A risk management plan is a specific type of project plan. The project is to identify and mitigate risks and is started by creating objectives and a project scope. Risks are then identified. Finally, a response plan is created as recommendations to mitigate the risks. Management can then choose to accept, defer, or modify the recommendations. A risk management plan should include a risk register.
The recommendations are then implemented. A primary tool used to track the recommendations is a plan of action and milestones (POAM). The POAM is a living document that is updated throughout the project. Various charting tools can be used to supplement the POAM to ease project management tasks. The NIST RMF (SP 800-37 Rev. 2) is an effective guide that can be used when implementing a risk management plan.
What are valid contents of a risk management plan?
Objectives
Scope
Recommendations
POAM
All of the above
What should be included in the objectives of a risk management plan?
A list of threats
A list of vulnerabilities
Costs associated with risks
Cost-benefit analysis
All of the above
What will the scope of a risk management plan define?
Objectives
POAM
Recommendations
Boundaries
What problem can occur if the scope of a risk management plan is not defined?
Excess boundaries
Stakeholder loss
Scope creep
SSCP
What is a stakeholder?
A mark that identifies critical steps
An individual or a group that has an interest in the project
A critical process or procedure
Another name for the risk management plan project manager
A key stakeholder should have authority to make decisions about a project, including authority to provide additional resources.
True
False
A risk management plan project manager oversees the entire plan. What is the project manager responsible for? (Select two.)
Ensuring costs are controlled
Ensuring the project stays on schedule
Ensuring stakeholders have adequate funds
Ensuring recommendations are adopted
A risk management plan includes steps to mitigate risks. Who is responsible for choosing what steps to implement?
The project manager
Management
The risk management team
The POAM manager
A risk management plan includes a list of findings in a report. The findings identify threats and vulnerabilities. What type of diagram can document some of the findings?
Gantt chart
Critical path chart
POAM diagram
Cause and effect diagram
What three elements should be included in the findings of the risk management report?
Causes, criteria, and effects
Threats, causes, and effects
Criteria, vulnerabilities, and effects
Causes, criteria, and milestones
What is a primary tool used to identify the financial significance of a mitigation tool?
Ishikawa diagram
Fishbone diagram
CBA
POAM
A fishbone diagram can link causes with effects.
True
False
A fishbone diagram is also known as a(n):
Risk management framework
Program management tool
Ishikawa diagram
NIST core plan
What is the NIST Risk Management Framework?
The planning phase of the systems life cycle
A process that combines security and risk management as part of a systems development life cycle
A record of project milestones
POAM
A POAM is used to track the progress of a project. What type of chart is commonly used to assist with tracking?