A Risk Mitigation Plan is a report that identifies the actions that need to be taken to reduce the frequency and impact a risk could possibly have on the organization,
The scope of this document is suggest controls for risks that could affect this company in a negative way.
Threat From Inside: The risk of a compromised system, data breeches, or simply a curious employee.
Strong access controls. Base network access on job requirements. Provide reasonable access to facilities. Frequent internal reviews of system and facility access should be completed to ensure that access is controlled.
Social Networks: Employees may divulge to much information to the public. Social networking sites pose a risk of phishing for sensitive information, pose a risk of data breeches (FISMA), and of corporate espionage.
Create policies on social network use at the office (it's your network). Use a firewall and internet restrictions to prevent access on company resources and time. Provide employee education on what a phishing request is, and how identify one.
Mobile Device Security: Employee or employer owned cellphones, smart phones, tablets connect to networks and have company information on them.
Require a password to access the device. Install GPS on the device to locate it, if the device is lost, or stolen. Data encryption of all emails and other company information.
HACTIVISM: Hacking done by large hacking organizations as a reaction to social movements and politics.
Always update anti virus/antimalware definitions. Control network with well configured firewall and access controls. Employee education on phishing e-mails and other e-mail based attacks.
Inadequate Security Policies: It is Predicted that in the coming years, each business function of an organization will be required to implement their own security policies as they relate to specific department functions in addition to a company wide information security program and...