In a risk management plan you must first, establish the objectives. What is the exercise called when you are trying to identify an organization’s risk health? When trying to identify an organization’s risk health, you would use the Health Risk Assessment exercise. What practices helps reduce or eliminate risk?
What on-going practice helps track risk in real-time?
Given that an IT risk management plan can be large in scope, why is it a good idea to develop a risk management plan team? Scope identifies boundaries. So, if the plan is that large in scope, a team would work obviously together and not against to maintain its structure in nature and have consensus.
Within the seven domains of a typical IT infrastructure, which domain is the most difficult to plan, identify, assess, remediate, and monitor? LAN-WAN
From your scenario perspective, with which compliance law or standard does your organization have to comply? NERC-CIP Compliance: (critical infrastructure protection) plan is a set of requirements designed to secure assets vital to reliably operating North America’s bulk electric system. How did the risk identification and risk assessment of the identified risks, threats, and vulnerabilities contribute to your IT risk management plan table of contents? It was detailed properly to locate provided information needed. What risks, threats, and vulnerabilities did you identify and assess that require immediate risk mitigation given the criticality of the threat or vulnerability? None: All compliance was meet
For risk monitoring, what techniques or tools can you implement within each of the seven domains of a typical IT infrastructure to help mitigate risk? Anything possible, man or man-made to properly assess, identify and deal with possible risks. For risk mitigation, what processes and procedures are needed to help streamline and implement risk mitigation solutions to the production IT infrastructure? I should start with each and every one of the seven domains, and do a risk analysis and trying to find vulnerabilities that could be exploited, and take necessary actions utilizing any tool available to mitigate or eliminate unnecessary risk if possible, for example disabling ports on an application server, web server, eliminating unnecessary processes, penetration testing and implementing a user awareness program and a strict AUP. How does risk mitigation impact change control management and vulnerability management? Change control is a systematic way to approaching change, within an organization, it can prevent the possibility of services becoming interrupted and if so, provide a plan to bring them back up as soon as possible.