SECURITY RISK MANAGEMENT PLAN
Prepared by Jeremy Davis
Version control
Project title | Security Risk Management Plan Draft | Author | Jeremy Davis | VC | 1.0 | Date | 25/10/10 |
Contents Executive summary 4 Project purpose 5 Scope of Risk management 5 Context and background 5 Assumptions 5 Constraints 5 Legislation/Standards/Policies 6 Risk management 6 Identification of risk 7 Analysis of risk 8 Risk Category 9 Review of Matrix 9 Action plan 9 Testing Procedures 11 Maintenance 11 Scheduling 11 Implementation 12 Training 12 Milestones 12 Monitoring and review 13 Definition 13 Authorisation 14 Reference 15
Executive summary
A Security Risk Management Plan (SRMP) helps CBS
…show more content…
This is achieved through the assessment of the business, operations, staff, assets, risks, legislations, standards and policies.
Context and background
Definition of Risk management
The analysing of risks and implementation of risk controls to minimise and prevent risks from occurring to the business.
Assumptions
Assumptions must be identified that the business may be working to understand and gather more information. Assumptions are what the project team have expected to have or be made available throughout the program. * SMRP approved * SMRP implemented strategies are tested and is successful * SMRP meets requirements
Constraints
Constraints are usually a list in which provides the limitations and restrictions that the project team may encounter. * Budget issues * Must check if plan meets legislations, standards and policies * Approval of Security risk management plan may delay * Implementation of strategies
Legislation/Standards/Policies
When considering risk management, you must state legal and regulatory framework. You must identify in order to follow and meet the requirements for the Security Risk Management Plan
* ‘Australian /New Zealand Risk Management 4360 1999’ * Standard ISO/IEC 27002 Information technology — Code of practice for information security management * Standard ISO/IEC 27004 Information technology — Information
The safety aspect for risk management will evaluate the potential for human loss of life and or injury. The potential for major incident or accident, such as fire, explosion, or spill, including environmental damage. The necessity for security within the company is a highly need aspect of safety that can lead to risk. The revenues aspect for risk management will evaluate the loss of customer base, recovering of capital loss and recognizing uncoverable capital loss, and loss of opportunity in marketing of the product. The necessity for revenue risk management is key. The costs aspect for risk management will evaluate the costs that were incurred due to preventable problems. Also, costs due to increased warehouse space, vendor changes, and discount changes. A significant risk in cost for this company is the cost of legal defense. The legal aspect for risk management will evaluate regulatory compliance failures and actions that could result
7.2 Describe how to carry out a risk assessment and risk management in line with policies and procedures
The concept of project scope may be one of the most ample in project management. It involves objectives, limits and intentions. Every requirement in a project as well as its characteristics must be dealt with when planning the scope. Even though it 's reasonable to say that every project is unique, the causes for which it fails are generally the same. And if you already know what these causes are, you can minimize the likelihood of problems being repeated and thus increase the chance of success.
The project scope statement is a key element in any new project. It is used to outline the results that the project will produce and the terms and conditions under which the work will be performed. Upper management, the requestor of the project and the project team need to all agree on the
Managing risks - ensuring that the business will gain benefits, more so that being affected by costs. This can involve developing control procedures that management and staff can follow to ensure practices are being completed appropriately and are going towards the organisation’s goals. Control procedures can include:
The most significant part of utilization is planning and will not even be credible for security, unless a full risk assessment is completed. Security planning encompasses the development of security guidelines as well as employing restrictions prohibiting computer risks from developing into the here and now. It is impossible to move forward with a plan of action prior to the risk assessment being implemented. The risk assessment will be responsible as a
This chapter also addresses the way decisions on security issue should be channeled. This chapter advised that security program should be driven in a top-down approach. In this case, the top management will drive, , support and give directions for the security program, which will then be passed over to the middle management staff and then to member staffs.
your small group earlier in the Unit, assume the role of an IT manager assigned by YieldMore’s senior
A constraint is a limitation or a restriction. This is anything which can delay the project. In order to figure out how to avoid constraints, it is important to first establish what
Constraints. Constraints are limiting factors which define outer limits and have to be respected while making a decision. For example, limited availability of funds is a constraint with which most decision makers have to live.
Research shows that various risk management tools exist, ranging from the strict minimum to very comprehensive methodological (Harrison 1997). In different countries there are different methods applied in risk management, however the methodology is the same, systems characterization and description, threat and vulnerability identification, risk assessment and recommended
Therefore risk mitigation aim at reducing he some internal and external threats which can hinder the performance of the organization. so these risk mitigation focus on the use of some structured policies and guidelines for the entire system to be installed on the network. Thus management should favor the control
Risk management is the term applied to a logical and systematic method of establishing the context, identifying, analyzing, evaluating, treating, monitoring and communicating risks associated with any activity, function or process in a way that will enable organizations to minimize losses and maximize opportunities. (Lecture notes)Risk Management is also described as 'all the things you need to do to make the future sufficiently certain'. (The NZ Society for Risk Management, 2001)
The reader will become familiarised with the term risk and it definitions from specifically the ISO 31000 standard of risk management and also the definition of risk from the criminology crime triangle. Which one of these two definitions that are the most suitable for usage within the security industry will be discussed and evaluated. How and why consequence is important when assessing risk priorities and determining where to allocate resources will be examined and answered.
Concept of risk, risk assessment, risk management and how uncertainty affects the process will be discussed.