Risk Management For Construction Research Paper Help Hi.. I have a paper and I need paraphrase and reformulate.cost 10when ; today 1-intruduction 1.1-purpo

Risk Management For Construction Research Paper Help Hi.. I have a paper and I need paraphrase and reformulate.cost 10when ; today 1-intruduction
1.1-purpose:
The goal or objective of an IT risk management plan is to manage an effective
organizational risk management plan through establish objectives to outline
what you should include in the plan. Those objectives identify the goals of the
project. In addition, those objectives are listing of threats, listing of
vulnerabilities, determining costs associated with risks, listing of
recommendations to reduce the risks, assessing costs associated with the
proposals, and analyzing CBA.
A risk is an event or condition that, if it occurs, could have a positive or negative
effect on a project’s objectives. Risk Management is the process of identifying,
assessing, responding to, monitoring, and reporting risks. This Risk
Management Plan defines how risks associated with the development of a new
risk management plan for Network, Inc project will be identified, analyzed, and
managed. It outlines how risk management activities will be performed,
recorded, and monitored throughout the lifecycle of the project and provides
templates and practices for recording and prioritizing risks.
B2C
n a B2C transaction, the purchasing process is shorter and often simpler. A
consumer knows what he wants, browses the net, finds the item he is looking
for and makes the purchase. A B2B transaction is far more complex than that.
This breed of B2C services companies leverages technology in the form of
websites and apps that allow their customers to access services with the tap of a
finger. These companies usually make this happen by storing customer
information, including names, addresses, phone numbers, and payment options.
1.2-scope:
It is very important to identify the scope of a risk management plan because
it helps by defining the boundaries of the plan, and not to fall into scope
creep or getting the plan of control. Uncontrolled changes in the plan can
result in cost overruns and missed deadlines. The acceptable changes are
identified by the project manager, management, and stakeholders.
Wwwwwwwwwwww
The purpose of the risk management plan is to re-evaluate the current
threats and develop a new plan. For this plan, the scope can be applied to
all locations and servers that can protect the organization from risks,
threats, and vulnerabilities. This plan consists of the process of identifying
and managing risks. Threads recognized early in this project should be
addressed immediately.
The scope of the plan includes:
• Security of the server hosting HNetConnect
• Identification of all health data related to
• Identification of all company hardware assets
• Databases and storage of health data
• Services and usage of health data
• Transmission of health data with HNetExchange
• The integrity of transmitted data
• Security of the Website itself
• Availability of the Website
• The integrity of the Web site’s data
1.2.3- Timeline Risks
When project tasks take longer than expected, it can be very difficult to get the
project back on schedule. Attempting to rush through subsequent tasks can lead
to errors or quality issues, which in turn put the project even further behind. The
timeline is five weeks
1.2.4-Terms :
Business continuity
plan (BCP)
A comprehensive plan that helps a company prepare for
different types of emergencies. The goal is to ensure that
mission-critical functions continue operate even after a disaster
strikes
Business Impact
Wwwwwwwwwwww
Analysis (BIA)
It identifies the impact to the business if one or more IT
functions fails
Business Continuity
(BC)
BC covers all functions of a business. It ensures the entire
business can continue to operate in the event of a disruption.
It includes a BIA. It also includes Disaster Recovery (DR)
plans as attachments of the BCP
Disaster Recovery
(DR)
DR is largely a function of IT. It includes the elements
necessary to recover from a disaster. This includes elements
such as backups, recoveries, and restores. DR can also be
broader and include elements such as alternate sites. However,
the DR plan is a part of the larger BCP.
BCP
Coordinator
The BCP coordinator is in charge of a specific BCP. This
individual can have two roles depending on the stage of the BCP.
The first role is before the BCP is completed and activated,
which person is responsible for developing and completing it.
The second role is when the BCP is completed and activated, the
BCP coordinator is responsible
for declaring the emergency and activating the BCP.
CIO Chief Information Officer
Wwwwwwwwwwww
CISO Chief Information Security Officer
Emergency
Management Team
(EMT)
EMT is a team composed of senior management personnel,
who have overall authority during a disruption or disaster. The
EMT, DAT, and TRT are teams designated by the BCP.
EMT Lead EMT Lead coordinates the actions of the EMT. The team lead
also works closely with the DAT lead and the BCP coordinator.
Damage Assessment
Team (DAT)
DAT is a team that collects data after a disruption to determine
the extent of the damage. The DAT collects data on damage to
systems and facilities. The DAT reports the data to the EMT. The
EMT, DAT, and TRT are teams designated by the BCP.
Technical Recovery
Team (TRT)
TRT is a team responsible for recovering critical systems after a
disruption or outage. The BIA identifies the critical systems. The
EMT, DAT, and TRT are teams designated
2-Risk Analysis
2.1-List of Assets:
We believe security is a business imperative that cannot be solved by technology
alone. A risk management plan should simplify and solve security challenges to
reduce business risk and prove measurable outcomes.“Enterprise risk
Wwwwwwwwwwww
management is a structured, consistent, and continuous process across the
whole.organization for identifying, assessing, deciding on responses to, and
reporting on opportunities and threats that affect the achievement of its
objectives” .The Risk is usually the likelihood of a loss when a component of
the Information System is exposed to a threat. The categorization of the
information system component is listed on the table below:
1-People:
people inside an organization, they have trusted employees with other staff.
people outside an organization, they are an organization we trust strangers.
2-Procedures :
IT & business standard or sensitive procedures .
3-Data:
Data and information transmission processing storage.
3-Risk assessment
3.1-Quantitative Analysis
All risks identified will be assessed to identify the range of possible project
outcomes. Qualification will be used to determine which risks are the top
risks to pursue and respond to and which risks can be ignored.
Risk analysis is the check of the risks connected with a particular event or
action. It is utilized to projects, information technology, and security issues.
Moreover, risks might be analyzed on a quantitative and qualitative basis.
Thus, we can break it down into the following steps:
1. Specify the scope of the analysis.
2. Collecting data.
3. Define and document potential threats and vulnerabilities.
4. Assess current security measures.
5. Define the probability of threat occurrence.
6. Define the potential impact of threat occurrence.
Wwwwwwwwwwww
7. Define the level of risk.
8. Specify security measures and finalize documentation.
Likelihood:
Critical – The percentage is between 75% and 100% a probability of
an event.
Major – The percentage is between 45% and 74% a probability of
an event.
Minor
– The percentage is below 44% a likelihood of an event.
Impact:
Critical – If the risk happens, it will have a high impact on the
company. It will impact critical data or systems and cause
substantial losses.
Major
– If the risk happens, it will have a moderate impact on the
company. It may impact critical data or systems, but not to a
large extent.
Minor
– If the risk happens, it will have minimal impact on the
company. The attack will not impact any critical data or
systems
Analysis of risk events that have been prioritized using the qualitative risk
analysis process and their effect on project activities will be estimated, a
cost applied to each risk based on this analysis, and then documented in this
section of the risk management plan.
As we know, the quantitative risk analysis uses numbers, such as dollar
values. We collect data and then enter it into standard formulas, which is
ALE=SLE x ARO. Thus, the results can help us to identify the priority of
risks. Moreover, we can also utilize the results to determine the
effectiveness of controls.
There are some key terms associated with quantitative risk analyses, which
are:
Wwwwwwwwwwww
• Single Loss Expectancy (SLE), which is the total loss expected from
a single incident. An incident happens when a threat exploits
weakness.
• Annual Rate of Occurrence (ARO) that is the number of times an
incident is expected to happen in a year.
• Annual Loss Expectancy (ALE), which is the expected loss for a
year.
• Safeguard value
3.2-Qualitative Analysis
The probability and impact of occurrence for each identified risk will be assessed
by the project manager, with input from the project team using the Risk Scoring
Matrix. Risks that fall within the RED and YELLOW zones will have risk
response planning which may include both risk mitigation and a risk contingency
plan.
Qualitative is a subjective method. It utilizes relative values based on opinions
from experts. Experts give their input on the probability and impact of a risk. A
qualitative RA can be completed rather quickly. The evaluation generally
depends on the severity of the threats. Critical or Major threats have been
addressed as soon as possible while Minor threats might be addressed after all
the major threats are addressed as they do not do much damage. In this section,
we will determine any threat or risk to the project of Goods Quality & Price Q&P
Network, Inc. Then put them in which level High or Medium or Low, to begin
with.
Wwwwwwwwwwww
4-Risk Mitigation
Formal Recommendations & Cost-Benefit Analysis:
The CBA = Loss before AV software – loss after AV software – cost of AV
software
The CBA for all threats is as follows:
1. Viruses or worms attack that cause losing of data, and transfer to other
domains
a. The recommendation is to install an antivirus
b. Previous loss: if we assume that direct loss and indirect loss is
direct loss + indirect loss = Previous loss
c. Future loss: the software is expected to reduce the losses by 97 percent
d. Cost of Recommendation: $20 per device, we have 1650 devices that
needs antivirus software.
e. CBA = $10,000,000
2. Losing of customers’ information by users
a. The recommendation is to train employees
b. Previous loss: if we assume that direct loss and indirect loss is $.
direct loss + indirect loss = Previous loss
c. Future loss: the software is expected to reduce the losses by 96 percent
d. Cost of Recommendation: $0, because it is the responsibility of
Human Resource and the head of each department.
e. CBA
3. Loss of company data due to hardware being removed from production
systems
a. The recommendation is to backup hardwires
b. Previous loss: if we assume that direct loss and indirect loss is
$7,000,000.
direct loss + indirect loss = Previous loss
c. Future loss: the software is expected to reduce the losses by 98 percent
d. Cost of Recommendation: $20,000, assumption
e. CBA = $7
Wwwwwwwwwwww
4. Loss of company information on lost or stolen company-owned assets, such
as mobile devices and laptops
a. The recommendation is to implement a new policy
b. Previous loss: if we assume that direct loss and indirect loss is
$20,000.
direct loss + indirect loss = Previous loss
c. Future loss: the software is expected to reduce the losses by 90 percent
d. Cost of Recommendation: $0, because it is the responsibility of
Human Resource and the head of each department.
e. CBA = $20,000 – $2,000 – 0 = $18,000
5. Loss of customers due to production outages caused by various events, such
as natural disasters, change management, unstable software, and so on
a. The recommendation sales department reach out to affected
customers
b. Previous loss: if we assume that direct loss and indirect loss is
$30,000,000.
direct loss + indirect loss = Previous loss
c. Future loss: the software is expected to reduce the losses by 85 percent
d. Cost of Recommendation: $0, because it is the sales department
employees.
6. Internet threats due to company products being accessible on the Internet
a. The recommendation is to update the firewall
b. Previous loss: if we assume that direct loss and indirect loss is
$15,000,000.
direct loss + indirect loss = Previous loss
c. Future loss: the software is expected to reduce the losses by 98 percent
d. Cost of Recommendation: $5,000 per unit, we have 1000 servers that
needs update to its firewall. The total cost is $5,000 x 1000 =
$5,000,000
e. CBA = $
7. Insider threats
a. The recommendation is to implement strict security policies
b. Previous loss: if we assume that direct loss and indirect loss is
$3,000,000.
direct loss + indirect loss = Previous loss
c. Future loss: the software is expected to reduce the losses by 50 percent
Wwwwwwwwwwww
d. Cost of Recommendation: $1,000,000, (assumption) even though it is
the responsibility of Human Resource and the head of each
department, but it may need external assistance.
8. Changes in regulatory landscape that may impact operations
a. The recommendation is to implement Gap Analysis and Remediation
Plan
b. Previous loss: if we assume that direct loss and indirect loss is
$1,000,000.
direct loss + indirect loss = Previous loss
c. Future loss: the software is expected to reduce the losses by 95 percent
d. Cost of Recommendation: $500,000, (assumption) because it depends
on the time it takes to develop the document.
Total cost-benefit analysis (CBA) if all are applied
Total Previous loss: $69,020,000
Total Future loss: $8,412,000
Total Cost of Recommendation: $6,553,000
Wwwwwwwwwwww

Purchase answer to see full
attachment

Don't use plagiarized sources. Get Your Custom Essay on
Risk Management For Construction Research Paper Help Hi.. I have a paper and I need paraphrase and reformulate.cost 10when ; today 1-intruduction 1.1-purpo
Get an essay WRITTEN FOR YOU, Plagiarism free, and by an EXPERT!
Order Essay
Quick Homework Essays
Calculate your paper price
Pages (550 words)
Approximate price: -

Why Work with Us

Top Quality and Well-Researched Papers

We always make sure that writers follow all your instructions precisely. You can choose your academic level: high school, college/university or professional, and we will assign a writer who has a respective degree.

Professional and Experienced Academic Writers

We have a team of professional writers with experience in academic and business writing. Many are native speakers and able to perform any task for which you need help.

Free Unlimited Revisions

If you think we missed something, send your order for a free revision. You have 10 days to submit the order for review after you have received the final document. You can do this yourself after logging into your personal account or by contacting our support.

Prompt Delivery and 100% Money-Back-Guarantee

All papers are always delivered on time. In case we need more time to master your paper, we may contact you regarding the deadline extension. In case you cannot provide us with more time, a 100% refund is guaranteed.

Original & Confidential

We use several writing tools checks to ensure that all documents you receive are free from plagiarism. Our editors carefully review all quotations in the text. We also promise maximum confidentiality in all of our services.

24/7 Customer Support

Our support agents are available 24 hours a day 7 days a week and committed to providing you with the best customer experience. Get in touch whenever you need any assistance.

Try it now!

Calculate the price of your order

Total price:
$0.00

How it works?

Follow these simple steps to get your paper done

Place your order

Fill in the order form and provide all details of your assignment.

Proceed with the payment

Choose the payment system that suits you most.

Receive the final file

Once your paper is ready, we will email it to you.

Our Services

No need to work on your paper at night. Sleep tight, we will cover your back. We offer all kinds of writing services.

Essays

Essay Writing Service

No matter what kind of academic paper you need and how urgent you need it, you are welcome to choose your academic level and the type of your paper at an affordable price. We take care of all your paper needs and give a 24/7 customer care support system.

Admissions

Admission Essays & Business Writing Help

An admission essay is an essay or other written statement by a candidate, often a potential student enrolling in a college, university, or graduate school. You can be rest assurred that through our service we will write the best admission essay for you.

Reviews

Editing Support

Our academic writers and editors make the necessary changes to your paper so that it is polished. We also format your document by correctly quoting the sources and creating reference lists in the formats APA, Harvard, MLA, Chicago / Turabian.

Reviews

Revision Support

If you think your paper could be improved, you can request a review. In this case, your paper will be checked by the writer or assigned to an editor. You can use this option as many times as you see fit. This is free because we want you to be completely satisfied with the service offered.

See all services