Scenario:

You are an IT security intern working for Health Network, Inc. (Health Network), a fictitious health services organization headquartered in Minneapolis, Minnesota. Health Network has over 600 employees throughout the organization and generates $500 million USD in annual revenue. The company has two additional locations in Portland, Oregon and Arlington, Virginia, which support a mix of corporate operations. Each corporate facility is located near a co-location data center, where production systems are located and managed by third-party data center hosting vendors.

Senior management at Health Network has determined that the existing risk management plan for the organization is out of date and a new risk management plan must be developed. Because of the importance of risk management to the organization, senior management is committed to and supportive of the project to develop a new plan. You have been assigned to develop this new plan.

Task 1: Risk Management Plan Outline and Research:For the first part of the assigned project, you must create an initial draft of the final Risk Management Plan. To do so, you must:

1. Research risk management plans.
2. Develop and introduce the risk management plan by explaining its purpose and importance.
3. Define the scope and boundaries of the plan.
4. Research and summarize compliance laws and regulations that pertain to the organization.
5. Identify the key roles and responsibilities of individuals and departments within the organization as they pertain to risk management.
6. Develop a proposed schedule for the risk management planning process. ::
7. Task 2: make a Risk Assessment Plan: After making an initial draft of the Risk Management Plan, the second part of the assigned project requires you to create a draft of a Risk Assessment Plan. To do so, you must:
   1. After completing an initial draft of the Risk Management Plan, the second part of the assigned project requires you to create a draft of a Risk Assessment Plan. To do so, you must:
   2. Research risk assessment approaches.
   3. give an outline for a basic qualitative risk assessment plan.
   4. Develop and introduce the plan by explaining its purpose and importance.
   5. Define the scope and boundaries for the risk assessment.
   6. Identify data center assets and activities to be assessed.
   7. Identify relevant threats and vulnerabilities. Include those listed in the Project Summary and add to the list if needed.
   8. Identify relevant types of controls to be assessed.
   9. Identify the key roles and responsibilities of individuals and departments within the organization as they pertain to risk assessment.
   10. Develop a proposed schedule for the risk assessment process.
   11. provide a professional report detailing the information above as an initial draft of the risk assessment plan. Often, risk assessment plans include tables, but you can choose the best format to present your material.
8. Task 3: Risk Mitigation Plan

Senior management at Health Network allocated funds to support a risk mitigation plan. They have requested that the risk manager and team create a plan in response to the deliverables produced in the first two tasks.The risk mitigation plan should address the identified threats described in the scenario for this project, as well as any new threats that may have been discovered during the risk assessment. You have been assigned to develop a draft of this new plan.

1. You have been assigned to develop this new plan.
   1. Develop an introduction to the plan explaining its purpose and importance.
   2. Give an outline for the completed Risk Mitigation plan.
   3. Define the scope and boundaries for the plan.
   4. Research and summarize Risk Mitigation approaches.
   5. Identify the key roles and responsibilities of individuals and departments within the organization as they pertain to Risk Mitigation.
   6. Develop a proposed schedule for the Risk Mitigation process.
   7. Make a professional report detailing the information above as an initial draft of the Risk Mitigation plan.