INF30020 Information Systems Risk and Security : Business Continuity P

Your team is to continue in its role as an external consultancy that has been hired by AE Kalina Cycle Senior management to assist the company in risk management. After completing the initial draft of your risk management plan, this second part of the assigned project requires you to create a risk mitigation (RM) plan. Senior management at AEKC allocated funds to support a risk mitigation plan, and have requested that the risk manager and team create a plan in response to the deliverables
produced within the earlier phases of the project. The risk mitigation plan should address the threats identified as described in the scenario for this project, as well as any new threats that may have been discovered during the risk assessment. You have been assigned to develop this new plan.

Your risk assessment has identified information assets at AEKC and prioritized the threats and vulnerabilities most likely to jeopardize the information resources that underpin AEKC’s business. Your task now is to plan for that eventuality of risks being realized by preparing a risk mitigation plan. To complete your risk management report, you have been asked to including the business impact analysis (BIA), the business continuity plan (BCP) and a disaster recovery plan (DRP) report with a planned response to those events that are most likely (in your assessment) to disrupt AEKC.

Project: Risk Management Plan – Part 2
For the first part of the assigned project, you created a part of the initial draft of the risk management plan. Therefore, to complete the initial draft, you must:
1. Complete the outline for the completed risk management plan.
2. Update your proposed schedule for the risk management planning process.
3. Identify the key roles and responsibilities of individuals and departments within the organization as they pertain to risk management.
4. Develop a proposed schedule for the risk management planning process.

For the risk mitigation component:
This part of the project is a continuation of Project Part 1 in which you prepared an RA plan for AEKC. Senior management at the company has decided to allocate funds for a business impact analysis (BIA), business continuity management and disaster recovery planning. Because of the importance of risk management to the organization, senior management is committed to and supportive of performing a proper analysis in these areas.
5. Prioritize the most significant risks for AEKC and provides details in a risk assessment table. Then choose the top 5 critical risks.
6. Propose a risk treatment (mitigation and internal control) strategy for the top FIVE (5) critical risks you have identified at AEKC
7. Include the BIA, BCP and DRP plans with the final risk management report

Answer:

1. Outline of the Risk management plan

The risk management plan for AE Kalina Cycle is outlined below:

Risk	Description	Likelihood	Consequence	Priority	Mitigation plan
Presence of improper corporate culture	In spite of the healthy business prospects for AEKC, it is identified that corporate culture of the company is not appropriate and not what is imagined by the founders of the company. The problem behind the corporate culture of the company is improper management and as well as absence of proper rules and regulations. In addition to this the company faces lot of operational issues that spoiled the corporate culture of the company (Larson and Gray 2013).	Low	High	8	It is identified that in order to have proper corporate culture within the company, it is quite important for the company to follow some proper strategies that would be helpful I resolving the issues that the south coast company faces. Additionally the company also needs to take proper steps in mitigating the operational issues.
Operational issues	The company faces lot of operational issues and this is mainly due to the overburdened aging of the enterprise system of the company. Additionally, the operational issues creates lot of other problem in the company therefore it is quite important for the company to take proper step in order to resolve the issue.	Medium	Medium	5	In order to resolve the issues that the company faces due to overburdened aging of the enterprise system it is quite important for the company to update its system regularly. In addition to this, the pressure of the work must be managed properly so that the system does not get overburdened (Schwalbe 2015).
Rise in number of viruses	It is identified that there are substantial rise in the number of viruses in the different email attachments that are generally scanned by the IT department of the company and it was also identified by the IT department that the finance department of the company faces phishing attack (Snyder 2014)	High	High	1	In order to resolve or mitigate the issues related with Phishing as well as email viruses, it is quite important to utilize proper security measures. The company must guard against spam, communicate personal information by using phone, avoiding emailing process about financial or personal information. Moreover the company must utilize firewall, spam filters as well as anti-viruses in order to avoid this type of risks (Fleming and Koppelman 2016).
Concern about concerns that the Shoalhaven River	It is identified that the weather is affecting the operations of the company. It is identified that Shoalhaven river can reach at levels higher than the level that is recorded as 100 year flood	Medium	High	6	In order to avoid this situation, the company needs to take some preventive measures so that proper steps about the problem can be taken. The steps will not mitigate the issue but will be helpful in avoiding the problem at major extent (Turner 2016).
Improper strategy for employee retention.	It is identified that due to high work pressure, the employees who were working for the company are leaving and as a result the company faces lot of issues in managing its works as well as corporate culture (Heldman 2015).	High	High	7	In order to mitigate these issues, the employee needs to take proper steps in managing the work. In addition to this, the work pressure of the company must be divided equally among the employees of the organization.
Corporate espionage	Number of problems related with corporate espionage or company fraud is occurring and the main reason of occurrence of this type of problem is that scam that is designed for accessing the corporate account details of the company.	High	High	3	In order to resolve the issues related with corporate espionage as well as company fraud it is quite important to take some action for securing the data and information of the company. Proper security assurance needs to be provided by the company so that the data as well as information cannot get hacked (Verzuh 2015).
Improper facility of data backup	The facility of data backup that is provided by the management of the organization is not appropriate and as a result the chances of data leakage as well as misuse will be higher (Hwang and Ng 2013).			4	It is quite important to test the data backup facility that is provided so that the chances of nay type of risk related with data leakage can be avoided from the very first step.
Improper security system in cloud	If the human resource data that is present in the cloud are not properly authenticated the number of risks as well as challenges associated with the personal information of the employees will occur.			2	It is quite important to authenticate the HR cloud so that only authorized member can access the data. This will be helpful in securing important information as well as data (Portny 2017).

2. Updating proposed schedule for the risk management planning process

The updated schedule that is proposed for the risk management plan of AE Kalina Cycle is provided below.

WBS	Task Name	Duration	Start	Finish	Predecessors
0	Schedule for risk management plan	31 days	Wed 11/29/17	Wed 1/10/18
1	Initiation phase	12 days	Wed 11/29/17	Thu 12/14/17
1.1	Development of business case	4 days	Wed 11/29/17	Mon 12/4/17
1.2	Undertaking feasibility study	5 days	Tue 12/5/17	Mon 12/11/17	2
1.3	Analyzing project charter	4 days	Tue 12/5/17	Fri 12/8/17	2
1.4	Appointing team members	3 days	Tue 12/12/17	Thu 12/14/17	3
2	Planning phase of the project	10 days	Mon 12/11/17	Fri 12/22/17
2.1	Creation of plan	5 days	Tue 12/12/17	Mon 12/18/17	3
2.2	Creation of plan for required resources	4 days	Mon 12/11/17	Thu 12/14/17	4
2.3	Creation of financial plan	6 days	Fri 12/15/17	Fri 12/22/17	5
2.4	Creation of communication plan	4 days	Tue 12/19/17	Fri 12/22/17	7
2.5	Creation of procurement plan	3 days	Tue 12/19/17	Thu 12/21/17	7
3	Execution phase	19 days	Fri 12/15/17	Wed 1/10/18
3.1	Identification of project risks	5 days	Fri 12/15/17	Thu 12/21/17	8
3.2	Analyzing the risks of the project	7 days	Mon 12/25/17	Tue 1/2/18	9
3.3	Evaluating the rank of the risk	6 days	Mon 12/25/17	Mon 1/1/18	10
3.4	Monitoring and reviewing the project risks	5 days	Mon 12/25/17	Fri 12/29/17	10
3.5	Utilization of risk mitigation strategies	4 days	Fri 12/22/17	Wed 12/27/17	11
3.6	Utilization of proper options	5 days	Fri 12/22/17	Thu 12/28/17	13
3.7	Determining the risk mitigation plan	5 days	Wed 1/3/18	Tue 1/9/18	14
3.8	Use of proper risk mitigation content	6 days	Wed 1/3/18	Wed 1/10/18	14
4	Closure phase of the project	7 days	Thu 12/28/17	Fri 1/5/18
4.1	Stakeholder sign off	3 days	Tue 1/2/18	Thu 1/4/18	15
4.2	Post project review	4 days	Tue 1/2/18	Fri 1/5/18	15
4.3	Documentation	2 days	Thu 12/28/17	Fri 12/29/17	17

3. Identification of roles and responsibilities of individuals and departments within the organization as they pertain to risk management

The roles and responsibilities of individuals as well as department within the organization as they are pertaining towards risk management are provided below:

Department /Individual	Roles and responsibilities
Company founders (Peter Williams and John Damon)	The founders of the company peter Williams and John Damon needs to track the performance as well as efficiency with the help of proper monitoring system in order to analyze that the work or operational activities of the company is properly performed (Lam 2014). In addition to this, the founders of the company must arrange proper meeting so that they can understand the issues and challenges faced by the employees.
Company Schiefs (Peter and John)	The schiefs of the company Peter and John employed six engineers within the company for testing the prototypesystems for avoiding risks. In addition to this, they are also engaged in limiting the financial liability of the founders for managing the legal responsibilities of the company that will further helps in avoiding as well as mitigating challenges to some extent.
Peter and John	Both Peter and John gained proper knowledge about the environmental friendly alternate energy and as a result they engage in designing confidential architecture for the company so that the risks of misusing the design reduce to some extent (Kerzner 2017).
IT department	The IT department of the company engages in developing patches, extension as well as workarounds just for keeping AEKC running and for avoiding the risks that are associated with the IT department of the company (Heagney 2016).
Maintenance department	The maintenance departments of the organization are responsible of managing the data by monitoring the amount of data that is exchanged or shared about the customer energy generation (Lock 2014).This not only helps in tracking the information but also assists in reducing the leakage as well as misuse of confidential information about the company.
Management department	The management department of the company adopted proper enterprise data backup strategy so that if the data that are lost can be easily recovered. Thus, the role as well as responsibilities of management department helps in mitigating thee risks that are associated with data loss (Cagliano Grimaldi and Rafele 2015, pp. 234).

4. Development of proposed schedule for the risk management planning process

It is identified that earlier the schedule that was proposed for the risk management plan reflects that the entire process of risk management plan for the AE Kalina Cycle will be completed in 31 days. However, the company wants to complete the entire process of risk management within 15 days in order to reduce budget as well as time. It is analyzed that the newly developed schedule not only reduces budget as well as time but also assists in mitigating the challenges as well as issues that the company is facing quite earlier as compared to the schedule that was updated before.

WBS	Task Name	Duration	Start	Finish	Predecessors
0	Schedule for risk management plan	14 days	Wed 11/29/17	Mon 12/18/17
1	Initiation phase	4 days	Wed 11/29/17	Mon 12/4/17
1.1	Development of business case	2 days	Wed 11/29/17	Thu 11/30/17
1.2	Undertaking feasibility study	1 day	Fri 12/1/17	Fri 12/1/17	2
1.3	Analyzing project charter	2 days	Fri 12/1/17	Mon 12/4/17	2
1.4	Appointing team members	1 day	Mon 12/4/17	Mon 12/4/17	3
2	Planning phase of the project	4 days	Mon 12/4/17	Thu 12/7/17
2.1	Creation of plan	2 days	Mon 12/4/17	Tue 12/5/17	3
2.2	Creation of plan for required resources	2 days	Tue 12/5/17	Wed 12/6/17	4
2.3	Creation of financial plan	3 days	Tue 12/5/17	Thu 12/7/17	5
2.4	Creation of communication plan	2 days	Wed 12/6/17	Thu 12/7/17	7
2.5	Creation of procurement plan	2 days	Wed 12/6/17	Thu 12/7/17	7
3	Execution phase	8 days	Thu 12/7/17	Mon 12/18/17
3.1	Identification of project risks	3 days	Thu 12/7/17	Mon 12/11/17	8
3.2	Analyzing the risks of the project	3 days	Fri 12/8/17	Tue 12/12/17	9
3.3	Evaluating the rank of the risk	4 days	Fri 12/8/17	Wed 12/13/17	10
3.4	Monitoring and reviewing the project risks	5 days	Fri 12/8/17	Thu 12/14/17	10
3.5	Utilization of risk mitigation strategies	4 days	Fri 12/8/17	Wed 12/13/17	11
3.6	Utilization of proper options	5 days	Tue 12/12/17	Mon 12/18/17	13
3.7	Determining the risk mitigation plan	4 days	Wed 12/13/17	Mon 12/18/17	14
3.8	Use of proper risk mitigation content	4 days	Wed 12/13/17	Mon 12/18/17	14
4	Closure phase of the project	2 days	Thu 12/14/17	Fri 12/15/17
4.1	Stakeholder sign off	1 day	Thu 12/14/17	Thu 12/14/17	15
4.2	Post project review	2 days	Thu 12/14/17	Fri 12/15/17	15
4.3	Documentation	1 day	Thu 12/14/17	Thu 12/14/17	17

5. Prioritize most significant risks for AEKC

The risks that are identified for AEKC are prioritized in the table below:

Risks	Priority
Presence of improper corporate culture	8
Operational issues	5
Rise in number of viruses	1
Concern about concerns that the Shoalhaven River	6
Improper strategy for employee retention.	7
Corporate espionage	3
Improper facility of data backup	4
Improper security system in cloud	2

The table above prioritizes the risks that are faced by AE Kalina Cycle. The most critical risksare elaborated as per their priority level.

Rise in the number of viruses in email attachments:It is identified that the rise in the number of viruses in email attachment of the company is considered as one of the most critical risks. In addition to this, the financial department of the company faces phishing attack that creates number of challenges as well as risks that are associated with security of data (Haimes 2015). It is quite important to resolve the issues as well as risks. It is analyzed that in order to resolve the issues, it is quite important for the company to utilize firewall, spam filters as well as anti-viruses in order to avoid this type of risks.

Improper security system in cloud: The data as well as information that are stored within the cloud is not secure if proper authentication facility is not present. It is identified that in the absence of proper authentication, important as well as confidential data and information can be easily accessed by anyone (Too and Weaver 2014, pp.1382). In addition to this, it is analyzed that improper access of data causes misuse of personal as well as financial data of the company.

Corporate espionage: It is analyzed that number of issues as well as problems associated with corporate espionage occurs due to the scam that is designed for accessing the corporate account. It is quite important to resolve this issue effectively so that the company can operate effectively.

Improper facility of data backup: The management of the organization provides backup facility to the company so that the company can easily keep their data as well as information secured. It is analyzed that the facility of data backup that is provided by the company is not appropriate and as a result the company faces lot of problem which needs to be resolved effectively.

Operational issues: The Company faces number of operational issues due to improper management within the organization. In addition to this, the employees of the company face lot of problem due to improper division of work and as a result some of them are leaving the job (Vann et al. 2015, p.239). It is very much important for the company to resolve the issues that are associated with the operation of the company.

6. Risk treatment strategy

The risk treatment strategies for the risks that the company faces are elaborated:

Risks	Risk management strategy or internal control
Rise in the number of viruses in email attachments	In order to avoid problems associated with security as well as phasing, it is quite important to utilize firewall as proper security system.
Improper security system in cloud	For keeping confidential data as well as information of the organization securely in cloud it is quite important to utilize proper authentication so that only authorized member can access data as well as information.
Corporate espionage	In order to resolve problems or issues related with corporate espionage, it is quite important to take proper steps that would be helpful in securing the corporate culture of the company and resolves issues like espionage (Sahebjamnia, Torabi and Mansouri 2015, pp. 262)
Improper facility of data backup	Before storing the confidential data and information, it is quite important to test the system first in order to ensure that the information can be properly recovered with the help of the system so that later the individuals does not face any problem/
Operational issues	The organization must communicate properly with the team members of the organization and must utilize proper steps as well as strategies for resolving the issues (Fleisher and Bensoussan 2015).

7. BIA, BCP and DRP plans

7.1 Business impact analysis

It is identified that business impact analysis is undertaken which is one of the systematic procedure that is helpful for the company for determining as well as evaluating the effects of the risks as well as challenges that the company faces (Kastalli and Van Looy 2013,pp.170). It is identified that due to the risks that the company faces, various business operations of the company gets interrupted and as a result the company faces difficulty in operating effectively. It is analyzed that due to the security risks the company faces huge losses due to misuse of both financial as well as personal data.

7.2 Business Continuity Plan

The company utilizes business continuity plan and create number of strategies through the recognition of risks as well as threats that are faced by the company for ensuring that both personnel data as well as assets are generally protected so that the company can easily function properly during any disaster event (Lambert and Davidson 2013, pp.668). It is identified that with the help of business continuity plan, the company identifies the risks, determines mitigation process and implements proper measures for the risks. In addition to this, the company periodically reviews the procedures for making sure that the implemented measures are up to date.

7.3 Disaster Recovery Plan

Disaster recovery plan is one of the structured approached with appropriate instruction for responding to different types of unplanned incidents. It is identified that this step up plan mainly consists of various precautions that are generally taken by the organization for operating effectively in order to achieve the objectives as well as goals of the organizations (Kastalli and Van Looy 2013, pp.199). It mainly involves an analysis of various procedures of business as well as continuity needs. In order to resolve the risks as well as challenges that the company faces, appropriate numbers of precautions are taken by the companies that are quite useful.

References:

Cagliano, A.C., Grimaldi, S. and Rafele, C., 2015. Choosing project risk management techniques. A theoretical framework. Journal of Risk Research, 18(2), pp.232-248.

Fleisher, C.S. and Bensoussan, B.E., 2015. Business and competitive analysis: effective application of new and classic methods. FT Press.

Fleming, Q.W. and Koppelman, J.M., 2016, December. Earned value project management. Project Management Institute.

Haimes, Y.Y., 2015. Risk modeling, assessment, and management. John Wiley & Sons.

Heagney, J., 2016. Fundamentals of Project Managementw. AMACOM Div American Mgmt Assn.

Heldman, K., 2015. PMP project management professional exam deluxe study guide: updated for the 2015 Exam. John Wiley & Sons.

Hwang, B.G. and Ng, W.J., 2013. Project management knowledge and skills for green construction: Overcoming challenges. International Journal of Project Management, 31(2), pp.272-284.

Kastalli, I.V. and Van Looy, B., 2013. Servitization: Disentangling the impact of service business model innovation on manufacturing firm performance. Journal of Operations Management, 31(4), pp.169-180.

Kerzner, H., 2017. Project management metrics, KPIs, and dashboards: a guide to measuring and monitoring project performance. John Wiley & Sons.

Lam, J., 2014. Enterprise risk management: from incentives to controls. John Wiley & Sons.

Lambert, S.C. and Davidson, R.A., 2013. Applications of the business model in studies of enterprise success, innovation and classification: An analysis of empirical research from 1996 to 2010. European Management Journal, 31(6), pp.668-681.

Larson, E.W. and Gray, C., 2013. Project Management: The Managerial Process with MS Project. McGraw-Hill.

Lock, M.D., 2014. The essentials of project management. Ashgate Publishing, Ltd..

Portny, S.E., 2017. Project management for dummies. John Wiley & Sons.

Sahebjamnia, N., Torabi, S.A. and Mansouri, S.A., 2015. Integrated business continuity and disaster recovery planning: Towards organizational resilience. European Journal of Operational Research, 242(1), pp.261-273.

Schwalbe, K., 2015. Information technology project management. Cengage Learning.

Snyder, C.S., 2014. A Guide to the Project Management Body of Knowledge: PMBOK (®) Guide. Project Management Institute.

Too, E.G. and Weaver, P., 2014. The management of project management: A conceptual framework for project governance. International Journal of Project Management, 32(8), pp.1382-1394.

Turner, R., 2016. Gower handbook of project management. Routledge.

Vann, J.C.J., Hawley, J., Wegner, S., Falk, R.J., Harward, D.H. and Kshirsagar, A.V., 2015. Nursing intervention aimed at improving self-management for persons with chronic kidney disease in North Carolina medicaid: a pilot project. Nephrology Nursing Journal, 42(3), p.239.

Verzuh, E., 2015. The fast forward MBA in project management. John Wiley & Sons.

Buy INF30020 Information Systems Risk and Security : Business Continuity P Answers Online

Talk to our expert to get the help with INF30020 Information Systems Risk and Security : Business Continuity P Answers to complete your assessment on time and boost your grades now

The main aim/motive of the management assignment help services is to get connect with a greater number of students, and effectively help, and support them in getting completing their assignments the students also get find this a wonderful opportunity where they could effectively learn more about their topics, as the experts also have the best team members with them in which all the members effectively support each other to get complete their diploma assignments. They complete the assessments of the students in an appropriate manner and deliver them back to the students before the due date of the assignment so that the students could timely submit this, and can score higher marks.Â The experts of the assignment help services at urgenthomework.com are so much skilled, capable, talented, and experienced in their field of programming homework help writing assignments, so, for this, they can effectively write the best economics assignment help services.

Get Online Support for INF30020 Information Systems Risk and Security : Business Continuity P Assignment Help Online

Resources

24 x 7 Availability.

Trained and Certified Experts.

Deadline Guaranteed.

Plagiarism Free.

Privacy Guaranteed.

Free download.

Online help for all project.

Homework Help Services

); }

Not the Exact Question you were looking for ? Post your question for assignment help and get instant help on your homework and assignment questions from our experts