Project Part 1 Task 1 Essay

Words: 1373
Pages: 6

Project Part 1 Task 1
Draft Risk Management Plan

Ernest Martinez Jr.
C. Flack
IS3110
October 22, 2012

Purpose The Senior Management of the Defense Logistics Information Services (DLIS) has decided to update the previous risk management plan with a developing, new risk management plan. This new risk management plan will not only minimize the amount of risk for future endeavors, but will also be in compliance with regulations such as the Federal Information Security Management Act (FISMA), Department of Defense (DOD), Department of Homeland Security (DHS), National Institute of Standards and Technology (NIST), Control Objects for Information and Technology (COBIT), and Information Assurance Certification and Accreditation Process
…show more content…
Assessment of risk probability is the measurement of certainty that a risk will occur, and will be assigned a probability percentage from 1% to 100%. A risk with no probability of occurring will be assigned a 1% probability, while a risk probability of 100% will be assigned to a risk event that has occurred.
Assessment of risk impact should use a quantitative method whenever it is possible. The estimated cost, potential delays and reduction of quality are factors that can be estimated and documented in the risk statement.
Risk Response
For each risk identified a response must also be identified. It is the responsibility of the Defense Logistics Information Services directors to select the response for each risk. Using the best possible assessment of the risk and the response options, the Defense Logistics Information Services directors can select the right response for each risk. The probability of a risk event occurring, and the impacts should it occur, will be the basis for determining which actions should be taken to mitigate the risk. One way to evaluate mitigation strategies is to multiply the risk cost times the probability of occurrence (Gibson, 2011). Mitigation strategies that cost less than risk probability should be given great consideration. Possible responses to risk are: * Avoidance – Change processes and objectives to avoid the risk. * Transference – Shift