Hrm 531 Risk Management Plan
Risk Management This part of the management plan consists of conducting a risk audit. This is an essential part of the process of developing this management plan. Since this is a medium size organization one of the first steps would be to visualize and understand the risks. Questions like need to be asked like: What risks to the organization are relevant? What risks are visible? Are there risks that are jus not seen, are impossible to mitigate or are unable to be measured. Looking at the organizations infrastructure, the likelihood that if one of the stores gets infected, it could effect the other 268 stores makes it a must that high risks should be prioritized first. The risk management strategies should include a network design for agility
…show more content…
The use of this tool will help provide an assessment for the stakeholders on the effectiveness of the internal security and controls related to the cloud computing environment. Deficiencies within the internal controls can be identified. An assessment can be prepared for the stakeholders that will help them determine if the quality and reliability of the service they are being provided is compliant with the results of the internals control audits.
Virtualization
The management plan for conducting an IT audit on virtualization relies heavily on the knowledge that the IT auditor in reference to the VM technology and also the risks that are associated with same. In order for a virtualization IT audit be successful there has to be an adequate understanding of the entire VM infrastructure. The audit should always allow room for an assessment to be made as to whether a business needs to move from physical servers to virtual ones and if this will provide any sort of benefit. All of the audits that are used to audit physical system are relevant when auditing virtual systems. The results of the audit should be shared with management so that any discrepancy that is found in the control procedures or standards can be …show more content…
The three audit approaches use a different method to accomplish their assessment’s. The penetration testing is more of a covert operation that attempts a number of attacks to help determine if the systems can survive an actual attack. The security audits use a list of particular criteria to measure the information system's performance. The vulnerability assessment includes a complete study of the entire information system, attempting to find any potential security weaknesses. (Rouse,
The use of this tool will help provide an assessment for the stakeholders on the effectiveness of the internal security and controls related to the cloud computing environment. Deficiencies within the internal controls can be identified. An assessment can be prepared for the stakeholders that will help them determine if the quality and reliability of the service they are being provided is compliant with the results of the internals control audits.
Virtualization
The management plan for conducting an IT audit on virtualization relies heavily on the knowledge that the IT auditor in reference to the VM technology and also the risks that are associated with same. In order for a virtualization IT audit be successful there has to be an adequate understanding of the entire VM infrastructure. The audit should always allow room for an assessment to be made as to whether a business needs to move from physical servers to virtual ones and if this will provide any sort of benefit. All of the audits that are used to audit physical system are relevant when auditing virtual systems. The results of the audit should be shared with management so that any discrepancy that is found in the control procedures or standards can be …show more content…
The three audit approaches use a different method to accomplish their assessment’s. The penetration testing is more of a covert operation that attempts a number of attacks to help determine if the systems can survive an actual attack. The security audits use a list of particular criteria to measure the information system's performance. The vulnerability assessment includes a complete study of the entire information system, attempting to find any potential security weaknesses. (Rouse,