CHAPTER SUMMARY
A risk management plan is a specific type of project plan. The project is to identify and mitigate risks and is started by creating objectives and a project scope. Risks are then identified. Finally, a response plan is created as recommendations to mitigate the risks. Management can then choose to accept, defer, or modify the recommendations. A risk management plan should include a risk register.
The recommendations are then implemented. A primary tool used to track the recommendations is a plan of action and milestones (POAM). The POAM is a living document that is updated throughout the project. Various charting tools can be used to supplement the POAM to ease project management tasks. The NIST RMF (SP 800-37 Rev. 2) is an effective guide that can be used when implementing a risk management plan.
KEY CONCEPTS AND TERMS
National Institute of Science and Technology (NIST)
National Institute of Science and Technology Risk Management Framework (RMF)
CHAPTER 4 ASSESSMENT
- What are valid contents of a risk management plan?
- Objectives
- Scope
- Recommendations
- POAM
- All of the above
- What should be included in the objectives of a risk management plan?
- A list of threats
- A list of vulnerabilities
- Costs associated with risks
- Cost-benefit analysis
- All of the above
- What will the scope of a risk management plan define?
- Objectives
- POAM
- Recommendations
- Boundaries
- What problem can occur if the scope of a risk management plan is not defined?
- Excess boundaries
- Stakeholder loss
- Scope creep
- SSCP
- What is a stakeholder?
- A mark that identifies critical steps
- An individual or a group that has an interest in the project
- A critical process or procedure
- Another name for the risk management plan project manager
- A key stakeholder should have authority to make decisions about a project, including authority to provide additional resources.
- True
- False
- A risk management plan project manager oversees the entire plan. What is the project manager responsible for? (Select two.)
- Ensuring costs are controlled
- Ensuring the project stays on schedule
- Ensuring stakeholders have adequate funds
- Ensuring recommendations are adopted
- A risk management plan includes steps to mitigate risks. Who is responsible for choosing what steps to implement?
- The project manager
- Management
- The risk management team
- The POAM manager
- A risk management plan includes a list of findings in a report. The findings identify threats and vulnerabilities. What type of diagram can document some of the findings?
- Gantt chart
- Critical path chart
- POAM diagram
- Cause and effect diagram
- What three elements should be included in the findings of the risk management report?
- Causes, criteria, and effects
- Threats, causes, and effects
- Criteria, vulnerabilities, and effects
- Causes, criteria, and milestones
- What is a primary tool used to identify the financial significance of a mitigation tool?
- Ishikawa diagram
- Fishbone diagram
- CBA
- POAM
- A fishbone diagram can link causes with effects.
- True
- False
- A fishbone diagram is also known as a(n):
- Risk management framework
- Program management tool
- Ishikawa diagram
- NIST core plan
- What is the NIST Risk Management Framework?
- The planning phase of the systems life cycle
- A process that combines security and risk management as part of a systems development life cycle
- A record of project milestones
- POAM
- A POAM is used to track the progress of a project. What type of chart is commonly used to assist with tracking?
- Fishbone chart
- Cause and effect chart
- Gantt chart
- POAM chart