Project Part 1 Task 1

Only available on StudyMode
  • Download(s) : 2431
  • Published : October 25, 2012
Open Document
Text Preview
Project Part 1 Task 1
Draft Risk Management Plan

Ernest Martinez Jr.
C. Flack
IS3110
October 22, 2012

Purpose
The Senior Management of the Defense Logistics Information Services (DLIS) has decided to update the previous risk management plan with a developing, new risk management plan. This new risk management plan will not only minimize the amount of risk for future endeavors, but will also be in compliance with regulations such as the Federal Information Security Management Act (FISMA), Department of Defense (DOD), Department of Homeland Security (DHS), National Institute of Standards and Technology (NIST), Control Objects for Information and Technology (COBIT), and Information Assurance Certification and Accreditation Process (DAICAP). Scope

The risk management plan is for the organization use only and its network, including remote access company owned building in United States. Outside sources from this scope and risk management plan may cause the network infrastructure to fail or will make it a high risk structure due to the fact that the outside source may not protected to interact with other outside sources allowing hackers to infiltrate your system and steal important files. Compliances

Federal Information Security Management Act (FISMA) compliance is required for federal agencies to protect their important information. Department of Homeland Security (DHS) compliance is to be required for protection to the United States against terrorists. There are other organizations in which standards are given for risk management projects, including: National Institute of Standards and Technology (NIST), Department of Defense (DOD) Information Assurance Certification and Accreditation Process (DAICAP), and Control Objects for Information and related Technology (COBIT). Roles and Responsibilities

Project Manager (PM): The overall coordinator of the Risk Management Program. • Maintaining the Risk Management Plan
• Maintaining the Risk Management Database and distributing updates • Briefing the team on the status of risks
• Tracking efforts to reduce moderate and high risk to acceptable levels • Providing risk management training
• Facilitating risk assessments
• Preparing risk briefings, reports, and documents required for Project Reviews Project Team: Responsible for identifying, monitoring and managing risks. • Coordinate with Subject Matter Experts (SMEs) to review and recommend to the PM changes on the overall risk management approach based on lessons learned. • Quarterly, or as instructed, participate in the update to project risk assessments made during the previous review period. • Review and recommend any changes to the risk assessments made and the risk mitigation plans proposed. • Ensure that risk is a required topic at each Project Meeting. • Accomplish assigned mitigation tasks and report status/completion of mitigation actions to the PM for entry into the database. • Report new risks to the PM via e-mail

Subject Matter Experts (SMEs): Responsible for implementing the risk management tasks for this plan. • Review and recommend to the PM changes on the overall risk
management approach based on lessons learned
• Quarterly, or as directed, participate in the update to program risk
assessments made during the previous quarter
• Review and recommend any changes to the risk assessments made
and the risk mitigation plans proposed
• Report new risks to the PM via e-mail
• Accomplish assigned mitigation tasks and report status/completion of
mitigation actions to the Project Manager for entry into the
database
End Users: The end users will participate in the project through the SMEs. * Identify risks and should pass the information through the SMEs or Project Team * All risk identification, tasking, and reporting will be handled through the project team member(s) assigned to the End User

Risk Management Summary
Risk Identification
A risk can be identified from a number of...
tracking img