IS3110
Week 3
Risk Mitigation Plans
1. Why is it important to prioritize your IT infrastructure risks, threats, and vulnerabilities? It is important to prioritize because you must be aware of what the risks, threats, and vulnerabilities are to your infrastructure so that you know where the most attention is needed to make the 2. A quality IT Risk Mitigation Plan will include details on costs, risk prioritization, and accompanying schedule. For risk prioritization, what influence would the industry your organization operates in have on prioritizing your identified risks, threats, and vulnerabilities? Different companies have different priorities, what might be important to one organization might be minimal to other organizations. For example, a medical facility would have different prioritizations than a lawyer’s office. 3. What questions would you bring to executive management prior to finalizing your IT risk mitigation plan? 4. What is the difference between short-term and long-term risk mitigation tasks and on-going duties? Short-term are risks that can be fixed rapidly and will (more than likely) not have long term effects on the company, long term risks are risks that can end in fines if they involve compliance issues. On-going duties are the daily duties that must be done in order for the company to perform with minimal risks. 5. Which of the seven domains of a typical IT infrastructure is easy to implement risk mitigation solutions but difficult to monitor and track effectiveness? Of the seven domains, in my opinion, the remote access domain is the easiest to implement solutions for but more difficult to monitor and track effectiveness. 6. When considering the implementation of software updates, software patches, and software fixes, why must you test this upgrade or software patch before you implement this as a risk mitigation tactic? Because you must first see if the software update, software patches, and