· Deliverable Length: Risk Assessment and Narrative of 600
At a minimum, you will identify 4 assets and complete the row for each one. Once you have completed the table, you will provide 600 words discussing your thought processes on the related assets and the identified risk. Please make sure that you cite the relevant sources of information that you used to define the information you provided in your table.
Note: The scenario that you choose will be the scenario that you will continue to use throughout the rest of the course. This will lead to the completion of your Key Assignment in Phase 5.
Scenarios
- Scenario 1: You are tasked by your supervisor to develop a risk assessment for your organization, Triangle. Triangle is a manufacturer of HVAC components headquartered in Clarksville, TN. This area has a history of flooding, tornadoes, and the occasional severe winter storms. Your supervisor is concerned with these naturally occurring events and would like your risk assessment to address these specifically and include any other risks that you identify.
- Scenario 2: You are an employee of Do It Yourself, a large chain of home improvement stores with locations all across the United States. Your supervisor is concerned with the recent increase of cyber-attacks on major retailers and would like for you to conduct a risk assessment that focuses on that area and include any other identified risks that are not cyber-attack-related but still focus on information technology.
INSTRUCTIONS:
· Column 1: Compile a list of assets (people, facilities, machinery, equipment, raw materials, finished goods, information technology, etc.) in the left column.
· Column 2: For each asset, list hazards (review the “Risk Assessment” page from Ready Business) that could cause an impact. Since multiple hazards could impact each asset, you will probably need more than one row for each asset. You can group assets together as necessary to reduce the total number of rows but use a separate row to assess those assets that are highly valued or critical.
· Column 3: For each hazard consider both high probability/low impact scenarios and low probability/high impact scenarios.
· Column 4: As you assess potential impacts, identify any vulnerabilities or weaknesses in the asset that would make it susceptible to loss. These vulnerabilities are opportunities for hazard prevention or risk mitigation. Record opportunities for prevention and mitigation in column 4.
· Column 5: Estimate the probability that the scenarios will occur on a scale of “L” for low, “M” for medium and “H” for high.
· Columns 6-10: Analyze the potential impact of the hazard scenario in columns 6 – 10. Rate impacts “L” for low, “M” for medium and “H”
· for high.
· Column 8: Information from the business impact analysis should be used to rate the impact on “Operations.”
· Column 10: The “entity” column is used to estimate potential financial, regulatory, contractual, and brand/image/reputation impacts.
· Column 11: The “Overall Hazard Rating” is a two-letter combination of the rating for “probability of occurrence” (column 5) and the highest rating in columns 6 – 10 (impacts on people, property, operations, environment, and entity).
· Carefully review scenarios with potential impacts rated as “moderate” or “high.” Consider whether action can be taken to prevent the scenario or to reduce the potential impacts.
Part II
· Deliverable Length: Complete Business Impact Analysis Worksheet and Narrative of 600 words
In Phase 1, you completed a risk assessment based on a scenario that you selected. You will use this information to complete a business impact analysis worksheet. It is important to understand that normally, a subject matter expert of the department would be completing this document, as he or she would have the best insight on the operational and financial impact if a threat or risk were to occur. For example, if you were to conduct this analysis on the human resources (HR) department, the HR manager would be the most likely candidate to complete the worksheet because he or she is in a better position to understand how a risk would impact the department.
For this assignment, you will complete the Business Impact Analysis Worksheet.
Click here to download the Business Impact Analysis Worksheet (FEMA, 2014).
Using the risk assessment, you created in Phase 1 and acting as the representative of the information technology department, complete the business impact analysis worksheet. For each risk you identified, you will complete a row on the worksheet that outlines the operational and financial impact.
Once you have completed the worksheet, you will provide a narrative of 600–800 words that discusses your thought process on completing the worksheet. Make sure that you cite your sources of information according to the undergraduate writing guide available in the library.
Part III
· Deliverable Length: 10 slides with 100 words speaker notes per slide
For this assignment, you will create a PowerPoint presentation discussing site strategies. A site refers to the organization using a separate physical location to set up operations in the event the original location is compromised (e.g., the main headquarters lost power due to a storm). Sites are considered exclusive or shared. Exclusive means that the organization controls the site which can be configured as hot, warm, cold, or mobile. Shared means that the organization is sharing the site for a moment in time, purchasing a service, or has an agreement with another organization to share resources.
Your presentation will be 10 slides with 1 slide for the title and 1 slide for references, leaving 7–13 slides in which you will discuss exclusive and shared sites and the purpose for which they are used. Each slide will have, at a minimum, a 100-word narrative in the Notes section of the slide.