Risk Assessment and Business Impact Analysis

IT Risk Assessment

There is considerable uncertainty in today’s world including online hackers and ransomware to the COVID19 pandemic that is still ongoing.  Unfortunately, many SMBs do not realize that it is only a matter of time before their IT infrastructure and data might fail or fall victim to malicious human interference.  When that happens, SMBs not only lose revenue, they can also lose customer confidence as their reputation suffers.  Additionally, there can be legal ramifications is customer data is stolen.

All SMBs needs to have a disaster recovery plan in place prior to experiencing any of these issues.  The Go2IT Group can help create a disaster recovery plan for your business using the methods described below.

Risk Assessment and Business Impact Analysis

  1. What critical IT assets does your business own whose exposure to loss would be a detriment to business operations?
  2. What are the business processes that utilize these assets?
  3. What possible threats could affect the ability of those business functions to operate?

Step 1:  Identify Assets – Inventory of Hardware and Software

The Go2IT Group can help with identifying assets including servers, network infrastructure, sensitive documents, client information, phone systems, printers, etc.  It is important to keep the asset list update to date with any new assets being added.   Assets can be prioritized by importance level such as critical, major and minor.

Step 2:  Identify Threats

Threats are defined as anything that could use a vulnerability to breach security and negatively impact your business.  Besides hackers, there are other threats that SMBs should prepare for.

  • Human interference (Accidental):  This can include employees accidentally deleting critical files to clicking on a malware link in an email or downloading malicious software.  To mitigate these risks, employee training and reminders are important.  It is important to have backup systems in place for data, settings and configurations.
  • Human interference (Malicious):  This type of Interference occurs when damage is caused by purposefully deleting data, destroying hardware, implementing a DDOS attack on your website, theft and so on.  Interception is when private data is stolen.  Impersonation is the purposeful misuse of credentials and personal information.  Often, these people obtain this type of information though brute-force attacks or purchasing stolen information from the dark web.
  • System Failure:  For newer, higher quality IT equipment, the threat risk is low.  For older IT equipment and operating systems, the risk is much higher and costly.  It is important to purchase the right equipment at the right price and The Go2IT Group can provide guidance on technology purchases.
  • Natural disasters:  Weather (tornadoes, earthquakes, floods, fires etc) can cause more damage than other threats if preparations are not made.  This is because oftentimes all infrastructure is destroyed, data is lost and the chance for recovery (if not backed up) is high.  It is important to place critical equipment such as servers in a location that provides the best chance for survival if a natural disaster does occur.

Step 3:  Identify Vulnerabilities

Weaknesses that any type of threat can exploit is considered a vulnerability.  To determine the weaknesses that exist within your organization, The Go2IT Group can conduct a vulnerability analysis, audit data, provide a critical response team and use security analysis software.  Testing the IT infrastructure is necessary to find vulnerabilities.  This can include penetration testing and the use of automatic scanning software and tools.

Step 4:  Analyze Controls

It is important to determine what methods to control threats are currently in place as well as those that are in the planning stages.  Controls are implemented in several ways including hardware and software, encryption, multi-factor authentication and intrusion detection.  Other methods include implementing or updating workplace security policies, administrative actions and environmental mechanisms such as security systems.

Step 5:  Determine the probability of an incident

Review all vulnerabilities and organize according to type, threat source and motivation and effectiveness of controls.  Assign categories of the likelihood of an attack.  Be sure to keep this updated and audit over time.

Step 6:  Impact Analysis

It is necessary to ascertain the role of the asset and what processes it performs, how critical it is and what sensitive material is stored on the system.  The impact can be qualified as high, medium or low.  Also, it is important to understand how often an asset may be affected throughout the year, the cost of each possible incident and how adequate the current or planned IT security controls for reducing risk. 

Step 7:  Results of Analysis

After completing the above steps, actionable procedures should be implemented to reduce risk.  This is determined based on the categories assigned to each threat, vulnerability, risk level, etc.  Each step should have an associated cost, should focus on legitimate business reasons for each change or update made and should provide a verifiable benefit in reducing the risks.  By working through this process, it is possible to gain an understanding of how the company’s infrastructure operates and what can be improved.

The Go2IT Group’s modern approach to disaster recovery provides reduced backup times, faster recovery times, numerous replication options, flexible deployment options that support virtualized environments and more.  Reach out to us today to discover how The Go2IT Group can help prevent data loss within your organization.

Most Recent

What is a Managed Services Provider (MSP) ?

By Go2ITGroup
July 06, 2020 Category: Disaster Recovery, Risk Assessment, Network Analysis, Network Security

What is a managed services provider (MSP)? Why choose an MSP to support your business? Find out why businesses that partner with Go2IT are more secure, have less down-time and are more productive.

Protect Your Company - Best Practices to Avoid Attacks

By Go2ITGroup
June 23, 2020 Category: , Phishing, Cyber Attacks, Best Practices

There has been a tremendous rise in the number of malicious attacks, including email accounts being compromised, malware attacks, and password hijacking. We are seeing 3 main types of attacks although others are possible as this malicious human interference is always changing. Vendor or Customer email accounts becoming compromised. Once the attacker has access to a users email account, they will send emails to the users clients or contacts requesting changes of bank account payments. These emails will come from legitimate accounts of people and vendors that you know, as the attacker has actually broken into the account and is sending email on behalf of that person. They will usually hide their tracks, so the user doesnt notice. Emails embedded with a link that when clicked, will take you to what looks like a OneDrive, or other Microsoft service, and ask you to fill in your password. They then log these passwords and use it to try to break into your accounts. Again, these may come

Risk Assessment and Business Impact Analysis

By Go2ITGroup
June 16, 2020 Category: Risk Assessment, Disaster Recovery, Assets, Threats, Vulnerabilities

There is considerable uncertainty in todays world including online hackers and ransomwareto the COVID19 pandemic that is still ongoing. Unfortunately, many SMBs do not realize that it is only a matter of time before their IT infrastructure and data might fail or fall victim to malicious human interference. When that happens, SMBs not only lose revenue, they can also lose customer confidence as their reputation suffers. Additionally, there can be legal ramifications is customer data is stolen. All SMBs needs to have a disaster recovery plan in place prior to experiencing any of these issues. The Go2IT Group can help create a disaster recovery plan for your business using the methods described below. Risk Assessment and Business Impact Analysis What critical IT assets does your business own whose exposure to loss would be a detriment to business operations? What are the business processes that utilize these assets? What possible threats could affect the ability of those business functions

Categories
Windows (2)
Risk Assessment (2)
Disaster Recovery (2)
Microsoft (2)
Acquisitions (1)
(1)
Network Analysis (1)
Best Practices (1)
Cyber Attacks (1)
Phishing (1)
Assets (1)
Vulnerabilities (1)
Threats (1)
Coronavirus (1)
COVID19 (1)
Ransomware (1)
Upgrade (1)
Network Security (1)
+ Show More

866-424-1233

Contact Us

 

26260 Center Ridge Rd., Westlake OH 44145

© , The Go2IT Group, All Rights Reserved
  • Privacy Policy
  • Terms and Conditions
  • Email Us
  • Blog

  • Powered by Virteom Logoirteom