Conducting Risk Assessment And Analysis

By Author: Sherry Roberts
Total Articles: 99
Comment this article

Introduction
The risk assessment and analysis is indispensable for any e-commerce for the purpose of information security, whereby it helps an enterprise to establish a safeguard system for their business. It is the process of for affirming risks and their extent and it forms the foundation for risk management (Youli et al., 2009). Risk assessment and analysis provide vital data for establishing security policies for organizations. Risk assessment and analysis help define security demand and create a feasible measure for controlling risks so that they do not exceed acceptable extents and also to avoid system down. It is a fact that security is core to e-commerce as the network is rapidly developing and different net risks are coming up; that is why risk assessment and analysis is crucial. The paper is about conducting of risk assessment and analysis for an e-commerce business concerned with the sale of electronic products.
Risk analysis for the business entailed the identification of assets and the threats likely to impact the functionality of those assets negatively. According to priority levels of the IT assets, ...
... for our company, there was the production of the following table. The prioritization of the assets when carrying out risks analysis is vital for the purpose of understanding the protection mechanisms to deploy (Stern & Arias, 2011). That is because the failure of the critical systems can totally hamper the business processes. The network assets in the table include switches, routers, NICs, firewalls, and gateways. The PCs and printer included those from HP Company because of their dominance in the market and their workability suitability for the business environment.

 
Asset identification

Asset identification worksheet
Form AID01
Business Name: Dotcom Electronic Inc
Address: 1234 NY
Facility 001 Contact: 257890988
Phone Number: 518-402-5181
E-mail: DotcEinc@hotmail.com
Asset Quantity Department Value Priority
Backup system 2 All $800 Necessary
PCs 50 All $11000 Necessary
Servers 6 Server Room $4800 Critical
Network devices 20 - $500 Necessary
Printers 10 All $1100 Desirable
Scanner 5 All $615 Desirable
QuickBooks 5 Accounting and payroll $400 Critical
Data 500TB All $2000 Critical
CRM 1 Sales and marketing, Customer relations and support $200 Necessary
Web 1 Research and development, sales and marketing, customer relations and support $300 Critical

Business process identification
There was the identification of the business process through the interaction with the various departments of the organization, and the result was the following table. Then company engaged in the customer m management, research and innovation, and those activities related to sales and marketing as well as other managerial activities. I realized that the company continues to protect their information because data is very important for the continuity of any business and its loss can culminate to the closure of the business. I listed the departments where the various business processes took place and assigned priority levels of the business processes and the assets used where applicable. The assignment of priority levels is essential for the purpose knowing how to support such activities to ensure the business success.

Business Process Identification Worksheet
Form BPID01

Business Name: Dotcom Electronic Inc
Address: 1234 NY
Facility 001 Contact: 257890988
Phone Number: 518-402-5181
E-mail: DotcEinc@hotmail.com
Business process Priority Department Asset used
Managing of customer information Necessary Sales and marketing CRM
Procurement Critical Sales and marketing N/A
Managing accounts Critical Accounting and payroll QuickBooks
Securing Enterprise data Necessary Administrative (tech support) Servers, Firewall
Providing innovative business techniques Necessary Research and development Web
Collect money from clients Critical Accounting and payroll N/A
Receiving and processing sales Critical Sales and marketing QuickBooks
Backing up enterprise data Necessary Sales and marketing Backup system
Updating customers with information Desirable Customer relations and support CRM

Threat identification and assessment
Threat identification and assessment is key to having preparedness for addressing those threats (Bayne, 2002). I used various sources to conduct the identification and analysis. I listed then assets that each particular threat can have impact on and the consequence if there are an occurrence such incidents. Some of the threats include software failures, fire outbreak, denial of service attacks, natural catastrophes like earthquake and floods, civil unrest, computer hacking or fraud, theft, malware, etc. There is the listing of the priority of occurrence so as to help the organization in question to know where to put emphasis and which assets to give priority when putting security measures in place. There is labeling of the consequence of the attacks and the severity levels of the outbreaks.

Threat Identification and Assessment worksheet
Form TIDA01
Business Name: Dotcom Electronic Inc
Address: 1234 NY
Facility 001 Contact: 257890988
Phone Number: 518-402-5181
E-mail: DotcEinc@hotmail.com
Threat POC Assets affected Consequence
(C, S, M, I) Severity
(C, S, M, I)
Software failure 3 CRM, QuickBooks M M
Natural catastrophes 2 Infrastructure, PCs, network devices, printers and scanners C C
Theft 5 Infrastructure, PCs M M
Malware 7 Data S C
Computer hacking/fraud 7 Data S C
Fire outbreak 3 Infrastructure, PCs, network devices C C
Civil unrest 1 Infrastructure I M
Denial of service attacks 8 Web M S

Threat Mitigation
Based on the threats identified in the previous step of risk identification the next step is the identification of countermeasures to lower the various levels of risk (Fema.gov, 2013). The threat to assets with critical priority levels are the ones that had consideration because of the assets are core to business processes. Having mitigation strategies in place helps the company in question to respond to the identified threats and prevent or at least reduce their damage to the company’s assets. Without proper identification of threats there will be difficulty in putting the security mechanisms in place for the mitigation of those threats. If the critical processes can have protection from those threats, it will then be possible for the organization to carry out its business process without fear (Neubauer et al., 2006). The table is as shown below with the listing of the threats, assets affected and the mitigation techniques.
 
Threat mitigation
Threat mitigation worksheet
Form TM01
Business Name: Dotcom Electronic Inc
Address: 1234 NY
Facility 001 Contact: 257890988
Phone Number: 518-402-5181
E-mail: DotcEinc@hotmail.com
Asset Threat Mitigation technique
Server Natural catastrophes Having a backup and a disaster plan
Data Computer Hacking/fraud Put security measures
Infrastructure Fire outbreak Have fire control systems and equipment
Web Denial of service Have a vigilant IT team for responding to such incidents
Network devices Fire outbreak Have fire control equipments in place
Data Malware Install antivirus software on all PCs, scan data and update the antivirus software
PCs Fire outbreak Implement a fire control strategy to reduce the damage

Conclusion
Risk assessment and analysis is a requirement for any business that desires to continue operating in the current risky environments with upcoming of new risks. That is because company assets are vital as they are the ones that support business processes. There should be the carrying out of the identification of threats to the organizations’ assets so as to have solid mechanisms on the ground for protecting those assets. The paper provided a full documentation of the most common business processes and all types of likely threats to those processes. There were also the suggestions of the most suitable techniques for mitigating those incidents so as to ensure business continuity through provision of asset security. Then provided techniques provide support for the decision makers to know which technique to apply so as to safeguard assets and business processes.
References
Bayne, J. (2002). An overview of threat and risk assessment. Asset value, threat/hazard, vulnerability, and risk.
Neubauer, T. et al. (2006). Secure business process management: A roadmap. Proceedings of the first international conference on availability, reliability and security.
Stern, R. & Arias, J. (2011). Review of risk management methods. Business intelligence journal, 14(1).
Youli, Y. et al. (2009). Risk assessment model for E-commerce security based on FCE. Proceedings of the 2009 international symposium on Web systems and applications, Nanchang, P.R, May 22-24, pp. 297-299.

Carolyn Morgan is the author of this paper. A senior editor at Melda Research in custom research paper service if you need a similar paper you can place your order for a custom research paper from nursing writing services.

Author is associated with MeldaResearch.Com which is a global Custom Essay Writing and Term Paper Writing Company. If you would like help in Research Papers and Term Paper Help you can visit Custom Writing Service