User Account

All Pages

Create a risk assessment on sangrafix

Assignment Help Management Information Sys
Reference no: EM131387251

Create a Risk Assessment on SanGrafix, a video game design company. Risk Assessment can be as simple as noting an unlocked door or a password written on a note, or it can be a complex process requiring several team members and months to complete. A large enterprise environment probably has multiple locations, diverse activities, and a wide array of resources to evaluate.

You don't need such a complex network; however, the main idea is to learn how to apply your knowledge in a methodical fashion to produce useful and accurate data. Approaching a task, such as risk assessment, without a strategy means repeating steps, wasting resources, and achieving mediocre results at best. Even worse, you might miss critical information. Risk Assessment documentation templates are located within this section.

(Use the distributed templates in these files: Case0201File01.doc, Case0201File02.doc, Case0201File03.doc, and Case0201File04.doc.) Make additional copies as needed. Please see the attached document for your assignment description. Students must complete each worksheet and follow instructions carefully, as each worksheet becomes part of the appendix in the students' final BCP. The rubric for this assignment can be viewed when clicking on the assignment link.

Risk Assessment documentation templates are located within this section. Make additional copies as needed. In a real risk analysis process, one of the first steps is meeting with all department managers, upper management, employee representatives, and workers in the production environment, human resources staff, and other staff members to get their input. Without input from the people actually doing the work, you might not think of essential factors. That isn't possible here, so direct any questions you have to the instructor, or do independent research to find your answers.

• First, identify the business processes that must continue for the organization to keep functioning-for example, collecting money from customers, receiving and process¬ing sales, developing new products, and so on. Document major business processes that drive SunGrafix, using the Business Process column of the Business Process Identification Worksheet. (You need your imagination and some common sense for this step.)

Assign a priority level to each process (using the priority rankings in the following list). Write down the department that performs the process, and leave the Assets Used column blank for now. Next, identify the organization's assets. Using the Asset Identification Worksheet that is provided in the Course Documents section on Blackboard, list each asset, its location, and approximate value, if known.

(For multiple identical assets, describe the asset and list the quantity instead of listing each individual asset.) In organization-wide risk assessments, you would list all assets, including office furniture, industrial equipment, personnel, and other assets. For this project, stick to information technology assets, such as computers, servers, and net¬working equipment, etc. The information you enter depends on the network design you completed earlier. All the equipment needed to build your network should be listed here as well as any cabling in the facility. (Assume the facility is already wired for a computer network with network drops available for each computer.)

Hint: Remember to list items such as electricity and your Internet connection.Next, determine which assets support each business process. On your Business Pro¬cess Identification Worksheet, list the assets needed for each business process in the Assets Used column.

o Critical - Absolutely necessary for business operations to continue. Loss of a critical process halts business activities.

o Necessary - Contributes to smooth, efficient operations. Loss of a necessary process doesn't halt business operations but degrades working conditions, slows production, or contributes to errors.

o Desirable - Contributes to enhanced performance and productivity and helps create a more comfortable working environment, but loss of a desirable process doesn't halt or negatively affect operations.

• Next, determine which assets support each business process. On your Business Process Identification Worksheet, list the assets needed for each business process in the Assets Used column.

• Each process should be documented and have a priority assigned to it. Next, transfer the priority rankings to your Asset Identification Worksheet. Now you know which assets are the most critical to restore and warrant the most expense and effort to secure. You also have the documentation to back up your security actions for each item.

• The final step is assessing existing threats. The table below shows examples of ways to evaluate some types of threats and suggests ways to quantify them. On the Threat Identification and Assessment Worksheet, list each possible threat. Be sure to consider threats from geographic and physical factors, personnel, malicious attack or sabotage, and accidents. Also, examine the facility diagram you created for flaws in the facility layout or structure that could pose a threat, such as air-conditioning failure or loss of electrical service.

Assess the probability of occurrence (POC) on a 1 to 10 scale, with 1 being the lowest and 10 the highest, and assign those ratings in the POC column for each threat.

Type of Threat How to Quantify

Severe rainstorm, tor¬nado, hurricane, earth¬quake, wilderness fire, or flood

Collect data on frequency, severity, and proximity to facilities. Evaluate the past quality and speed of local and regional emergency response systems to determine whether they helped minimize loss.

Train derailment, auto/ truck accident, toxic air pollution caused by accident, or plane crash Collect data on the proximity of railroads, highways, and airports to facilities. Evaluate the construction quality of transportation systems and the rate of serious accidents on each system.

Building explosion or fire

Collect data on the frequency and severity of past incidents. Evaluate local emergency response to determine its effectiveness.

Militant group attacking facilities, riot, or civil unrest

Collect data on the political stability of the region where facilities are located. Compile and evaluate a list of groups that might have specific political or social issues with the Organization.

Computer hack (external) or computer fraud (internal)
Examine data on the frequency and severity of past incidents. Evaluate the effectiveness of existing computer security measures.

• Next, using the Asset Identification Worksheet, determine which assets would be affected by each threat. List those assets in the Assets Affected column of the Threat Identification and Assessment Worksheet. For an electrical outage, for example, list all assets requiring electricity to operate; for a hardware failure, list all assets a hardware failure would disrupt, damage, or destroy

• In the Consequence column, enter the consequences of the threat occurring, using the following designations: Next, rate the severity of each threat in the Severity column, using the same designations as in the preceding list for consequences (C, S, M, or I). You derive these ratings by combining the probability of occurrence, the asset's priority ranking, and the potential consequences of a threat occurring. For example, if an asset has a Critical (C) priority ranking and a Catastrophic (C) consequence rating, it has a Catastrophic (C) severity rating.

If you have mixed or contradictory ratings, you need to re-evaluate the asset and use common sense. A terrorist attack that destroys the facility and kills half the staff might have a probability of occurrence (POC) of only 1 (depending on your location), but if it happened, the consequences would definitely be catastrophic. Even so, because of the low POC, you wouldn't necessarily rank its severity as catastrophic.

o Catastrophic (C)-Total loss of business processes or functions for one week or more. Potential complete failure of business.

o Severe (S)-Business would be unable to continue functioning for 24 to 48 hours. Losses of revenue, damage to reputation or confidence, reduction of productivity, complete loss of critical data or systems.

o Moderate (M)-Business could continue after an interruption of no more than 4 hours. Some loss of productivity and damage or destruction of important informa-tion or systems.

o Insignificant (I)-Business could continue functioning without interruption. Some cost incurred for repairs or recovery. Minor equipment or facility damage. Minor productivity loss and little or no loss of important data.

• Finally, on the Threat Mitigation Worksheet, list assets that are ranked as the most critical and threatened with the highest severity. In the Mitigation Techniques col¬umn, list recommendations for mitigating threats to those assets. For example, to mitigate the threat of an electrical outage damaging a critical server, you might sug¬gest a high-end uninterruptible power supply (UPS).

Attachment:- business_process_identification_worksheet_0.rar

Reference no: EM131387251

Questions Cloud

Measure of output and the cost of production : Using the number of good motors shipped as the measure of output and the cost of production as the input, what is the company's productivity if no defective motors are reworked?
Write paper about congresss role in strategic intelligence : I am required to complete a paper in regards to Congress's Role in Strategic Intelligence. I have to site at least 5 credible sources. Below is the question that needs answered
What is rays reservation price for sofa : Bob and Ray are two economics majors who are sharing an apartment for the year. In a flea market they spot a 25 year old sofa that would look great in their living room. Bob's utility function for money and sofas is uB(S,MB)=(1+S)MB and Ray's utility..
Customers should the waiting area be designed to hold : Do not round your results to integer numbers. a) On the average, how many customers should the waiting area be designed to hold?. b) What is the probability that an arriving customer would find at least four people in the waiting area waiting for hel..
Create a risk assessment on sangrafix : Risk Assessment documentation templates are located within this section. Make additional copies as needed. In a real risk analysis process, one of the first steps is meeting with all department managers, upper management, employee representatives,..
What is the multifactor productivity : 1. The weekly output of a fabrication process is shown below together with data for labor and material costs. Overhead is charged weekly at the rate of 1.5 times direct labor cost. Assume a 40-hour week and an hourly wage of $16. (1) What is the m..
Analyze and present the results of your audit : Conduct your analysis using the criteria listed above. Analyze and present the results of your audit, noting areas of strengths and weaknesses. Cite the professional literature to support your analysis.
Describe grade b evidence as it relates to treatment of abrs : Why should a FNP be concerned about understanding the treatment guidelines for Acute Bacterial Sinusitis? What is the financial and personal consequences of the condition?
Safety stock and reorder point : If petromax wants to provide a 90% cycle service level, what should be the safety stock and reorder point?

Reviews

Write a Review

Management Information Sys Questions & Answers

  The effect of payment methods on strategic managementwhat

the effect of payment methods on strategic managementwhat is the impact of various payment methodologies and structures

  Are you entirely comfortable with information that appears

Are you entirely comfortable with the information that appears? Will you use features such as Google Alerts? Why or why not? What are three steps you can take to set up a professional presence online?

  Discuss statement in context of present economic environment

"The growth of information and the growth of intensity of information is directly related to the changing structure of organisations" Discuss this statement in the context of the present economic environment.

  Discuss reaction to technology at usa today and impact on

discuss reaction to technology at usa today and impact on business.harvard business case9-402-010september 19

  Develop the flow diagram of the information

Develop the flow diagram of the information and any control elements needed to ensure proper access for the information.

  Discuss how the business requirements drove the system

Write a 700- to 1,050-word paper identifying and describing how specific system used in an organization has transformed how the organization operates. Discuss how the business requirements drove the system's initial development

  Shows the pros and cons of your business would experience

Prepare an 8- to 10-slide Microsoft PowerPoint presentation that shows the pros and cons your business would experience from using such a service compared to hosting the application internally.

  The effect of challenges on the use of internethow might

the effect of challenges on the use of internethow might cultural political or geoeconomic challenges affect a global

  Developing global information systems

Developing Global Information Systems - challenges a company faces when developing global information systems

  Changed the way businesses operate in the global market

Write a 500 word essay based specific ways in which the internet has changed the way businesses operate in the global marketplace, for example global wage arbitrage. Issues of global regulation and oversight might form the basis for an essay

  Evaluation and the initial dvelopment of applications

Oversees and coordinates the evaluation and the initial dvelopment of applications for state-of-the-art data processing equipment and various information system technologies.

  What are the driving forces behind this shift

Would you contribute to the effort to capture Joseph Kony? Locate an article or video that sheds more light on Kony 2012 and share it with the class. How does your contribution to this topic add to the discussion?

Free Assignment Quote

Assured A++ Grade

Get guaranteed satisfaction & time on delivery in every assignment order you paid with us! We ensure premium quality solution document along with free turntin report!

Submit Assignment

Academics

Major Subjects

Majors

Get In Touch

whatsapp: +1-415-670-9521

Phone: +1-415-670-9521

Email: [email protected]

TERMS & POLICIES

HELP & SUPPORT

All rights reserved! Copyrights ©2019-2020 ExpertsMind IT Educational Pvt Ltd