Risk assessment plans hinge on the estimated importance attached to risks that have been identified. This importance is established in one of two ways: qualitatively or quantitatively.
For this activity, you will:
Read the scenario in the Directions section.
Utilize qualitative and quantitative risk assessment processes.
Provide qualitative and quantitative estimates to inform management of the risks and costs associated with the project.
Directions
Imagine that you work for a company as a network administrator. Your company has just won a large contract with the United States government, and you have been given the responsibility to plan and implement the project. The project involves expanding an existing computer network. Your company has never worked with the U.S. government at this level. Therefore, this is your chance to prove yourself to the company.
In meetings, you have explained the architecture, new enterprise-level firewall, additional requirements for network monitoring, the need for an additional system administrator, and risks of not complying with the Federal Information Security Management Act (FISMA) of 2002/Federal Information Security Modernization Act (FISMA) of 2014 regulations for securely working with the U.S. government.
The National Institute of Standards and Technology (NIST) outlines nine steps toward compliance with FISMA:
Categorize the information to be protected.
Select minimum baseline controls.
Refine controls using a risk assessment procedure.
Document the controls in the system security plan.
Implement security controls in appropriate information systems.
Assess the effectiveness of the security controls once they have been implemented.
Determine agency-level risk to the mission or business case.
Authorize the information system for processing.
Monitor the security controls continuously.
The project’s implementation is expected to cost $3 million to bring it to full operation, including full compliance with the FISMA standards, in approximately six months. Your tasks in this project are to develop, test, and bring into production a network with these requirements in a short time frame.
This project, if executed properly, is likely to have an annual income of $30 million USD for your company. This income is a 20% premium to other sources of income, amounting to $90 million. Your company is expecting this revenue in the current year, which will greatly contribute to its bottom line.
Based on the service level agreement with the U.S. government, service delivery requirements are expected to be on time and within the specified quality parameters of +/- 1% of the time, with specified deliverables scheduled for every other Friday afternoon at the end of the day. For each month the project is late, a 5% reduction per month in the overall contract price will be imposed. If this reduction reaches 20%, the contract will be transferred to another company that was part of the original bidding process.
There is a lot at stake in this project. Therefore, it’s imperative that you execute an effective and accurate risk assessment. These are your tasks:
Estimate the qualitative and quantitative risks of bringing the project to completion:
On time
One month early
Two months late
Estimate the qualitative risks of bringing the project to completion:
On time, but not with the required security
One month early with the required security requirements
Two months late, without the required security requirements
Estimate the qualitative and quantitative risks of bringing the project to completion on time, with the required security requirements, within/on budget, but not meeting the required contractual commitment for service.
What to Submit
Produce a brief risk assessment report of 1–2 pages and submitted as either a Microsoft Word document or a PDF file. Your paper must follow the most recent APA formatting guidelines. You can use tables or other organizational features in Microsoft Word to clearly communicate the recommendation and the assessed risks.
Resources are not required, but any references used must be appropriately cited using APA style. Your submission must completely address all of the tasks and requirements in the Directions section.