Academic Integrity: tutoring, explanations, and feedback — we don’t complete graded work or submit on a student’s behalf.

Deliverables **Need task 1-4 need all that due tomm) just need 2-3 pages doing i

ID: 3648264 • Letter: D

Question

Deliverables **Need task 1-4 need all that due tomm) just need 2-3 pages doing it alone
Introduction:
Risk management is an important process for all organizations. This is particularly true in information systems, which provides critical support for organizational missions. The heart of risk management is a formal risk management plan.
This activity allows you to fulfill the role of an employee participating in the risk management process in a specific business situation.

Scenario:
You are an information technology (IT) intern working for the Defense Logistics Information Service(DLIS) in Battle Creek, Michigan. DLIS is an organization within the Defense Logistics Agency (DLA),which is the largest logistics combat support agency for the Department of Defense. DLIS creates, manages, and disseminates logistics information to military and government customers using the latest
technology.

Senior management at DLIS decided that the existing risk management plan for the organization is out of date, and that a new risk management plan must be developed. Because of the importance of risk management to the organization, senior management is committed to and supportive of the project to develop a new plan. You have been assigned to develop this new plan.

Project Part 2
Project Part 2 Task 1: Introduction and Business Impact Analysis Plan
As discussed so far in this course, risk management is an important process for all organization. This is
particularly true for information systems, which provide critical support for organizational missions. The
heart of risk management is a formal risk management plan.
This part of the project is a continuation of the Project Part 1 where you prepared RA plan and a risk
mitigation plan for the DLIS. Senior management at DLIS decided that the risk manager and his/her team
should continue and develop a RA plan based on inputs provided by the team in earlier project
deliverables. Management has also allocated funds for a risk mitigation plan and a BIA plan. Because of
the importance of risk management to the organization, senior management is committed to and
supportive of the project to develop a new plan. You have been assigned to develop this new plan.

Project Part 2 Task 2: Business Continuity Plan
After having reviewed and being impressed by your Project Part 1 on Risk Management, the senior
management at DLIS decided that your team must also develop a BCP as your team is doing so well.
Management has also allocated all funds for a BCP and your team has their full support, as well as free
reign to call on any of them for participation or inclusion in your BCP plan. You have been assigned to
develop this new plan after taking into consideration the following additional information on DLIS IT
infrastructure.
DLIS has a global reach and at least 50 file servers and various databases (12) running everything from
an enterprise resource planning (ERP) system to the organization payroll system that has an electronic
funds transfer (EFT) capability. Other things worth noting are a warm site within 50 miles of the
headquarters data center. No plans exist for it. You will want to use it in your BCP planning. Currently
back-ups are done with an outside vendor. However your team will want to recommend a new process
(vendor), and develop a new back-up plan for approximately five terabyte (TB) of critical classified data.
Do not forget to develop a testing plan for your team

Explanation / Answer

In ideal risk management, a prioritization process is followed whereby the risks with the greatest loss (or impact) and the greatest probability of occurring are handled first, and risks with lower probability of occurrence and lower loss are handled in descending order. In practice the process of assessing overall risk can be difficult, and balancing resources used to mitigate between risks with a high probability of occurrence but lower loss versus a risk with high loss but lower probability of occurrence can often be mishandled. Intangible risk management identifies a new type of a risk that has a 100% probability of occurring but is ignored by the organization due to a lack of identification ability. For example, when deficient knowledge is applied to a situation, a knowledge risk materializes. Relationship risk appears when ineffective collaboration occurs. Process-engagement risk may be an issue when ineffective operational procedures are applied. These risks directly reduce the productivity of knowledge workers, decrease cost effectiveness, profitability, service, quality, reputation, brand value, and earnings quality. Intangible risk management allows risk management to create immediate value from the identification and reduction of risks that reduce productivity. Risk management also faces difficulties in allocating resources. This is the idea of opportunity cost. Resources spent on risk management could have been spent on more profitable activities. Again, ideal risk management minimizes spending (or manpower or other resources) and also minimizes the negative effects of risks. Method: For the most part, these methods consist of the following elements, performed, more or less, in the following order. 1.identify, characterize, and assess threats 2.assess the vulnerability of critical assets to specific threats 3.determine the risk (i.e. the expected likelihood and consequences of specific types of attacks on specific assets) 4.identify ways to reduce those risks 5.prioritize risk reduction measures based on a strategy IT risk management can be considered a component of a wider Enterprise risk management system. The establishment, maintenance and continuous update of an ISMS provide a strong indication that a company is using a systematic approach for the identification, assessment and management of information security risks. Different methodologies have been proposed to manage IT risks, each of them divided in processes and steps. According to Risk IT, it encompasses not just only the negative impact of operations and service delivery which can bring destruction or reduction of the value of the organization, but also the benefit alue enabling risk associated to missing opportunities to use technology to enable or enhance business or the IT project management for aspects like overspending or late delivery with adverse business impact. Because risk is strictly tied to uncertainty, Decision theory should be applied to manage risk as a science, i.e. rationally making choices under uncertainty. Generally speaking, risk is the product of likelihood times impact (Risk = Likelihood * Impact). The measure of a IT risk can be determined as a product of threat, vulnerability and asset values: Risk = Threat * Vulnerability * Asset 1.The total process to identify, control, and minimize the impact of uncertain events. The objective of the risk management program is to reduce risk and obtain and maintain DAA approval. The process facilitates the management of security risks by each level of management throughout the system life cycle. The approval process consists of three elements: risk analysis, certification, and approval. 2.An element of managerial science concerned with the identification, measurement, control, and minimization of uncertain events. An effective risk management program encompasses the following four phases: a.a Risk assessment, as derived from an evaluation of threats and vulnerabilities. b.Management decision. c.Control implementation. d.Effectiveness review. 3.The total process of identifying, measuring, and minimizing uncertain events affecting AIS resources. It includes risk analysis, cost benefit analysis, safeguard selection, security test and evaluation, safeguard implementation, and systems review. 4.The total process of identifying, controlling, and eliminating or minimizing uncertain events that may affect system resources. lt indudes risk analysis, cost benefit analysis, selection, implementation and test, security evaluation of safeguards, and overall security review.

Related Questions

Deleting all sheets and Chart sheets except specifically named sheets I would li
Question #3571051
Deleting brvaia A common stratepy for handling a case in which an obser vation i
Question #1136090
Deleting specific nodes in a linked list I am trying to implement a function in
Question #3550945
Deletion of a promoter-proximal element for a gene would have which of the follo
Question #71966
Deletion of a promoter-proximal element for a gene would have which of the follo
Question #71980
Deletion of a single nucleotide in a methionine codon can cause a frameshift tha
Question #168452
Deletion with Open Addressing Hash Tables We claimed in class that a hash table
Question #3713321
Deletions can be used to map genes along a chromosome. In order to do this a ser
Question #263803
Hire Me For All Your Tutoring Needs
Integrity-first tutoring: clear explanations, guidance, and feedback.
Drop an Email at
drjack9650@gmail.com
Chat Now And Get Quote

Navigate

Previous
Deliverable: Three (3) Web pages and two 12) Cascading Style Sheets (c3s) Comple
Next
Deliverables . app.java (initial application) MainFrame.java (external JFrame .

Integrity-first tutoring: explanations and feedback only — we do not complete graded work. Learn more.