You will learn to use qualitative and quantitative risk assessment (RA) processes. You will study the given scenario and provide qualitative and quantitative estimates to inform management of the risks and costs associated with the project.
Introduction: For this assignment, imagine that you work for US. Industries, Inc. As a network administrator. Your organization may win a contract with the U. S. Government and you would be given the responsibility to lead completion of the project.
The project involves expanding an existing network by about 30% capacity in terms of bandwidth and storage. Your company has never traded with the U. S. Government at this level. Therefore, this is your chance to prove yourself in the company.
Scenario: You have just left a four hour meeting where you described the network expansion project to your colleagues.
You explained the architecture, new enterprise level firewall, the additional requirements for network monitoring and maintenance, the need for an additional system administrator, and the risks f not complying with Federal Information Security Management Act (FISCAL) regulations for securely trading with the U. S.
Government. Tasks: Before proceeding with the expansion project, management has tasked you to lead a team that will estimate the risks associated with this project. They want you to provide a high level summary of quantitative and qualitative risks associated with the following items: The project implementation deadline occurs in 9 months. Each month after the deadline is missed, a penalty of $100,000 is assessed. Three months after the deadline, the contract will be cancelled. Several new network storage, security, and throughput hardware appliances need to be installed and configured.
Is there room/power/personnel to support this new hardware? Complying with FISCAL is a new venture for your organization. What risks does this involve? Prepare a report addressing these items in sufficient detail that demonstrates your understanding of the differences between qualitative and quantitative risk assessments and addresses the three expressed concerns management has before agreeing to this contract.