Risk Management Plan

Topics: Risk, Security, Risk management Pages: 17 (4407 words) Published: April 23, 2014
TABLE OF CONTENTS

1 INTRODUCTION……………………………………………………………………………..1 1.1PURPOSE…………………………………………………………………………….1 1.2SCOPE………………………………………………………………………….……..1 1.3COMPLIANCE LAWS AND REGULATIONS……………………………….…….1 1.4ROLES AND RESPONSIBILITIES…………………………………………………1 2 RISK MANAGEMENT PROCEDURE………………..……………………………………2 2.1 RISK PLANNING……………………………………………………………………2 2.2 RISK MONITORING…………………………………………………………..……2 2.3 RISK REPORTING………………………………………………………………….2 2.4 ACTION PLAN………………………………………………………………………2 3 TOOLS AND PRACTICES………………………………………………………….………3 4 RISK MANAGEMENT PLAN APPROVAL………………………………………………4

Introduction:
Information security continuous monitoring (ISCM) is defined as maintaining ongoing awareness of information security, vulnerabilities, and threats to support organizational risk management decisions. This publication specifically addresses assessment and analysis of security control effectiveness and of organizational security status in accordance with organizational risk tolerance. Security control effectiveness is measured by correctness of implementation and by how adequately the implemented controls meet organizational needs in accordance with current risk tolerance. Organizational security status is determined using metrics established by the organization to best convey the security posture of an organization’s information and information systems, along with organizational resilience given known threat information. This necessitates:

• Maintaining situational awareness of all systems across the organization; • Maintaining an understanding of threats and threat activities; • Assessing all security controls;
• Collecting, correlating, and analyzing security-related information; • Providing actionable communication of security status across all tiers of the organization; and • Active management of risk by organizational officials.

Purpose:
The purpose of this guideline is to assist organizations in the development of an ISCM strategy and the implementation of an ISCM program that provides awareness of threats and vulnerabilities, visibility into organizational assets, and the effectiveness of deployed security controls. The ISCM strategy and program support ongoing assurance that planned and implemented security controls are aligned with organizational risk tolerance, as well as the ability to provide the information needed to respond to risk in a timely manner. Senior management at Defense Logistics Information Service has decided that the risk management plan for the organization is out of date. Because of the importance of risk management a new plan needs to be developed. The risk management plan is for the organization’s use only. This new risk management plan will not only minimize the amount of risk for future endeavors, but will also be in compliance with regulations such as the Federal Information Security Management Act (FISMA), Department of Defense (DOD), Department of Homeland Security (DHS), National Institute of Standards and Technology (NIST), Control Objects for Information and Technology (COBIT), and Information Assurance Certification and Accreditation Process (DAICAP).

Scope:
This risk management plan is for the organizations use only and its network including remote access. Any outside sources from the scope and risk management plan may cause the network infrastructure to fail or will make it a high risk structure due to outside sources that are not protected to interact with other outside sources allowing hackers to infiltrate the system is steal important files. The scope of this project will include the planning, scheduling, budgeting, and consultation needed to perform an in depth risk assessment and research to determine which compliance laws this organization must follow. We must identify all the risks and vulnerabilities associated with this organization and create viable solutions that may mitigate these risks as quickly and as inexpensively as possible...
Continue Reading

Please join StudyMode to read the full document

You May Also Find These Documents Helpful

  • Information Security Risk Analysis and Management Essay
  • Risk Management Plan And Risk Analysis And Risk Management Revised Essay
  • Chapter 4 Risk Management Essay
  • Essay about IS3110 Lab 2 Align Risk, Threats, & Vulnerabilities to COBIT P09 Risk Management Controls
  • Questions on Risk Management Controls Essay
  • Essay on Risk Management Plan
  • Risk Management Plan Essay
  • Risk Management Plan Final Research Paper

Become a StudyMode Member

Sign Up - It's Free