For the first part of the assigned project, you must create an initial draft of the final risk management plan. To do so, you must:
Develop and provide an introduction to the plan by explaining its purpose and importance.
Create an outline for the completed risk management plan.
Define the scope and boundaries of the plan.
Research and summarize compliance laws and regulations that pertain to the organization.
Identify the key roles and responsibilities of individuals and departments within the organization as they pertain to risk management.
Develop a proposed schedule for the risk management planning process.
Create a professional report detailing the information above as an initial draft of the risk management plan.
Write an initial draft of the risk management plan as detailed in the instructions above. Your plan should be made using a standard word processor format compatible with Microsoft Word.
Evaluation Criteria and Rubrics
Did the student demonstrate an understanding of the competencies covered in the course thus far?
Did the student include all important components of a risk management plan in the outline?
Did the student demonstrate good research, reasoning, and decision-making skills in identifying key components and compliance laws and regulations?
In this lab, you defined COBIT P09, you described COBIT P09's six control objectives, you explained how the threats and vulnerabilities align to the definition for the assessment and management of risks, and you used COBIT P09 to determine the scope of risk management for an IT infrastructure.
Lab Assessment Questions & Answers
1. What is COBIT P09's purpose?
2. Name three of COBIT's six control objectives.
3. For each of the threats and vulnerabilities from the Identifying Threats and Vulnerabilities in an IT Infrastructure lab in this lab manual (list at least three and no more than five) that you have remediated, what must you assess as part of your overall COBIT P09 risk management approach for your IT infrastructure?
4. True or false: COBIT P09 risk management control objectives focus on assessment and management of IT risk.