Create a risk mitigation plan
The risk management plan should propose applicable and effective security controls for managing the risks. For example, an observed high risk of computer viruses could be mitigated by acquiring and implementing anti virus software. A good risk management plan should contain a schedule for control implementation and responsible persons for those actions.
Review and evaluation of the plan
1.To evaluate whether the previously selected security controls are still applicable and effective, and
2.To evaluate the possible risk level changes in the business environment. For example, information risks are a good example of rapidly changing business environment.
Risk management activities as applied to project management
In project management, risk management includes the following activities:
Planning how risk management will be held in the particular project. Plan should include risk management tasks, responsibilities, activities and budget.
Assigning a risk officer - a team member other than a project manager who is responsible for foreseeing potential project problems. Typical characteristic of risk officer is a healthy skepticism.
Maintaining live project risk database. Each risk should have the following attributes: opening date, title, short description, probability and importance. Optionally a risk may have an assigned person responsible for its resolution and a date by which the risk must be resolved.
Creating anonymous risk reporting channel. Each team member should have possibility to report risk that he foresees in the project.
Preparing mitigation plans for risks that are chosen to be mitigated. The purpose of the mitigation plan is to describe how this particular risk will be handled – what, when, by who and how will it be done to avoid it or minimize consequences if it becomes a liability.
Summarizing planned and faced risks, effectiveness of mitigation activities and effort spend for the risk management
No comments:
Post a Comment