Skip to document
Welcome to StudocuSign in to access the best study resources
Guest user
0followers
HomeMy LibraryAsk AI
  • You don't have any recent items yet.
My Library
  • You don't have any courses yet.
  • You don't have any books yet.
  • You don't have any Studylists yet.

Security and risk management

Risk management is an important technique that focuses security effort...
Course

Management (MGT500)

8 Documents
Students shared 8 documents in this course
Academic year: 2021/2022
Uploaded by:
Anonymous Student
This document has been uploaded by a student, just like you, who decided to remain anonymous.
Dedan Kimathi University of Technology

Comments

Please sign in or register to post comments.

Students also viewed

Related documents

Preview text

**Security and risk management

  1. What is the goal or objective of an IT risk management plan?** To help IT project managers identify possible risks, evaluate them, and provide a suitable response to the risks. Some common objectives include costs associated with risks, possible risks, recommendation on how to mitigate risks, and cost-benefits analysis

2. What are the five fundamental components of an IT risk management plan? Five fundamental components are identifying the risk, analyzing the risk, ranking or evaluating the risk, providing a solution, and reviewing or monitoring the risk.

3. Define what risk planning is. Risk planning refers to the specialized project management that involves the process of identifying, ranking, and managing risk.

4. In which step the risk management process do you find, recognize, and describe risks? The first step which is the identification of the risk. 5. What is the exercise called when you are trying to gauge how significant a risk is? The exercise is risk assessment, which can be in the form of a Quantitative or Qualitative category.

6. What practice helps address a risk? The practice is the risk response, which includes accepting, avoiding, mitigating, or transferring the risk.

7. What ongoing practice helps track risk in real time? Monitoring of risk helps the IT project manager to track the threat in real-time. 8. True or False: Once an organization completes all risk management steps, from planning through monitoring, the task is done. False 9. Given that an IT risk management plan can be large in scope, why is it a good idea to develop a risk management plan team? The risk management plan team helps the organization identify, monitor, evaluate, and treat risks. They are essential since they help save valuable resources, reduce legal liability, offer protection, and create a secure environment. The planning team helps to develop boundaries, which ensures the whole team works together to better results.

10. In the seven domains of a typical IT infrastructure, the User domain is typically the most difficult to plan, identify, assess, treat, and monitor. Why? The user domain gives access to all other six domains and includes all the users hence providing a complicated system that is hard in the process risk management.

  1. One of the ways you manage risk is to simply avoid a risky activity. The lab includes a table of identified risks, threats, and vulnerabilities in a healthcare setting. Identify a risk, threat, or vulnerability for which you could avoid the risk. Explain your answer.

The risk management team can use anything possible, whether artificial or humanmade, to appropriately identify, evaluate and treat possible risks. Below are some of the techniques in each domain.

User domain: acceptable use policies and user awareness to create user's responsibility. Workstation Domain: Keep operating system updated, install an updated antivirus, deploy security patches.

LAN domain: Practice port-security technique and have access control lists programmed to fit a specific functionality.

LAN-to-WAN domain: Install firewalls to allow only specific traffic types and train admin on the importance of limiting firewalls rules.

WAN domain: deploy demilitarized zone that utilizes two firewalls connected to the internet and others in the internet network.

Remote Access domain: Install internet protocol security and different control systems. System/Applications domain: Training administrators on sound security management practices.

15. For risk mitigation, what processes and procedures can help streamline and implement risk mitigation solutions to the production IT infrastructure? The process should include evaluating all the domains to identify risk vulnerabilities, analysis, and provide necessary actions to curb identified risk if possible. Therefore, procedures and processes include remediation, control, access, and reporting of possible vulnerabilities and solutions.

16. What is the purpose of a risk register? Risk registers help record the risk's details gathered throughout the project, incorporating their evaluation and treatment plan. Therefore, this tool helps project managers to track and control risk possibilities throughout the project.

17. How does risk response impact change control management and vulnerability management? The risk response involves identifying possible ways that can be used to eliminate any risk that threatens the project. They also provide an opportunity to enhance risk management impact. They hold managers responsible for creating a robust contingency plan to respond to any possible risks throughout the project. Risk response includes mitigate, avoid, and transfer.

Was this document helpful?

Security and risk management

Course: Management (MGT500)

8 Documents
Students shared 8 documents in this course

University: Aspen University

Was this document helpful?
Security and risk management
1. What is the goal or objective of an IT risk management plan?
To help IT project managers identify possible risks, evaluate them, and provide a suitable
response to the risks. Some common objectives include costs associated with risks, possible
risks, recommendation on how to mitigate risks, and cost-benefits analysis
2. What are the five fundamental components of an IT risk management plan?
Five fundamental components are identifying the risk, analyzing the risk, ranking or
evaluating the risk, providing a solution, and reviewing or monitoring the risk.
3. Define what risk planning is.
Risk planning refers to the specialized project management that involves the process of
identifying, ranking, and managing risk.
4. In which step the risk management process do you find, recognize, and describe
risks?
The first step which is the identification of the risk.
5. What is the exercise called when you are trying to gauge how significant a risk
is?
The exercise is risk assessment, which can be in the form of a Quantitative or Qualitative
category.
6. What practice helps address a risk?
The practice is the risk response, which includes accepting, avoiding, mitigating, or
transferring the risk.

Students also viewed

Related documents