Go Premium for a chance to win a PS4. Enter to Win

x
  • Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 679
  • Last Modified:

Network / IT environment RISK (non security risks)

When you ask most forums or IT folk about “risk” within IT environments, most of them immediately think you are on about “security”, “penetration testing” etc. I am  not convinced security is the only risk factor in an IT environment. But I genuinely am interested in getting some feedback from other people on what other elements of an IT environment outside IT constiture risk areas

So.... outside of security, what other risks are inherent within IT environments. Does there exist a master document with risk areas for a typical IT environment anywhere? Or can you provide some examples for me to review further?
0
pma111
Asked:
pma111
  • 2
2 Solutions
 
pma111Author Commented:
often known as a risk universe or audit universe
0
 
woolmilkporcCommented:
OK,

there is the "Risk Management Guide for Information Technology Systems" by NIST.
http://www.hhs.gov/ocr/privacy/hipaa/administrative/securityrule/nist800-30.pdf

It introduces kind of a classification:

- Natural Threats - Floods, earthquakes, tornadoes, landslides, avalanches, electrical storms, and other such events.

- Human Threats (general) - Events that are either enabled by or caused by human beings, such as unintentional acts or deliberate actions (sabotage).
 
- Human Threats (IT related) - inadvertent data entry/data destruction, deliberate network based attacks, malicious software upload, unauthorized access to confidential information.

- Environmental Threats - Long-term power failure, pollution, chemicals, liquid leakage.


wmp
0
 
pma111Author Commented:
Thanks, I will read through I was more after if anyone had conducted a recent risk analysis / risk universe that they would share as a template...
0
 
notacomputergeekCommented:
The State of California has developed this information:
http://www.cio.ca.gov/OIS/Government/risk/toolkit.asp

Of particular interest to you may be the 'Assessment Tool For State Agencies'. Fill this out to see where your organization ranks. Main categories are:
Organizational Reliance on IT
Risk Management
People
Processes
Technology

woolmilkporc already mentioned NIST SP 800-30 and listed the main topics of Business Continutity hazards.
0

Featured Post

 The Evil-ution of Network Security Threats

What are the hacks that forever changed the security industry? To answer that question, we created an exciting new eBook that takes you on a trip through hacking history. It explores the top hacks from the 80s to 2010s, why they mattered, and how the security industry responded.

  • 2
Tackle projects and never again get stuck behind a technical roadblock.
Join Now