Professional Documents
Culture Documents
Chapter04-Developing A Risk Management Plan
Chapter04-Developing A Risk Management Plan
Chapter04-Developing A Risk Management Plan
http://fpt.edu.vn 20/05/2019 2
Objectives of a
Risk Management Plan
• A list of threats
• A list of vulnerabilities
• Costs associated with risks
• A list of recommendations to reduce the risks
• Costs associated with recommendations
• A cost-benefit analysis
• One or more reports
http://fpt.edu.vn 20/05/2019 3
Objectives of a
Risk Management Plan (cont.)
• Implementation of the plan
– Document management decisions.
– Document and track implementation of accepted recommendations.
– Include a POAM (Plan of Action and Milestones).
http://fpt.edu.vn 20/05/2019 4
Objectives Example: Web Site
• Identify threats
• Identify vulnerabilities
• Assign responsibilities
• Identify the costs of an outage
• Provide recommendations
• Provide a cost-benefit analysis (CBA)
http://fpt.edu.vn 20/05/2019 5
Objectives Example: Web Site (cont.)
http://fpt.edu.vn 20/05/2019 6
Scope of a Risk Management Plan
http://fpt.edu.vn 20/05/2019 7
Assigning Responsibilities
• Risk management PM
• Stakeholders
• Departments or department heads
• Executive officers such as CIO or CFO
http://fpt.edu.vn 20/05/2019 8
Risk Management PM
http://fpt.edu.vn 20/05/2019 9
Affinity Diagrams
http://fpt.edu.vn 20/05/2019 10
Affinity Diagrams: Web Site (cont.)
http://fpt.edu.vn 20/05/2019 11
Describing Procedures
and Schedules for Accomplishment
• After the project has started
• Include a recommended solution (short phrase) for any
threat or vulnerability
• Goal of mitigating the associated risk.
http://fpt.edu.vn 20/05/2019 12
Reporting Requirements
• Present recommendations
• Document management response to recommendations
• Document and track implementation of accepted
recommendations
• Plan of action and milestones (POAM)
http://fpt.edu.vn 20/05/2019 13
Plan of Action and Milestones
http://fpt.edu.vn 20/05/2019 14