Unit 6 Lab
Michael Sherman
Unit 6 Lab
The first step for risk management would be identifying all of your assets. These assets can include the servers you use to sell your electronic parts, as well as all of your data, from customer information to the data to build the parts you sell. It also includes any networking devices and end user workstations. Evaluate what the cost to your company would be if these assets went down. How would the current confidentiality, integrity, or availability be affected if these assets were to be compromised? After you inventory your assets, you would need to identify the scope of your risk management. You would want to identify things such as your critical business operations, how you connect with your customers, mission-critical data, systems, and applications, and security gaps and identify these throughout all 7 domains of your infrastructure. In identifying the critical business operations, you would want to conduct a business impact analysis. The BIA will help you identify the cost of an asset loss. This includes the direct cost (i.e. sales lost during the outage) and indirect cost (loss of consumer trust and cost to regain their trust). This BIA will help you to identify the maximum acceptable outage, which is the maximum amount of time an asset can be down before affecting your overall business mission. Establishing this MAO will guide your recovery plans as you need to be able to restore service within that amount of time. The biggest part of doing your BIA is data gathering. This can be information ranging from how a service affects the business’ profitability or survivability, to how it will affect your employees or customers. A big point of focus in your risk assessment should be the service you provide to your customers because without them, your company cannot survive. In this case, your customers purchase electronics parts from you. If your online ordering service goes down, or the systems that build your parts
Unit 6 Lab
The first step for risk management would be identifying all of your assets. These assets can include the servers you use to sell your electronic parts, as well as all of your data, from customer information to the data to build the parts you sell. It also includes any networking devices and end user workstations. Evaluate what the cost to your company would be if these assets went down. How would the current confidentiality, integrity, or availability be affected if these assets were to be compromised? After you inventory your assets, you would need to identify the scope of your risk management. You would want to identify things such as your critical business operations, how you connect with your customers, mission-critical data, systems, and applications, and security gaps and identify these throughout all 7 domains of your infrastructure. In identifying the critical business operations, you would want to conduct a business impact analysis. The BIA will help you identify the cost of an asset loss. This includes the direct cost (i.e. sales lost during the outage) and indirect cost (loss of consumer trust and cost to regain their trust). This BIA will help you to identify the maximum acceptable outage, which is the maximum amount of time an asset can be down before affecting your overall business mission. Establishing this MAO will guide your recovery plans as you need to be able to restore service within that amount of time. The biggest part of doing your BIA is data gathering. This can be information ranging from how a service affects the business’ profitability or survivability, to how it will affect your employees or customers. A big point of focus in your risk assessment should be the service you provide to your customers because without them, your company cannot survive. In this case, your customers purchase electronics parts from you. If your online ordering service goes down, or the systems that build your parts