Lab #3: Assessment Worksheet
Define the Scope & Structure for an IT Risk Management Plan
Course Name: _____________________________________________________________
Student Name: _____________________________________________________________
Instructor Name: ___________________________________________________________
Lab Due Date: _____________________________________________________________
Overview
The Instructor will assign your group one of the following scenarios and industry verticals. You
must
align your IT risk management plan from this scenario and industry vertical perspective along
with any
compliance law requirements.
1. Circle the scenario and industry vertical your Instructor assigned to your group:
a. Healthcare provider under HIPPA compliance law
b. Regional bank under GLBA compliance law
c. Nationwide retailer under PCI DSS standard requirements
d. Higher-education institution under FERPA compliance law
2. Make sure your table of contents addresses your scenario and vertical industry.
3. Make sure your table of contents includes at a minimum, the five major parts of IT risk
management:
• Risk planning
• Risk identification
• Risk assessment
• Risk mitigation
• Risk monitoring
4. Make sure your table of contents is executive management ready and addresses all the risk
topics and
issues needed for executive management awareness.
5. Answer Lab #3 – Assessment Worksheet questions and submit as part of your Lab #3
deliverables
Lab #3: Assessment Worksheet
Define the Scope & Structure for an IT Risk Management Plan
Course Name: _____________________________________________________________
Student Name: _____________________________________________________________
Instructor Name: ___________________________________________________________
Lab Due Date: _____________________________________________________________
Overview
Answer the following Lab #3 – Assessment Worksheet questions pertaining to your IT risk
management
plan design and table of contents.
Lab Assessment Questions
1. What is the goal or objective of an IT risk management plan?
2. What are the five fundamental components of an IT risk management plan?
3. Define what risk planning is.
4. What is the first step in performing risk management?
5. What is the exercise called when you are trying to identify an organization’s risk health?
6. What practice helps reduce or eliminate risk?
7. What on-going practice helps track risk in real-time?
8. Given that an IT risk management plan can be large in scope, why is it a good idea to
development a
risk management plan team?
9. Within the seven domains of a typical IT infrastructure, which domain is the most difficult to
plan,
identify, assess, remediate, and monitor?
10. From your scenario perspective, with which compliance law or standard does your
organization have
�to comply? How did this impact the scope and boundary of your IT risk management plan?
11. How did the risk identification and risk assessment of the identified risks, threats, and
vulnerabilities
contribute to your IT risk management plan table of contents?
12. What risks, threats, and vulnerabilities did you identify and assess that require immediate risk
mitigation given the criticality of the threat or vulnerability?
13. For risk monitoring, what techniques or tools can you implement within each of the seven
domains of
a typical IT infrastructure to help mitigate risk?
14. For risk mitigation, what processes and procedures are needed to help streamline and
implement risk
mitigation solutions to the production IT infrastructure?
15. How does risk mitigation impact change control management and vulnerability management?
