Step-by-step Instant Solution
Your consulting organization has been hired to develop computer systems for the United Nations in the Middle East.
Create?a Risk Information Sheet for at least five potential risks that should be considered.? At least three of the risks you choose should be business continuity and IT disaster recovery related.? As part of this, consider man-made and natural risks that might apply to this particular situation.?
- The risk description should fully describe the risk
- The probability is the likelihood that the risk will occur (i.e., low, medium, or high)
- The impact is how the organization will be effected if the risk does occur (i.e., low, medium, or high)
- The rationale should explain the reasons for your probability and impact assessments
- The mitigation strategy should explain how each risk will be addressed
- There should be one risk information sheet for each risk identified
- The risk information sheets can be completed in Word, Excel?, or PowerPoint?
The results of your assessment for each risk should be plotted in a Risk Matrix.? One axis should be probability, while the other axis should be impact. The overall risk level will be the intersection of these two factors on the matrix. The risk assessment matrix can be completed in your choice of Word, Excel?, or PowerPoint?.
This is what I have so far.
United Nations Risk Assessment
Chad M. Gartman
CMGT/442 Information Systems Risk Management
May 21, 2016
RISK INFORMATION SHEET #1
Risk Description: Human factor: Accidental deletion and corruption of files
Risk Mitigation: Ensure personnel are adequately trained and only give access to sensitive
information to those employees who require it.
RISK INFORMATION SHEET #2
Risk Description: Terrorism/Hacking: Network unsecure allowing cyber terrorist access to
highly sensitive information
Risk Mitigation: Cyber terrorists will use many different methods of acquiring information
such as phishing, DDoS (Distributed Denial of Service) and APT (Advanced Persistant
Threats) attacks. The information security team (IT) will have to ensure the latest and greatest
security software and hardware is installed and updated. Employees will need to make sure
they have strong passwords and don?t visit any unauthorized websites as dictated in the annual
security training program.
RISK INFORMATION SHEET #3
Risk Description: Earthquakes: Major loss of data due to damage/loss of equipment
Risk Mitigation: Assets in the server room need to be secured to the wall using earthquake
straps thus negating equipment falling off of shelves
RISK INFORMATION SHEET #4
Risk Description: Fire/smoke/water: Physical loss of assets due to fire, smoke and water
Risk Mitigation: To protect against fire, smoke detectors will need to be installed throughout
the facility. Make sure the facility has adequate ventilation to vent smoke. Water damage can
be hard to control, but in the event of a flood, making sure equipment is located high enough
will provide adequate protecton.
RISK INFORMATION SHEET #5
Your consulting organization has been hired to develop computer systems for the United
Nations in the Middle East. Develop a list of man-made and natural risks that might
apply to this particular situation. Explain each risk in detail.
I'm sure there are a ton of risks, but I came up with a few off the top of my head.
Fire - Loss of data. A good continuity of operation plan should be in place
Earth Quake - Loss of data. A good continuity of operation plan should be in
Terrorism - Sensitive information is leaked to the enemy, which becomes a
national security issue
Human factor - file/data deletion or corruption of sensitive information
I think any risk cannot be managed without identifying what the risk is and assessing the
severity and likelihood of it occurring. The information gathered during risk identification
and evaluation will identify the specific strategy or strategies to manage the risk.
Paper#9256374 | Written in 27-Jul-2016Price : $22