LAB 3

LAB 3

RISK MANAGEMENT PLAN FOR A UNIVERSITY UNDER FERPA Compliance Laws

TABLE OF CONTENTS
1. Introduction
1.1 FERPA Risk Management Plan – a project team has been assembled to identify, analyze and manage the current risks with the universities IT infrastructure. We will outline in this table of contents how the activities will be performed, recorded, and monitored throughout the lifecycle of the project.
2. Risk Management Procedure
2.1 Risk Planning
Brainstorming
Current risks
Goals of the risk management plan
Approach to resolve the risks
Resolution

2.2 Risk Identification - Risk identification will involve the project team, appropriate stakeholders, and will include an evaluation of environmental factors, organizational culture and the project management plan including the project scope. Careful attention will be given to the project deliverables, assumptions, constraints, WBS, cost/effort estimates, resource plan, and other key project documents.
User
Disgruntled employee
Inter-office romance gone bad
Downloading e-mail attachments from an unknown source
Workstation
Software vulnerability
Unauthorized access to university owned computers
LAN – to – WAN
Hacker penetration
DOS
WAN
Communication outage
Service provider outage
LAN
Server OS vulnerability
Unauthorized WLAN access
Systems/Application
Data destroyed
Fire destruction of main server room
Remote Access
Unauthorized access/external
Remote access from SOHO
2.3 Risk Assessment - All risks identified will be assessed to identify the range of possible project outcomes. Qualification will be used to determine which risks are the top risks to pursue and respond to and which risks can be ignored.
2.3.1 Qualitative Risk Analysis
The probability and impact of occurrence for each identified risk will be assessed by the project team, with input from the project team using the following approach:



Probability
High – Greater than probability of...

Similar Essays