Security Management Program and Risk Assessment for Power AI, BIT361
VerifiedAdded on  2022/11/18
|15
|3186
|124
Report
AI Summary
This report, prepared for Power AI, a company specializing in artificial intelligence systems, addresses the critical need for a robust security management program. The report, structured in two parts, begins with an executive summary outlining the importance of a security management plan for protecting assets and mitigating potential threats. Part A delves into the benefits of such a plan, including the protection of information, increased resistance to cyberattacks, and improved company culture. It then outlines the development of a security policy and management plan, defining key functions, roles, and responsibilities within the program, from the CEO to system users. The report references a model for program development, emphasizing the importance of development, implementation, and evaluation phases. Part B provides a sample risk management plan, identifying assets, threats, and vulnerabilities specific to Power AI, along with suggested controls. The report underscores the need for a proactive and ongoing approach to security management to safeguard Power AI's intellectual property and sensitive data in the face of evolving digital threats.
Security management program 1
Security Management Program
Name
Institution
Date
Security Management Program
Name
Institution
Date
Paraphrase This Document
Need a fresh take? Get an instant paraphrase of this document with our AI Paraphraser
Security management program 2
Executive Summary
A security management plan is an essential tool for any organisation that wants to protect its
assets and prevent any potential threats. The paper outlines the importance of developing a
security management plan and outlines steps in developing a risk assessment plan. In doing so, it
identifies the threats, vulnerabilities, assets, and controls that need to be considered in the risk
management plan. Four threats and four assets are identified related to Power AI, which is an
organisation that is dealing with potential threat losing data or unauthorized access to sensitive
company information. The report is structured in two parts: A and B. Part A outlines a report for
security management and governance program while part B provides a sample risk management
plan for Power AI and suggested controls.
Executive Summary
A security management plan is an essential tool for any organisation that wants to protect its
assets and prevent any potential threats. The paper outlines the importance of developing a
security management plan and outlines steps in developing a risk assessment plan. In doing so, it
identifies the threats, vulnerabilities, assets, and controls that need to be considered in the risk
management plan. Four threats and four assets are identified related to Power AI, which is an
organisation that is dealing with potential threat losing data or unauthorized access to sensitive
company information. The report is structured in two parts: A and B. Part A outlines a report for
security management and governance program while part B provides a sample risk management
plan for Power AI and suggested controls.
Security management program 3
Table of Contents
Executive Summary.............................................................................................................2
Introduction..........................................................................................................................4
Part A...................................................................................................................................5
Benefits of Security Management Plan............................................................................5
Development of a Security Policy and Security Management Plan................................6
Functions, Roles and Responsibilities to be defined for the Security Management
Program........................................................................................................................................7
Roles of different Individuals..........................................................................................7
Relevant Model for Development of a Security Management Program..........................9
The Legal and Statutory Requirements that will be addressed......................................11
Part B: Risk Management Plan..........................................................................................12
Description of Risk Assessment Process.......................................................................12
Benefits of Risk Management Plan................................................................................12
Identification of Assets..................................................................................................13
Identification of Threats/Vulnerabilities........................................................................13
Priorities Set...................................................................................................................13
Suggested Controls........................................................................................................13
Bibliography......................................................................................................................15
Table of Contents
Executive Summary.............................................................................................................2
Introduction..........................................................................................................................4
Part A...................................................................................................................................5
Benefits of Security Management Plan............................................................................5
Development of a Security Policy and Security Management Plan................................6
Functions, Roles and Responsibilities to be defined for the Security Management
Program........................................................................................................................................7
Roles of different Individuals..........................................................................................7
Relevant Model for Development of a Security Management Program..........................9
The Legal and Statutory Requirements that will be addressed......................................11
Part B: Risk Management Plan..........................................................................................12
Description of Risk Assessment Process.......................................................................12
Benefits of Risk Management Plan................................................................................12
Identification of Assets..................................................................................................13
Identification of Threats/Vulnerabilities........................................................................13
Priorities Set...................................................................................................................13
Suggested Controls........................................................................................................13
Bibliography......................................................................................................................15
⊘ This is a preview!⊘
Do you want full access?
Subscribe today to unlock all pages.
Trusted by 1+ million students worldwide
Security management program 4
Introduction
In the current digital world, which is characterized by many people being tech-savvy,
ICT security has become a challenge to many organisations. There are several cases where
organisations have lost their data to hackers for various reasons, some being hacktivism. To
avoid such, a risk management plan must be established to safeguard critical data that may put an
organisation at risk. Stallings et al. (2012) define risk management as the process for identifying,
analysing, controlling, and communicating risks and applying strategies to minimize risk to a
level that is acceptable. The methodology for risk management provides for the making of
informed decisions regarding the utilization of scarce resources that are relevant to the risk
exposure. Stallings et al. (2012) argue that a risk management plan must include steps for
identifying key assets whose loss would negatively affect the capabilities of an organisation.
There is a need for every organisation to have specific management procedures and a framework
for the identification of risks and decisions on what policies and controls are required and
regularly evaluate the efficiency of such policies and address the weaknesses identified. Power
AI, being a technology company, is prone to external attacks. The purpose of this report is to
discuss the need for Power AI to have a security management program and provide a
recommendation on how it can develop a security management program for preventing threats
and protect its assets. The structure of the report contains two parts; A and B. Part A outlines a
report for security management and governance program, while part B outlines a sample risk
management plan for Power AI.
Introduction
In the current digital world, which is characterized by many people being tech-savvy,
ICT security has become a challenge to many organisations. There are several cases where
organisations have lost their data to hackers for various reasons, some being hacktivism. To
avoid such, a risk management plan must be established to safeguard critical data that may put an
organisation at risk. Stallings et al. (2012) define risk management as the process for identifying,
analysing, controlling, and communicating risks and applying strategies to minimize risk to a
level that is acceptable. The methodology for risk management provides for the making of
informed decisions regarding the utilization of scarce resources that are relevant to the risk
exposure. Stallings et al. (2012) argue that a risk management plan must include steps for
identifying key assets whose loss would negatively affect the capabilities of an organisation.
There is a need for every organisation to have specific management procedures and a framework
for the identification of risks and decisions on what policies and controls are required and
regularly evaluate the efficiency of such policies and address the weaknesses identified. Power
AI, being a technology company, is prone to external attacks. The purpose of this report is to
discuss the need for Power AI to have a security management program and provide a
recommendation on how it can develop a security management program for preventing threats
and protect its assets. The structure of the report contains two parts; A and B. Part A outlines a
report for security management and governance program, while part B outlines a sample risk
management plan for Power AI.
Paraphrase This Document
Need a fresh take? Get an instant paraphrase of this document with our AI Paraphraser
Security management program 5
Part A
Benefits of Security Management Plan
Information security is a critical issue that needs to be addressed by every organisation,
especially those in the Information Technology sector. The primary aim of information security
is to serve the interest of the organisation by safeguarding its important information. It is
imperative to note that some information is more critical than others; hence, the security
management plan must be able to address the importance of such information by understanding
its relevance to the company. A security management plan is often tailored based on the value of
the information and the threats to which the information is exposed to. It should be considered as
an ongoing process because threats also evolve with time just as technology also changes.
Among the benefits of a security management plan is that it helps in protecting all the
information in the company, such as digital, paper-based, company secrets, intellectual property,
and personal information. A security management plan also helps to increase the organisation's
resistance to cyber attacks. A security management plan also provides a framework that an
organisation can use to keep its information safe and manage it well from a central place. Every
organisation is exposed to technology-based risks and having a security management plan will
guarantee organisation protection from such risks and other similar threats such as ineffective
procedures. Considering security management as an ongoing process will help in reducing the
threats which continuously evolve. Seeing security management as an ongoing process also helps
in reducing costs that are associated with a breach of privacy and information security. A well-
developed security management plan enables an organisation to protect its confidentiality and
integrity of its information and data. A company that has an effective security management plan
is considered by a shareholder to be serious with its business. In essence, well-developed security
Part A
Benefits of Security Management Plan
Information security is a critical issue that needs to be addressed by every organisation,
especially those in the Information Technology sector. The primary aim of information security
is to serve the interest of the organisation by safeguarding its important information. It is
imperative to note that some information is more critical than others; hence, the security
management plan must be able to address the importance of such information by understanding
its relevance to the company. A security management plan is often tailored based on the value of
the information and the threats to which the information is exposed to. It should be considered as
an ongoing process because threats also evolve with time just as technology also changes.
Among the benefits of a security management plan is that it helps in protecting all the
information in the company, such as digital, paper-based, company secrets, intellectual property,
and personal information. A security management plan also helps to increase the organisation's
resistance to cyber attacks. A security management plan also provides a framework that an
organisation can use to keep its information safe and manage it well from a central place. Every
organisation is exposed to technology-based risks and having a security management plan will
guarantee organisation protection from such risks and other similar threats such as ineffective
procedures. Considering security management as an ongoing process will help in reducing the
threats which continuously evolve. Seeing security management as an ongoing process also helps
in reducing costs that are associated with a breach of privacy and information security. A well-
developed security management plan enables an organisation to protect its confidentiality and
integrity of its information and data. A company that has an effective security management plan
is considered by a shareholder to be serious with its business. In essence, well-developed security
Security management program 6
management covers the entire organisation and involves the workers, processes, and technology
that the company uses. This improves company culture by enabling workers to understand the
risks and threats that the business is exposed to, and this will prompt them to embrace security
controls in their daily activities. This will guarantee security across the entire organisation, which
is good for the organisation and the stockholders as well as potential investors.
Development of a Security Policy and Security Management Plan
A security policy must be developed based on the findings from the risk assessment.
There is no straight forward process for the development and implementation of effective
security policy (Flowerday & Tuyikeze 2016, p. 170). The security policy is supposed to take
into account several issues, including the complexity of new technologies, regulatory
requirements, and internal and external threats (Flowerday & Tuyikeze 2016, p. 170). There is a
plethora of research that outlines some methods for development and implementation of
information security policy, but none of the methods include a clearly defined integrate methods
that describe the steps to be undertaken in the process of developing the policy (Anand et al.
2012, p.49).
In developing a security policy and management plan, the people involved in making
decisions should identify the most sensitive information and the most crucial systems whose loss
can put the company in great danger. The next thing to consider is to incorporate all the
regulatory requirements and the relevant ethical standards regarding the particular sector. It is
essential to define clearly the goals and objectives that the institution or company intends to
accomplish or achieve. The decision makers are also expected to establish clear guidelines for
accomplishing the stated objectives and goals. Another thing to consider in developing a security
policy and management plan is to develop the appropriate mechanisms that will be required to
management covers the entire organisation and involves the workers, processes, and technology
that the company uses. This improves company culture by enabling workers to understand the
risks and threats that the business is exposed to, and this will prompt them to embrace security
controls in their daily activities. This will guarantee security across the entire organisation, which
is good for the organisation and the stockholders as well as potential investors.
Development of a Security Policy and Security Management Plan
A security policy must be developed based on the findings from the risk assessment.
There is no straight forward process for the development and implementation of effective
security policy (Flowerday & Tuyikeze 2016, p. 170). The security policy is supposed to take
into account several issues, including the complexity of new technologies, regulatory
requirements, and internal and external threats (Flowerday & Tuyikeze 2016, p. 170). There is a
plethora of research that outlines some methods for development and implementation of
information security policy, but none of the methods include a clearly defined integrate methods
that describe the steps to be undertaken in the process of developing the policy (Anand et al.
2012, p.49).
In developing a security policy and management plan, the people involved in making
decisions should identify the most sensitive information and the most crucial systems whose loss
can put the company in great danger. The next thing to consider is to incorporate all the
regulatory requirements and the relevant ethical standards regarding the particular sector. It is
essential to define clearly the goals and objectives that the institution or company intends to
accomplish or achieve. The decision makers are also expected to establish clear guidelines for
accomplishing the stated objectives and goals. Another thing to consider in developing a security
policy and management plan is to develop the appropriate mechanisms that will be required to
⊘ This is a preview!⊘
Do you want full access?
Subscribe today to unlock all pages.
Trusted by 1+ million students worldwide
Security management program 7
accomplish the stated goals and objectives (Szuba N.d.). By following these guidelines, an
organisation will be assured that all the organisational characteristics, regulatory concerns,
contractual stipulations, and environmental concerns are included in the policy. Effective
security policy and management plan should put these guidelines into considerations and
transform them into clear objectives that will guide the employees in performing their designated
roles.
Functions, Roles and Responsibilities to be defined for the Security Management Program
The functions, roles, and responsibilities that should be defined for the security
management program include planning, strategy development, monitoring, evaluation, auditing,
troubleshooting and maintenance, and usage. The security management program should involve
all the employees within the organisation, from top to bottom. It should not be regarded as a
function for the information technology personnel only. Other roles that need to be defined
include the enforcement and compliance of the policy, risk assessment, training, and solution
testing and implementation.
Roles of different Individuals
The individuals and their roles in the security management program are as follows:
The Chief Executive Officer
The CEO of a company is the highest-level official, and their main responsibility is to
protect the information security commensurate and prevent unauthorized disclosures and
modification. The CEO should ensure that the information security management process is
integrated with the strategic process and the operational plan.
accomplish the stated goals and objectives (Szuba N.d.). By following these guidelines, an
organisation will be assured that all the organisational characteristics, regulatory concerns,
contractual stipulations, and environmental concerns are included in the policy. Effective
security policy and management plan should put these guidelines into considerations and
transform them into clear objectives that will guide the employees in performing their designated
roles.
Functions, Roles and Responsibilities to be defined for the Security Management Program
The functions, roles, and responsibilities that should be defined for the security
management program include planning, strategy development, monitoring, evaluation, auditing,
troubleshooting and maintenance, and usage. The security management program should involve
all the employees within the organisation, from top to bottom. It should not be regarded as a
function for the information technology personnel only. Other roles that need to be defined
include the enforcement and compliance of the policy, risk assessment, training, and solution
testing and implementation.
Roles of different Individuals
The individuals and their roles in the security management program are as follows:
The Chief Executive Officer
The CEO of a company is the highest-level official, and their main responsibility is to
protect the information security commensurate and prevent unauthorized disclosures and
modification. The CEO should ensure that the information security management process is
integrated with the strategic process and the operational plan.
Paraphrase This Document
Need a fresh take? Get an instant paraphrase of this document with our AI Paraphraser
Security management program 8
The Chief Information Officer
The CIO is the most senior official in the information department whose roles include the
development and maintenance of policies and procedures and supervises the information security
personnel as well as ensuring that the IT security employees are well trained.
Technical Manager
The role of this individual is to troubleshoot and implement security solutions that are
appropriate for the organisation.
Security Program Manager
The security program manager manages and implements the information security
program for the entire company. In doing so, the security program manager ensures that the
program complies with the regulatory requirements and complies with the standards. The
security program manager also runs the various security programs that have been developed
within the organisation.
Senior Security Analyst
The security analyst is responsible for assessing the operational, technical, and
managerial security controls of the developed program in order to determine its effectiveness in
addressing the threats. The security analyst evaluates and identifies the strengths and weaknesses
of the program and recommends the measures that need to be taken to address the vulnerabilities
that have been identified.
Security System Administrator
The system administrator forms up and preserves the security program. Some of the roles
of the security system administrator include installation, configuration, and updating of the
software and hardware components, establishment and management of the user accounts,
The Chief Information Officer
The CIO is the most senior official in the information department whose roles include the
development and maintenance of policies and procedures and supervises the information security
personnel as well as ensuring that the IT security employees are well trained.
Technical Manager
The role of this individual is to troubleshoot and implement security solutions that are
appropriate for the organisation.
Security Program Manager
The security program manager manages and implements the information security
program for the entire company. In doing so, the security program manager ensures that the
program complies with the regulatory requirements and complies with the standards. The
security program manager also runs the various security programs that have been developed
within the organisation.
Senior Security Analyst
The security analyst is responsible for assessing the operational, technical, and
managerial security controls of the developed program in order to determine its effectiveness in
addressing the threats. The security analyst evaluates and identifies the strengths and weaknesses
of the program and recommends the measures that need to be taken to address the vulnerabilities
that have been identified.
Security System Administrator
The system administrator forms up and preserves the security program. Some of the roles
of the security system administrator include installation, configuration, and updating of the
software and hardware components, establishment and management of the user accounts,
Security management program 9
supervision of backup and recovery tasks and implementation of technical controls that are
associated with security.
The Security System Users
As earlier stated, the security management program is a responsibility for the entire
organisation. The users are those who have rights to access the information and data that an
organisation has stored as they carry out their daily duties. Their role is to strictly follow the
established policies which guide the safe use of the system and company information. The users
should also report any suspicious activity or behaviour that they may spot regarding the security
management plan of the company.
Relevant Model for Development of a Security Management Program
The appropriate model that can be used to develop the security management program is
one that was suggested by Alshaikh et al. (2016) which comprises of three phases: the
development phase, the implementation, and maintenance phase and the evaluation phase. Each
phase has specific practices with specific activities that need to be undertaken.
The Development Phase
This stage involves all the practices and activities that are associated with the
development of the security management program. The first practice in this phase is to identify
the security management program development team. The determination of this team will
involve two main activities, which include identification of stakeholders and definition of the
roles and responsibilities of the identified stakeholders. The security management program
development must involve all stakeholders that will be affected by the program. According to
Alshaikh et al. (2016), the stakeholders will be determined by the scope of the program. Each
supervision of backup and recovery tasks and implementation of technical controls that are
associated with security.
The Security System Users
As earlier stated, the security management program is a responsibility for the entire
organisation. The users are those who have rights to access the information and data that an
organisation has stored as they carry out their daily duties. Their role is to strictly follow the
established policies which guide the safe use of the system and company information. The users
should also report any suspicious activity or behaviour that they may spot regarding the security
management plan of the company.
Relevant Model for Development of a Security Management Program
The appropriate model that can be used to develop the security management program is
one that was suggested by Alshaikh et al. (2016) which comprises of three phases: the
development phase, the implementation, and maintenance phase and the evaluation phase. Each
phase has specific practices with specific activities that need to be undertaken.
The Development Phase
This stage involves all the practices and activities that are associated with the
development of the security management program. The first practice in this phase is to identify
the security management program development team. The determination of this team will
involve two main activities, which include identification of stakeholders and definition of the
roles and responsibilities of the identified stakeholders. The security management program
development must involve all stakeholders that will be affected by the program. According to
Alshaikh et al. (2016), the stakeholders will be determined by the scope of the program. Each
⊘ This is a preview!⊘
Do you want full access?
Subscribe today to unlock all pages.
Trusted by 1+ million students worldwide
Security management program 10
identified stakeholders should have clearly defined roles and responsibilities to avoid confusion
and enhance accountability when developing the program.
After identifying the security program development team, the next practice is to
determine the organisation security needs (Whitman & Mattord 2013). It is imperative to
understand the goals and objectives of the organisation as far as security management is
concerned. The organisation security needs assessment can be done by evaluating the challenges
facing the organisation. This can be achieved by carrying out two activities, which include
identification of security requirements and assessment of the current security policies and
procedures of the organisation. Once this is done, the next practice is to compile the security
document in one place which can be done by accomplishing activities such as the selection of
policy components, draft writing, and presentation for review and approval of the document.
The Implementation Phase
After developing the security program, the next step is to implement it. The
implementation stage is an ongoing process which comprises of several practices and activities.
The implementation of the security management program will be done on a daily basis. The
program will provide a framework through which an organisation will conduct its daily activities
as far as information security is concerned.
At the implementation stage, the first practice is to distribute the policy to all relevant
stakeholders within the organisation, such as managers and the users. The distribution of the
policy is, however, not a guarantee that the stakeholders will read the policies outlined in the
program. This calls for communication of the program to the stakeholders. Communication of
the security management program or policy is crucial before an organisation enforces it.
Sommestad et al. (2014) posit that effective communication of the security management program
identified stakeholders should have clearly defined roles and responsibilities to avoid confusion
and enhance accountability when developing the program.
After identifying the security program development team, the next practice is to
determine the organisation security needs (Whitman & Mattord 2013). It is imperative to
understand the goals and objectives of the organisation as far as security management is
concerned. The organisation security needs assessment can be done by evaluating the challenges
facing the organisation. This can be achieved by carrying out two activities, which include
identification of security requirements and assessment of the current security policies and
procedures of the organisation. Once this is done, the next practice is to compile the security
document in one place which can be done by accomplishing activities such as the selection of
policy components, draft writing, and presentation for review and approval of the document.
The Implementation Phase
After developing the security program, the next step is to implement it. The
implementation stage is an ongoing process which comprises of several practices and activities.
The implementation of the security management program will be done on a daily basis. The
program will provide a framework through which an organisation will conduct its daily activities
as far as information security is concerned.
At the implementation stage, the first practice is to distribute the policy to all relevant
stakeholders within the organisation, such as managers and the users. The distribution of the
policy is, however, not a guarantee that the stakeholders will read the policies outlined in the
program. This calls for communication of the program to the stakeholders. Communication of
the security management program or policy is crucial before an organisation enforces it.
Sommestad et al. (2014) posit that effective communication of the security management program
Paraphrase This Document
Need a fresh take? Get an instant paraphrase of this document with our AI Paraphraser
Security management program 11
results in better compliance by the users. After communicating the policy to the relevant
stakeholders, what follows is the enforcement of the program. This is an ongoing process which
aimed at ensuring that the developed security policy is adhered to by all stakeholders. From a
managerial point of view, enforcement should consider the unauthorized act and the offense
severity as well as the intent of the user. Strict rules must be in place for those who will be found
to violate the policies.
The Evaluation Phase
Evaluation is the final step of the security management program development model. The
program should be evaluated regularly and revised accordingly. Evaluation should be done to
identify the effectiveness and the needs for changes so that updates can be incorporated.
The Legal and Statutory Requirements that will be addressed
The laws and regulations that will be addressed include the following:
The Australian Privacy Principles: This law regulates the collection, holding and usage and
disclosure of personal information that an organisation has included in its records.
Cybercrime Act: The Act provides a clear regulation on computer and internet-based offenses,
which include computer trespass and unauthorized access, damaging of data and restriction of
access to other people's computers.
The Spam Act: This offers guidelines on how commercial emails and other electronic messages
types are regulated. It prohibits unauthorized access to emails unless consent is provided. The
Act is enforced by the Australian Communication and Media Authority.
results in better compliance by the users. After communicating the policy to the relevant
stakeholders, what follows is the enforcement of the program. This is an ongoing process which
aimed at ensuring that the developed security policy is adhered to by all stakeholders. From a
managerial point of view, enforcement should consider the unauthorized act and the offense
severity as well as the intent of the user. Strict rules must be in place for those who will be found
to violate the policies.
The Evaluation Phase
Evaluation is the final step of the security management program development model. The
program should be evaluated regularly and revised accordingly. Evaluation should be done to
identify the effectiveness and the needs for changes so that updates can be incorporated.
The Legal and Statutory Requirements that will be addressed
The laws and regulations that will be addressed include the following:
The Australian Privacy Principles: This law regulates the collection, holding and usage and
disclosure of personal information that an organisation has included in its records.
Cybercrime Act: The Act provides a clear regulation on computer and internet-based offenses,
which include computer trespass and unauthorized access, damaging of data and restriction of
access to other people's computers.
The Spam Act: This offers guidelines on how commercial emails and other electronic messages
types are regulated. It prohibits unauthorized access to emails unless consent is provided. The
Act is enforced by the Australian Communication and Media Authority.
Security management program 12
Part B: Risk Management Plan
Description of the Risk Assessment Process
The steps to be undertaken in the risk assessment process include the following:
1. Identification of sensitive information and crucial systems
2. Estimation of the system components value
3. Identification of the threats
4. Identification of vulnerabilities
5. Estimation of the probability of potential penetration to turn into an actual penetration
6. Identification of countermeasures for preventing the identified threats and vulnerabilities
7. Estimation of costs associated with the implementation of the countermeasures
8. Selection of the most appropriate countermeasures to be implemented
Benefits of Risk Management Plan
The benefits of having a risk management plan are infinite. With a well-
established risk management plan, the identification of risks become an integral part of the
company processes, which help in uncovering any potential risk and minimize the
unknowns (Kendrick 2015). A risk management plan helps in ensuring that potential risks
are well managed in order to minimize the adverse impact of such risks to the business and
increase the likelihood of achieving company objectives.
A risk management plan also reduces business liability. Every business is liable to
its stockholders and has a well-established risk management plan reduces the litigation risk
upfront, which will, in turn, make the business entity more attractive to potential investors.
Any business has to comply with certain regulations regarding privacy. A security
management plan serves as a preventive measure which provides insight into the
Part B: Risk Management Plan
Description of the Risk Assessment Process
The steps to be undertaken in the risk assessment process include the following:
1. Identification of sensitive information and crucial systems
2. Estimation of the system components value
3. Identification of the threats
4. Identification of vulnerabilities
5. Estimation of the probability of potential penetration to turn into an actual penetration
6. Identification of countermeasures for preventing the identified threats and vulnerabilities
7. Estimation of costs associated with the implementation of the countermeasures
8. Selection of the most appropriate countermeasures to be implemented
Benefits of Risk Management Plan
The benefits of having a risk management plan are infinite. With a well-
established risk management plan, the identification of risks become an integral part of the
company processes, which help in uncovering any potential risk and minimize the
unknowns (Kendrick 2015). A risk management plan helps in ensuring that potential risks
are well managed in order to minimize the adverse impact of such risks to the business and
increase the likelihood of achieving company objectives.
A risk management plan also reduces business liability. Every business is liable to
its stockholders and has a well-established risk management plan reduces the litigation risk
upfront, which will, in turn, make the business entity more attractive to potential investors.
Any business has to comply with certain regulations regarding privacy. A security
management plan serves as a preventive measure which provides insight into the
⊘ This is a preview!⊘
Do you want full access?
Subscribe today to unlock all pages.
Trusted by 1+ million students worldwide
1 out of 15
Related Documents
Your All-in-One AI-Powered Toolkit for Academic Success.
 +13062052269
info@desklib.com
Available 24*7 on WhatsApp / Email
![[object Object]](/_next/static/media/star-bottom.7253800d.svg)
Unlock your academic potential
Copyright © 2020–2025 A2Z Services. All Rights Reserved. Developed and managed by ZUCOL.