Why is it important to prioritize your IT infrastructure risks, threats, and vulnerabilities? Answer : The importance of to prioritizing risks in an IT infrastructure, is because you must be aware of what are the risks, the threats, and vulnerabilities to your infrastructure. By prioritizing immediately you know where the weakest point in your network is, and it can be addressed more quickly, to lessen the chance of a break in. 2.
A quality IT Risk Mitigation Plan will include details on costs, risk prioritization, and accompanying schedule. For risk prioritization, what influence would the industry your organization operates in have on prioritizing your identified risks, threats, and vulnerabilities? Answer :Many different companies have different way they approach things and prioritize. What is important to my company, might not be necessarily important to other companies.
We Will Write a Custom Essay Specifically
For You For Only $13.90/page!
For example, a medical facility that deals with patient information has to comply to HIPPA while on the other hand would different priorities would exist for a Financial institutions would have to comply to SOX 3. What questions would you bring to executive management prior to finalizing your IT risk mitigation plan? Answer : How long is implementation going to take? What is the predicted down time or chances of a failed change? Do we need other teams to be on standby in case of a worst case scenario?
What is the difference between short-term and long-term risk mitigation tasks and on-going duties? Answers : Short-term mitigation tasks are risks that can be solved or repaired very rapidly and will not have long term effects on the company, Long term mitigation tasks are risks that cannot be solved quickly and have other harsh repercussions on the network team, not to mention fines if they involve compliance issues. On-going duties are the daily duties that must be done in order for the company to perform with minimal risks.
Which of the seven domains of a typical IT infrastructure is easy to implement risk mitigation solutions but difficult to monitor and track effectiveness? Answer : Of the seven domains, in believe the remote access domain is the easiest to implement solutions for, but it is the more difficult one to monitor and track effectiveness due to the fact that they can gain network access from any wireless access point. 6. When considering the implementation of software updates, software patches, and software fixes, why must you test this upgrade or software patch before you implement this as a risk mitigation tactic?
Answer : Because software update, software patches, and software fixes have to be matched to the specific server it is being installed. In a test environment or lab, you can see the results of what patches, fixes and upgrades do , before applying them to the production cluster. And even after the lab has passes, because of unpredicted circumstances in the production environment, these fixes have caused downtime for companies. 7. Are risk mitigation policies, standards, procedures, and guidelines needed as part of your long-term risk mitigation plan?
Why or why not? Answer : They are definitely needed because you have a reference point in your plan, on how secure your network is coming along, and how much longer it will take to finish the given project. This information is crucial for upper management when dealing with contractors, because they rely on projects and time frames. Will they approve the continuation of a certain project, or are they almost done and the local IT team can finish the project. 8.
If an organization under a compliance law is not in compliance, how critical is it for your organization to mitigate this non-compliance risk element? It is very important to get the company’s network in compliance as soon as possible. Most of the time, the company not in compliance will hire contractors from recognized Tech companies like, HP, Insight Global, or Mphasis tech solutions to provide the compliance agencies like HIPPA,GLBA,SOX, FISMA the necessary documentation that the company in question , has ongoing plans to meet compliance in a short time span.