1. Might an effective risk management plan be considered a process that may restore all systems, businesses, processes, facilities, and people? What are the major issues to consider?
2. Based on the Barr (2011) article, what changes would you recommend for the Information Security Forum’s 2007 Standard? Which of these changes must be incorporated into the enterprise’s risk management plan?
Individual Assignments 1 & 2
1. Prepare a 3- to 5-page paper(double spaced) that identifies the possible risks to an organization in each of the following outsourcing situations: a) the use of an external service provider for your data storage; b) the use of an enterprise service provider for processing information systems applications such as a payroll, human resources, or sales order taking; c) the use of a vendor to support your desktop computers; and d) the use of a vendor to provide network support. The paper will include a risk mitigation strategy for each situation. One mitigation strategy, because of personnel and facility limitations, cannot be proposed in the paper, because it eliminates the outsourcing by bringing the situation in house.
2. McBride Financial Services is opening an office in Boise, Idaho (head office). Prepare a comprehensive risk assessment for McBride’s management team. The risk assessment should identify potential risks that could impact the operation of the business. The paper, 2-3 pages (double spaced) should cover the potential targets of criminal activity, potential targets of terrorist activity such as government offices, law enforcement agencies, or politically sensitive businesses or services