Assessment Of The Risk Assessment

2136 Words Dec 1st, 2014 9 Pages
Part – 1 - Risk Assessment

The first process in the risk management is Risk Assessment. Risk Assessment is used to determine the risk associated with the organization. The output of the risk assessment is helpful in identifying the controls for reducing or eliminating the risk .

Scenario

The system given to us is Enterprise Medco Records, known as Medco, which contains patient data. Medco is running 24 X 7 days. Physicians in case of emergency use it for treating patients with life threatening problem

The risk assessment is to be performed on this system and the steps are as follows

Step 1: System Characterization

System Characterization is the first step in the risk assessment process. In this step we analyze the system resources and the boundaries that exists for the system.

In our Medco environment, they have the following resources

a) Servers : Microsoft Exchange Server,
Domain Controller, Citrix Server, Web Server, Microsoft SQL Server holding patient data
b) LAN connection with switches and routers
c) Servers connected to the WAN using single internet connection through VPN

Step 2 - Threat Identification

Threat identification is one of the important steps, where we identify the possible threats sources and a threat statement is written listing the potential threats that are applicable to the system.

. There are three common sources of threats, they are

1. Natural Threats - These threats caused due to floods, earthquakes,…

More about Assessment Of The Risk Assessment

Open Document