Question:
The Case study scenario:
Your report on the need for a Security Management Program has been accepted, but they management have requested more information on the need for a risk management program. Specifically, they have asked for an explanation of benefits of a risk management plan, the steps for creating a risk management plan, a description of risk assessment process.
To meet the client’s request, you need to do the following:
Document contents:
Explanation of benefits and purpose of a risk assessment. Description of risk assessment process.
Outline the steps for creating a risk management plan.
Identify and describe the major components of a contingency plan. A set of asset and risk priorities
- Identification of Assets.
(One asset from each of the different categories: people, process, hardware and software).
- Identification of threats/vulnerabilities.
(One threat from each of the different categories: Internal, external, deliberate, and accidental).
- Priorities determined.
- Preliminary impact of risks Suggested controls for each threat.
To assist with their understanding of risk assessment and management you have decided to consider 4 assets and 4 threats to be used to complete the tables below.
To effectively demonstrate your skill, the tables would need to include examples of assets from different categories: people, process, hardware and software. Threats should also include examples from different categories: Internal, external, deliberate, and accidental.
