Risk Assessment and Business Impact Analysis

IT Risk Assessment

There is considerable uncertainty in today’s world including online hackers and ransomware to the COVID19 pandemic that is still ongoing.  Unfortunately, many SMBs do not realize that it is only a matter of time before their IT infrastructure and data might fail or fall victim to malicious human interference.  When that happens, SMBs not only lose revenue, they can also lose customer confidence as their reputation suffers.  Additionally, there can be legal ramifications is customer data is stolen.

All SMBs needs to have a disaster recovery plan in place prior to experiencing any of these issues.  The Go2IT Group can help create a disaster recovery plan for your business using the methods described below.

Risk Assessment and Business Impact Analysis

  1. What critical IT assets does your business own whose exposure to loss would be a detriment to business operations?
  2. What are the business processes that utilize these assets?
  3. What possible threats could affect the ability of those business functions to operate?

Step 1:  Identify Assets – Inventory of Hardware and Software

The Go2IT Group can help with identifying assets including servers, network infrastructure, sensitive documents, client information, phone systems, printers, etc.  It is important to keep the asset list update to date with any new assets being added.   Assets can be prioritized by importance level such as critical, major and minor.

Step 2:  Identify Threats

Threats are defined as anything that could use a vulnerability to breach security and negatively impact your business.  Besides hackers, there are other threats that SMBs should prepare for.

  • Human interference (Accidental):  This can include employees accidentally deleting critical files to clicking on a malware link in an email or downloading malicious software.  To mitigate these risks, employee training and reminders are important.  It is important to have backup systems in place for data, settings and configurations.
  • Human interference (Malicious):  This type of Interference occurs when damage is caused by purposefully deleting data, destroying hardware, implementing a DDOS attack on your website, theft and so on.  Interception is when private data is stolen.  Impersonation is the purposeful misuse of credentials and personal information.  Often, these people obtain this type of information though brute-force attacks or purchasing stolen information from the dark web.
  • System Failure:  For newer, higher quality IT equipment, the threat risk is low.  For older IT equipment and operating systems, the risk is much higher and costly.  It is important to purchase the right equipment at the right price and The Go2IT Group can provide guidance on technology purchases.
  • Natural disasters:  Weather (tornadoes, earthquakes, floods, fires etc) can cause more damage than other threats if preparations are not made.  This is because oftentimes all infrastructure is destroyed, data is lost and the chance for recovery (if not backed up) is high.  It is important to place critical equipment such as servers in a location that provides the best chance for survival if a natural disaster does occur.

Step 3:  Identify Vulnerabilities

Weaknesses that any type of threat can exploit is considered a vulnerability.  To determine the weaknesses that exist within your organization, The Go2IT Group can conduct a vulnerability analysis, audit data, provide a critical response team and use security analysis software.  Testing the IT infrastructure is necessary to find vulnerabilities.  This can include penetration testing and the use of automatic scanning software and tools.

Step 4:  Analyze Controls

It is important to determine what methods to control threats are currently in place as well as those that are in the planning stages.  Controls are implemented in several ways including hardware and software, encryption, multi-factor authentication and intrusion detection.  Other methods include implementing or updating workplace security policies, administrative actions and environmental mechanisms such as security systems.

Step 5:  Determine the probability of an incident

Review all vulnerabilities and organize according to type, threat source and motivation and effectiveness of controls.  Assign categories of the likelihood of an attack.  Be sure to keep this updated and audit over time.

Step 6:  Impact Analysis

It is necessary to ascertain the role of the asset and what processes it performs, how critical it is and what sensitive material is stored on the system.  The impact can be qualified as high, medium or low.  Also, it is important to understand how often an asset may be affected throughout the year, the cost of each possible incident and how adequate the current or planned IT security controls for reducing risk. 

Step 7:  Results of Analysis

After completing the above steps, actionable procedures should be implemented to reduce risk.  This is determined based on the categories assigned to each threat, vulnerability, risk level, etc.  Each step should have an associated cost, should focus on legitimate business reasons for each change or update made and should provide a verifiable benefit in reducing the risks.  By working through this process, it is possible to gain an understanding of how the company’s infrastructure operates and what can be improved.

The Go2IT Group’s modern approach to disaster recovery provides reduced backup times, faster recovery times, numerous replication options, flexible deployment options that support virtualized environments and more.  Reach out to us today to discover how The Go2IT Group can help prevent data loss within your organization.

Most Recent

Memory VS Storage

By Go2IT Group
February 25, 2021 Category: Memory, RAM, Storage

Have you ever been confused about memory vs.storage? Are they same or different? Which is more important to the computer? Many computer users consider memory and storage to be the same thing. If you are unsure about the difference between them, this post should clarify for you. The term memory refers to the component within your computer that allows for short-term data access. You may recognize this component as RAM, or random-access memory. Your computer performs many operations by accessing data stored in its short-term memory. Some examples of such operations include editing a document, loading applications and browsing the internet. The speed and performance of your system depends on the amount of memory that is installed on your computer. Memory, as the link between theCentral Processing Unit (CPU) and data in your computer, is the most essential element of a computing system. Memory consists of main memory and cache, while the main memory includes two types: RAM (Random Access

Energy Efficient Computing

By Go2IT Group
February 18, 2021 Category: Energy Efficiency, Smart Computing

When it comes tohow computers waste energy, most consumption stems from personal habits. This is especially true when it comes tomiscellaneous electrical load(MEL). MEL is a phenomenon that occurs when devices and electronics around the home or office burn unnecessary wattage, causing your energy bill to rise. The majority of computers are subject to MEL because they are often plugged in for extended amounts of time. Its been said that business owners should consider taking stronger steps to reduce their environmental impact. Switching to energy-efficient equipment and appliances is a smart way to reduce your environmental impact while also reducing your energy costs. You could take even stronger action by using solar power, which can be at a cost upfront but helps you to make enormous savings and will allow you to position yourself as a green company (something that appeals greatly to modern-day consumers.) If this option is not feasible to your company, there are some other ways

Covid 19 Phishing Scams

By Go2IT Group
February 11, 2021 Category: General

Scammers often take advantage of health scares to distribute phishing scams. The COVID-19 pandemic continues to produce dozens of such campaigns, scaring recipients into clicking on harmful links or attachments in emails, text messages or social media posts. Examples of COVID-19 Scams Fabricated notices from health organizations (e.g., the CDC or local/state health departments) Fake updates from an employer about policies or procedures to address the risk Phony websites containing maps and dashboards Information about protecting yourself, your children or your community that contains malicious links or attachments Charitable appeals to help victims of the virus, which are not legitimate Requests to send checks or change bank account routing numbers to different addresses because of working from home How to Protect Against COVID-19/Coronavirus Scams Be vigilant for COVID-19/coronavirus scams during the coming weeks. If you suspect a message may be a phishing scam, please report

866-424-1233

Contact Us

 

26260 Center Ridge Rd., Westlake OH 44145

© , The Go2IT Group, All Rights Reserved
  • Privacy Policy
  • Terms and Conditions
  • Email Us
  • Blog

  • Powered by Virteom Logoirteom