Executive Summary on Risk Analysis
Premier Collegiate School is a private school with 300 students ranging from grade 7 to 12, and 30 staff members and teachers. At the request of Principle Symonds, an asset list followed by a qualitative risk assessment was conducted and documented in order to ensure the proper level of protection required for each asset. There are two servers running services for Premier Collegiate School, the first for administration businesses and the second for the student’s needs. These servers are critical to the confidentiality, integrity, and availability of this schools services and business functions. Data housed on these servers must be protected and kept confidential, and the proper authorization and authentication methods should be implemented as well. The principle maintains a notebook computer that is used for both business and personal uses and therefor is critical in maintaining a secure environment at all times and even remotely. Students are required to have privately owned laptops so the same type of security would also be required as well. These critical assets either generate revenue or represents intellectual property of the organization. Other assets such as the administrators, teachers, and student desktops provided by Premier Collegiate School would be considered major because it contains customer privacy data that must be properly protected. Other major assets include routers, switches, wireless access points, cabling, and server racks. IT personnel, students, and staff are also considered security risks and therefor the proper level of user security awareness training, workshops, and seminars should be provided to users on the network. Other security measures such as an acceptable usage policy and password policies should be properly implemented to ensure users are responsible for and understand their actions on the network. In addition, it would be best practice to implement the