For this assignment, you have been assigned as the project manager for a project involving the installation of a new Internet security suite for your company.
Complete the following tasks for your project:
Provide a brief overview of your project.
Describe positive and negative risks within your project.
Discuss how each of the identified risks can affect the success or failure of the project and rank each risk in terms of impact to the project.
Propose risk mitigation and management approaches for each identified risk.
Describe the role policy plays in the planning and performing of risk management processes.
This assignment should contain a minimum of three pages. Refer to the unit lesson and to Chapter 10 of the course textbook for identification of risks and strategies for risk mitigation.
Please be sure that your written response utilizes proper APA formatting and that all sources used, including the textbook, must be referenced; paraphrased and quoted material must have accompanying citations.
Course Learning Outcomes for Unit VII
Upon completion of this unit, students should be able to:
6.Assemble an organizational policy for planning and performing the risk management processes.
6.1Identify positive and negative risks within a specific project, ranked in terms of impact to the project, and how they can affect the success or failure of a project.
6.2Describe risk mitigation and management approaches for each identified risk in a specific project.
6.3Describe the role policy plays in the planning and performing of risk management processes.
Course/Unit Learning Outcomes Learning Activity
6 Chapter 10 Unit VII Lesson Unit VII Project
6.1 Chapter 10 Unit VII Lesson Unit VII Project
6.2 Chapter 10 Unit VII Lesson
Unit VII Project
6.3 Chapter 10 Unit VII Lesson Unit VII Project
Chapter 10: Controls and Strategies
In a previous unit, we viewed the types of risks that are present in an organization. Types of risks include operational, environmental, and physical risks. In this unit, we will cover the different strategies that can be used to avoid, reduce, and mitigate risks. We will also outline strategies to control different types of risks. Within the context of risk mitigation strategies, we will outline the importance of a policy framework to facilitate the risk management process.
In most modern organizations, the executive management team performs business continuity planning (BPC) to ensure the avoidance of disasters or proper recovery if disasters should occur. Organizations perform disaster recovery planning (DRP) within a BCP by analyzing potential risks and the exposure to risks and by creating plans and procedures to manage or mitigate damage as a result of disaster scenarios. The idea behind a DRP is to prepare for potential disaster as a result of risk exposure and to make sure that organizations can improve recovery efforts should a disaster occur.
Within the creation of a DRP, policy aids in avoiding or preparing for an unwanted event. Policy emerges as a result of BCP and DRP activities. Whitman et al. (2014) articulates that policy is a framework of rules and regulations defining expected behavior in a society, culture, or organization. Further, Whitman et al. note that policy provides a structure and guidelines to one?s behavior. An example of a policy could be that employees
need to change their computer password every 90 days. In this example, employees proactively minimize the exposure to potential security risks thus contributing to the organizational risk mitigation efforts.
Adherence to organizational policies, specifically security policies, is critical to risk prevention and mitigation. Security policies are part of a business continuity plan (or BCP) and outline rules and regulations for the protection of company procedures, processes, and assets. Whitman et al. (2014) assert that efficient policies exhibit unique characteristics; policies must be realistic, inclusive, relevant, enforceable, attainable, and adaptable. Within the context of organizational risk management, these characteristics are paramount to risk avoidance, transfer, and acceptance.
While it is impossible to prevent every disaster, with the development of efficient policies with risk mitigation planning, risks are minimized and in many cases avoided because employees understand and follow organizational policies. Policy enactment and implementation are part of strategic planning, and it is critical to risk management assessment and mitigation. A policy framework facilitates the enforcement of risk mitigation efforts.
Organizational strategic thinking should integrate risk management planning whereby the organization is able to avoid risks, transfer risks, or accept and prepare for potential risks. A policy framework, as part of an organization?s strategy, creates a structure for the creation, application, and enforcement of policies. Whitman et al. (2014) found that an efficient policy framework simplifies the implementation and enforcement of policies aiding in risk mitigation initiatives. As an example, in a previous unit, we covered potential cybersecurity risks outlining employee exposure to malware exploits that could compromise a company?s network. A user security policy could be enacted requiring all employees to delete and report any unsolicited emails with suspicious links or files. For the most part, policy is enacted to protect the organization, its processes, and employees.
Organizational governance includes policies, controls, and standards that contribute to the risk management process. Corporate governance is important as it provides a framework or structure within which risk mitigation efforts supported by policy function. Research by Drew et al. (2006) research showed that for a holistic risk management approach, companies must include all facets of the organization, including culture, leadership, systems, structure, and alignment. The graphic below depicts the five elements of corporate governance needed to for a holistic approach to strategic risk management.
As we have seen thus far, every organization is exposed to risks. Organizations are subject to all kinds of risks including environmental, systems, and operational risks. Policies play a key role in supporting