The Risk Management Plan

659 Words3 Pages
Risk Management In order to maximize the risks of security for the information system, there are five pillars: protection, detection, reaction, documentation, and prevention. Each pillar has its own function in the risk management plan. It takes all five pillars for a successful risk management plan to work. Protection is the first and most crucial step. (Ameri, 2004) Protection is the plan to clearly define and precisely know what is being protected, how to plan for protection, and the overall value. It is extremely important to define and know what needs to be protected and the value in order to analyze for a successful plan and maximize costs. Therefore, an assessment is needed to come up with a plan. For an information technology system, related information, such as, hardware, software, interface, users, criticality, and sensitivity, as well as, operational values, are all a part of the value of the system. (Stoneburner) The effect of each component needs to be considered in the value. By determining the effect of each component, the overall value of the system to the organization can be determined. From there, the impact of vulnerabilities and threats can be analyzed. The risk formula that should be used in determining reasonable costs associated to the risk management is risks = threats x vulnerabilities x impact. (Olzak, 2007) If any one of these factors can be reduced or eliminated, there could be a significant reduction in the risks to the information

More about The Risk Management Plan

Open Document