University of the Cumberlands Risk Management Process in IT Research Paper
Question Description
1. Describe in what ways the risk management process in both IT and non-IT environments are similar. Briefly describe in your own words the five major steps of risk management: plan, identify, assess, respond and monitor.
2. Assume the following table of risks, threats, and vulnerabilities were found in a health care IT infrastructure servicing patients with life-threatening conditions. Review the risks in the table. Consider how you might manage each risk and which of the seven domains each one affects:
|
Risks, Threats, and Vulnerabilities |
|
Unauthorized access from public Internet |
|
Hacker penetrates IT infrastructure and gains access to your internal network |
|
Communication circuit outages |
|
Workstation operating system (OS) has a known software vulnerability |
|
Denial of service attack on organizationâ€TMs e-mail |
|
Remote communications from home office |
|
Workstation browser has software vulnerability |
|
Weak ingress/egress traffic-filtering degrades performance |
|
Wireless Local Area Network (WLAN) access points are needed for Local Area Network (LAN) connectivity within a warehouse |
|
Need to prevent rogue users from unauthorized WLAN access |
|
User destroys data in application, deletes all files, and gains access to internal network |
|
Fire destroys primary data center |
|
Intraoffice employee romance gone bad |
|
Loss of production data server |
|
Unauthorized access to organization-owned workstations |
|
LAN server OS has a known software vulnerability |
|
User downloads an unknown e-mail attachment |
|
Service provider has a major network outage |
|
User inserts CDs and USB hard drives with personal photos, music, and videos on organization-owned computers |
|
Virtual Private Network (VPN) tunneling between the remote computer and ingress/egress router |
3. For each of the domains, create an outline in the scope of your risk management plan. Include the following topics as the five major parts of an IT risk management process—for each domain:
Risk planning
Risk identification
Risk assessment
Risk response
Risk monitoring
Have a similar assignment? "Place an order for your assignment and have exceptional work written by our team of experts, guaranteeing you A results."
