Scenario
You are an IT security intern working for Health Network, Inc. (Health Network), a fictitious health services organization headquartered in Minneapolis, Minnesota. Health Network has over 600 employees throughout the organization and generates $500 million USD in annual revenue. The company has two additional locations in Portland, Oregon and Arlington, Virginia, which support a mix of corporate operations. Each corporate facility is located near a co-location data center, where production systems are located and managed by third-party data center hosting vendors.
Task:
1. Research risk management plans.
2. Create an outline for a basic risk management plan with anticipated section headings (as indicated in this numbered list). This plan will include a qualitative risk assessment
3. Write an introduction to the plan by explaining its purpose and importance.
4. Define the scope and boundaries of the plan.
5. Research and summarize compliance laws and regulations that pertain to the organization. Keep track of sources you use for citation purposes.
6. Identify the key roles and responsibilities of individuals and departments within the organization as they pertain to risk management.
7. Develop a proposed schedule for the risk management planning process.
8. Create a draft risk management plan detailing the information above. Format the plan similar to a professional business report and cite any sources you used.
