1. First, select and list 10 individuals to serve on your IG project team. Explain why you selected the team members that you did.
2. Conduct the necessary research for each of STP’s state of home office (Kentucky), and for the state of each of its primary hubs (Texas and California), that will allow you to (a) educate yourself and your team members on the mandatory information retention requirements and privacy consideration for each of the three states, and (b) be able to intelligently discuss the legal and regulatory requirements with in-house counsel. You will want to conduct internet research on this and may also want to review Appendix B in your text book. Do not ignore this area of the project.
3. Ultimately, your team will be required to create a “risk profile” and risk analysis, that will describe the set of risks facing STP in achieving its business objectives while protecting its information and that of its customers, LJPs and ISAs, and which will allow STP to assess the likelihood these risks hold and their potential impact, if materialized, and in addition will permit STP to identify risk mitigating factors to be implemented. You need to brainstorm in order to present the information to your team members that will facilitate the creation of a risk profile and analysis. To that end, create a top-10 list of the greatest risks to information that STP will face, ranking your list in order from highest or greatest risk to lowest, for each risk identified, state whether you believe the risk could be assumed, transferred or mitigated in full or in part. Also, for each risk identified identify the individual, title or business unit that the team member will want to contact in order to obtain additional information about the fundamental activity that will assist your team in fully completing the risk profile and analysis.