Lab on IT Risk Management

Date:  2021-03-11 18:16:13
5 pages  (1372 words)
Back to categories
This essay has been submitted by a student. This is not an example of the work written by our professional essay writers.
This essay has been submitted by a student. This is not an example of the work written by our professional essay writers.

1. What is the goal or objective of an IT risk management plan? A risk management plan is a key item en having an IT project. It is developed with the three key objectives. These objectives include: defining how the risk are going to be managed, how they are going to monitored and how they are going to be approved throughout the project.

2. What are the five fundamental components of an IT risk management plan? Like most plans, an IT management has essential components in its structure. These include:

Risk identification

Risk analysis

Risk evaluation

Risk monitoring and;


3. Define what risk planning is. This is the development and documentation process of risk identification strategies and methods that are well structured, organized and interactive. It entails identifying, assessing and controlling risk that come about due to operation factors and decision making that weighs the risk cost and benefits of the process.

4. What is the first step in performing risk management? Performance of risk management always begins with one crucial step; the establishment of the objectives of the risk management. In this step the aim is always to establish the expected results of the risk management process.

5. What is the exercise called when you are trying to gauge how significant a risk is? This is referred to as health risk assessment

6. What practice helps address a risk? Elimination or reduction of risk is achieved through risk management

7. What ongoing practice helps track risk in real time? Risk Mitigation

8. True or False: Once a company completes all risk management steps (identification, assessment, response, and monitoring), the task is done. False

9. Given that an IT risk management plan can be large in scope, why is it a good idea to develop a risk management plan team? It I through the scope that the boundaries of risk management are establish. In situation where the scope of the plan is large, a team is essential as they work together to ensure that its structure is maintained by arriving at decision through consensus.

10. In the seven domains of a typical IT infrastructure, which domain is the most difficult to plan, identify, assess, treat, and monitor? Local Area Network Wide Area Network (LAN-WAN)

11. Which compliance laws or standards does the health care organization mentioned in the Hands-On Steps have to comply with (consider these: Health Insurance Portability and Accountability Act [HIPAA], Gramm-Leach-Bliley Act [GLBA], and Family Educational Rights and Privacy Act [FERPA])? Family Educational Rights and Privacy Act (FERPA). How does this impact the scope and boundary of its IT risk management plan? Compliance of to the FERPA law narrows widens the scope and boundary of the risk management plan. The boundary of the scope of the plan widens as it has to accommodate the rules and regulation in the FERPA. In the scope of the risk management, the possibilities of the project going against the FERPA law have to be accounted for as the project might not always be carried out within these restricting regulations.

12. How did the risk identification and risk assessment of the identified risks, threats, and vulnerabilities contribute to your IT risk management plan outline? It enabled locating of the information required by ensuring that it was properly detailed

13. What risks, threats, and vulnerabilities did you identify and assess that require immediate risk mitigation given the criticality of the threat or vulnerability? Some of the key vulnerabilities that need immediate mitigation included lack of adequate finances and some of the member lacking commitment. These two factor may greatly affect the risk management plan in an adverse manner

14. For risk monitoring, what are some techniques or tools you can implement in each of the seven domains of a typical IT infrastructure to help mitigate risk? A wide variety of possibilities can be adopted ranging from man-made to properly assess, identification and solving the possible challenges

15. For risk mitigation, what processes and procedures can help streamline and implement risk mitigation solutions to the production IT infrastructure? These include control, remediation, reporting a key and assess.

16. What is the purpose of a risk register? This tool enables project managers to develop a list risk that are identified, distinctly defined and assessed as to what value they have in terms of attaining the goals of the projects. They enable direct risk handling such as through risk mitigation and also play an important role in focused quantitative analysis, for example schedule risk analysis that is founded on Monte Carlo simulation that is driven with specific risk. The latter use is often referred to as Risk Driver Method of Schedule and Cost Risk Analysis.

17. How does risk response impact change control management and vulnerability management? One of the best ways to approach organizational change is change control. This is because it provides a systematic approach to organizational change. It also prevents any possible interruption of services. The latter is achieved through provision of a plan that ensures that service resume as soon as possible in case they are interrupted.

LAB #3 Defining the Scope and Structure for an IT Risk Management Plan

Describe in what ways the risk management process in both IT and non-IT environments are similar.

Both IT and non-IT risk management environments require the five steps of risk management; that is plan, identify, assess, respond and monitoring.

For instance, in a non-IT environment such as an Athlete Fitness run, the risk management steps could entail the following:

Planning the run is supposed to be 10km on a certain date at a certain time with a certain number of athletes at a specific training ground or pitch.

Identify risks low light possible rainy condition or windy conditions that might make it difficult for the athletes to run. Hot weather conditions may also prevail leading to dehydration of the athletes.

Assesses the level of the risk is medium

Responding risk are prioritized and acceptable

Monitor this entails evaluation of the athletes along the route for injury and dehydration

Briefly describe in your own words the five major steps of risk management: plan, identify, assess, respond, and monitor.

Plan this is coming up with the structure of the project that is going to be conducted; what it will entailed, the people involved and the infrastructure involved.

Identify the risk the team needs to uncover and recognize and describe the risks during which a risk register must be prepared

Assess- In this step, the risks are evaluated and ranked by determining the risk. It entails making a decision on whether the risk in acceptable or it is serious enough to require treatment. The risk rankings are then added to the project register.

Responding this is coming up a response plan on how to treat or modify the risk to achieve acceptable risk levels

Monitoring in this step, the risk register is taken and used to monitor, track and review the risk during the project

Using the following table of risks, threats, and vulnerabilities that were found in a healthcare IT infrastructure servicing patients with life-threatening conditions, review the risks in the following table. Consider how you might manage each risk and which of the seven domains each one affects:

Risks, Threats, and Vulnerabilities

Unauthorized access from public Internet. WAN domain

Hacker penetrates IT infrastructure. System application domain

Communication circuit outages. LAN domain

Workstations. Work station domain

Workstation operating system (OS) has known software vulnerability. Work station domain

Denial of service attack on organizations e-mail. Work station domain

Remote communications from home office. Remote access domain

Workstation browser has software vulnerability. Work station domain

Weak ingress/egress traffic-filtering degrades performance. System Access Domain

Wireless Local Area Network (WLAN) access points are needed for Local Area Network (LAN) connectivity within a warehouse LAN. WAN Domain

Need to prevent rogue users from unauthorized WLAN access. LAN-WAN domain

User destroys data in application, deletes all files, and gains access to internal network. User domain

Fire destroys primary data center. System application domain

Intraoffice employee romance gone bad. User domain

Loss of production data server. System application domain

Unauthorized access to organization-owned workstations. Work station domain

LAN server OS has a known software vulnerability. LAN domain

User downloads an unknown e-mail attachment. LAN domain

Service provider has a major network outage. Remote access domain

User inserts CDs and USB hard drives with personal photos, music, and videos on organization owned computers. User domain

Virtual Private Network (VPN) tunneling between the remote computer and ingress/egress router. LAN WAN domain


logo_essay logo_essay

Request Removal

If you are the original author of this essay and no longer wish to have it published on the ProEssays website, please click below to request its removal: