Scribd
Upload
33 views2 pages

IAA202 IA1806 LocPDT Lab3

The document outlines an IT Risk Management Plan, detailing its goals, fundamental components, and processes. Key aspects include risk identification, assessment, mitigation, monitoring, and the importance of a dedicated risk management team. It also highlights specific risks and tools for monitoring and mitigating those risks within an IT infrastructure.

Uploaded by

locpdtse171275
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as PDF, TXT or read online on Scribd
33 views2 pages

IAA202 IA1806 LocPDT Lab3

The document outlines an IT Risk Management Plan, detailing its goals, fundamental components, and processes. Key aspects include risk identification, assessment, mitigation, monitoring, and the importance of a dedicated risk management team. It also highlights specific risks and tools for monitoring and mitigating those risks within an IT infrastructure.

Uploaded by

locpdtse171275
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as PDF, TXT or read online on Scribd
You are on page 1/ 2

Lab #3: Assessment Worksheet

Define the Scope & Structure for an IT Risk Management Plan

Course Name: (IAA202) Risk Management in Information Systems


Student Name: Phạm Đức Tài Lộc__________________________
Instructor Name:DINHH______________________________________
Lab Due Date: 12/2/202____________________________________________
Overview
Answer the following Lab #3 – Assessment Worksheet questions pertaining to your IT risk
management plan design and table of contents.
Lab Assessment Questions
1. What is the goal or objective of an IT risk management plan?
Identify, assess, and mitigate risks to ensure IT security, compliance, and business
continuity.
2. What are the five fundamental components of an IT risk management plan?
Risk identification, risk assessment, risk mitigation, risk monitoring, and risk communication.
3. Define what risk planning is.
The process of defining strategies to identify, assess, and mitigate potential risks before they
impact IT operations.
4. What is the first step in performing risk management?
Risk identification – recognizing threats, vulnerabilities, and potential impacts.
5. What is the exercise called when you are trying to identify an organization’s risk health?
Risk assessment or risk audit.
6. What practice helps reduce or eliminate risk?
Risk mitigation – implementing controls to minimize risk impact.
7. What on-going practice helps track risk in real-time?
Risk monitoring using security tools, SIEM, and log analysis.
8. Given that an IT risk management plan can be large in scope, why is it a good idea to
development a risk management plan team?
Divides responsibilities, enhances expertise, and ensures a structured approach to risk
management.
9. Within the seven domains of a typical IT infrastructure, which domain is the most difficult
to plan,identify, assess, remediate, and monitor?
User Domain – unpredictable behavior, phishing risks, and insider threats.
10. From your scenario perspective, with which compliance law or standard does your
organization have to comply? How did this impact the scope and boundary of your IT risk
management plan?
Defines security controls, reporting requirements, and affects policy enforcement. (e.g.,
GDPR, ISO 27001).
11. How did the risk identification and risk assessment of the identified risks, threats, and
vulnerabilities contribute to your IT risk management plan table of contents?
Shapes risk priorities, response strategies, and mitigation frameworks in the IT risk
management plan.
12. What risks, threats, and vulnerabilities did you identify and assess that require immediate
risk mitigation given the criticality of the threat or vulnerability?
Zero-day vulnerabilities, unpatched software, weak authentication mechanisms, and insider
threats.
13. For risk monitoring, what techniques or tools can you implement within each of the seven
domains of a typical IT infrastructure to help mitigate risk?
SIEM (Splunk), IDS/IPS (Snort), endpoint protection (EDR), vulnerability scanners (Nessus),
and network monitoring (Wireshark).
14. For risk mitigation, what processes and procedures are needed to help streamline and
implement risk mitigation solutions to the production IT infrastructure?
Processes for risk mitigation: Incident response plans, patch management, access control
policies, backup strategies, and disaster recovery plans.

15. How does risk mitigation impact change control management and vulnerability
management?

Change control: Ensures security updates are tested before deployment.


Vulnerability management: Prioritizes patching critical vulnerabilities to reduce attack
surface.

You might also like