Chap4 Developing a Risk Management Plan Flashcards

1
Q

POAM

A

~ POA&M ~ Plan of Action and Milestones
this plans use to track the project progress
assignment of responsibility: who respond for each task
management follow-up: determine the project status, timeline
It is also useful for audited project
No specific format, it’s a living document ~ update regularly
Gantt chart is a POAM

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
2
Q

stakeholder & true stakeholder

A

is an individual or a group has a stake or interest in the success of a project
true stakeholder is a stakeholder that has a vested interest in project and wants to see it succeed

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
3
Q

PM responsible for?

A
make project is:
cost is under control
quality is maintained
on schedule
stay within scope
tracking & managing issue
info available to all key stakeholders
raise issues & problems
ensure members and stakeholders aware responsibilities and deadlines
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
4
Q

valid contents of risk management plan

A

Objectives, Scope, recommendations, POAM, CBA, other reports

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
5
Q

Objectives of a risk management plan

A

road map for plan&raquo_space; where you’re going and when reach there ~ goal of project

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
6
Q

scope of a risk management plan

A

scope identifies the boundaries of the RMP. It could include the entire org or a single system. Avoid the plan get out of control

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
7
Q

Fish bone diagram

A

suitable to use cause & effect diagram
cause ~ threat&raquo_space; trying to find the root cause
effect ~ outage

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
8
Q

cause & effect diagram

A

used to discover and document the findings

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
9
Q

main purpose of a risk management plan?

A

to mitigate risk

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
10
Q

common objectives of RMP

A
list of threats
list of vulnerabilities
cost associated with risks
recommendations to reduce risks
cost associated with recommendations
cost-benefit analysis
reports
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
11
Q

implementation of the plan tasks?

A

document management decisions
document and track implementation of accepted recommendations
a POAM

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
12
Q

cost of an outage

A

direct and indirect cost
direct&raquo_space; lost sale revenue, if srv down 1h, how much? or cost of system recover
indirect&raquo_space; reputation, recover the goodwill

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
13
Q

recommendations and cost

A

to mitigate the risks
reduce the impact of the threats
» how much?&raquo_space; cost and benefit analysis (CBA)

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
14
Q

document accepted recommendations

& track implementation

A

management accept/defer/modify recommendations&raquo_space; document their choices
track implementation: track the choices and implementation

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
15
Q

scope creep

A

creep: sự kinh sợ

uncontrolled changes&raquo_space; additional requirements&raquo_space; scope grows&raquo_space; cost grow, missed deadlines

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
16
Q

key stakeholder

A

a stakeholder who has authority to make decisions abt the project, including the ability to grant additional resources. (CIO, CEO, Vice president)

17
Q

individual responsibilities

A

risk identification
risk assessment&raquo_space; identify the likelihood and impact of each risk&raquo_space; matrix
risk mitigation
reporting

18
Q

affinity diagram

A

purposes:
identify problem
generate ideas&raquo_space; brainstorming
gather ideas into related groups

break down the solution into steps & how long does it take each step
Example: update the server
break down: check the stablest version, requirements, test compatible on a virtual environment, update…&raquo_space; total cost 10 days

19
Q

List of findings

A

the causes and the effects that can possibility happen

20
Q

CBA

A

cost-benefit analysis
determines how to manage risk. If the cost is higher than the risk, the risk might be accepted.
Benefits should be calculated in terms of currency.
CBA is calculated as:
CBA = loss before implementation - loss after implementation - implementation cost
should get accurate data, but this is usually difficult. It is often underestimated.
CAPEX-OPEX TCO, On-going cost, training cost
Success of a solution is often overestimated.