Question: Total Marks: 100 Assignment 1: Risk computation and identifying strategies to secure information and assets In this assignment, you are responsible for managing an email
Total Marks: 100
Assignment 1: Risk computation and identifying strategies to secure information and assets
In this assignment, you are responsible for managing an email server for an IT organization. The email server can be considered connected with Internet 24/7, stores critical emails of all employees, need 24/7 to upkeep the business. Consider the server is geographically located in a city which has higher chance of earthquake, has very little rain, has small population with high standard health care system, very peaceful and quite place where citizens have safety and security assured. The organization has shortage of anti-virus software, and personnel to deal with security risks. You need to assign probability range between 0 and 1, and impact between scale 1 to 10. See the defined two tables below:
| Level | Probability |
| Low | 0.0 to 0.39 |
| Medium | 0.40 to 0.50 |
| High | >0.50 |
| Level | Impact |
| Low | 1.0 to 3.99 |
| Medium | 4.00 to 5.00 |
| High | 5.01 to 10.00 |
Part A: [70 Marks]
Now fill out the following worksheet that is obtained from
http://searchdisasterrecovery.techtarget.com/Risk-assessments-in-disaster-recovery-planning-A-free-IT-risk-assessment-template-and-guide
Your Task is to assign probability of threat and impact level based on the description above and using your own discretion, followed by computing risk. For convenience, the first row is shown:
Risk analysis worksheet (Range of 0.0 to 1.0 for P and I)
| Threat | Probability (P) | Impact (I) | Risk = P x I |
| Flooding Internal [low, low] | 0.1 | 2 | 0.2 |
| Flooding External [???, ???] |
|
|
|
| Fire Internal |
|
|
|
| Fire External |
|
|
|
| Severe Storms |
|
|
|
| Wind Storm |
|
|
|
| Earthquake |
|
|
|
| Tornado |
|
|
|
| Hurricane |
|
|
|
| Snow Storm |
|
|
|
| Ice Storm |
|
|
|
| Hail |
|
|
|
| Drought |
|
|
|
| Tsunami |
|
|
|
| Mud Slide |
|
|
|
| Epidemic |
|
|
|
| Pandemic |
|
|
|
| Explosion |
|
|
|
| Gas Leak |
|
|
|
| Structural Failure, e.g., Bridge Collapse |
|
|
|
| IT System Software |
|
|
|
| IT Applications |
|
|
|
| IT Hardware |
|
|
|
| IT Viruses |
|
|
|
| IT Hacking, Unauthorized Intrusions |
|
|
|
| IT Communications, Connectivity |
|
|
|
| IT Vendor Failure |
|
|
|
| IT Operational (Human) Error |
|
|
|
| Terrorism Biological |
|
|
|
| Terrorism Chemical |
|
|
|
| Terrorism Radiological |
|
|
|
| Terrorism Nuclear |
|
|
|
| Sabotage |
|
|
|
| Bomb Threat |
|
|
|
| Criminal Theft |
|
|
|
| Criminal Break-ins |
|
|
|
| Criminal Vandalism |
|
|
|
| Criminal Espionage |
|
|
|
| Work Action, Strike |
|
|
|
| Civil Disorder |
|
|
|
| Human Error |
|
|
|
| Other |
|
|
|
Part B: [15 Marks]
After computing risk, list the top five threats based on your computation.
Part C: [15 Marks]
Could you suggest some protective measures or mitigation approaches to reduce these top five threats? Use your discretion.
Step by Step Solution
There are 3 Steps involved in it
Get step-by-step solutions from verified subject matter experts
Study Help