RISK MANAGEMENT PLAN FOR DATA BREACH
The purpose of this paper is to prepare the Scope and Objectives of the Risk Management Process section of the Risk Management Plan based on the facts presented in the case study. The paper will determine the project size, based on the facts presented in the case study. Furthermore, the paper will select the risk tools and techniques, and complete the Risk Tools and Techniques section of the Risk Management Plan for both the qualitative and quantitative aspects of the project. Moreover, the paper will develop the Risk Reviews and Reporting section of the Risk Management Plan based on the project size previously determined. Also, the paper will define the Probability and Impacts section of the Risk Management Plan and justify the values assigned. Finally, the paper will define the Risk Thresholds section of the Risk Management Plan and justify the values assigned.
Project Objectives and Descriptions
Data Breach Project is aiming at making sure that the mitigation methodologies and appropriate steps are executes regarding the breaching in Data that took place at Flaytons Electronics. The purpose of the project is to make sure that suitable measures are inaugurated and accurate steps are taken only for protecting the Flayton Electronics customers. Various challenges are addressed by the project; these challenges are faced inside the IT systems relating to security of data. The purpose of project is to expose the data stealing devices that were implemented, the flaws in the usual IT systems, the way the business has planned for fixing flaws in security of data, techniques of informing the clienteles, techniques of brand rebuilding and eventually winning back the loyalty of customers (Neailey& Patterson ,2002). The plan of risk management proposes for running for 5 years for ensuring that the system covers the best mechanism of protection. The organization is to give risk identification and the weaker points in the chain of data. It proposes for maintaining the clients and encouraging them of their safe purchases and protection, after implementing a secured system. Objectives and Scope of Risk management Process.
This project proposes to manage all the potential risks that possibly take place in the coming years. The disabled firewalls, illegal accounts usage, the weakness in chain of data, and the flaws in the submission of the Payment Card Industry (PCI) need to be addressed in an appropriate, effective and proactive way with a guide inside the law. The project will be enabled by this for achieving its goals outstandingly while sustaining the levels of risk at a point that is usually satisfactory. Satisfactory risk is the level of damage or loss that can be accepted in any economic-cost exploration. Such levels are typically takes place because of systems’ normal flaws (Chapman, 2001). Through the process of risk management, the involved parties will be capable of focusing their consideration in the project areas that are suffering from greatest and largest risk. Providing the accurate attention will allow them for identifying the flaws in chain of data, the firewalls’ weakness, and illegitimate accounts usage. Additionally, they will be capable of working on strategy of brand restoration, offering services of credit monitoring, improving on consumer reliability and eventually win the clients. This program is for covering every the activity that is to be assumed in the company’s lifetime. The risk management will address both external and internal along with a concern of program risk, business risk and supplier risk. The particular risks that are comprised will include the commercial risk, management risk, and the technical risk. While cutting the technical risk the business will attempt for making sure that the used technology is modern, the compliance of PCI is reliably kept and the disabled firewall is enabled (Cooper et al, 2005).
Application of the process
The process of risk is anticipated for including and covering entirely the quantitative modeling. Also, this process is anticipated for being updated each 6 months with the intention of keeping up with numerous alterations in the industry. According to the decided sizing tool, this project is rated as medium. For the Data Breach project, the following ATOM procedures will be used.
Commencement- The objectives of project are recorded and clarified, the procedures of risk process to be executed are then outlined, and then, in the Risk Management Plan, the outcomes are documented.
Classification- Documenting and exposing influences that possibly will impact risk of project either indirectly or directly.
Evaluation- Modeling the risks quantitatively for understanding the project’s grave areas that need instant attention.
Reaction Planning- Defining suitable actions and strategies for employing in managing the risks.
Reporting- Interconnecting the risk’s dynamic status on the project to every stakeholder
Execution- executing every decided response action and strategy, and analyzing their efficiency.
Reviewing- Up-to-dating the assessment of risk at regular interludes through a sequence of major and minor reviews (Hillson and Simon, 2012).
Risk Techniques and Tools
The subsequent techniques and tools will be utilized for supporting process of risk management on the project.
Instigation
Plan of Risk Management – issued in the beginning of the project and regularly reviewed by the project manager in the course of the project’s execution.
Classification- using the subsequent techniques, the risks will be recognized
1. Every stakeholder must have brainstorming on main concerns and provide approach and guidance on the way for tackling the issues.
2. Every assumption and constraint of project will be evaluated in greater specifics.
3. An evaluation of the checklist of standard risk
4. During managing the project, classification of risk by the team’s any member.
5. For recording newer risks, risk register must be used for more assessments.
Evaluation
1. Impact of assessment and probability of all identified risks using details of project
Reporting
1. Providing ad hoc reports to project team and stakeholders as necessary
2. Risks reporting to steering project/group board and project sponsor
Execution
1. Implementation of strategy through decided measures
2. Observing the efficiency of decided actions and bringing up to date project plans.
Reviews
1. Meetings of Risk review as part of minor reviews for recognizing newer risks, evaluating progresses on decided responses and presented risks
2. Meetings of Risk review as part of major reviews for identifying newer risks; reviewing of evolvement on current risks and decided responses, and assessing effectiveness of the process.
Roles and Responsibilities of Organization for Hazard Measurements On the Data Breach project, the key project shareholders for responsibilities of risk supervision are defined in singular terms of references for all jobs (Cooper et al, 2005)
Sponsoring of Project
1. Take in themselves in dynamically encouraging and supporting the execution of process of formal risks management.
2. Setting and monitoring risks inceptions and make certain that each level of risk is transformed to satisfactory risks levels.
3. Attending workshops of risk.
4. With the assistance of project manager, reviews outputs of risk from the project for making sure that the technique is consistent and effective.
5. Ensuring that satisfactory resources are accessible to the project that can assist in responding to the any impending risk.
6. Making assessments regarding strategy of project regarding the status of prevailing risk with the intention of maintaining satisfactory risk revelation.
7. Assess the risks intensified by the project manager
8. With the intention of curbing exceptional risks, release the reserve funds of management to the project in correct cases.
9. Regularly report status of risk to the management
Project Manager
1. Managing the inclusive process of risk management and make sure that every anticipated risk is managed and recognized efficiently and fast enough with the intention of maintaining a satisfactory risk level.
2. Determining the satisfactory risks levels by consistently consulting with the sponsor of project.
3. Approving the plan of risk management arranged by the risks champion.
4. Promoting the project’s risk management processes.
5. Participating in workshops of risk and reviewing meetings and identifying the risks actively and owning them.
6. Approving plan of risk responses and the related actions of risk prior to execution
7. Using the eventuality funds for dealing with the recognized risk that take place in the course of the project.
8. Overseeing management of risk by the sub-contractors and suppliers.
9. Monitoring the way the efficient and effective the project is along with the risk champions.
Risks Champion
1. Managing and overseeing the inclusive process of risk management everyday.
2. Preparing the plan of risk management
3. Facilitating risks workshops and risks reviews at which hazards are accessed and recognized
4. Creating and maintaining register of risk
5. Interviewing the risk owners for determining response of risk
6. Accountable for making sure the excellence of every data of risk
7. Analyzing procedure and data risk reports
8. Advising the manager of project on every matter associated with risk management
9. Mentoring and coaching members of team along with stakeholders on traits of management of risk.
Risk Owners
1. Developing risks responses which are given to action owners.
2. Monitoring the risk responses progress
3. Through the risk register, reporting evolvement against the risk champion
4. Implementing decided actions for supporting response strategy.
Project Team Member
1. Providing inputs for risk reports to project manager
2. Actively participating in the processes of risk; proactively identifying and managing risks in the responsibility area.
On the Data Breach project, exposure of risk will be analyzed two times in a year throughout the life of project. The members of team and the additional main players will be provided with a copy from the existing risks register. The risks will be recorded and summarized according to the requirements of individuals, after every risk review.
On the completion of the project, a section of risk will be available for the Data Breach project which clarifies the risks in detail that possibly negatively impacts the further projects.
Conclusion
Data Breach Project is aiming at making sure that the mitigation methodologies and appropriate steps are executes regarding the breaching in Data that took place at Flaytons Electronics. The plan of risk management proposes for running for 5 years for ensuring that the system covers the best mechanism of protection. This project proposes to manage all the potential risks that possibly take place in the coming years. Through the process of risk management, the involved parties will be capable of focusing their consideration in the project areas that are suffering from greatest and largest risk. The process of risk is anticipated for including and covering entirely the quantitative modeling. On the completion of the project, a section of risk will be available for the Data Breach project which clarifies the risks in detail that possibly negatively impacts the further projects.
References
Chapman, R. J. (2001). The controlling influences on effective risk identification and assessment for construction design management. International Journal of Project Management, 19(3), 147-160.
Cooper, D. F., Grey, S., Raymond, G., & Walker, P. (2005). Project risk management guidelines: managing risk in large projects and complex procurements. Hillson, D. & Simon, P. (2012). Practical manager’s spotlight on risk management: The Atom methodology (2nd ed.). Vienna, VA: Management Concepts.
Patterson, F. D., &Neailey, K. (2002). A risk register database system to aid the management of project risk. International Journal of Project Management, 20(5), 365-374.
Sanchez, H., Robert, B., &Pellerin, R. (2008). A project portfolio risk‐opportunity identification framework. Project Management Journal, 39(3), 97-109.