Corporate Risk Management Plan (Essay Sample)

Corporate risk management plan for NCU-FSB
Student Name
School of XXXX, Northcentral University
Course code: Name of Course
Instructor Name
March 19, 2021
Table of Contents TOC \o "1-3" \h \z \u Introduction – State of the Organization PAGEREF _Toc90757272 \h 3Corporate management of systems and applications PAGEREF _Toc90757273 \h 3Organizational chart PAGEREF _Toc90757274 \h 3Network diagram PAGEREF _Toc90757275 \h 4Objectives of the Risk Management Plan PAGEREF _Toc90757276 \h 4Business Impact Analysis (BIA) for NCU-FSB PAGEREF _Toc90757277 \h 6Plan of Action and Milestones (POAM) – Action Plan for Incident PAGEREF _Toc90757278 \h 8Risk Reduction Strategies for Mobile Device Management (MDM) PAGEREF _Toc90757279 \h 8Man-In-The-Middle (MITM) attacks and Denial of service (DoS) attacks PAGEREF _Toc90757280 \h 11Tool recommendations PAGEREF _Toc90757281 \h 11Response and Risk Management PAGEREF _Toc90757282 \h 11Strategies to assess and mitigate risk and maintain privacy when cloud computing is used in a production environment PAGEREF _Toc90757283 \h 11Disaster Recovery Sites – Remote Locations PAGEREF _Toc90757284 \h 13Inventory - Hardware and network architecture, databases, and applications—classified in criticality levels PAGEREF _Toc90757285 \h 13A backup strategy that documents protection and electronic files replication PAGEREF _Toc90757286 \h 14The backup strategy for the organization should include the following: PAGEREF _Toc90757287 \h 15Key considerations for developing appropriate intelligent backup management includes: PAGEREF _Toc90757288 \h 16Transfer Strategy - Steps to follow to transfer operations to a remote location. PAGEREF _Toc90757289 \h 17Testing Plan for implementing drills, including frequency and results reporting PAGEREF _Toc90757290 \h 18Drills testing plan, frequency and reporting PAGEREF _Toc90757291 \h 18Plan Distribution PAGEREF _Toc90757292 \h 19User Awareness and Training of Emergency Committee Personnel PAGEREF _Toc90757293 \h 19
Introduction – State of the Organization
Corporate management of systems and applications
NCU-FSB is a financial institution and saving organization with approximately 250,000 clients and an estimated 1.2 Million transactions per week. The organizational IT infrastructure is made up of 10 servers at three different locations (five servers for local production and five for replication & redundancy). This financial institution is exposed to adverse risks when information is migrated to cloud servers, making it mandatory for the organization to develop an absolute risk management plan containing the descriptive approach of how to solve incoming cyber threats and appropriate mechanism to remediate against the given risk factors. The emerging cyber threats expose the functioning of the organizational financial systems to risk making it essential to develop an appropriate risk management incidence that guides on proper mechanisms to address incoming risks.
223520093980BOARD OF DIRECTORSBOARD OF DIRECTORSOrganizational chart
29400503238500
2139950127635CEO0CEO
2940050203835
5067300520702940050774709779001155709842507747000
4438650145415CHIEF OPERATIONAL OFFICER0CHIEF OPERATIONAL OFFICER368300150495CHIEF FINANCIAL OFFICER0CHIEF FINANCIAL OFFICER213995096520CHIEF TECHNICAL OFFICER0CHIEF TECHNICAL OFFICER
297180035560
5213350190509398006350
4210050167005OPERATIONS OFFICER, HUMAN RESOURCE PERSONELL, SECRETARY, ADMINISTRATION OFFICER 0OPERATIONS OFFICER, HUMAN RESOURCE PERSONELL, SECRETARY, ADMINISTRATION OFFICER 20510508255NETWORK ADMINISTRATOR, DATABASE ADMINISTRATOR, WEBSITE DEVELOPER, ANDROID APP DEVELOPER0NETWORK ADMINISTRATOR, DATABASE ADMINISTRATOR, WEBSITE DEVELOPER, ANDROID APP DEVELOPER
-50800104775FINANCE OFFICER, ACCOUNT PAYABLE, IMPREST OFFICER, REVENUE OFFICER0FINANCE OFFICER, ACCOUNT PAYABLE, IMPREST OFFICER, REVENUE OFFICER
Network diagram
The conceptual network design of the organization includes the following architectural design of how the network is structured:
Objectives of the Risk Management Plan
The risk management plan is a document used in identifying risks and developing strategies that help remediate the risks at an early stage. A risk management plan has a continuous and forward-looking strategy where appropriate risk management controls for a business are developed that helps the business to boost its productivity and avoid business disruption in case of massive cyber security breaches. The risk management process requires advanced and integral leadership and management plans that are proactive rather than reactive to help the business develop appropriate risk controls aimed at guaranteeing business continuity. The risk management process entails identifying the risks at an early stage and working towards eliminating and reducing the negative effects of the risks.
Risk management aims to identify potential cyber risks and have a distinct plan on how to address the problem concisely (analyzing the risks into appropriate categories such as internal and external risks and their impacts on the organizational blueprint) (Ramamoorthy & Poorvadevi, 2018). The risk management process includes the following methods:
* Defining a risk management strategy
* Risk identification and analysis (This is the process of identifying the risks, their scope and how the business can remediate against the risks).
* The management of risks within the business through the implementation of a risk management strategy.
* Developing a contingency plan
Objectives of the Risk Management Plan
The objectives of the risk management plan are to increase the deterministic probability and impact of positive events within the organization and further decrease the likelihood and the impact of the negative events from affecting the operations of the business (Tawalbeh, 2020).
The objectives of the risk management plan for the organization include:
* Identifying and evaluating the risks
This entails identifying the risks at an early stage and developing all necessary steps to avoid the harmful effects of the risks. The risk management plan correctly evaluates the associated business risks and develops countermeasures for mitigating the impact of these risks (Simou et al., 2016, p. 6285).
* Reducing and eliminating harmful threats
Business risks tend to have adverse effects on the productivity and profitability of the business. An appropriate risk management technique helps in the avoidance and reduction of the effects of risks to the organization. The risk management plan formulates strategic plans for the organization and thus develops a monitoring framework where each of the risks is monitored on a regular basis to identify incoming faults and thus reduce the effects of these harmful threats to the organization operations.
* Reassuring the stakeholders of business continuity after business threats
Stakeholders are a key part of every business organization. Any business needs to develop strategies that help improve the confidence of the stakeholders and assure them of the non-occurrence of unfortunate incidence. The stakeholders feel entirely safe when appropriate and advanced risk management techniques are applied. Developing the right risk management plan leads to better trust among a business and its stakeholders (Kozlov & Noga, 2018).
* Supports the continuity of the organization
Developing an appropriate risk management plan plays an efficient role in long term business growth. It guarantees the survival of the business after the aftermath of risk and unfortunate events within the business cycle. Not having a risk management plan is the adverse outcome that affects the organization capital inflows, revenue generated, and profit margins that can lead to termination of the business.
Business Impact Analysis (BIA) for NCU-FSB
The business impact analysis is the determination of the critical business activities coupled with developing appropriate controls that guarantees operational resilience and continuity of operations after the business disruption. The scope of the business impact analysis contains the following contents:
* The impact of the disruption with regard to the service delivery
* The business recovery time objectives (RTOs) and recovery point objectives (RPOs) (these recovery objectives are critical components used for developing business strategies, solutions and plans that helps remediate risks and reduce the risk impacts to the operations of the organization).
The importance of the Business Impact Analysis (BIA) helps to identify the critical business functions and thus predicts the consequences of disruption to the business. The completeness of the Business Impact Analysis measures and assesses the risks of the potential disruption to the organization.
The organization has multiple departments, and each department within the organization must explain and discusses the effective strategies of how to remedy emerging business disruption. The Business Impact Analysis helps the business to prioritize specific business functions through the recovery objectives (Recovery Point Objectives RPO and Recovery Time Objectives)
Recovery Point Objective (RPO): describes the time interval during the disruption process.
Plan of Action and Milestones (POAM) – Action Plan for Incident
The organization plan of action identifies the prerequisite tasks that are undertaken to ac...