IP1_RaymondMartinez2

docx

School

Colorado Technical University *

*We aren’t endorsed by this school

Course

126

Subject

Information Systems

Date

Dec 6, 2023

Type

docx

Pages

4

Uploaded by EarlKoalaPerson755

Report
1 Risk Assessment Do It Yourself Risk Assessment Raymond Martinez Colorado Technical University
2 Risk Assessment Do It Yourself Risk Assessment I chose Do It Yourself as the scenario for this class. I figured since I am getting my degree in Information Technology, I should choose one closest to that. Filling out this risk assessment wasn’t too new for me, but it had its challenges. I am used to filling out risk assessments for the Army, but they didn’t require this much in-depth thinking. When it came to looking at the risks to the business, I felt I needed to also look at the vulnerabilities as well. It is important to understand the difference between risks versus vulnerabilities/issues. Generally, risks to the organization are ongoing, but the likelihood and potential impact of the risk will change over time based on several factors. Vulnerabilities and issues are generally temporary and are ideally remediated to remove the risk to the organization that they represent. However, most vulnerabilities and issues represent a temporary manifestation of a risk and therefore should be factored into the assessment process whenever they occur and until they are remediated[ CITATION Ala23 \l 1033 ]. The first assets I thought of were network and computer systems. These are things like servers, routers, access points, and databases. I chose hackers, viruses, and malware because they are some of the most common hazards to the systems. They can be mitigated by making sure the most current updates and patches are installed, and a firewall can also be installed to help prevent attacks from hackers. I gave it an overall hazard rating of HM because the likelihood of this happening is high because a national retailer is a prime target to malicious attacks, but with mitigations in place the impact can be lowered to medium. This is because a hacker never sleeps and there is always going to be that risk. Second was end point items, which include, POS terminals, POS payment machines, office computers, and other items connected to the network. I chose age because if a vendor no longer supports a piece of equipment, it has no business being connect to the network. This can be mitigated by implementing a Hardware Lifecycle Replacement Plan, detailing the scope of how old an item can be before it is replaced. I also chose power because without the end items don’t serve a purpose. To mitigate this, you can install UPS and surge protectors at places in the system to help incase of a power outage or surge. I gave age an overall rating of LL because usually without a Hardware Lifecycle Replacement Plan, vendors will usually notify you when they are going to stop supporting an item. I gave power a ML just because somethings, like mother nature, are out of our hands. Building Power at the stores was my next asset and I chose this because without power to the building nothing works from lights to alarms. This can be caused by storms, or even unplanned outages caused by construction. The biggest thing lose of power to the whole store would be loss of business which turns into loss of money. Mitigation for this would be backup generators, UPS, and also making sure any data stored onsite also has a backup somewhere. I gave this an overall of ML because the same reason as before and not being able to predict mother nature, and low because if the rights things are in place impact to the business is minimal. The final asset I chose was probably the second most valuable to a retail location, just after network security, which is the actual workers. The workers just driving to and from work face hazards. These can be as simple as heavy traffic to as severe as a car accident or even bad weather. This could cause loss of business due to the store being open late, or worse injury to a worker. Mitigation for these hazards can be a call roster so if someone doesn’t show a coworker can call and see what happened, and for bad weather an Inclement Weather Plan can be put together so employees know what to do. I gave it
3 Risk Assessment an overall rating off MM because these hazards are truly out of our control and can happen no matter how many mitigations are put into place. References
Your preview ends here
Eager to read complete document? Join bartleby learn and gain access to the full version
  • Access to all documents
  • Unlimited textbook solutions
  • 24/7 expert homework help
4 Risk Assessment Gouveia, A. (2023, April 27). Conducting Cybersecurity Risk Assessments Guide: The Complete Introduction. Retrieved from Auditboard: https://www.auditboard.com/blog/conducting- cybersecurity-risk-assessments-guide-the-complete-introduction/

Related Documents

Project Charter - Group 5.docx
Project Charter _Group 5.docx
PREPARE POULTRY DISHES SERVICE PLANNING TEMPLATE.docx
IP5_RaymondMartinez.docx
Assignment 6- Steve’s Bikes Online Ordering - HK.docx
IP4_RaymondMartinez.docx
CSS321_IP5.docx
CSS321_IP4.docx
CSS321_IP1.docx
CSS321_IP2.docx
CSS321_IP3.docx
Unknown-3.pdf