Jonathan Hanning
IS3110
James Hollis
Abstract
You have just left a four hour meeting where you described the network expansion project to your colleagues. You explained the architecture, new enterprise level firewall, the additional requirements for network monitoring and maintenance, the need for an additional system administrator, and the risks of not complying with Federal Information Security Management Act (FISMA) regulations for securely trading with the U.S. Government.
Risk Assessment
Tasks:
Before proceeding with the expansion project, management has asked you to lead a team that will estimate the risks associated with this project. They want you to provide a high level summary of quantitative and qualitative risks associated with the following items:
The project implementation deadline occurs in 9 months. Each month after the deadline is missed, a penalty of $100,000 is assessed. Three months after the deadline, the contract will be cancelled.
Several new network storage, security, and throughput hardware appliances need to be installed and configured. (Is there room/power/personnel to support this new hardware?)
Complying with FISMA is a new venture for your organization. What Risks does this involve?
Summary
I want to make this report as easy to understand as possible so What I have done is break everything down into two categories: quantitative and qualitative risks. Now given these two categories I will define them so you can better understand why I have put the certain risks within either category. I will also explain why I have chosen these particular risks. Some detailed information will not be included due to the fact that more information will be required from other departments but I will do my best to fill in with as much information as I possibly can.
Quantitative Risks
A quantitative risk is used when relating risks to the probability of a financial loss.
So the quantitative risk that will impact the outcome of this opportunity are as followed: The biggest issue is the deadline risk. The reason I say this is because there is only 9 months allowed to have everything up and running. To meet this deadline we have to not only have all departments kept on the same page and working together, but we also need to make sure that we keep FISMA aware of what’s going on. Now once those 9 months are up if we are not up and running it will cost the company $100,000 for each month. This could be considered a risk as well because if that’s not included in with the financial department and we don’t get everything done within that 9 months that will have to come out of our spending budget which means less money to spend on equipment, hiring more staff, and the expansion of the company. If the contract isn’t finalized within a year to date the contract will be cancelled. This will become a big problem because this is a once in a lifetime opportunity that should not be taken lightly. With this opportunity comes great opportunities for everyone involved. So to lose this chance should not be an option.
Another risk is the financial department and the reason for this is because we can’t make any final decisions without knowing what our budget looks like. We want to make the company money not cost the company money. So it is very critical that the CFO maintains a participating factor in this project.
FISMA is also a serious risk because they have to be able to provide all the information from their end to help us get up to standards for them and how much it’s going to cost us. Everything within this section is so crucial because this part has to be viewed by the CFO to make sure everything is within the budget, before submitting into a final draft. Then being turned into the CEO of the company.
Qualitative Risks
The definition of a qualitative risks is an observation than can’t be measured in numbers such as a pass/fail, go/no-go technique.
When assigning risks to this category we have to consider the fact of what do we need and do we have anywhere to put it? This is where we are going to start. We know that with this big contract, we don’t currently have the space, the power, or the personnel to pull this off. So these issues become big risks that we must evaluate in order to make this work. Now since we know this, we have to figure out how much more space, power and personnel will be needed to be able to seal the deal.
You May Also Find These Documents Helpful
-
estimate the risks associated with this project. They want you to provide a high level summary of…
- 348 Words
- 2 Pages
Satisfactory Essays -
You are the systems administrator contracted by Leonard Cooper to upgrade the local area network to meet the ever-increasing needs of the building's students and faculty members. Your first task is to interview key stakeholders to determine what the key areas of concern are.…
- 1095 Words
- 5 Pages
Better Essays -
We identified several risks and have assessed them in order to determine which of those risks have the highest impact on the project. Below we have listed four of our highest impact risks and have supplied a recommendation for that risk:…
- 1116 Words
- 5 Pages
Satisfactory Essays -
After the risks have been evaluated in terms of likelihood of occurrence and consequences, and when options for risk management have been reviewed, that’s when I will rank the risks and inform the program manager of the assign priorities.…
- 339 Words
- 2 Pages
Satisfactory Essays -
7. List at least 3 risks your company will face, and explain how you will manage those risks.…
- 309 Words
- 3 Pages
Satisfactory Essays -
It is very curious that there is no firewall implemented between the commercial division and the Internet. The Defense Department must be routed through Headquarters, but the Commercial department is connected straight to the Internet. This is a significant vulnerability. The second weakness that will be examined is the security policy stating router and firewall rule sets should be evaluated every two years. Such a time span between rule-set evaluations is also a substantial liability to the continued and unimpeded success of the organization. Further elaboration of the identified security vulnerabilities is presented.…
- 1151 Words
- 5 Pages
Better Essays -
The benefits of risk response control are improves effectiveness and efficiency of the risk approach during the project implementation. Risk response control includes the following elements throughout the project:…
- 1596 Words
- 7 Pages
Powerful Essays -
Criminogenic needs can be described as changeable risk factors, that when reduced, result in reduced criminal behaviour. These needs are termed “criminogenic” because they are empirically related to criminal conduct and when reduced, lead to reductions in future reoffending. Therefore, changes in criminogenic needs have a desired effect on changes in criminal behaviour. In the Risk Assessment case study, a number of these criminogenic needs as well as the “central eight” risk factors are evident contributors to the criminal nature and history of the accused. The first and most important criminogenic need in respect to the case is the Family/Marital factor. The accused believed that his wife had been having an affair and he constantly accused her of infidelity and being seductive with other men. These feelings of insecurity led to many years of constant arguments and assault cases with his wife up until he killed her. This is evident in the fact that the first assault case filed against him was when he was aged 37 and the cases lingered up until the accused was 42. This criminogenic need also directly relates with the family and/or marital “central eight” risk factor. The second most important criminogenic need in respect to the case is the Substance Abuse factor. The substance being abused in this case is alcohol. The accused is of the opinion that his antisocial and violent behaviour is motivated by alcohol abuse. Alcohol substance abuse can also be traced in the impaired driving charges accrued by the accused, which served as one of his previous convictions. Alcohol abuse can also be held responsible for his current state of unemployment as it got him fired from previous jobs. Ultimately, it could be the reason why he does not remember the incidents leading to the murder of his wife because he could have been under the influence.…
- 420 Words
- 2 Pages
Satisfactory Essays -
The following paper discusses the risk assessment process while explaining the framework, how each phase interrelates, and why the framework is so important in assisting with the risk assessment process. The paper will also discuss some of the innovations that have occurred over the last several years.…
- 823 Words
- 4 Pages
Good Essays -
Leukemia is the malignant disorder of white blood cells in which the cells become abnormal and divide without control or order. Hematopoietic stem cells, also known as hemacytoblasts, are found in bone marrow and are the precursor to erythrocytes (red blood cells), leukocytes (white blood cells) and thrombocytes (platelets). Leukemia is caused by the mutation of the bone marrow pluripotent or most primitive hematopoietic stem cells (Caldwell, 2007). The mutations during hematopoiesis causes uncontrolled proliferation of stem cells resulting in overcrowding of bone marrow and decreased production and function of normal hematopoietic cells (Huether, 2012). The leukemic stem cells will then enter the blood stream affecting other organs such as the liver, spleen, lymphnodes, and under certain circumstances the central nervous system. The mutant clone may demonstrate unique morphologic, cytogenic, and immunophenotypic features that can be used to classify the particular type of leukemia (Caldwell, 2007). Leukemia can be fatal if left untreated because of the inhibited ability to produce and provide normal red blood cells, white blood cells, and plates to maintain homeostatic mechanisms.…
- 907 Words
- 3 Pages
Good Essays -
3.4 summarise the types of risks that may be involved in assessment in own area of responsibility.…
- 868 Words
- 4 Pages
Good Essays -
•Imagine you are a consultant called upon by a large U.S. corporation having more than 10,000 employees nationwide. You are asked to implement a VPN solution for remotely located employees to access the same corporate resources as they could from their desktops at work. Describe, in order, the types of questions you would ask their management and IT personnel in an information-gathering session before providing them a plan of work.…
- 571 Words
- 3 Pages
Good Essays -
The Assessment Task is due on the date specified by your assessor. Any variations to this…
- 4662 Words
- 26 Pages
Powerful Essays -
Mercer paints computer system has a few vulnerabilities. The first vulnerability is threat by hackers, which data can be stolen, corrupted, or destroyed by these individuals. User errors are next highest exposure that deal with operation of automated systems requires specializes to do update to programs, which in turn makes it easy to make errors within the programs. If the program is not properly protected, it can be easy for someone to make unauthorized changes to these programs. Virus attacks are next on the list. Virus attacks can slow down your computer almost to a stop, delete important files, or even corrupt operation files, so the computer does not function correctly and will make ever more errors within file or database. Data loss can be lost if the file system is not organization data correctly too. Data are store electronically where they are not instantly easily to find, and if you have power outage or system, failure occurs while work you could have loss data. The last highest treat on list is power failure that can occur, and you could probably lose all you recordkeepering system.…
- 362 Words
- 2 Pages
Satisfactory Essays -
During the risk assessment, we must ask ourselves, "What can go wrong?" "How bad?" or "how often?" and finally "is there a need for action?" These four questions will help us look at the potential hazards and risks, which may pose. For each hazard that is acknowledged, it is important for us to decide whether it is significant and whether appropriate and adequate controls or contingencies are in place to ensure that the risk is suitably controlled.…
- 2311 Words
- 10 Pages
Powerful Essays