Project Part 1 Task 1
Draft Risk Management Plan
Ernest Martinez Jr.
October 22, 2012
The Senior Management of the Defense Logistics Information Services (DLIS) has decided to update the previous risk management plan with a developing, new risk management plan. This new risk management plan will not only minimize the amount of risk for future endeavors, but will also be in compliance with regulations such as the Federal Information Security Management Act (FISMA), Department of Defense (DOD), Department of Homeland Security (DHS), National Institute of Standards and Technology (NIST), Control Objects for Information and Technology (COBIT), and Information Assurance Certification and Accreditation Process (DAICAP). Scope
The risk management plan is for the organization use only and its network, including remote access company owned building in United States. Outside sources from this scope and risk management plan may cause the network infrastructure to fail or will make it a high risk structure due to the fact that the outside source may not protected to interact with other outside sources allowing hackers to infiltrate your system and steal important files. Compliances
Federal Information Security Management Act (FISMA) compliance is required for federal agencies to protect their important information. Department of Homeland Security (DHS) compliance is to be required for protection to the United States against terrorists. There are other organizations in which standards are given for risk management projects, including: National Institute of Standards and Technology (NIST), Department of Defense (DOD) Information Assurance Certification and Accreditation Process (DAICAP), and Control Objects for Information and related Technology (COBIT). Roles and Responsibilities
Project Manager (PM): The overall coordinator of the Risk Management Program. • Maintaining the Risk Management Plan
• Maintaining the Risk Management Database and distributing updates • Briefing the team on the status of risks
• Tracking efforts to reduce moderate and high risk to acceptable levels • Providing risk management training
• Facilitating risk assessments
• Preparing risk briefings, reports, and documents required for Project
Reviews Project Team: Responsible for identifying, monitoring and managing risks. • Coordinate with Subject Matter Experts (SMEs) to review and recommend to the PM changes on the overall risk management approach based on lessons learned. • Quarterly, or as instructed, participate in the update to project risk assessments made during the previous review period. • Review and recommend any changes to the risk assessments made and the risk mitigation plans proposed. • Ensure that risk is a required topic at each Project Meeting. • Accomplish assigned mitigation tasks and report status/completion of mitigation actions to the PM for entry into the database. • Report new risks to the PM via e-mail
Subject Matter Experts (SMEs): Responsible for implementing the risk management tasks for this plan. • Review and recommend to the PM changes on the overall risk
management approach based on lessons learned
• Quarterly, or as directed, participate in the update to program risk
assessments made during the previous quarter
• Review and recommend any changes to the risk assessments made
and the risk mitigation plans proposed
• Report new risks to the PM via e-mail
• Accomplish assigned mitigation tasks and report status/completion of
mitigation actions to the Project Manager for entry into the
End Users: The end users will participate in the project through the SMEs. * Identify risks and should pass the information through the SMEs or Project Team * All risk identification, tasking, and reporting will be handled through the project team member(s) assigned to the End User
Risk Management Summary
A risk can be identified from a number of...
References: Enterprise Project Management Office. State of North Dakota.
Retrieved from: www.nd.gov/itd/files/services/pm/risk-management-plan-sample.pdf
Gibson, D. (2011). Managing risk in information systems. Sudbury, Mass.: Jones & Bartlett Learning.
Risk Management Plan. (2007, November 29). Northrop Grumman . Retrieved October 16, 2012, from interop.mt.gov/content/docs/IM_Risk_Management_Plan_v4_0.pdf
Rouse, M. (n.d.). What is Federal Information Security Management Act (FISMA)? - Definition from WhatIs.com. Information Security information, news and tips - SearchSecurity.com. Retrieved October 15, 2012, from http://searchsecurity.techtarget.com/definition/Federal-Information-Security-Management-Act
Please join StudyMode to read the full document