5-1project

.docx

School

Southern New Hampshire University *

*We aren’t endorsed by this school

Course

313

Subject

Information Systems

Date

Dec 6, 2023

Type

docx

Pages

8

Uploaded by KidTitanium2988

Report
Datonian Zollicoffer IT-313 5-1 SUBMIT PROJECT ONE: ANALYZE THE DESIGN OF A RISK MITIGATION PLAN
Scope: Effective risk management is a crucial element for the success of any organization. Failure to monitor and address potential threats exposes an organization's systems and data to the risk of exploitation by malicious actors. Consequently, it is essential for organizations to develop and periodically review a Risk Mitigation Plan, particularly as threats are continually evolving. The Risk Mitigation Plan of Workers Werks Credit Union (WWCU) outlines its objectives, focusing on managing security-related risks associated with the implementation of software and hardware within the credit union. The plan draws upon standards such as NIST SP 800-30, ISO 31000:2018, and ISO/IEC 27005:2018 to establish the necessary guidelines and regulations for effective risk management concerning the protection of organizational data. Within the plan, specific components include defining the roles and responsibilities of individuals within the organization, establishing an escalation process, outlining the risk management procedure, assessing risks, identifying assets and threats, evaluating existing controls, defining vulnerabilities and potential consequences. Additionally, the plan details the analysis process for identified risks, including how they are addressed and documented for future reference. The Risk Mitigation Plan effectively achieves a balance between risk and cost by offering clear guidelines for identifying the assets of the organization and the potential threats associated with their utilization. It acknowledges the critical importance of the organization's assets and underscores the potential severity of consequences in the event of compromise by threat actors. The plan not only emphasizes the value of organizational assets but also outlines the magnitude of potential adverse consequences.
Moreover, the plan provides comprehensive guidance on analyzing risks to the organization's assets and outlines strategies for their mitigation. By addressing the identification, assessment, and treatment of risks, the plan establishes a framework to safeguard the organization's assets while considering the associated costs and potential impacts. The Risk Mitigation Plan comprehensively addresses the organization's objectives using the CIA Triad principles of Confidentiality, Integrity, and Availability as best practices. Confidentiality, in this context, pertains to safeguarding information gathered by the organization from unauthorized access. Integrity ensures that the data collected from consumers is maintained in a reliable manner, preventing unauthorized alterations or modifications. Availability refers to the accessibility of gathered data by consumers or the organization when needed (Washington University in St. Louis, 2023). The plan also incorporates the NIST SP 800-30 (Risk Management Guide for Information Technology Systems) as a reference, aiding in the formulation of the risk mitigation plan. Furthermore, the plan specifically addresses potential cybersecurity impacts on stakeholders, identifying key individuals within the organization. It delineates the roles and responsibilities of these key stakeholders, providing clarity on the actions they should take in the event of a cybersecurity incident. An escalation process is outlined, detailing the information about which individuals are authorized to take actions based on the severity level of the incident. Risk: The Risk Mitigation Plan effectively identifies potential risks, vulnerabilities, and threats that have the potential to impact critical business functions and processes. Within the plan, vulnerabilities are acknowledged, and additional guidance is provided through referencing the
Your preview ends here
Eager to read complete document? Join bartleby learn and gain access to the full version
  • Access to all documents
  • Unlimited textbook solutions
  • 24/7 expert homework help