Developing a Security Risk Management Plan: A Comprehensive Overview

Verified

Added on 2019/10/09

AI Summary

This report provides an overview of security risk management, distinguishing between acceptable and unacceptable risks. It details action plans for risk management, including securing systems with technological solutions, data backups, and expert audits. The report identifies internal and external risk types, emphasizing the importance of background information for risk identification and planning. Treatment options are discussed, highlighting the role of organizations like ENISA in approving treatment plans. The document covers identifying management requirements in security risk management, including functional and non-functional aspects, and underscores the importance of presenting the risk management plan to clients. It also provides examples of resources, equipment, and materials for plan implementation, focusing on confidentiality requirements and feedback mechanisms for continuous improvement. This resource is available on Desklib, where students can find similar solved assignments and past papers.

1. What is security risk? Can you distinguish acceptable and unacceptable risk?
Security risk can be predictable or un predictable so there are experts in the company to
judge the risk and take actions against the risk.
Some risk can causes failure to the product that will be considers as un acceptable risk
Some risk will be there which may not affect the system in to any failure these Risks are
Acceptable Risk .
2. What is the action plan in terms or risk management?
Secure the product or the system with the latest technological possible solutions.
Backup the file of the products so that the company will not be affected.
Hire experts to regular check and Auditing of the product for any risk.
3. How many types of risk in association with security context? How do you identify and
incorporate into planning processes?
There are two types of Risk with context which will cover internal and External Risk plans
To Identify and incorporate risk first we should know the background information that deald
with the risk. Background information is so much important and it can give a path to identify
the risk and form a plan for predicting the Risk.
4. What is treatment option? Who will research, clarify and approve it?
The Treatment option is to find out the steps to perform and modify the risk so that it can be
easily understand by all and people will find a way to reduce the the risk.
There are organization like enisa who has the Authority to check and prove the treatment
plan.
5. In development of security risk management plan, how do you identify management
requirements?
There are several ways to identify the risk requirements
The requirements to be considers are functional requirements and non functional
requirements but to find the ways requirements are to be first analyze the situation of the risk,
check the record for the same risk and then select the requirement of the risk.
6. Why do you have to present the risk management plan to your client?
We should produce a risk management plan because if some thing in the operation floor
goes wrong these should be option where people can rectify the mistake or take measure
for the disaster plan.

Paraphrase This Document

Need a fresh take? Get an instant paraphrase of this document with our AI Paraphraser

7. Give examples of resources, equipment and materials to assist plan implementation.
resources,
Trained Men in the production line
Infrastructure
Equipment
Radios, smartphones, wired telephone and pager.
Materials
Food water shelther are the basic requirements
Emergency response
8. How do you confirm and maintain confidentiality requirements in accordance with client and
organizational requirements?
There are several information that are to be shared with the company staff and there are
information in the company to be shared to the main officers alone. Information are
directly sent from one manager to another manager to share the condential information
inside the company.
9. What is treatment option in terms of risk management?
There are several ways to fix the problem treatment option gives the client the efficient
option so that the effect of the risk will be maximum treated .
10. Why do you provide feedback to relevant personnel?
Feedback is more important because what we are doing are to be checked by the user or the
client feedback is the source or the clue to get the input from the user to get the maximum
user experience .