Risk Assessment and Business Impact Analysis

IT Risk Assessment

There is considerable uncertainty in today’s world including online hackers and ransomware to the COVID19 pandemic that is still ongoing.  Unfortunately, many SMBs do not realize that it is only a matter of time before their IT infrastructure and data might fail or fall victim to malicious human interference.  When that happens, SMBs not only lose revenue, they can also lose customer confidence as their reputation suffers.  Additionally, there can be legal ramifications is customer data is stolen.

All SMBs needs to have a disaster recovery plan in place prior to experiencing any of these issues.  The Go2IT Group can help create a disaster recovery plan for your business using the methods described below.

Risk Assessment and Business Impact Analysis

  1. What critical IT assets does your business own whose exposure to loss would be a detriment to business operations?
  2. What are the business processes that utilize these assets?
  3. What possible threats could affect the ability of those business functions to operate?

Step 1:  Identify Assets – Inventory of Hardware and Software

The Go2IT Group can help with identifying assets including servers, network infrastructure, sensitive documents, client information, phone systems, printers, etc.  It is important to keep the asset list update to date with any new assets being added.   Assets can be prioritized by importance level such as critical, major and minor.

Step 2:  Identify Threats

Threats are defined as anything that could use a vulnerability to breach security and negatively impact your business.  Besides hackers, there are other threats that SMBs should prepare for.

  • Human interference (Accidental):  This can include employees accidentally deleting critical files to clicking on a malware link in an email or downloading malicious software.  To mitigate these risks, employee training and reminders are important.  It is important to have backup systems in place for data, settings and configurations.
  • Human interference (Malicious):  This type of Interference occurs when damage is caused by purposefully deleting data, destroying hardware, implementing a DDOS attack on your website, theft and so on.  Interception is when private data is stolen.  Impersonation is the purposeful misuse of credentials and personal information.  Often, these people obtain this type of information though brute-force attacks or purchasing stolen information from the dark web.
  • System Failure:  For newer, higher quality IT equipment, the threat risk is low.  For older IT equipment and operating systems, the risk is much higher and costly.  It is important to purchase the right equipment at the right price and The Go2IT Group can provide guidance on technology purchases.
  • Natural disasters:  Weather (tornadoes, earthquakes, floods, fires etc) can cause more damage than other threats if preparations are not made.  This is because oftentimes all infrastructure is destroyed, data is lost and the chance for recovery (if not backed up) is high.  It is important to place critical equipment such as servers in a location that provides the best chance for survival if a natural disaster does occur.

Step 3:  Identify Vulnerabilities

Weaknesses that any type of threat can exploit is considered a vulnerability.  To determine the weaknesses that exist within your organization, The Go2IT Group can conduct a vulnerability analysis, audit data, provide a critical response team and use security analysis software.  Testing the IT infrastructure is necessary to find vulnerabilities.  This can include penetration testing and the use of automatic scanning software and tools.

Step 4:  Analyze Controls

It is important to determine what methods to control threats are currently in place as well as those that are in the planning stages.  Controls are implemented in several ways including hardware and software, encryption, multi-factor authentication and intrusion detection.  Other methods include implementing or updating workplace security policies, administrative actions and environmental mechanisms such as security systems.

Step 5:  Determine the probability of an incident

Review all vulnerabilities and organize according to type, threat source and motivation and effectiveness of controls.  Assign categories of the likelihood of an attack.  Be sure to keep this updated and audit over time.

Step 6:  Impact Analysis

It is necessary to ascertain the role of the asset and what processes it performs, how critical it is and what sensitive material is stored on the system.  The impact can be qualified as high, medium or low.  Also, it is important to understand how often an asset may be affected throughout the year, the cost of each possible incident and how adequate the current or planned IT security controls for reducing risk. 

Step 7:  Results of Analysis

After completing the above steps, actionable procedures should be implemented to reduce risk.  This is determined based on the categories assigned to each threat, vulnerability, risk level, etc.  Each step should have an associated cost, should focus on legitimate business reasons for each change or update made and should provide a verifiable benefit in reducing the risks.  By working through this process, it is possible to gain an understanding of how the company’s infrastructure operates and what can be improved.

The Go2IT Group’s modern approach to disaster recovery provides reduced backup times, faster recovery times, numerous replication options, flexible deployment options that support virtualized environments and more.  Reach out to us today to discover how The Go2IT Group can help prevent data loss within your organization.

Most Recent

Lorain County Chamber of Commerce Business Expo

Posted By The Go2IT Group
October 11, 2021 Category: General

The Go2IT Group is proud to be a Gold sponsor of The Lorain County Chamber of Commerce's 8th Annual Business Expo on November 4, 2021, at Tom’s Country Place from 3:30 pm – 6:30 pm. This EXPO provides a fantastic opportunity for local businesses and attendees to learn about one another and network.   We look forward to seeing everyone this

Cloud Computing

Posted By Go2IT Group
March 25, 2021 Category: General

WHAT EXACTLY IS CLOUD COMPUTING AND HOW DO YOU USE IT?   Cloud computing is the delivery of different services through the Internet. These resources include tools and applications like data storage, servers, databases, networking, and software.  As long as an electronic device has access to the web, it has access to the data and the software programs to run it. Cloud computing depends on resource sharing, rather than using local servers or individual devices to host applications. It mostly only allows the application software to function when internet enabled devices are used.   There are four types of Cloud Computing you should learn about because they serve a broad range of functions over the internet- like virtual and storage servers: applications and authorization for desktop applications.   THE PUBLIC CLOUD Public cloud is best for businesses which have requirements that require managing the load; host application that is, Software-as-a-Service and manage applications which are used by many users. Public cloud computing is very economical because it has few capital overheads and operational costs.   THE PRIVATE CLOUD This is also known as the internal cloud. In private cloud, cloud computing services are offered on a cloud-based secure environment. The environment is usually protected by a firewall governed by an IT department which belongs to a particular organization. In private cloud, the user is given a greater and di


Posted By Go2IT Group
March 18, 2021 Category: General

A promising new technology trend is on the rise. Internet Of Things, or IoT. Have you heard of it? Many “things” are now being built with WiFi connectivity, meaning they can be connected to the Internet, and to each other.  The Internet of Things is a way of the future and has already enabled devices, home appliances, cars and much more to be connected to and exchange data over the Internet.   As consumers, we’re already using IoT and may not even realize it. We can lock our doors remotely, preheat ovens on our way home, track our fitness on our watches. However, businesses also have much to gain now and in the near future. The IoT can enable better safety, efficiency and decision making for businesses as data is collected and analyzed. It can enable predictive maintenance, speed up medical care, improve customer service, and offer benefits we haven’t even imagined yet.   We’re only in the beginning stages of this new technology trend: Forecasts suggest that by 2030 an average of 50 billion of these IoT devices will be in use around the world, creating a massive web of interconnected devices spanning everything from smartphones to kitchen appliances. The global spending on the Internet of Things (IoT) is forecast to reach 1.1 trillion U.S. dollars in 2022.   If you wish to step foot in this trending technology, you will have to learn about Information security, AI and machine learning fundamentals, networking, hardware


Contact Us


26260 Center Ridge Rd., Westlake OH 44145

© , The Go2IT Group, All Rights Reserved
  • Privacy Policy
  • Terms and Conditions
  • Email Us
  • Blog

  • Powered by Virteom Logoirteom