CMGT400 University of Phoenix Security Risk Mitigation Plan Paper

/in /by

A Risk Management Analyst identifies and analyzes potential issues that could negatively impact a business in order to help the business avoid or mitigate those risks.

Take on the role of Risk Management Analyst for the organization you chose in Week 1.

Using the Security Risk Mitigation Plan Template, create a 6- to 8-page Security Risk Mitigation Plan for the organization you chose.

Research and include the following:

  • Refer to the course materials and additional resources from the Week 3 assignment, additional resources below, and the grading rubric.
  • Security Risk Mitigation Plan:
  • Select and document security policies and controls.
  • Provide authentication recommendations.
  • Document administrator roles and responsibilities.
  • Document user roles and responsibilities.
  • Determine authentication strategy.
  • Determine intrusion prevention and detection strategy.
  • Determine virus detection strategies and protection.
  • Create auditing policies and procedures.
  • Recommend an education plan for employees on security protocols and appropriate use.
  • Provide recommendations for managing identified risk
  • Avoidance
  • Transference
  • Mitigation
  • Acceptance
  • Address change Management/Version Control.
  • Outline acceptable use of organizational assets and data.
  • Present employee policies (separation of duties/training).
  • Incident response process
  • Preparation
  • Detection
  • Containment/analysis
  • Eradication
  • Restoration/Recovery
  • Lessons learned (root cause analysis and action plan)

Additional Resources

  • Intrusion prevention begins with an IPS that can automatically detect and stop intrusions. However, no control can stop all intrusions. Consequently, we need strong detection controls, including
  • Log Management
  • User Behavior Analysis
  • Network Behavior Analysis
  • The purpose of separation of duties is to ensure no one person can perform all tasks associated with a critical business process. This helps prevent fraud and mistakes. A common way to do this is the creation of roles (RBAC) and the assignment of tasks in an access matrix (spreadsheet). This allows data owners to understand who can do what and how to remove one or more tasks to ensure no role can perform all business process tasks. A separation of duties tool is attached below. The tabs along the bottom take you to the various business processes included. Adapt this to any set of business processes.
  • Employee training is typically focused on the contents of the acceptable use policy.A Risk Management Analyst identifies and analyzes potential issues that could negatively impact a business in order to help the business avoid or mitigate those risks.A Risk Management Analyst identifies and analyzes potential issues that could negatively impact a business in order to help the business avoid or mitigate those risks.Take on the role of Risk Management Analyst for the organization you chose in Week 1.Using the Security Risk Mitigation Plan Template, create a 6- to 8-page Security Risk Mitigation Plan for the organization you chose.Research and include the following:
    • Refer to the course materials and additional resources from the Week 3 assignment, additional resources below, and the grading rubric.
    • Security Risk Mitigation Plan:
    • Select and document security policies and controls.
    • Provide authentication recommendations.
    • Document administrator roles and responsibilities.
    • Document user roles and responsibilities.
    • Determine authentication strategy.
    • Determine intrusion prevention and detection strategy.
    • Determine virus detection strategies and protection.
    • Create auditing policies and procedures.
    • Recommend an education plan for employees on security protocols and appropriate use.
    • Provide recommendations for managing identified risk
    • Avoidance
    • Transference
    • Mitigation
    • Acceptance
    • Address change Management/Version Control.
    • Outline acceptable use of organizational assets and data.
    • Present employee policies (separation of duties/training).
    • Incident response process
    • Preparation
    • Detection
    • Containment/analysis
    • Eradication
    • Restoration/Recovery
    • Lessons learned (root cause analysis and action plan)

    Additional Resources

    • Intrusion prevention begins with an IPS that can automatically detect and stop intrusions. However, no control can stop all intrusions. Consequently, we need strong detection controls, including
    • Log Management
    • User Behavior Analysis
    • Network Behavior Analysis
    • The purpose of separation of duties is to ensure no one person can perform all tasks associated with a critical business process. This helps prevent fraud and mistakes. A common way to do this is the creation of roles (RBAC) and the assignment of tasks in an access matrix (spreadsheet). This allows data owners to understand who can do what and how to remove one or more tasks to ensure no role can perform all business process tasks. A separation of duties tool is attached below. The tabs along the bottom take you to the various business processes included. Adapt this to any set of business processes.
    • Employee training is typically focused on the contents of the acceptable use policy.