Draft Risk Management Plan
Ernest Martinez Jr.
October 22, 2012
Purpose The Senior Management of the Defense Logistics Information Services (DLIS) has decided to update the previous risk management plan with a developing, new risk management plan. This new risk management plan will not only minimize the amount of risk for future endeavors, but will also be in compliance with regulations such as the Federal Information Security Management Act (FISMA), Department of Defense (DOD), Department of Homeland Security (DHS), National Institute of Standards and Technology (NIST), Control Objects for Information and Technology (COBIT), and Information Assurance Certification and Accreditation Process …show more content…
Assessment of risk impact should use a quantitative method whenever it is possible. The estimated cost, potential delays and reduction of quality are factors that can be estimated and documented in the risk statement.
For each risk identified a response must also be identified. It is the responsibility of the Defense Logistics Information Services directors to select the response for each risk. Using the best possible assessment of the risk and the response options, the Defense Logistics Information Services directors can select the right response for each risk. The probability of a risk event occurring, and the impacts should it occur, will be the basis for determining which actions should be taken to mitigate the risk. One way to evaluate mitigation strategies is to multiply the risk cost times the probability of occurrence (Gibson, 2011). Mitigation strategies that cost less than risk probability should be given great consideration. Possible responses to risk are: * Avoidance – Change processes and objectives to avoid the risk. * Transference – Shift