“Business Goals and Constraints.” Please respond to the following:
•Discuss some of the key considerations in designing a network design strategy. What approaches have worked for you in your present role or would you propose in a future systems planning role for an organization?
“Technical Goals and Tradeoffs.” Please respond to the following:
•Describe how technical goals can be coupled with information assurance and security considerations in a network design project.
26/09/2018
1
© 2015 Jones and Bartlett Learning, LLC, an Ascend Learning Company
www.jblearning.com
All rights reserved.
Managing Risk in Information Systems
Lesson 2
Risk Management Planning
2 .
CSCI-618: Information Security
Risk Management and Legal
Issues
Page 3Managing Risk in Information Systems
© 2015 Jones and Bartlett Learning, LLC, an Ascend Learning Company
www.jblearning.com
All rights reserved.
Developing a Risk Management Plan
26/09/2018
2
Page 4Managing Risk in Information Systems
© 2015 Jones and Bartlett Learning, LLC, an Ascend Learning Company
www.jblearning.com
All rights reserved.
Objectives of a Risk Management Plan
A list of threats
A list of vulnerabilities
Costs associated with risks
A list of recommendations to reduce the risks
Costs associated with recommendations
A cost-benefit analysis
One or more reports
Page 5Managing Risk in Information Systems
© 2015 Jones and Bartlett Learning, LLC, an Ascend Learning Company
www.jblearning.com
All rights reserved.
Scope of Plan Dimensions
Extent the plan will be organized
Level of implementation
Range of view and outlook
Degree of application and operation
Measurement of effectiveness
Page 6Managing Risk in Information Systems
© 2015 Jones and Bartlett Learning, LLC, an Ascend Learning Company
www.jblearning.com
All rights reserved.
Assignment of Responsibilities
Align resources
Assign responsibilities
Evaluate relationships
26/09/2018
3
Page 7Managing Risk in Information Systems
© 2015 Jones and Bartlett Learning, LLC, an Ascend Learning Company
www.jblearning.com
All rights reserved.
Describing Procedures and
Schedules for Accomplishment
Include a recommended solution for any threat
or vulnerability, with a goal of mitigating the
associated risk.
The solution will often include multiple steps.
Page 8Managing Risk in Information Systems
© 2015 Jones and Bartlett Learning, LLC, an Ascend Learning Company
www.jblearning.com
All rights reserved.
Describing Procedures and
Schedules for Accomplishment
Describe each step in detail.
Include a timeline for completion of each
step.
Remember:
• Management is responsible for choosing the controls
to implement.
• Management is responsible for residual risk.
Page 9Managing Risk in Information Systems
© 2015 Jones and Bartlett Learning, LLC, an Ascend Learning Company
www.jblearning.com
All rights reserved.
Affinity Diagram
26/09/2018
4
Page 10Managing Risk.