Project Part 3: Risk Mitigation Plan
Senior management at Health Network allocated funds to support a risk mitigation plan. They have requested that the risk manager and team create a plan in response to the deliverables produced within earlier phases of the project.
The risk mitigation plan should address the identified threats described in the scenario for this project, as well as any new threats that may have been discovered during the risk assessment. You have been assigned to develop a publish of this new plan.
Again, you will look at the risks you did during the risk assessment:
Eternalblue
VSFTPd
The BIG MAC
The risk you developed
STOP. Please make sure you review the Week 8 CS536 Risk Mitigation Help resource
PART I: For each of your risks, you need to come up with two controls or countermeasures. A good starting point would be NIST SP 800-53 that we used in week 7. The controls/countermeasures should be specific. I am not just looking for the control number. Provide the specifics on the control and replace the organizational template with what you would recommend.
PART II: What is the cost to implement these 8 controls. Consider the initial cost (equipment), facility costs, installation costs, licensing costs, training costs, and perhaps personnel costs. This should be organized by risk. Although in practice, there will be some overlapping of controls and countermeasures, for this project you can only use a control/countermeasure one time.
Part III: Timeline to implement. Develop a realistic schedule to implement these controls and countermeasures.
Part IV: Operational impact. Again address each risk individually on what, if any, operational impact will these controls/countermeasures have on the users/stakeholders or employees at Health Networks

Related posts: