For the first part of the assigned project, you must create an initial draft of the final risk management plan. To do so, you must:
- Develop and provide an introduction to the plan by explaining its purpose and importance.
- Create an outline for the completed risk management plan.
- Define the scope and boundaries of the plan.
- Research and summarize compliance laws and regulations that pertain to the organization.
- Identify the key roles and responsibilities of individuals and departments within the organization as they pertain to risk management.
- Develop a proposed schedule for the risk management planning process.
- Create a professional report detailing the information above as an initial draft of the risk management plan.
Write an initial draft of the risk management plan as detailed in the instructions above. Your plan should be made using a standard word processor format compatible with Microsoft Word.
Evaluation Criteria and Rubrics
- Did the student demonstrate an understanding of the competencies covered in the course thus far?
- Did the student include all important components of a risk management plan in the outline?
- Did the student demonstrate good research, reasoning, and decision-making skills in identifying key components and compliance laws and regulations?
Did the student create a professional, well-developed draft with proper grammar, spelling, and punctuation?
Assessment Worksheet
Aligning Risks, Threats, and Vulnerabilities to COBIT P09 Risk Management Controls Course Name and Number: _____________________________________________________ Student Name: ________________________________________________________________ Instructor Name: ______________________________________________________________ Lab Due Date: ________________________________________________________________
Overview
In this lab, you defined COBIT P09, you described COBIT P09’s six control objectives, you explained how the threats and vulnerabilities align to the definition for the assessment and management of risks, and you used COBIT P09 to determine the scope of risk management for an IT infrastructure.
Lab Assessment Questions & Answers
1. What is COBIT P09’s purpose?
2. Name three of COBIT’s six control objectives.
3. For each of the threats and vulnerabilities from the Identifying Threats and Vulnerabilities in an IT Infrastructure lab in this lab manual (list at least three and no more than five) that you have remediated, what must you assess as part of your overall COBIT P09 risk management approach for your IT infrastructure?
4. True or false: COBIT P09 risk management control objectives focus on assessment and management of IT risk.
17
Copyright © 2015 by Jones & Bartlett Learning, LLC, an Ascend Learning Company. All rights reserved. www.jblearning.com Student Lab Manual
5. What is the name of the organization that defined the COBIT P09 Risk Management Framework?
6. Describe three of the COBIT P09 control objectives.
7. Describe three of the COBIT P09.1 IT Risk Management Framework control objectives.
- Course Name and Number: ISOL533—Information Security & Risk Management
- Student Name: Karpuram Naga Shravya
- Instructor Name: Margaret Leary
- Lab Due Date: 11/06/2016
- Text16: Its purpose is to guide the outlook of risk management for an information technology infrastructure
- Text17: Plan and Organize, and Implement
- Text18: Denial of service attack- one should seal all the safe harbors and make changes to passwords in use. Loss of Production Data- one should routinely backup all the data and restore it from the most current safe location. Unauthorized access Workstation- one should come up with an effective a plan where employees are required to change their login credentials such as passwords every sixty days, and also implement the usage of screen lockouts when employees step away from their respective workstations.
- Text19: True
- Text20: ISIAC is the name of the organization that clearly outlined and described the COBIT P09 risk management framework.
- Text21: 1. Plan and Organize is the domain objective that deals with the strategy and tactics. Itinvolves the identification of the ways in which information technology can be used tooffer the accomplishment of the business intention. 2. Acquire and Implement objective realizes the information technology strategies, the solutions that need to be identified, built, or acquired and implemented and finally integrate the solutions into the business process. 3. Monitor and Evaluate objective is where several issues are addressed and they include performance management, monitoring of internal control, regulatory compliance and finally governance. The issues are then assessed for quality and compliance with control requirements.
- Text22: There are three control objectives of the COBIT P09.1 Risk Management framework and the first one is to guarantee that the risk management is fully installed in the management method both internally and externally and ensuring that it’s always applied. Second, one should perform risk assessments to check for any threats and areas that need more attention. Lastly, there is the control objective that recommends and communicates the risk action plan.
Assessment Worksheet
Aligning Risks, Threats, and Vulnerabilities to COBIT P09 Risk Management Controls Course Name and Number: _____________________________________________________ Student Name: ________________________________________________________________ Instructor Name: ______________________________________________________________ Lab Due Date: ________________________________________________________________
Overview
In this lab, you defined COBIT P09, you described COBIT P09’s six control objectives, you explained how the threats and vulnerabilities align to the definition for the assessment and management of risks, and you used COBIT P09 to determine the scope of risk management for an IT infrastructure.
Lab Assessment Questions & Answers
1. What is COBIT P09’s purpose?
2. Name three of COBIT’s six control objectives.
3. For each of the threats and vulnerabilities from the Identifying Threats and Vulnerabilities in an IT Infrastructure lab in this lab manual (list at least three and no more than five) that you have remediated, what must you assess as part of your overall COBIT P09 risk management approach for your IT infrastructure?
4. True or false: COBIT P09 risk management control objectives focus on assessment and management of IT risk.
17
Copyright © 2015 by Jones & Bartlett Learning, LLC, an Ascend Learning Company. All rights reserved. www.jblearning.com Student Lab Manual
5. What is the name of the organization that defined the COBIT P09 Risk Management Framework?
6. Describe three of the COBIT P09 control objectives.
7. Describe three of the COBIT P09.1 IT Risk Management Framework control objectives.
- Course Name and Number: ISOL533—Information Security & Risk Management
- Student Name: Karpuram Naga Shravya
- Instructor Name: Margaret Leary
- Lab Due Date: 11/06/2016
- Text16: Its purpose is to guide the outlook of risk management for an information technology infrastructure
- Text17: Plan and Organize, and Implement
- Text18: Denial of service attack- one should seal all the safe harbors and make changes to passwords in use. Loss of Production Data- one should routinely backup all the data and restore it from the most current safe location. Unauthorized access Workstation- one should come up with an effective a plan where employees are required to change their login credentials such as passwords every sixty days, and also implement the usage of screen lockouts when employees step away from their respective workstations.
- Text19: True
- Text20: ISIAC is the name of the organization that clearly outlined and described the COBIT P09 risk management framework.
- Text21: 1. Plan and Organize is the domain objective that deals with the strategy and tactics. Itinvolves the identification of the ways in which information technology can be used tooffer the accomplishment of the business intention. 2. Acquire and Implement objective realizes the information technology strategies, the solutions that need to be identified, built, or acquired and implemented and finally integrate the solutions into the business process. 3. Monitor and Evaluate objective is where several issues are addressed and they include performance management, monitoring of internal control, regulatory compliance and finally governance. The issues are then assessed for quality and compliance with control requirements.
- Text22: There are three control objectives of the COBIT P09.1 Risk Management framework and the first one is to guarantee that the risk management is fully installed in the management method both internally and externally and ensuring that it’s always applied. Second, one should perform risk assessments to check for any threats and areas that need more attention. Lastly, there is the control objective that recommends and communicates the risk action plan.
"Looking for a Similar Assignment? Get Expert Help at an Amazing Discount!"
