Assignment: Risk Assessment Approaches

Assignment Requirements

Imagine that you work for U.S. Industries, Inc. as a network administrator. Your company has just won a contract with the U.S. government and you have been given the responsibility to complete the project. The project involves expanding an existing network. Your company has never traded with the U.S. government at this level. Therefore, this is your chance to prove yourself in the company.

You have just left a four-hour meeting in which you described the network expansion project to your colleagues. You explained the architecture, new enterprise-level firewall, the additional requirements for network monitoring, the need for an additional system administrator, and the risks of not complying with Federal Information Security Modernization Act (FISMA) regulations for securely trading with the U.S. government.

The project is expected to have a total cost of $3 million USD to bring it to full operation in approximately six months. Your tasks in this project are to develop, test, and bring into production a network with these requirements in a short time frame.

This project, if executed properly, is likely to have an annual income of $20 million USD for your company. This income is a 20% premium to other sources of income, amounting to $80 million USD, that your company is expected to have in the current year.

Based on the service level agreement, service delivery requirements are expected to be on time and within the specified quality parameters of +/- 1.5% of the time with deliveries scheduled for alternating Monday afternoons. For each month the project is late, a 2% reduction per month in the overall contract price will be levied on your company. If this reduction reaches 10%, the contract will be transferred to the second runner-up in the bidding process.

There is a lot at stake in this project. Therefore, it is imperative that you perform a good risk assessment.

For this assignment:

1. Estimate the qualitative and quantitative risks of bringing the project to completion:
   • On time
   • One month early
   • Two months late
2. Estimate the qualitative and quantitative risks of bringing the project to completion:
   • On time, but not with the required security
   • One month early with the required security requirements
   • Two months late, without the required security requirements
3. Estimate the qualitative and quantitative risks of bringing the project to completion on time, with the required security requirements, within/on budget, but not meeting the required contractual commitment for service.

Self-Assessment Checklist

• I estimated the qualitative and quantitative risks of bringing the project to completion on time, one month early, and two months late.
• I estimated the qualitative and quantitative risks of bringing the project to completion:
  • On time, but not with the required security
  • One month early with the required security requirements
  • Two months late, without the required security requirements
• I identified the qualitative and quantitative risks of bringing the project to completion on time with the required security requirements, within/on budget - but not meeting the required contractual commitment for service.
• The estimates and analysis agreed in context and associated costs factors.
• I presented the results in a professional, well-developed report with proper grammar, spelling, and punctuation.