Info security & risk mgmt



This project provides an opportunity to apply the competencies gained in the lessons of this course to develop a risk management plan for a fictitious organization to replace its outdated plan.




As discussed in this course, risk management is an important process for all organizations. This is particularly true in information systems, which provides critical support for organizational missions. The heart of risk management is a formal risk management plan. The project activities described in this document allow you to fulfill the role of an employee participating in the risk management process in a specific business situation.


You Risk Management Plan will contain the following sections:

1.  A section titled Introduction discussing the purpose of the plan. You must include details from the scenario, above, describing the environment. 10 points.

2. A section titled Scope discussing the scope of the plan. 10 points

3. A section, titled Compliance Laws and Regulations. Using the information in the scenario provided above, discuss regulations and laws with which Health Network must comply. 30 points

4. A section, titled Roles and Responsibilities, that will discuss the different individuals and departments who will be responsible for risk management within the organization (this was presented in your textbook). 20 points

5. A section, titled Risk Mitigation Plan, that discusses the threats identified in the scenario and your proposed mitigations, as well as any new threats.30 points.

Write an initial draft of the risk management plan as detailed in the instructions above. Your plan should be made using a standard word processor format compatible with Microsoft Word. 

USE APA Format