For the final assignment, you must design a corporate risk management plan for FSB as part of their corporate security program. The format for the plan must be as follows:
- Introduction – State of the Organization
- corporate management of systems and applications
- threats every organization or institution faces in the era of mobile and cloud computing
- Organizational chart
- Network diagram
- Objectives of the Risk Management Plan – Risk Statement with a definition of IT emergencies, ranking the nature of incidents—whether they are natural, technical, human resources, or cyber-threats.
- Business Impact Analysis (BIA) for FSB
- Plan of Action and Milestones (POAM) – Action Plan for Incident
- Risk Reduction Strategies for Mobile Device Management (MDM)
- Tool recommendations
- Response and Risk Management
- Strategies to assess and mitigate risk and maintain privacy when cloud computing is used in a production environment.
- Sequence, workflow, or flowchart illustrating the steps to follow when responding to an incident.
- Steps to follow and recommended tools to use to perform a vulnerability assessment.
- Disaster Recovery Sites – Remote Locations
- IP lines redirect to a different location inside the organization (cold site).
- Temporary IT center contracted for the purposes of partial recovery of business functions (hot site).
- Inventory – Hardware and network architecture, databases, and applications—classified in criticality levels.
- Backup Strategy that documents protection and electronic files replication.
- Transfer Strategy – Steps to follow to transfer operations to a remote location.
- Testing Plan for implementing drills, including frequency and results reporting.
- Plan Distribution
- User Awareness and Training of Emergency Committee Personnel
Length: 15-17 page technical paper – APA
References: Minimum of 10 scholarly resources
Ali, M., Khan, S. U., & Vasilakos, A. V. (2015, June 1). Security in cloud computing: Opportunities and challenges. Information Science, 305, 357-383.
Brennan, J. (2018). The role of intelligence in corporate security. Security Solutions for Enterprise Security Leaders, 55(5), 22.
Georg, L. (2017). Information security governance: Pending legal responsibilities of non-executive boards. Journal of Management & Governance, 21(4),