T_McKinstry_Risk Mitigation Plan part 3
docx
keyboard_arrow_up
School
Charter Oak State College *
*We aren’t endorsed by this school
Course
CSS 230
Subject
Information Systems
Date
Feb 20, 2024
Type
docx
Pages
6
Uploaded by ChefDanger11876
Risk Mitigation Plan Thomas McKinstry
Charter Oak State College
CSS 230: Fundamentals of Information Security Systems
Professor Travon Reid
October 1, 2023
Risk Mitigation
The table below is a risk register table that shows the current threats or risks that can fall on the organization. Description
of Risk Likelihood
Impact
Severity Owner Mitigating
Action
Power Failures
Certain
>90% chance
High
(IT Department mainframe goes down)
High
Facilities
Reroute power
Data Loss
Likely
50%- 90%
Medium
(Sensitive data is inaccessible)
Medium
IT Manager
Cloud Storage or backup drives
Cybercrime
Moderate
10% - 50%
High
(Sensitive information is stolen) High
Cybersecurit
y Risk & Compliance Manager
Temporarily
shut down facility sites
Power Failures
The risk associated with power failures is very prevalent within the organization’s IT department, as the given description involving the facility, first noted this risk. The power failures that have occurred in the IT department lasts for a varying amount of hours and slows operations down considerably, as well as leaving the facility’s sensitive
information, vulnerable to attack. This risk is not at the IT department’s fault, but rather the city’s electrical grid has a faulty power line that is prone to cutting out. The IT department mainframe is something of great importance for both security reasons, as well as overall facility operations, and must be addressed. Mitigating Action
When it comes down to the risk of power failure. The mitigating action is to reroute power to an emergency generator, in the event of a power outage. The amount of time it will take for the main power to come back online can be compensated with the use of the emergency generator. Another way to mitigate this is to keep physical documents of any important information in the event of a power failure to use as a substitute in order to keep operations running. The person responsible for this mitigating
action would fall with the Facilities department manager.
Data Loss The risk that comes with power failures, also bring another risk of data loss. The data kept on the Information Technology Department Mainframe can be lost with an abrupt power failure as all running operations on the computers and networks suddenly cease and remain offline for hours. Data loss can include a number of items within the
Your preview ends here
Eager to read complete document? Join bartleby learn and gain access to the full version
- Access to all documents
- Unlimited textbook solutions
- 24/7 expert homework help
directories of operations and is unknown specifically what can be lost, but anything can be lost if it occurs.
Mitigating Action
The mitigating action when it comes with data loss is using a third party to store important information, such as a cloud service or cloud drive. These can include a number of programs such as google drive, SharePoint, Microsoft Teams, etc. Using a third party to store the important information can be a great asset as the information stored will not be lost during the event of a power failure. Another mitigating action is using backup drives or external drives that can be used to store information. During the event of a power failure, the external backup drives run independently from the main operations of the mainframe and are not subject to the effects of a power failure. The person responsible for this mitigating action would fall with the IT Manager. Cyber Crime
In the event of a power failure in the IT department mainframe, the facility is at risk of being cyber attacked by an unknown entity. Without the mainframe online for hours on end, the information stored on the facilities website and internal browsers/sites
are at risk to potential hackers and other cyber criminals. The information being attacked can relate to sensitive information of either the facility or the individuals within the facility, such as employees. Mitigating Action
The mitigating action for this would be to temporarily shut down the facilities sites
and internal directories. While this action may seem extreme, it is necessary as the IT
department mainframe is responsible for keeping the firewalls, internet access points, and information points available to the employees. If it is lost due to power failure, the information regarding anything of the facility is at risk. This mitigating tactic can be supported through the use of physical documents mentioned above to keep operations flowing until either the main power is restored via the city’s electrical grid, or if power is restored through the emergency generator. This action may only last few minutes with the backup generator at the ready which makes this mitigation able and necessary. The person responsible for this mitigating action would fall with the Cybersecurity Risk & Compliance Manager.
References Common Risk Management Strategies: Risk Avoidance vs. Risk Mitigation
. Risk Optics.
(2022, June 22). https://reciprocity.com/blog/risk-avoidance-vs-risk-mitigation/#:~:text=Risk
%20avoidance%20aims%20to%20completely,mitigation%20follows%20from
%20risk%20acceptance
. Staff, A. T. (2023, May 16). Risk response strategies: Mitigation, transfer, avoidance, acceptance - twproject: Project Management Software,Resource Management, time tracking, planning, Gantt, Kanban
. Twproject. https://twproject.com/blog/risk-
response-strategies-mitigation-transfer-avoidance-acceptance/
What is cyber risk mitigation?
Balbix. (2022, November 28). https://www.balbix.com/insights/what-is-cyber-risk-mitigation/
What is risk mitigation?
ERM Software. (2023, April 18). https://www.logicmanager.com/resources/erm/risk-mitigation-guide/#:~:text=Risk
%20mitigation%20is%20defined%20as,your%20business%20is%20fully%20protected
.
Your preview ends here
Eager to read complete document? Join bartleby learn and gain access to the full version
- Access to all documents
- Unlimited textbook solutions
- 24/7 expert homework help