参考号:EM131404343
目的
This project provides an opportunity to apply the competencies gained in the lessons of this course to develop a risk management plan for a fictitious organization to replace its outdated plan.
Learning Objectives and Outcomes
You will gain an overall understanding of risk management, its importance, and critical processes required when developing a formal risk management plan for an organization.
The following tools and resources that will be needed to complete this project:
课程教科书
Internet access for research
Deliverables
如本课程所述,风险管理是所有组织的重要过程。在信息系统中尤其如此,这为组织任务提供了重要的支持。风险管理的核心是正式的风险管理计划。本文档中描述的项目活动使您可以履行在特定业务状况中参与风险管理过程的员工的角色。
The project is structured as follows:
项目部分可交付
项目第1部分任务1:风险管理计划
提交要求
所有项目提交都应遵循此格式:
格式:Microsoft Word或兼容
字体:Arial,10分,双空间
Citation Style: Your school's preferred style guide
Scenario
您是一家信息技术(IT)实习生,为健康网络公司(Health Network)工作,这是位于明尼苏达州明尼阿波利斯市的虚拟卫生服务组织。Health Network在整个组织中拥有超过600名员工,并产生5亿美元的年收入。
The company has two additional locations in Portland, Oregon and Arlington, Virginia, which support a mix of corporate operations. Each corporate facility is located near a co-location data center, where production systems are located and managed by third-party data center hosting vendors.
Company Products
Health Network has three main products: HNetExchange, HNetPay, and HNetConnect.
HNetExchange is the primary source of revenue for the company. The service handles secure electronic medical messages that originate from its customers, such as large hospitals, which are then routed to receiving customers such as clinics.
HNETPAY是该公司许多HNETEXCHANGE客户使用的Web门户网站,以支持安全付款和帐单的管理。HNETPAY Web门户网站托管在健康网络生产站点上,接受了各种形式的付款,并与信用卡处理组织进行了互动,就像Web Commerce购物车一样。
HNetConnect is an online directory that lists doctors, clinics, and other medical facilities to allow Health Network customers to find the right type of care at the right locations. It contains doctors' personal information, work addresses, medical certifications, and types of services that the doctors and clinics offer. Doctors are given credentials and are able to update the information in their profile. Health
Network customers, which are the hospitals and clinics, connect to all three of the company's products using HTTPS connections.
Doctors and potential patients are able to make payments and update their profiles using Internet-accessible HTTPS Web sites.
注意:任何对产品的讨论都不是这种情况的一部分,例如健康保险产品,都会自动降低积分50%。您的论文不是有关风险管理的研究论文,而是针对非常具体情况的风险管理计划,并且必须与上面的情况有关。
Information Technology Infrastructure Overview
Health Network operates in three production data centers that provide high availability across the company's products. The data centers host about 1,000 production servers, and Health Network maintains 650 corporate laptops and company-issued mobile devices for its employees.
Threats Identified
审查当前风险管理计划后,确定了以下威胁:
•由于硬件被从生产系统中删除而丢失公司数据
• Loss of company information on lost or stolen company-owned assets, such as mobile devices and laptops
•由于各种事件引起的生产中断,例如自然灾害,变更管理,不稳定的软件等,失去客户的损失
• Internet threats due to company products being accessible on the Internet
•内部威胁
• Changes in regulatory landscape that may impact operations
管理请求
Health Network的高级管理人员确定,该组织的现有风险管理计划已过时,必须制定新的风险管理计划。由于风险管理对组织的重要性,高级管理人员致力于制定新计划的项目并支持该项目。您已被指派制定这个新计划。
Additional threats other than those described previously may be discovered when re-evaluating the current threat landscape during the risk assessment phase.
由于高级管理人员希望对新计划中确定的任何物质风险做出反应,因此未定义该项目的预算。鉴于公司的年收入,可以确定合理的期望。
项目第1部分任务1:风险管理计划
For the first part of the assigned project, you must create an initial draft of the final risk management plan. To do so, you must:
您的风险管理计划将包含以下各节:
1. A section titled Introduction discussing the purpose of the plan. You must include details from the scenario, above, describing the environment.
2. A section titled Scope discussing the scope of the plan.
3.一节,标题为“合规法律和法规”。使用上面提供的方案中的信息,讨论健康网络必须遵守的法规和法律。
4.一节,标题为角色和职责,将讨论将负责组织内部风险管理的不同个人和部门(这在您的教科书中介绍)。
5. A section, titled Risk Mitigation Plan, that discusses the threats identified in the scenario and your proposed mitigations, as well as any new threats.
写一个风险管理计划的初稿as detailed in the instructions above. Your plan should be made using a standard word processor format compatible with Microsoft Word.
Evaluation Criteria and Rubrics
Did the student demonstrate an understanding of the competencies covered in the course thus far?
学生是否在大纲中包括风险管理计划的所有重要组成部分?
学生是否在识别关键组成部分和合规法律法规方面表现出良好的研究,推理和决策能力?
学生是否创建了专业,发达的草稿,具有适当的语法,拼写和标点符号?