Security Risk Management Plan Essay

2013 Words Dec 5th, 2011 9 Pages
SECURITY RISK MANAGEMENT PLAN

Prepared by Jeremy Davis

Version control

Project title | Security Risk Management Plan Draft | Author | Jeremy Davis | VC | 1.0 | Date | 25/10/10 |

Contents Executive summary 4 Project purpose 5 Scope of Risk management 5 Context and background 5 Assumptions 5 Constraints 5 Legislation/Standards/Policies 6 Risk management 6 Identification of risk 7 Analysis of risk 8 Risk Category 9 Review of Matrix 9 Action plan 9 Testing Procedures 11 Maintenance 11 Scheduling 11 Implementation 12 Training 12 Milestones 12 Monitoring and review 13 Definition 13 Authorisation 14 Reference 15

Executive summary

A Security Risk Management Plan (SRMP) helps CBS
…show more content…
This is achieved through the assessment of the business, operations, staff, assets, risks, legislations, standards and policies.

Context and background

Definition of Risk management
The analysing of risks and implementation of risk controls to minimise and prevent risks from occurring to the business.

Assumptions

Assumptions must be identified that the business may be working to understand and gather more information. Assumptions are what the project team have expected to have or be made available throughout the program. * SMRP approved * SMRP implemented strategies are tested and is successful * SMRP meets requirements
Constraints

Constraints are usually a list in which provides the limitations and restrictions that the project team may encounter. * Budget issues * Must check if plan meets legislations, standards and policies * Approval of Security risk management plan may delay * Implementation of strategies

Legislation/Standards/Policies

When considering risk management, you must state legal and regulatory framework. You must identify in order to follow and meet the requirements for the Security Risk Management Plan

* ‘Australian /New Zealand Risk Management 4360 1999’ * Standard ISO/IEC 27002 Information technology — Code of practice for information security management * Standard ISO/IEC 27004 Information technology — Information
Open Document