MASTER IN INFORMATION TECHNOLOGY Final Examination Technology in Project Management Name: HYDHEE F.

VILLANUEVA Date: March 31, 2012

1. Risk Management Prepare a risk management plan for a logistics management development project for Gateway Logistics. Use the risk assessment report outline below. a. Introduction b. System Characterization Characterize the system hardware, software, system interfaces, data and users. Provide connectivity diagram of flowchart to delineate the scope of the risk assessment activity. c. Threat Statement d. Risk Assessment Results Provide list of observations (vulnerability/ threat pair). Each observation must include: o Discussion of threat-source and vulnerability pair. o Identification of existing mitigating security controls o Likelihood discussion and evaluation o Impact analysis discussion and evaluation o Risk rating o Recommended controls or alternative options e. Summary

RISK MANAGEMENT FOR GATEWAY LOGISTICS

I. Introduction Logistics analysis has been viewed as an important element in the corporate strategy of many organizations. An effective and efficient logistics system is created to meet the requirements of the customers for timely responsiveness, quality and creating value for products and service Risk assessment participants: The participants of this Risk Management Plan for the gateway logistics are the company executive personnel, the technical group and the End-Users. Participant roles in the risk assessment in relation assigned agency responsibilities: Executive Personnel: Their responsibilities are to lead the company in their mission in finding the company risk they were facing. The Technical Group: Their responsibility is to illustrate the risk encountered during the shipping goods.

they

The End-Users: Responsible in performing the company distribution of goods. They are the first person encountered the risk of the company. Risk assessment techniques used: At this assessment we used some data gathering to get the result of this risk problem to this company.

Table A: Risk Classifications

Risk Level High

Risk Description & Necessary Actions The loss of confidentiality, integrity, or availability could be expected to have a severe or catastrophic adverse effect on organizational operations, organizational assets or individuals. The loss of confidentiality, integrity, or availability could be expected to have a serious adverse effect on organizational operations, organizational assets or individuals.

Modera te

The loss of confidentiality, integrity, or availability could be expected to have a limited adverse effect on organizational operations, organizational assets or individuals. II. System characterization Hardware Server: Windows Server 2003 Router: D-Link Software OS: Windows 7 Other Application: Office 2010 System Interfaces Back-End: DB2 Front-End: VB.net

Low

Flowchart

III. Threat statement List of the potential Threat-sources and associated threat action applicable to the system:

Lack of visibility into sub-tier suppliers Companies typically rely on tier 1 suppliers to manage sub-tier suppliers. To assess the wider impact of the disasters, they're now striving to gain better visibility into the ramifications on their sub-tier suppliers. Some companies urged their contract manufacturers and tier 1 suppliers to contact their suppliers to try and assess the situation. But in general, this has been viewed as an effort-intensive step, requiring direct conversations and email exchanges. There doesnt appear to be any systematic approach to enabling this multi-tier visibility.

Access to up-to-date, accurate intelligence With competing intelligence sources and expert opinions, companies are struggling to identify reliable sources of information and are relying on public sources. The companies indicated they rely on their logistics providers for accurate assessments of the local impact.

Lack of radiation expertise Radiation will potentially affect their inbound and outbound transportation, as well as their product and component safety and it might cause broader environmental risk exposure. As the current crisis begins to move toward normality, its time to re-evaluate the layout of your supply network design to make it more resilient to future catastrophes. This may include designing products that allow more flexibility in supply and manufacturing, increasing long-term alternative sources of raw

materials and logistics capability and expanding outsourced manufacturing capacity. It is also a prime opportunity to push for a more robust and funded risk management capability. Will help your organization sense and respond to issues as early as possible, minimizing the impact on your end customers. IV. Risk Assessment Results
o Discussion of threat-source and vulnerability pair.

Analysis consists of the integration of inventory, facility location, transportation, packaging activities and informational flow for the purpose of managing an effective physical flow of outbound and inbound goods and services in a competitive environment. The complete cost and system approach are developed for planning and managing the various logistical functions that are prevalent within the organization. It may be dependent on the techniques of basic sampling and data analysis. This may involve the use of questionnaires and online or electronic ways of gathering information. It is based on an in-hand application of several analytical tools that are beneficial in the field of logistics analysis. Also, examination of several features of the logistical system and the development of skills helpful in analyzing numerous technical logistical issues.

Identification of existing mitigating security controls

The complete process of optimization of plans and procedures paves the way for creating an everlasting and sustainable competitive advantage for the organization throughout a supply chain despite the risks associated so commonly with unbounded challenges. There is a need for the integration of business processes of the organization with its technological systems for the purpose of enhancing speed, organizational responsiveness and flexibility in the networks of customers and suppliers. analysis involves the use of numerous quantitative techniques, strategic and tactical planning on the part of the organization while still giving importance to the sphere of operational research. It involves logistical aspects such as network design, forecasting, inventory control and warehousing. The purpose of the investigation is planning and managing of the modeling and simulation analysis efforts to measure the logistics impact of the changes proposed by logistics management to procedures and techniques as a prototype mechanism. Identification of Vulnerabilities Vulnerabilities were identified by: The End-User

Identification of Threats Threats were identified by: The Management and Technical Personnel

The threats identified are listed in Table C. Table C: Threats Identified

Lack of visibility into sub-tier suppliers Access to up-to-date, accurate intelligence Lack of radiation expertise

Identification of Risks Risks were identified by: Risk Management Team The way vulnerabilities combine with credible threats to create risks is identified Table D.
Table D: Vulnerabilities, Threats, and Risks Risk No. Vulnerability Lack of visibility into sub-tier suppliers 1 Threat wider impact of the disasters Risk of Compromise of Risk Summary

The complete cost Lack of visibility and system into sub-tier approach are suppliers developed for planning and managing the various logistical functions that are prevalent within the organization The companies indicated they rely on their logistics providers for accurate assessments of the local impact. Access to up-todate, accurate intelligence

Access to up-todate, accurate intelligence 2

struggling to identify reliable sources of information

Lack of radiation expertise 3

affect their inbound and outbound transportation

Will help your Lack of radiation organization expertise sense and respond to issues as early as possible, minimizing the impact on your end customers

Likelihood discussion and evaluation

Table G defines the risk likelihood ratings.

Table G: Risk Likelihood Definitions Probability of Threat Occurrence (Natural or Environmental Threats) or Threat Motivation and Capability (Human Threats) Low Moderate Low Low Moderate High Moderate Low High High High Moderate

Effectiveness of Controls Low Moderate High

Table H: Risk Likelihood Ratings Risk No. 1 2 3 Risk Summary Lack of visibility into sub-tier suppliers Access to up-to-date, accurate intelligence Lack of radiation expertise Risk Likelihood Evaluation The End-User The Technical Personnel The Management Risk Likelihood Rating Low Moderate High

Impact analysis discussion and evaluation

Table I documents the ratings used to evaluate the impact of risks.

Table I: Risk Impact Rating Definitions Magnitude of Impact High Impact Definition Occurrence of the risk: (1) may result in the loss of major COV tangible assets, resources or sensitive data; or (2) may significantly harm, or impede the COVs mission, reputation or interest. Occurrence of the risk: (1) may result in the costly loss of COV tangible assets or resources Occurrence of the risk: (1) may noticeably affect the COVs mission, reputation or interest.

Moderate Low

Table J documents the results of the impact analysis, including the estimated impact for each risk identified in Table D and the impact rating assigned to the risk.
Table J: Risk Impact Analysis Risk No. 1 Risk Summary Lack of visibility into sub-tier suppliers Risk Impact There doesnt appear to be any systematic approach to enabling this multi-tier visibility The companies indicated they rely on their logistics providers for accurate assessments of the local impact it might cause broader environmental risk exposure. Risk Impact Rating Low

Access to up-to-date, accurate intelligence 2

Moderate

Lack of radiation expertise 3

High

Risk rating

Table K documents the criteria used in determining overall risk ratings.

Table K: Overall Risk Rating Matrix Risk Impact Risk Likelihood High (1.0) Moderate (0.5) Low (0.1) Low (10) Low 10 x 1.0 = 10 Low 10 x 0.5 = 5 Moderate (50) Moderate 50 x 1.0 = 50 Moderate 50 x 0.5 = 25 High (100) High 100 x 1.0 = 100 Moderate 100 x 0.5 = 50

Low Low Low 10 x 0.1 = 1 50 x 0.1 = 5 100 x 0.1 = 10 Risk Scale: Low (1 to 10); Moderate (>10 to 50); High (>50 to 100)

Table L assigns an overall risk rating, as defined in Table K, to each of the risks documented in Table D.
Table L: Overall Risk Ratings Table Risk No. 1 Risk Summary Lack of visibility into sub-tier suppliers Risk Likelihood Rating Low Risk Impact Rating Low Overall Risk Rating Low

Risk No. 2 3

Risk Summary Access to up-to-date, accurate intelligence Lack of radiation expertise

Risk Likelihood Rating Moderate High

Risk Impact Rating Moderate High

Overall Risk Rating Moderate High

Recommended controls or alternative options

Table M documents recommendations for the risks identified in Table D.

Table M: Recommendations Risk No. 1 Risk Lack of visibility into sub-tier suppliers Access to up-todate, accurate intelligence Lack of radiation expertise Risk Rating Low Recommendations The complete cost and system approach are developed for planning and managing the various logistical functions that are prevalent within the organization. The companies should indicated they rely on their logistics providers for accurate assessments of the local impact. its time to re-evaluate the layout of your supply network design to make it more resilient to future catastrophes. This may include designing products that allow more flexibility in supply and manufacturing, increasing long-term alternative sources of raw materials and logistics capability and expanding outsourced manufacturing capacity. It is also a prime opportunity to push for a more robust and funded risk management capability

Moderate

High

V. Summary At this study the management found out the three (3) Finding of observation according to the research has been taken and the no. 1 is Lack of visibility into sub-tier suppliers, no. Access to up-to-date, accurate intelligence, no. 3Lack of radiation expertise. Included in the table M. the recommendation should the company compliant this to the success of the company.