Expert answer:Structured Assignment
Solved by verified expert:Create a Risk Assessment on SanGrafix, a video game design company. Risk
Assessment can be as simple as noting an unlocked door or a password
written on a note, or it can be a complex process requiring several team
members and months to complete. A large enterprise environment probably
has multiple locations, diverse activities, and a wide array of
resources to evaluate. You don’t need such a complex network; however,
the main idea is to learn how to apply your knowledge in a methodical
fashion to produce useful and accurate data. Approaching a task, such as
risk assessment, without a strategy means repeating steps, wasting
resources, and achieving mediocre results at best. Even worse, you might
miss critical information. Risk Assessment documentation templates are
located within this section. (Use the distributed templates in these
files: Case0201File01.doc, Case0201File02.doc, Case0201File03.doc, and
Case0201File04.doc.) Make additional copies as needed. Please see the
attached document for your assignment description. Students must
complete each worksheet and follow instructions carefully, as each
worksheet becomes part of the appendix in the students’ final BCP
case0201file01_1_.doc
case0201file02_1_.doc
case0201file03_1_.doc
case0201file04_1_.doc
risk_assessment_assignment.docx
Unformatted Attachment Preview
Business Process Identification Worksheet
Form # BPID01
Page ____ of _____
Business Name:
Address:
Facility # 001
Business Process
Contact:
Phone number:
E-mail:
Priority
C
N D
N/A
C N D
N/A
C N D
N/A
C N D
N/A
C N D
N/A
C N D
N/A
C N D
N/A
C N D
N/A
C N D
N/A
C N D
N/A
C N D
N/A
Department
Assets Used
Asset Identification Worksheet
Form # AID01
Page ____ of _____
Business Name:
Address:
Facility # 001
Asset
Contact:
Phone Number:
E-mail:
Quantity
Department or Value
Location
Priority
C
N D
N/A
C N D
N/A
C N D
N/A
C N D
N/A
C N D
N/A
C N D
N/A
C N D
N/A
C N D
N/A
C N D
N/A
C N D
N/A
C N D
N/A
Threat Identification and Assessment Worksheet
Form # TIDA01
Page ____ of _____
Business Name:
Address:
Facility # 001
Threat
Contact:
Phone number:
E-mail:
POC
Assets Affected
Consequence
(C, S, M, I)
Severity
(C, S, M, I)
Threat Mitigation Worksheet
Form # TM01
Page ____ of _____
Business Name:
Address:
Facility # 001
Asset
Contact:
Phone number:
E-mail:
Threat
Mitigation Techniques
Risk Assessment documentation templates are located within this section. Make additional
copies as needed. In a real risk analysis process, one of the first steps is meeting with all
department managers, upper management, employee representatives, and workers in the
production environment, human resources staff, and other staff members to get their input.
Without input from the people actually doing the work, you might not think of essential factors.
That isn’t possible here, so direct any questions you have to the instructor, or do independent
research to find your answers.
•
•
•
•
First, identify the business processes that must continue for the organization to keep
functioning—for example, collecting money from customers, receiving and processing
sales, developing new products, and so on. Document major business processes that drive
SunGrafix, using the Business Process column of the Business Process Identification
Worksheet. (You need your imagination and some common sense for this step.) Assign a
priority level to each process (using the priority rankings in the following list). Write
down the department that performs the process, and leave the Assets Used column blank
for now. Next, identify the organization’s assets. Using the Asset Identification
Worksheet that is provided in the Course Documents section on Blackboard, list each
asset, its location, and approximate value, if known. (For multiple identical assets,
describe the asset and list the quantity instead of listing each individual asset.) In
organization-wide risk assessments, you would list all assets, including office furniture,
industrial equipment, personnel, and other assets. For this project, stick to information
technology assets, such as computers, servers, and networking equipment, etc. The
information you enter depends on the network design you completed earlier. All the
equipment needed to build your network should be listed here as well as any cabling in
the facility. (Assume the facility is already wired for a computer network with network
drops available for each computer.) Hint: Remember to list items such as electricity and
your Internet connection.Next, determine which assets support each business process. On
your Business Process Identification Worksheet, list the assets needed for each business
process in the Assets Used column.
o Critical — Absolutely necessary for business operations to continue. Loss
of a critical process halts business activities.
o Necessary — Contributes to smooth, efficient operations. Loss of a
necessary process doesn’t halt business operations but degrades working
conditions, slows production, or contributes to errors.
o Desirable — Contributes to enhanced performance and productivity and
helps create a more comfortable working environment, but loss of a
desirable process doesn’t halt or negatively affect operations.
Next, determine which assets support each business process. On your Business Process
Identification Worksheet, list the assets needed for each business process in the Assets
Used column.
Each process should be documented and have a priority assigned to it. Next, transfer the
priority rankings to your Asset Identification Worksheet. Now you know which assets are
the most critical to restore and warrant the most expense and effort to secure. You also
have the documentation to back up your security actions for each item.
The final step is assessing existing threats. The table below shows examples of ways to
evaluate some types of threats and suggests ways to quantify them. On the Threat
Identification and Assessment Worksheet, list each possible threat. Be sure to consider
threats from geographic and physical factors, personnel, malicious attack or sabotage, and
accidents. Also, examine the facility diagram you created for flaws in the facility layout
or structure that could pose a threat, such as air-conditioning failure or loss of electrical
service. Assess the probability of occurrence (POC) on a 1 to 10 scale, with 1 being the
lowest and 10 the highest, and assign those ratings in the POC column for each threat.
Type of Threat
Severe rainstorm, tornado, hurricane,
earthquake, wilderness fire, or flood
How to Quantify
Collect data on frequency, severity, and
proximity to facilities. Evaluate the past
quality and speed of local and regional
emergency response systems to determine
whether they helped minimize loss.
Train derailment, auto/ truck accident, Collect data on the proximity of railroads,
toxic air pollution caused by accident, or highways, and airports to facilities. Evaluate
plane crash
the construction quality of transportation
systems and the rate of serious accidents on
each system.
Building explosion or fire
Collect data on the frequency and severity of
past incidents. Evaluate local emergency
response to determine its effectiveness.
Militant group attacking facilities, riot, or Collect data on the political stability of the
civil unrest
region where facilities are located. Compile
and evaluate a list of groups that might have
specific political or social issues with the
Organization.
Computer hack (external) or computer Examine data on the frequency and severity
fraud (internal)
of past incidents. Evaluate the effectiveness
of existing computer security measures.
•
•
•
Next, using the Asset Identification Worksheet, determine which assets would be affected
by each threat. List those assets in the Assets Affected column of the Threat
Identification and Assessment Worksheet. For an electrical outage, for example, list all
assets requiring electricity to operate; for a hardware failure, list all assets a hardware
failure would disrupt, damage, or destroy
In the Consequence column, enter the consequences of the threat occurring, using the
following designations: Next, rate the severity of each threat in the Severity column,
using the same designations as in the preceding list for consequences (C, S, M, or I). You
derive these ratings by combining the probability of occurrence, the asset’s priority
ranking, and the potential consequences of a threat occurring. For example, if an asset has
a Critical (C) priority ranking and a Catastrophic (C) consequence rating, it has a
Catastrophic (C) severity rating. If you have mixed or contradictory ratings, you need to
re-evaluate the asset and use common sense. A terrorist attack that destroys the facility
and kills half the staff might have a probability of occurrence (POC) of only 1 (depending
on your location), but if it happened, the consequences would definitely be catastrophic.
Even so, because of the low POC, you wouldn’t necessarily rank its severity as
catastrophic.
o Catastrophic (C)—Total loss of business processes or functions for one week or
more. Potential complete failure of business.
o Severe (S)—Business would be unable to continue functioning for 24 to 48 hours.
Losses of revenue, damage to reputation or confidence, reduction of productivity,
complete loss of critical data or systems.
o Moderate (M)—Business could continue after an interruption of no more than 4
hours. Some loss of productivity and damage or destruction of important information or systems.
o Insignificant (I)—Business could continue functioning without interruption. Some
cost incurred for repairs or recovery. Minor equipment or facility damage. Minor
productivity loss and little or no loss of important data.
Finally, on the Threat Mitigation Worksheet, list assets that are ranked as the most critical
and threatened with the highest severity. In the Mitigation Techniques column, list
recommendations for mitigating threats to those assets. For example, to mitigate the
threat of an electrical outage damaging a critical server, you might suggest a high-end
uninterruptible power supply (UPS).
…
Purchase answer to see full
attachment
How it works
- Paste your instructions in the instructions box. You can also attach an instructions file
- Select the writer category, deadline, education level and review the instructions
- Make a payment for the order to be assignment to a writer
- Download the paper after the writer uploads it
Will the writer plagiarize my essay?
You will get a plagiarism-free paper and you can get an originality report upon request.
Is this service safe?
All the personal information is confidential and we have 100% safe payment methods. We also guarantee good grades