Question

In: Operations Management

Make a Risk Management Plan for your Valuable IT Assets at Home . a. Identify Assets...

Make a Risk Management Plan for your Valuable IT Assets at Home

. a. Identify Assets and their Value, Classify, Prioritize them

b. Identify Threats and Priorities

c. Specify Asset Vulnerabilities

d. Calculate Risk (show all calculations)

e. Select Control Strategies for Mitigating, Treating and Reducing Risk

You would be submitting following documents as outcomes of your activity. Each document has 5 marks.

a. Information Asset Classification Worksheet

b. Weighted Factor Analysis Worksheet

c. TVA Spreadsheet

d. Ranked Vulnerability Risk Worksheet

e. Risk Matrix f. Chart of Risk Controls Strategies with Controls

Solutions

Expert Solution

Risk management is the process of assessing the risks to an entity's information and determining how those risks can be controlled or mitigated.

To ensure that an information asset is identified and named at a consistent level of detail, the below guidelines are recommended:

⦁    An information asset is a logical concept
⦁    An information asset should be named using nouns
⦁    An information asset is named independently of any system or application
⦁    An information asset has value if it is actively used
⦁    An information asset should represent a collection of information
⦁    An information asset should be recorded if the status of the information set remains unclear

After an information asset is identified and named using the guidelines above, it should then be classified according to the Information classification framework. The inventory should also reflect each asset’s sensitivity and security priority. A classification scheme categorizes information assets based on their sensitivity and security needs – each of these categories designates the level of protection needed for a particular information asset. Classification categories must be comprehensive and mutually exclusive. Comparative judgments are made to ensure that the most valuable information assets are given the highest priority.

A sample classification is given below:

Information assets Data classification Impact to profitability
Information transmitted
Document Set 1 Confidential High
Customer order Confidential Critical
Secure assets
Laptop Private High
Router Public Critical

The next step is to list the assets in order of importance and this can be achieved by using a Weighted Factor Analysis (WFA) worksheet as per the sample below:

Information asset Criterion1: Impact on Revenue Criterion1: Impact on Profitability Criterion1: Impact on Public Image Weighted Score
Criterion weight (1-100) 30 40 30
Document Set 1 - Bills 0.8
Document Set 2 - Orders 0.8
Customer order via email 0.4

Threat Assessment is consists of identifying the potential threats and examining it to determine its potential to affect the concerned information asset. Vulnerabilities are specific avenues that threat agents can exploit to attack an information asset. At the end of the risk identification process, a list of assets and their vulnerabilities is developed. Another list prioritizes threats facing the organization based on the weighted table. These can be combined into the TVA worksheet as per the template below:

Asset 1 Asset 2 Asset n
Threat 1
Threat 2
Threat n
Priority of Controls 1 2

The next step is to evaluate the relative risk of each listed vulnerability. Using the information documented during the risk identification process, you can assign weighted scores based on the value of each information asset.

Some questions to ask when assigning likelihood values: 1) Which threats present a danger to the assets in the given environment? 2) Which threats represent the most danger to the information? 3) How much would it cost to recover from a successful attack? 4) Which threats would require the greatest expenditure to prevent?

Using the below formula to rank the vulnerabilities and arrive at the Ranked Vulnerability Risk Worksheet:

Risk = (Value x Likelihood) – [(Value x Likelihood) x %Control] + [(Value x Likelihood) x Uncertainty]

For example, if Asset A has a value of 50 and has one vulnerability, which has a likelihood of 1.0 with no current controls and your assumptions and data are 90% accurate, the Vulnerability Rank = (50 × 1.0) – [(50 × 1.0)x0%] + [(50 × 1.0)x10%] = (50) – 0 + 5 = 55


Related Solutions

Identify and explain the key processes required for effective project risk management 1. Plan Risk Management...
Identify and explain the key processes required for effective project risk management 1. Plan Risk Management : 2. Identify Risks : 3. Perform Qualitative risk analysis: 4. Perform Quantitative risk analysis: 5. Plan Risk Responses: 6. Control Risks:
The Risk Management Plan: Why is it important to have a Risk Management Plan? What is...
The Risk Management Plan: Why is it important to have a Risk Management Plan? What is included in the Risk Management Plan? Provide an outline of topics for a risk management plan. You can use this to work though your final project. Decision Analysis: Why is decision analysis used? What is the purpose of calculating the Expected Monetary Value of a decision? Why do you think the method of decision analysis is not frequently used?
You are to develop a risk management plan for the Pierce family. Your plan should incorporate...
You are to develop a risk management plan for the Pierce family. Your plan should incorporate insurance and noninsurance recommendations. Provide a complete explanation of your assumptions. Remember to make the work your own. Case facts: Joe, 37, self-employed carpenter, four employees, nets $60,000 per year Anita, 37, part-time nurse, earns $30,000 per year Children: Nathan (12), Isaac (10), Charlotte (6), Lydia (3) Assets, in $ Personal Cash 12,000 Mutual funds 8,000 IRAs 15,000 401(k) 28,000 Car 20,000 ATV 5,000...
I need someone to MAKE a risk management plan. NOT examples with vague terms. PLEASE A...
I need someone to MAKE a risk management plan. NOT examples with vague terms. PLEASE A REAL RISK MANAGEMENT PLAN FOR ANY PROJECT PLEASE!!!!
Final Project: Due Week 8 (THIS WEEK): Risk Management Plan Develop a Risk Management Plan. This...
Final Project: Due Week 8 (THIS WEEK): Risk Management Plan Develop a Risk Management Plan. This is a document which details the risk management plan for a  project you have worked on. (Don't confuse this with the Risk Register or Risk Response Planning.) This assignment is due on Wednesday (at midnight), next week. Rubric Task Point Value (out of 100) Proper APA format, spelling, grammar, citation, and organization of writing 10 points All required sections included in the RMP 50 points...
A. Plan Risk Management is the process of defining how to conduct risk management activities for...
A. Plan Risk Management is the process of defining how to conduct risk management activities for a project. As the project manager describes the content of the output which will be the risk management plan.   
Final Project: Due Week 8 (NEXT WEEK): Risk Management Plan Develop a Risk Management Plan. This...
Final Project: Due Week 8 (NEXT WEEK): Risk Management Plan Develop a Risk Management Plan. This is a document which details the risk management plan for your project. (Don't confuse this with the Risk Register or Risk Response Planning). Rubric Task Point Value (out of 100) Proper APA format, spelling, grammar, citation, and organization of writing 10 points All required sections included in the RMP 50 points Clearly understood plan, regardless of the persons background in risk or project management...
Identify 3 to 5 risk management tools used to make management decisions. Describe how each tool...
Identify 3 to 5 risk management tools used to make management decisions. Describe how each tool and how it is used in helping with decision making. Review the following scenario. A patient is admitted to the medical floor in a health care facility. She is confused and will not stay in her bed. The patient is placed in a room at the end of the hall away from the nurses’ station and she is not easily seen by staff. The...
Develop a Financial Risk Management plan for a Professional Consultancy firm in your respective field of...
Develop a Financial Risk Management plan for a Professional Consultancy firm in your respective field of study, for instance, if you are studying Banking and Finance, your selected firm should be in the Banking and Financial services industry.                
Make a Project of Management Risk Assessment: 1. Make a Qualitative Risk assessment 2. Make Quantitative...
Make a Project of Management Risk Assessment: 1. Make a Qualitative Risk assessment 2. Make Quantitative Risk Assessment and Mitigation
ADVERTISEMENT
ADVERTISEMENT
ADVERTISEMENT