risk mitigation

User Generated

CebsrffbeUbarl

Computer Science

Description

Attached are the templates that you must download, complete and submit here. Instructions are located in the templates. Both the excel file and the word file should be submitted.

Unformatted Attachment Preview

ISOL 533 - Information Security and Risk Management University of the Cumberlands RISK MITIGATION PLAN REMOVE ANY HIGHLIGHTED TEXT BEFORE SUBMISSION EXECUTIVE SUMMARY CRITICAL “1” RISKS AND SHORT-TERM REMEDIATION < For each “1” risk, add the Remediation you would put into place to Mitigate/Control that risk. Then, add a Cost-Benefit Analysis to show the estimated cost of the loss versus the cost to control the loss. You will need to think about how you would mitigate/control the risk and what type of cost would be associated with that mitigation. REMOVE THIS HIGHLIGHTED TEXT BEFORE SUBMITTING THE PAPER FOR GRADING.> The risk/threats identified are: I. Loss of customers due to production outages caused by various events, such as natural disasters, change management, unstable software, and others a. Remediation: b. CBA: II. Loss or destruction of company information due to insider threats a. Remediation: b. CBA: MAJOR “2” / MINOR “3” LONG-TERM REMEDIATION < For each “2” risk and “3” risk, add the Remediation you would put into place to Mitigate/Control that risk. Then, add a Cost-Benefit Analysis to show the estimated cost of the loss versus the cost to control the loss. You will need to think about how you would mitigate/control the risk and what type of cost would be associated with that mitigation. REMOVE THIS HIGHLIGHTED TEXT BEFORE SUBMITTING THE PAPER FOR GRADING. > I. Loss of company data due to hardware being removed from production systems a. Remediation: b. CBA: II. Loss of company information on lost or stolen company-owned assets, such as mobile devices and laptops a. Remediation: ISOL 533 - Information Security and Risk Management University of the Cumberlands RISK MITIGATION PLAN b. CBA: III. Theft of company confidential information due to insider threats. a. Remediation: b. CBA: IV. Loss of customers or revenue due to changes in regulatory landscape that may impact operations. a. Remediation: b. CBA: IMPLEMENTATION PLAN Threat Name Implementation Plan Date 11/01/16 11/02/16 11/03/16 11/04/16 11/07/16 11/07/16 11/07/16 11/07/16 11/10/16 11/10/16 11/11/16 11/14/16 11/16/16 11/18/16 11/18/16 11/18/16 11/21/16 11/22/16 11/27/16 11/30/16 11/28/16 11/28/16 Problem Experienced Lockups Lockups Memory Errors Lockups Weekly Virus Scan Lockups Memory Errors Memory Errors Slow Startup Weekly Virus Scan Memory Errors Memory Errors Manual Re-start Memory Errors Weekly Virus Scan Lockups Memory Errors Memory Errors Memory Errors Weekly Virus Scan Memory Errors Lockups Downtime Minutes 25 35 10 40 60 30 35 20 45 60 30 10 20 35 60 25 35 20 40 60 15 25
Purchase answer to see full attachment
User generated content is uploaded by users for the purposes of learning and should be used following Studypool's honor code & terms of service.

Explanation & Answer

Kindle find attached answers

Interested in learning more
about cyber security training?
SANS Institute
Info Sec Reading Room
This paper is from the SANS Institute Reading Room site. Reposting is not permitted without
express written permission.
Information Risks & Risk Management
This brief will cover the various exposures that companies now face as they increasingly rely on
twenty-first century technology. It will cover information in all forms and the new perils that put
this information at risk. Classification of data into categories will determine the type and degree
of risk. The types of processes and controls that firms can implement to minimize these risks will
be examined. Within each section, targeted references and tips are provided for further insight.
Finally, the paper will address...
Abstract
This brief will cover the various exposures that companies now face as they increasingly rely on
twenty-first century technology. It will cover information in all forms and the new perils that put
this information at risk. Classification of data into categories will determine the type and degree
of risk. The types of processes and controls that firms can implement to minimize these risks will
be examined. Within each section, targeted references and tips are provided for further insight.
Finally, the paper will address the steps needed to react, respond, and remediate in the event of

an untoward event. As a postscript, the paper will also cover the forms of insurance available to
help alleviate the financial pain often associated with these types of events.
1. Introduction
In a relatively short period of time, data in the business world has moved from
paper files, carbon copies, and filing cabinets to electronic files stored on very powerful
computers. We have gone from securing paper files in a file room within an office, to
securing data on computers accessed on networks and via the Internet—a massive
paradigm shift.
Managing records in electronic form has created a whole new industry, which, in
turn, has created a seemingly quenchless thirst for smaller, faster, and more powerful
technology. The result is a need for tools to manage and secure this electronic
information efficiently and effectively. One could go on, but you get the point.
We have grown accustomed to experiencing change far more quickly than most of
us could ever have imagined. It is, in fact, this twenty-first century business paradigm
that has given rise to Information Risks. Information Risk is the probability that nonpublic
or confidential electronically stored information could be accessed and/or
exploited by unauthorized parties. It probably does not require much concentration to
name a few companies who have been profiled in the news, not for their products or

services, but for their alleged failure to protect non-public or private information in their
care, custody, and control. Security incidents on computer networks and the ramifications
of someone, or something, gaining unauthorized access to sensitive data are the key
elements of Information Risk, a growing problem for businesses in every sector that
utilizes technology.
Information risk, when uttered out loud in a conference room full of risk
managers, can cause the room to go very quiet. Risk Manag...


Anonymous
Super useful! Studypool never disappoints.

Studypool
4.7
Trustpilot
4.5
Sitejabber
4.4

Related Tags