Question

In: Operations Management

Make a Risk Management Plan for your Valuable IT Assets at Home . a. Identify Assets...

Make a Risk Management Plan for your Valuable IT Assets at Home

. a. Identify Assets and their Value, Classify, Prioritize them

b. Identify Threats and Priorities

c. Specify Asset Vulnerabilities

d. Calculate Risk (show all calculations)

e. Select Control Strategies for Mitigating, Treating and Reducing Risk

You would be submitting following documents as outcomes of your activity. Each document has 5 marks.

a. Information Asset Classification Worksheet

b. Weighted Factor Analysis Worksheet

c. TVA Spreadsheet

d. Ranked Vulnerability Risk Worksheet

e. Risk Matrix f. Chart of Risk Controls Strategies with Controls

Solutions

Expert Solution

Risk management is the process of assessing the risks to an entity's information and determining how those risks can be controlled or mitigated.

To ensure that an information asset is identified and named at a consistent level of detail, the below guidelines are recommended:

⦁    An information asset is a logical concept
⦁    An information asset should be named using nouns
⦁    An information asset is named independently of any system or application
⦁    An information asset has value if it is actively used
⦁    An information asset should represent a collection of information
⦁    An information asset should be recorded if the status of the information set remains unclear

After an information asset is identified and named using the guidelines above, it should then be classified according to the Information classification framework. The inventory should also reflect each asset’s sensitivity and security priority. A classification scheme categorizes information assets based on their sensitivity and security needs – each of these categories designates the level of protection needed for a particular information asset. Classification categories must be comprehensive and mutually exclusive. Comparative judgments are made to ensure that the most valuable information assets are given the highest priority.

A sample classification is given below:

Information assets Data classification Impact to profitability
Information transmitted
Document Set 1 Confidential High
Customer order Confidential Critical
Secure assets
Laptop Private High
Router Public Critical

The next step is to list the assets in order of importance and this can be achieved by using a Weighted Factor Analysis (WFA) worksheet as per the sample below:

Information asset Criterion1: Impact on Revenue Criterion1: Impact on Profitability Criterion1: Impact on Public Image Weighted Score
Criterion weight (1-100) 30 40 30
Document Set 1 - Bills 0.8
Document Set 2 - Orders 0.8
Customer order via email 0.4

Threat Assessment is consists of identifying the potential threats and examining it to determine its potential to affect the concerned information asset. Vulnerabilities are specific avenues that threat agents can exploit to attack an information asset. At the end of the risk identification process, a list of assets and their vulnerabilities is developed. Another list prioritizes threats facing the organization based on the weighted table. These can be combined into the TVA worksheet as per the template below:

Asset 1 Asset 2 Asset n
Threat 1
Threat 2
Threat n
Priority of Controls 1 2

The next step is to evaluate the relative risk of each listed vulnerability. Using the information documented during the risk identification process, you can assign weighted scores based on the value of each information asset.

Some questions to ask when assigning likelihood values: 1) Which threats present a danger to the assets in the given environment? 2) Which threats represent the most danger to the information? 3) How much would it cost to recover from a successful attack? 4) Which threats would require the greatest expenditure to prevent?

Using the below formula to rank the vulnerabilities and arrive at the Ranked Vulnerability Risk Worksheet:

Risk = (Value x Likelihood) – [(Value x Likelihood) x %Control] + [(Value x Likelihood) x Uncertainty]

For example, if Asset A has a value of 50 and has one vulnerability, which has a likelihood of 1.0 with no current controls and your assumptions and data are 90% accurate, the Vulnerability Rank = (50 × 1.0) – [(50 × 1.0)x0%] + [(50 × 1.0)x10%] = (50) – 0 + 5 = 55


Related Solutions

A. Plan Risk Management is the process of defining how to conduct risk management activities for...
A. Plan Risk Management is the process of defining how to conduct risk management activities for a project. As the project manager describes the content of the output which will be the risk management plan.   
Final Project: Due Week 8 (NEXT WEEK): Risk Management Plan Develop a Risk Management Plan. This...
Final Project: Due Week 8 (NEXT WEEK): Risk Management Plan Develop a Risk Management Plan. This is a document which details the risk management plan for your project. (Don't confuse this with the Risk Register or Risk Response Planning). Rubric Task Point Value (out of 100) Proper APA format, spelling, grammar, citation, and organization of writing 10 points All required sections included in the RMP 50 points Clearly understood plan, regardless of the persons background in risk or project management...
Identify 3 to 5 risk management tools used to make management decisions. Describe how each tool...
Identify 3 to 5 risk management tools used to make management decisions. Describe how each tool and how it is used in helping with decision making. Review the following scenario. A patient is admitted to the medical floor in a health care facility. She is confused and will not stay in her bed. The patient is placed in a room at the end of the hall away from the nurses’ station and she is not easily seen by staff. The...
Develop a Financial Risk Management plan for a Professional Consultancy firm in your respective field of...
Develop a Financial Risk Management plan for a Professional Consultancy firm in your respective field of study, for instance, if you are studying Banking and Finance, your selected firm should be in the Banking and Financial services industry.                
Make a Project of Management Risk Assessment: 1. Make a Qualitative Risk assessment 2. Make Quantitative...
Make a Project of Management Risk Assessment: 1. Make a Qualitative Risk assessment 2. Make Quantitative Risk Assessment and Mitigation
More than a good strategy is needed for a risk management plan. Implementation of the plan...
More than a good strategy is needed for a risk management plan. Implementation of the plan must be practiced and maintained. Complete the following assignment: Discuss why each of the following components must be considered in plan implementation: Rehearsal Maintenance Benchmarking Assurance and Audit The completed assignment should be at least 250 words.
Make a risk assesment and mitigation plan if you want to make a pollution free and...
Make a risk assesment and mitigation plan if you want to make a pollution free and low carbon emission city. You may consider potential issues related to legal, ethical, technical, environmental, policy,social and economic impacts..
The management of the firm's short-term assets and liabilities is called ___________ A. Financial risk management....
The management of the firm's short-term assets and liabilities is called ___________ A. Financial risk management. B. Financial leverage management. C. Working capital management. D. Capital budgeting decision.
Risk Identification and Mitigation plan – identify any five risk from at least two risk categories....
Risk Identification and Mitigation plan – identify any five risk from at least two risk categories. In the Business Intelligence System You can use any of the following techniques to identify the Risks o SWOT Analysis (Strengths, Weaknesses, Opportunities and Threats) o Scenario planning o Morphological o Cross-impact o CBR (Case-based reasoning)
Assets with a high criticality index should be maintained based on risk management principles. Assets that...
Assets with a high criticality index should be maintained based on risk management principles. Assets that are not critical may be best managed by leaving them to fail and then replacing them on a reactive basis. The topic your group assignment: What is criticality determination? How to conduct it? And is there any other similar approach?
ADVERTISEMENT
ADVERTISEMENT
ADVERTISEMENT