Here you will create a risk management plan at the enterprise level

Subject:Computer SciencePrice:16.89 Bought3

Share With

Here you will create a risk management plan at the enterprise level.Your organization: belongs to Hospitality Industry OR Food Processing Industry OR Software Development Industry

Provide a name of your company and the industry it belongs to.

Step-1. Find all valuable assets across the organization that could be harmed by threats in a way that results in a monetary loss. Examples: Servers, Website

Step-2. Identify potential consequences. Determine what financial losses the organization would suffer if a given asset were damaged. Examples: Data loss, legal

Step-3. Identify threats and their level. A threat is anything that might exploit a vulnerability to breach your security and cause harm to your assets. Example: System failure

Step-4. Identify vulnerabilities and assess the likelihood of their exploitation. A vulnerability is a weakness that allows some threat to breach your security and cause harm to an asset. Think about what protects your systems from a given threat — if the threat actually occurs, what are the chances that it will actually damage your assets? Vulnerabilities can be physical (such as old equipment), problems with software design or configuration (such as excessive access permissions or unpatched workstations), or human factors (such as untrained or careless staff members).

Step-5. Assess risk. Risk is the potential that a given threat will exploit the vulnerabilities of the environment and cause harm to one or more assets, leading to monetary loss. Assess the risk according to the logical formula stated above and assign it a value of high, moderate or low. Then develop a solution for every high and moderate risk, along with an estimate of its cost.

Step-6. Create a risk management plan using the data collected. Use the template below.

Threat	Vulnerability	Asset and Consequences	Risk	Solution
Threat-1 High or Moderate or Low or Very Low	Vulnerability-1 High or Moderate or Low or Very Low	Asset name / and related consequences -1 Critical or Moderate or Minimum	Risk-1 High or Moderate or Low or Very Low	Solution-1
Threat-2 High or Moderate or Low or Very Low	Vulnerability-2 High or Moderate or Low or Very Low	Asset name / and related consequences -2 Critical or Moderate or Minimum	Risk-2 High or Moderate or Low or Very Low	Solution-2
Threat-3 High or Moderate or Low or Very Low	Vulnerability-3 High or Moderate or Low or Very Low	Asset name / and related consequences -3 Critical or Moderate or Minimum	Risk-3 High or Moderate or Low or Very Low	Solution-3
---	---	---	---	---
Threat-n High or Moderate or Low or Very Low	Vulnerability-n High or Moderate or Low or Very Low	Asset name / and related consequences -n Critical or Moderate or Minimum	Risk-n High or Moderate or Low or Very Low	Solution-n

Step-7. Create a strategy for IT infrastructure enhancements to mitigate the most important vulnerabilities and get management sign-off.

Step-8. Define mitigation processes. You can improve your IT security infrastructure but you cannot eliminate all risks. When a disaster happens, you fix what happened, investigate why it happened, and try to prevent it from happening again, or at least make the consequences less harmful. For example, here is a sample mitigation process for a server failure:

Event (server failure)

• Response (use your disaster recovery plan or the vendor’s documentation to get the server up and running)
• Analysis (determine why this server failed)
• Mitigation (if the server failed due to overheating because of low-quality equipment, ask your management to buy better equipment; if they refuse, put additional monitoring in place so you can shut down the server in a controlled way)

Step-9. Risk assessment is not a one-time event. Both your IT environment and the threat landscape are constantly changing, so you need to perform risk assessment on a regular basis. Create a risk assessment policy that codifies your risk assessment methodology and specifies how often the risk assessment process must be repeated.