Comprehensive IT Risk Assessment Report for Small IT Company
VerifiedAdded on 2023/04/25
|9
|2297
|112
Report
AI Summary
This report presents a comprehensive IT risk assessment conducted for a small IT company, addressing the critical need for robust security measures despite limited budgets. The assessment identifies key assets, threats, vulnerabilities, and potential consequences arising from open access to servers and systems. It emphasizes the importance of servers in the company's operations while highlighting associated risks such as intellectual property loss, administrative disruptions, unauthorized access, confidentiality breaches, and network disruptions. The report further proposes mitigation strategies and recommendations, including continuous monitoring, risk ownership, user knowledge enhancement, controlled server usage, ensured availability, data protection measures, and disaster recovery planning. It concludes by advocating for the adoption of cloud services and the implementation of security mechanisms like software updates, encryption techniques, and network monitoring to safeguard the company's assets and maintain business continuity.
Running Head: IT-PORTFOLIO 0 | P a g e
IT-portfolio
Report
Student name
IT-portfolio
Report
Student name
Paraphrase This Document
Need a fresh take? Get an instant paraphrase of this document with our AI Paraphraser
IT-portfolio
Table of Contents
Executive Summary.........................................................................................................................2
Introduction......................................................................................................................................3
Risk Assessment Process.................................................................................................................3
Assets, Threats, Vulnerabilities, and Consequences.......................................................................4
Mitigation of Risks and Recommendations.....................................................................................5
Summary..........................................................................................................................................6
Conclusion.......................................................................................................................................6
References........................................................................................................................................7
Table of Contents
Executive Summary.........................................................................................................................2
Introduction......................................................................................................................................3
Risk Assessment Process.................................................................................................................3
Assets, Threats, Vulnerabilities, and Consequences.......................................................................4
Mitigation of Risks and Recommendations.....................................................................................5
Summary..........................................................................................................................................6
Conclusion.......................................................................................................................................6
References........................................................................................................................................7
IT-portfolio
Executive Summary
Small businesses are having low budgets for their security systems. However, they
required it for securing their assets from different attack. In the given scenario, IT Company
should have their personal security system, which provides security to their hardware, software,
and their projects. As a consultant for small IT-Company, a report is submitted to the senior
administration, it is based on the assets, threats, vulnerabilities, and consequences that originate
from the use of open access of servers and systems, along with their impact in the IT Company’s
architecture (Humphreys, 2008).
Servers have popularity for fundamental businesses, especially in the small IT-
Companies. It plays a key role in the overall growth of the small IT Company’s organization,
productivity and management of operations. Servers have many advantages. It carries
disadvantages as well. Therefore, it is require that the senior management follow rule and
regulations when performing certain tasks to secure use of server facilities.
In this report, issues of servers and internet will be discussed as well as it will provide
recommendations for IT-company to resolve risks before they occurred in their system.
Executive Summary
Small businesses are having low budgets for their security systems. However, they
required it for securing their assets from different attack. In the given scenario, IT Company
should have their personal security system, which provides security to their hardware, software,
and their projects. As a consultant for small IT-Company, a report is submitted to the senior
administration, it is based on the assets, threats, vulnerabilities, and consequences that originate
from the use of open access of servers and systems, along with their impact in the IT Company’s
architecture (Humphreys, 2008).
Servers have popularity for fundamental businesses, especially in the small IT-
Companies. It plays a key role in the overall growth of the small IT Company’s organization,
productivity and management of operations. Servers have many advantages. It carries
disadvantages as well. Therefore, it is require that the senior management follow rule and
regulations when performing certain tasks to secure use of server facilities.
In this report, issues of servers and internet will be discussed as well as it will provide
recommendations for IT-company to resolve risks before they occurred in their system.
⊘ This is a preview!⊘
Do you want full access?
Subscribe today to unlock all pages.
Trusted by 1+ million students worldwide
IT-portfolio
Introduction
All businesses have different risk and it is a natural part of business. If ignore these risk
then it can spread like weeds. However, if managed risk in effective manner then losses cab
avoided, and benefits obtained. As an IT Risk Assessment Consultant for the small IT
Company, a comprehensive report is submitted based on the risks, which are associated with the
IT Company (Andrijcic & Horowitz, 2016). This report will provide suggestion to the higher
management as well as business stakeholders and technologist. This report will provide help to
take decisions, which are based on the risk assessment of small IT Company.
The main objective of this report is to establish the assets, threats, vulnerabilities, and
consequences that are integrated with servers. It will also provide risk mitigation plan that
adheres to the business standards (ACSC, 2017). This report will present an evaluation of the
project management of small IT-company.
This report uncovers potential threats, assets, consequences, and vulnerabilities, both
internally and externally. These things are obstruct the availability, confidentiality, reliability,
and integrity of data for IT-company.
The report will explain about the data policies and access standard that comply with
security. Server is providing different services to the employees for their working. Our company
is having different servers for many services, such as Windows Active Directory Server.
Risks can be avoided, if there is a proper security and arrangement in the system, such as
firewalls are used for stopping unauthorized access, virus, Trojans, and many other malwares.
Risk Assessment Process
The risk management process is helping to found out potential risks that prevail with
servers for IT Companies. It provides recommendations to reduce the upcoming risks for
company. It helps to save cost, stress, time, and efforts. Risk management is providing
appropriate ways to legalize the assets and protecting data and information of the Software
Company. Risk management cycle is used for this assessment project (Heiser & Nicolett, 2008).
Introduction
All businesses have different risk and it is a natural part of business. If ignore these risk
then it can spread like weeds. However, if managed risk in effective manner then losses cab
avoided, and benefits obtained. As an IT Risk Assessment Consultant for the small IT
Company, a comprehensive report is submitted based on the risks, which are associated with the
IT Company (Andrijcic & Horowitz, 2016). This report will provide suggestion to the higher
management as well as business stakeholders and technologist. This report will provide help to
take decisions, which are based on the risk assessment of small IT Company.
The main objective of this report is to establish the assets, threats, vulnerabilities, and
consequences that are integrated with servers. It will also provide risk mitigation plan that
adheres to the business standards (ACSC, 2017). This report will present an evaluation of the
project management of small IT-company.
This report uncovers potential threats, assets, consequences, and vulnerabilities, both
internally and externally. These things are obstruct the availability, confidentiality, reliability,
and integrity of data for IT-company.
The report will explain about the data policies and access standard that comply with
security. Server is providing different services to the employees for their working. Our company
is having different servers for many services, such as Windows Active Directory Server.
Risks can be avoided, if there is a proper security and arrangement in the system, such as
firewalls are used for stopping unauthorized access, virus, Trojans, and many other malwares.
Risk Assessment Process
The risk management process is helping to found out potential risks that prevail with
servers for IT Companies. It provides recommendations to reduce the upcoming risks for
company. It helps to save cost, stress, time, and efforts. Risk management is providing
appropriate ways to legalize the assets and protecting data and information of the Software
Company. Risk management cycle is used for this assessment project (Heiser & Nicolett, 2008).
Paraphrase This Document
Need a fresh take? Get an instant paraphrase of this document with our AI Paraphraser
IT-portfolio
Risk management process includes five major activities as mention below:
1. Risks identification: identification of risk can be derived from the servers. Threats can be
observed from different aspects. It is a basic requirement for any company to accesses
the threats and resolves them (Bhagat, 2012).
2. Access and analyses risk: After the identification of risks and threats, they can be
observed for the analysis of them. All the risks are categories according to their severity.
This process includes different aspects and provides rating to the risks. Analysis of risk
provides the defensive action.
3. Action plan for risks: In this activity, risk management is considering analysis of risks.
Mitigation of risks van be planned and it enhanced security of the company. System is
used risk mitigation strategy against the risks.
4. Implementation of action plan: Action plan can be implemented in this step. Risks as
cyber-attacks can be reduce through implementation of cyber security algorithms.
5. Monitor, measure and control: This process has three activities. Measuring of the risk,
controlling of risk and monitoring the system are three activities. System measures the
risk and control that risk through different action plans. System monitoring is observes
risks in the system.
Assets, Threats, Vulnerabilities, and Consequences
1. Intellectual Property loss: theft of Intellectual Property (IP) is a crime as servers are
having many sensitive information as well as confidential data of company. Most of the
IT-companies are having their confidential data at different server, which is accessible
through internet. Cloud services are completely under the laws and policies (Humphreys,
2008).
2. Disturbing administrative operations: It is a common thing that employee stored their
data at server and they are having access of server for different work purposes. Some
companies are allowing to their employee to bring their devices, which creates a state of
uncertainty. Cloud computing services are providing different levels that provide
administrative powers to few responsible persons (Mather, Kumaraswamy, & Latif,
2009).
Risk management process includes five major activities as mention below:
1. Risks identification: identification of risk can be derived from the servers. Threats can be
observed from different aspects. It is a basic requirement for any company to accesses
the threats and resolves them (Bhagat, 2012).
2. Access and analyses risk: After the identification of risks and threats, they can be
observed for the analysis of them. All the risks are categories according to their severity.
This process includes different aspects and provides rating to the risks. Analysis of risk
provides the defensive action.
3. Action plan for risks: In this activity, risk management is considering analysis of risks.
Mitigation of risks van be planned and it enhanced security of the company. System is
used risk mitigation strategy against the risks.
4. Implementation of action plan: Action plan can be implemented in this step. Risks as
cyber-attacks can be reduce through implementation of cyber security algorithms.
5. Monitor, measure and control: This process has three activities. Measuring of the risk,
controlling of risk and monitoring the system are three activities. System measures the
risk and control that risk through different action plans. System monitoring is observes
risks in the system.
Assets, Threats, Vulnerabilities, and Consequences
1. Intellectual Property loss: theft of Intellectual Property (IP) is a crime as servers are
having many sensitive information as well as confidential data of company. Most of the
IT-companies are having their confidential data at different server, which is accessible
through internet. Cloud services are completely under the laws and policies (Humphreys,
2008).
2. Disturbing administrative operations: It is a common thing that employee stored their
data at server and they are having access of server for different work purposes. Some
companies are allowing to their employee to bring their devices, which creates a state of
uncertainty. Cloud computing services are providing different levels that provide
administrative powers to few responsible persons (Mather, Kumaraswamy, & Latif,
2009).
IT-portfolio
3. Unauthorized access of server: Servers cannot track all the users’ activities and it is a
huge risk for company. Therefore, anyone can make changes and there is no record of
that activity (Kassa, 2017). Company is not having firewalls. Thus, this provides a huge
platform for malicious infections to theft data and damage hardware that will be not good
for company.
4. Loosing Confidentiality: Data breaches are reducing trust and confidentiality of the
clients. Company is having information of different clients at their server. If such
information is theft, it breaks clients trust as well as loss of business for the IT-company
(Sanchez, 2010).
5. Network disruption: Network is backbone of any IT-companies now days. Internet is
providing different advantages to the company, but it is also having disadvantages, if it is
not uses with security. Company is not having any restriction on websites. This is a way
to invites viruses, worms, Trojans, and ransomware (Security Response Team, 2017).
Mitigation of Risks and Recommendations
In this report, Mitigation of risk and recommendations are provide to reduce threats and
vulnerabilities, which arise with the use of servers without firewalls. The higher management of
IT-company must take into their consideration. They can also perform these recommendations as
and when needed for security purposes (Messier Jr & Austen, 2000).
1. Monitoring: IT-company has different innovative softwares and they used different
servers for their development of softwares. It is necessary to IT-company that they work
according to appropriate laws, policies, rules, and regulations. Cloud computing provides
better monitoring of servers and network of a company.
2. Owning of risks: If any issues arise with server services. It is mandatory that the higher
administration of IT-company take charge. Hence, company should consistently monitor
of the services and provide safety to the confidential information of the company.
3. Knowledge of servers: all the users must have the knowledge of servers and security. The
management must provide firewall too secure data and monitor different activities of all
users (Troldborg, Lemming, Binning, Tuxen, & Bjerg, 2008).
3. Unauthorized access of server: Servers cannot track all the users’ activities and it is a
huge risk for company. Therefore, anyone can make changes and there is no record of
that activity (Kassa, 2017). Company is not having firewalls. Thus, this provides a huge
platform for malicious infections to theft data and damage hardware that will be not good
for company.
4. Loosing Confidentiality: Data breaches are reducing trust and confidentiality of the
clients. Company is having information of different clients at their server. If such
information is theft, it breaks clients trust as well as loss of business for the IT-company
(Sanchez, 2010).
5. Network disruption: Network is backbone of any IT-companies now days. Internet is
providing different advantages to the company, but it is also having disadvantages, if it is
not uses with security. Company is not having any restriction on websites. This is a way
to invites viruses, worms, Trojans, and ransomware (Security Response Team, 2017).
Mitigation of Risks and Recommendations
In this report, Mitigation of risk and recommendations are provide to reduce threats and
vulnerabilities, which arise with the use of servers without firewalls. The higher management of
IT-company must take into their consideration. They can also perform these recommendations as
and when needed for security purposes (Messier Jr & Austen, 2000).
1. Monitoring: IT-company has different innovative softwares and they used different
servers for their development of softwares. It is necessary to IT-company that they work
according to appropriate laws, policies, rules, and regulations. Cloud computing provides
better monitoring of servers and network of a company.
2. Owning of risks: If any issues arise with server services. It is mandatory that the higher
administration of IT-company take charge. Hence, company should consistently monitor
of the services and provide safety to the confidential information of the company.
3. Knowledge of servers: all the users must have the knowledge of servers and security. The
management must provide firewall too secure data and monitor different activities of all
users (Troldborg, Lemming, Binning, Tuxen, & Bjerg, 2008).
⊘ This is a preview!⊘
Do you want full access?
Subscribe today to unlock all pages.
Trusted by 1+ million students worldwide
IT-portfolio
4. Usage of the Servers: The management of IT-company should make different level of
data access at the server for security purposes. Thus, risk is eliminating before creating an
issue.
5. Availability: Internet and other facilities are always there for handling different risks in
the company. Senior management of IT-company must ensure that the employees are
trustworthy and internet service is available for full time without any disturbance in the
services.
6. Data protection: Servers must have administrative power for providing data security.
Server can take backup of all data, if any cyber-attack or malware is affecting the server.
7. Recovery: For continuity of the company business, server must have backup servers for
recovery from total disasters (Patterson & Neailey, 2002).
Summary
For making company in safe hands from security threats, it is necessary to use some
security mechanisms.
Software update: Server and other systems are having latest windows and Linux operating
system with their latest patches for high security. It will provide security from hackers.
Encryption techniques: Company must maintain the encryption techniques for data transfer.
Thus, no one can theft data in an original form (Zhang, Wuwong, Li, & Zhang, 2010).
Network Monitoring: there are different software present in the market that provides network
monitoring of complete system, such as Solarwinds, Nagios, and many others. IT-company
should use them for monitoring the network and make changes if required.
Conclusion
Servers are used in IT-companies and it is fast-growing service in the field of IT. IT-
companies have moved into cloud services for security purposes. Cloud services are providing
market value in this competitive environment.
This IT Risk Assessment is providing a report to higher management of IT –company
that portrays different threats and vulnerabilities. It provides recommendation and summary
4. Usage of the Servers: The management of IT-company should make different level of
data access at the server for security purposes. Thus, risk is eliminating before creating an
issue.
5. Availability: Internet and other facilities are always there for handling different risks in
the company. Senior management of IT-company must ensure that the employees are
trustworthy and internet service is available for full time without any disturbance in the
services.
6. Data protection: Servers must have administrative power for providing data security.
Server can take backup of all data, if any cyber-attack or malware is affecting the server.
7. Recovery: For continuity of the company business, server must have backup servers for
recovery from total disasters (Patterson & Neailey, 2002).
Summary
For making company in safe hands from security threats, it is necessary to use some
security mechanisms.
Software update: Server and other systems are having latest windows and Linux operating
system with their latest patches for high security. It will provide security from hackers.
Encryption techniques: Company must maintain the encryption techniques for data transfer.
Thus, no one can theft data in an original form (Zhang, Wuwong, Li, & Zhang, 2010).
Network Monitoring: there are different software present in the market that provides network
monitoring of complete system, such as Solarwinds, Nagios, and many others. IT-company
should use them for monitoring the network and make changes if required.
Conclusion
Servers are used in IT-companies and it is fast-growing service in the field of IT. IT-
companies have moved into cloud services for security purposes. Cloud services are providing
market value in this competitive environment.
This IT Risk Assessment is providing a report to higher management of IT –company
that portrays different threats and vulnerabilities. It provides recommendation and summary
Paraphrase This Document
Need a fresh take? Get an instant paraphrase of this document with our AI Paraphraser
IT-portfolio
about the risk assessment. This Risk management report will beneficial for reducing risks for IT-
company, which is creating different issues for the company.
Finally, it is concluded that IT-company must use cloud services for managing all
operations of their work. It will be better for their customers as well as for the company.
References
ACSC. (2017). Australian Cyber Security Centre. Retrieved December 12, 2018, from
https://www.acsc.gov.au/publications/ACSC_Threat_Report_2017.pdf
Andrijcic, E., & Horowitz, B. (2016). A Macro‐Economic Framework for Evaluation of Cyber
Security Risks Related to Protection of Intellectual Property. Risk analysis, 26(4), 907-
923.
Bhagat, B. (2012). Patent No. 13/016,999. U. S.
Heiser, J. N. (2008). Assessing the security risks of cloud computing. Gartner Report, 27(1), 29-
52.
Heiser, J., & Nicolett, M. (2008). Assessing the security risks of cloud computing. Gartner
Report, 27(1), 29-52.
Humphreys, E. (2008). Information security management standards: Compliance, governance
and risk management. information security technical report, 13(4), 247-255.
Kassa, S. G. (2017). IT Asset Valuation, Risk Assessment and Control Implementation Model.
Retrieved December 11, 2018, from
https://www.isaca.org/Journal/archives/2017/Volume-3/Pages/it-asset-valuation-risk-
assessment-and-control-implementation-model.aspx
Mather, T., Kumaraswamy, S., & Latif, S. (2009). Cloud security and privacy: an enterprise
perspective on risks and compliance. Sebastopol: O'Reilly Media, Inc.
about the risk assessment. This Risk management report will beneficial for reducing risks for IT-
company, which is creating different issues for the company.
Finally, it is concluded that IT-company must use cloud services for managing all
operations of their work. It will be better for their customers as well as for the company.
References
ACSC. (2017). Australian Cyber Security Centre. Retrieved December 12, 2018, from
https://www.acsc.gov.au/publications/ACSC_Threat_Report_2017.pdf
Andrijcic, E., & Horowitz, B. (2016). A Macro‐Economic Framework for Evaluation of Cyber
Security Risks Related to Protection of Intellectual Property. Risk analysis, 26(4), 907-
923.
Bhagat, B. (2012). Patent No. 13/016,999. U. S.
Heiser, J. N. (2008). Assessing the security risks of cloud computing. Gartner Report, 27(1), 29-
52.
Heiser, J., & Nicolett, M. (2008). Assessing the security risks of cloud computing. Gartner
Report, 27(1), 29-52.
Humphreys, E. (2008). Information security management standards: Compliance, governance
and risk management. information security technical report, 13(4), 247-255.
Kassa, S. G. (2017). IT Asset Valuation, Risk Assessment and Control Implementation Model.
Retrieved December 11, 2018, from
https://www.isaca.org/Journal/archives/2017/Volume-3/Pages/it-asset-valuation-risk-
assessment-and-control-implementation-model.aspx
Mather, T., Kumaraswamy, S., & Latif, S. (2009). Cloud security and privacy: an enterprise
perspective on risks and compliance. Sebastopol: O'Reilly Media, Inc.
IT-portfolio
Messier Jr, W. F., & Austen, L. A. (2000). Inherent risk and control risk assessments: Evidence
on the effect of pervasive and specific risk factors. Auditing: A Journal of Practice &
Theory, 19(2), 119-131.
Patterson, F., & Neailey, K. (2002). A risk register database system to aid the management of
project risk. International Journal of Project Management, 20(5), 365-374.
Sanchez, M. (2010). The 10 most common security threats explained. Retrieved Devember 12,
2018, from https://blogs.cisco.com/smallbusiness/the-10-most-common-security-threats-
explained
Security Response Team. (2017). What you need to know about the WannaCry Ransomware.
Retrieved 09 04, 2018, from
https://www.symantec.com/blogs/threat-intelligence/wannacry-ransomware-attack
Troldborg, M., Lemming, G., Binning, P., Tuxen, N., & Bjerg, P. (2008). Risk assessment and
prioritisation of contaminated sites on the catchment scale. Journal of Contaminant
Hydrology, 104(1-4), 14-28.
Zhang, X., Wuwong, N., Li, H., & Zhang, X. (2010). Information security risk management
framework for the cloud computing environments. In Computer and Information
Technology (CIT) (pp. 1328-1334). IEEE.
Messier Jr, W. F., & Austen, L. A. (2000). Inherent risk and control risk assessments: Evidence
on the effect of pervasive and specific risk factors. Auditing: A Journal of Practice &
Theory, 19(2), 119-131.
Patterson, F., & Neailey, K. (2002). A risk register database system to aid the management of
project risk. International Journal of Project Management, 20(5), 365-374.
Sanchez, M. (2010). The 10 most common security threats explained. Retrieved Devember 12,
2018, from https://blogs.cisco.com/smallbusiness/the-10-most-common-security-threats-
explained
Security Response Team. (2017). What you need to know about the WannaCry Ransomware.
Retrieved 09 04, 2018, from
https://www.symantec.com/blogs/threat-intelligence/wannacry-ransomware-attack
Troldborg, M., Lemming, G., Binning, P., Tuxen, N., & Bjerg, P. (2008). Risk assessment and
prioritisation of contaminated sites on the catchment scale. Journal of Contaminant
Hydrology, 104(1-4), 14-28.
Zhang, X., Wuwong, N., Li, H., & Zhang, X. (2010). Information security risk management
framework for the cloud computing environments. In Computer and Information
Technology (CIT) (pp. 1328-1334). IEEE.
⊘ This is a preview!⊘
Do you want full access?
Subscribe today to unlock all pages.
Trusted by 1+ million students worldwide
1 out of 9
Related Documents
Your All-in-One AI-Powered Toolkit for Academic Success.
+13062052269
info@desklib.com
Available 24*7 on WhatsApp / Email
![[object Object]](/_next/static/media/star-bottom.7253800d.svg)
Unlock your academic potential
Copyright © 2020–2025 A2Z Services. All Rights Reserved. Developed and managed by ZUCOL.