is an organization within the Defense Logistics Agency (DLA), which is the largest logistics combat support agency for the Department of Defense. DLIS creates, manages, and disseminates logistics information to military and government...
Words: 552 - Pages: 3
...| DLIS Compliance Risk Management Plan | | | Battle Creek, MIRich FranklinMauricio MosqueraHerby ThomasLouis Zayas * 13-Jan-14 | | * Table of Contents COVER 1 TABLE OF CONTENTS 2 DOCUMENT CHANGE LOG 3 Project Risk Management Plan Purpose AND SCOPE 4 Key Roles and Responsibilities 4 Risk Management Process and Activities 5 Risk Management Plan Audit Log 5 Risk Assessment and Management Table 6 COMPLIANCE LAWS AND REGULATIONS 8 PROPOSED SCHEDULE 9 Risk Management Plan Approvals 10 * Department: Information Technology Product or Process: Risk Management Document Owner: Battle Creek, MI IT Version | Date | Author | Change Description | 0.1 | 1/6/14 | RFranklin | Initial Draft | 0.2 | 01/12/14 | RFranklin | Revision 1 | 0.3 | 1/13/14 | RFranklin | Revision 2 | * Project Risk Management Plan Purpose and Scope The purpose of this Risk Management Plan is to identify the strategies, methods, and procedures to be used within the Michigan Air National Guard, Battle Creek, Michigan supply chain in identifying, evaluating, and mitigating the risk involved in daily and long term operations. All Department of Defense and federal agencies must at least comply with the minimum standards set forth in Law, DOD directives, branch of service regulations, and local base regulations. This plan provides local guidelines for applying the FISMA standards using...
Words: 1209 - Pages: 5
...------------------------------------------------- Risk Management – Sector I Risk Management Plan Introduction Version 1.2.0 Designed by: Defense Logistics Information Systems Designers: Matthew Gugumuck Michael Mawyer Daryl Giggetts | Overview | * The goal of the Risk Management plan is to design and execute the implementation of various security policies and different counter-measures in the event of any type of risk, threat, and/or vulnerabilities against the organizations daily operations and sensitive information. By combining both hardware devices and software applications will boost the effectiveness of security and preventing unauthorized access and effectively repulsing attacks. | Authority/Ownership | * Any information and sensitive contents contained in this document has been planned and developed by DLA Logistics Information Service and in which is the rightful owner of this document. All materials contained within this document is considered CLASSIFIED and is also copyrighted by DLA Logistics Information Service (DLIS). Any wrongful use of such material and/or reference to this document without the rightful expressed and written consent of the owner(s) may result in criminal prosecution. | Sections contained in DLIS Risk Management Plan | * Risk Management Overview * Planning and Implementation of Risk Management * Key Personnel Roles * Risk Assessment Plan * System Analysis and Characterization ...
Words: 4166 - Pages: 17
...of the purpose and importance of risk management Risk management planning is a critical and often overlooked process on every project. Allowing for the proper amount of risk planning in your project schedule can mean the difference between project success and project failure when those potential risks become real issues. The plan is only the output of the process. It details how the process will be implemented, monitored, and controlled through the life of this project. It details how the group will manage risks but doesn’t attempt to define the responses to individual risks. Risks come about for many reasons, some are internal to the project, and some are external such as but not limited to the project environment, the management process, planning process, inadequate resources, and other unforseen instances that can contribute to risk. Risks associated with the project generally concern the objectives, which turn to impact time, cost, or quality, or combination of those three things. Risk management provides assurance that an organization can create and implement an effective plan to prevent losses or reduce the impact if the a loss occurs. A good plan includes strategies and techniques for recognizing and confronting the threats, solutions for both preventing and solving the situation and indicates financial opportunities. An effective risk management practice does not terminate risks. However, an effective and operational risk management practice demonstrates that the organization...
Words: 3711 - Pages: 15
...Introduction: Information security continuous monitoring (ISCM) is defined as maintaining ongoing awareness of information security, vulnerabilities, and threats to support organizational risk management decisions. This publication specifically addresses assessment and analysis of security control effectiveness and of organizational security status in accordance with organizational risk tolerance. Security control effectiveness is measured by correctness of implementation and by how adequately the implemented controls meet organizational needs in accordance with current risk tolerance. Organizational security status is determined using metrics established by the organization to best convey the security posture of an organization’s information and information systems, along with organizational resilience given known threat information. This necessitates: • Maintaining situation awareness of all systems across the organization; • Maintaining an understanding of threats and threat activities; • Assessing all security controls; • Collecting, correlating, and analyzing security-related information; • Providing actionable communication of security status across all tiers of the organization; and • Active management of risk by organizational officials. Purpose: The purpose of this guideline is to assist organizations in the development of an ISCM strategy and the implementation of an ISCM program that provides awareness of threats and vulnerabilities, visibility...
Words: 4395 - Pages: 18
...[pic] Student Guide for Performance Based Service Acquisition And The Seven Step Process (ACQ 265) Nov 2009 Table of Contents UNIT 1 Introduction UNIT 2 Form the Team, Review Current Strategy, Market Research Step 1: Form the Team Step 2: Review the Current Strategy Step 3: Market Research UNIT 3 An Industry Perspective: Approaching an Acquisition UNIT 4 Requirements Definition Step 4: Requirements Definition UNIT 5 Develop your Sourcing Strategy Step 5: Sourcing Strategy UNIT 6 Execute the Strategy Step 6: Execute the Strategy UNIT 7 Performance Management Step 7: Manage Performance Appendices I Acronym List II Glossary | | | |Course Title |Performance Based Service Acquisition (ACQ 265) | | | | | | | |Lesson Title | Course Introduction | | ...
Words: 44891 - Pages: 180
...Defense Logistics Information Service (DLIS) Outline I. Introduction a. Scope b. Assign to departments c. Risk Matrix d. Risk mitigation plan e. Impact Analysis II. (BIA) f. Departments g. Business Impact h. Costs Analysis III. Recommendations (BIA) i. Business Impact Analysis Results j. Maximum Acceptable Outage IV. (DLIS) Business Continuity Plan a. Purpose b. Scope c. Plan Objectives d. Disaster definition e. Recovery teams f. Team member responsibilities g. Instructions for using the plan/Invoking the plan h. Data backup policy i. Offsite storage procedures j. In the event of disaster V. Computer Incident Response Team Plan k. Secure funding for relocation l. Notify EMT and corporate business units of recovery Startup m. Operations recovered Introduction: The purpose of the risk assessment plan is to avoid or mitigate the impacts of a threat or vulnerability. The risk assessment plan for the entire DLIS system will help assign responsibilities, identify the costs of an outage, provide recommendations, identify the costs of recommendations, document accepted recommendations, track implementation, and create a plan of action and milestones (POAM). Scope: Risk assessment is used in every career and on every project in all fields of study. There are different types of risks involved...
Words: 1790 - Pages: 8
...Anthony Purkapile Introduction Information security continuous monitoring is defined as maintaining ongoing awareness of information security, vulnerabilities, and threats to support organizational risk management decisions. This publication specifically addresses assessment and analysis of security control effectiveness and of organizational security status in accordance with organizational risk tolerance. Security control effectiveness is measured by correctness of implementation and by how adequately the implemented controls meet organizational needs in accordance with current risk tolerance. Organizational security status is determined using metrics established by the organization to best convey the security posture of an organization’s information and information systems, along with organizational resilience given known threat information. This includes Maintaining situational awareness of all systems across the organization Maintaining an understanding of threats and threat activities Assessing all security controls Collecting, correlating, and analyzing security-related information Providing actionable communication of security status across all tiers of the organization Active management of risk by organizational officials Purpose The purpose of this guideline is to assist organizations in the development of an ISCM strategy and the implementation of an ISCM program that provides awareness of threats and vulnerabilities, visibility into organizational...
Words: 1881 - Pages: 8
...Running Head: Military SCM & JIT Military Supply Chain Management and Just-In-Time Lionel O. Wright Integrated Logistics Management – LGMT682 February 15, 2011 Professor Joseph Garmon [pic] TABLE OF CONTENTS Abstract ……………………………………………………………………………………. 3 Introduction …………………………………………………………………………………4 Traditional Military Supply Chains …………………………………………………………4 Military Supply Chains and the New Environment …………………………………………6 Why Move Towards Lean (JIT) Initiatives? ……………………………………………….16 What is JIT Management? ………………………………………………………………….20 Military Supply Chains since JIT ….………………………………………………………..23 Adopting an Integrated Approach …………………………………………………………..26 Conclusion…………………………………………………………………………………...31 References…………………………………………………………………………………...34 ABSTRACT According to Van Creveld, “Strategy, like politics, is said to be the art of the possible; but surely what is possible is determined not merely by numerical strengths, doctrine, intelligence, arms and tactics, but, in the first place, by the hardest facts of all: those concerning requirements, supplies available and expected, organization and administration, transportation and arteries of communication…before a commander can even start thinking of maneuvering or giving battle, of marching this way and that, of penetrating, enveloping, encircling, of annihilating or wearing down, in short of putting into practice...
Words: 8424 - Pages: 34
...Risk Management Plan The purpose of this plan is to dissect how Defense Logistics Information Service can limit risk to its data. To prevent loss of government information is critical in this plan. This Plan is simple minimize threats and maximize security while maintaining the standards that are expected. The Risk Management plan is to support DLIS mission and with that everyone plays a role in the Risk Management Plan. It’s a team effort from management to staff. Every department is needed for this plan to be a success. To go forward you must reflect back and realize the old ways are just that old and fresh new ideas as well as technology is needed for the success of this endeavor. Also learning from those mistakes can only help in the development and input of this new RMP. Everyone will have a say in all ideas and suggestions will be heard from each department. Everyone will be held accountable for their compliance with the regulations and safety that are in question. These new policies and procedures will be enforced any violation will result in disciplinary action towards the guilty party. The Scope The DLIS Risk Management Plan has many departments and sub departments throughout the organization Buildings and Grounds DOD regulatory compliance Disaster Preparation Employee Health Human Resources Information Technology go along with each starts with listing the risks that are involved via Internet, hardware and software failures. The vulnerabilities...
Words: 337 - Pages: 2
...Mapping Managers & Stakeholders Reporting Applications Sales Force & Customer Service Reps Back-Office Admins & Workers Financial Applications Sales & Delivery Applications Centralized Database Manufacturing Applications Service Applications Inventory & Supply Applications Human Resources Management Apps Customers Employees Suppliers Architecture of ERP ERP Modules Finance Human Resources Inventory Management Project Management & Planning Quality Management Sales Management Purchase Management E-Commerce CustomerRelationship Management Document Management SupplierRelationship Management Risk Management Production Planning & Controlling Knowledge Management Business Intelligence ERP Challenges High Cost Implementation Time ERP Package Selection Consulting Fees Customizations ERP Challenges Business Process Reengineering Custom Reports Security Change In Organization Requirements Integration with Other Data Sources Integration with Other Applications Integration with Legacy Systems Total Cost Implementation Time Project Facotrs Benefits Risks Goal & Vision Fit Strategic Fitness Local Environmental Requirements System Factors Reliability & Quality User Friendliness Function & Technology Expansion & Upgrades Functional Fit R & D Technology Implementation & Serviceability Vendor's Ability Consulting Service Vendor Factors Training Support Financial Condition Vendor's Reputation Credentials...
Words: 1849 - Pages: 8
...Tony Stark Risk Management Project Part 1 Task 1 Introduction A risk management plan is important for any business or organization regardless of the business’s or organization’s size. In the case of the Defense Logistics Information Service (DLIS), a risk management plan is critical in making sure the data that DLIS handles is protected. Loss or stolen information from DLIS can affect military assets. A plan needs to be made to be able to follow procedures in the event of an incident and to help mitigate data loss. Risk Management Outline 1.0 Introduction 2.1 Purpose and Objectives 2.0 Identify Threats 3.2 Attacks from the Internet 3.3 Hardware or software failures 3.4 Loss of Internet connectivity 3.5 Nature 3.0 Identify Vulnerabilities 4.6 Lack of firewall 4.7 Lack of intrusion detection 4.8 Lack of antivirus software 4.9 Lack of server updates 4.10 Lack of antivirus updates 4.0 Assign Responsibilities 5.0 Identify the cost of an outage 6.0 Provide recommendations 7.0 Identify the cost of recommendations 8.0 Provide a cost-benefit analysis (CBA) 9.0 Document accepted recommendations 10.0 Track implementation 11.0 Create POAM Scope The Scope of this risk management plan is the existing hardware and software currently in place. This is to include the current personnel, contractors, and vendors. The scope will have to be redefined if...
Words: 612 - Pages: 3
...The F35 joint strike fighter program, formerly the Joint Advanced Strike Technology (JAST) Program, began in the early 1980s and 1990s along with several other multi role stealth fighters but is the only one since that the department of defense has finalized and put into production. The combined efforts from previous models and several fighters have made the F35 the outmost advanced and deadly fighter to this day. The F35 is known as a fifth generation fighter because of its combined engineering efforts and advancements of fighter aircrafts over the past fifty years. The key to air superiority is obviously having the best aviation technology which is why the AIR Force, Navy, and Marines have all participated in the F35 program as well as an International community from the UK, Italy, Norway, Netherlands, Turkey, Canada, Australia, and Denmark. The primary contractor for the F35 program is Lockheed Martin, while Northrup Grumman and BAE systems have also been major contributors to the technology and advancement of the program. As it reads on the JSF website “The focus of the program is affordability -- reducing the development cost, production cost, and cost of ownership of the JSF family of aircraft.” This statement along with defining the F35 program as a system and as a whole will be the main topic of this research paper. A system is defined as a group of elements, components and attributes working together to perform some kind of function. The JSF program as a system has...
Words: 2473 - Pages: 10