Solved

server risk assessment

Posted on 2013-12-03
7
258 Views
Last Modified: 2014-01-02
as part of any disaster recovery excercise have you done any scoring/ranking of which fall into your p1 servers, i.e. high priority, which fall into p2, p3 etc. I wondered whether there is any guidance out there on what to base your ranking of each server, i.e what formula to use - and whether you go down to that level, i.e. server level.
0
Comment
Question by:pma111
  • 3
  • 3
7 Comments
 
LVL 18

Expert Comment

by:Steven Harris
ID: 39692402
I wondered whether there is any guidance out there on what to base your ranking of each server, i.e what formula to use
If you are just looking to rank your servers into categories by risk, I would suggest using Risk = Likelihood x Impact.

and whether you go down to that level, i.e. server level.
Why stop at the server level?  You should be determining the risk for every piece of equipment, i.e. switches, firewalls, PSUs, etc.
0
 
LVL 3

Author Comment

by:pma111
ID: 39692437
I dont fully understand how:

> Risk = Likelihood x Impact.

Can be applied though, as surely some servers if they died/went down have more of an impact on your business than others, thats the kind of analysis I was interested in. Or by impact are you considering the impact that specific server would have on the business.

What kind of factors do you consider in "impact".
0
 
LVL 18

Accepted Solution

by:
Steven Harris earned 250 total points
ID: 39692468
Impact is exactly what you are thinking.  Let me clarify:

What effect does this have on my business -- Can I live without it in it's entirety?  Can it be down for 5 minutes without causing major problems?  Can it be down for 5 hours without causing major problems?  Can it be down for 5 days without causing major problems?  Is there any type of redundancy or disaster recovery operation in place?
0
VMware Disaster Recovery and Data Protection

In this expert guide, you’ll learn about the components of a Modern Data Center. You will use cases for the value-added capabilities of Veeam®, including combining backup and replication for VMware disaster recovery and using replication for data center migration.

 
LVL 3

Author Comment

by:pma111
ID: 39692474
is this an excercise you have done for all your servers previously?
0
 
LVL 18

Expert Comment

by:Steven Harris
ID: 39692496
I perform this type of assessment every year.  Some companies perform this every quarter...

I guess the best question I can ask is:

What is your ultimate goal?
0
 
LVL 3

Author Comment

by:pma111
ID: 39697782
Ultimate goal is to list priority servers for audit purposes, i.e. which elements of the infrastructure require audit focus and why/justifying that appraoch.
0
 
LVL 25

Assisted Solution

by:madunix
madunix earned 250 total points
ID: 39750769
For risk assessment purpose as you know it's been measured by terms of likelihood & impact of the risk under assessment, so you should write down all your operations to make Audit Universe. Then prioritize the most and less risky ones (Impact and likelihood). You should find concrete criteria to prioritize them, after that you have the Risk Based audit plan for your risk assessment:
http://www.theiia.org/blogs/marks/index.cfm?postid=432#!
http://www.iia.org.uk/resources/risk-management/risk-based-internal-auditing/#!
http://www.ecu.edu/cs-admin/audit/upload/Audit-Planning-Process.pdf#!
http://www.aadnc-aandc.gc.ca/eng/1370446266138/1370446344470#!
http://pmhub.net/wp/wp-content/files/Jim_Owens_PMP_Exam_Tips_on_Risk_Management_4ed_V1.pdf
0

Featured Post

Zoho SalesIQ

Hassle-free live chat software re-imagined for business growth. 2 users, always free.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

If you're not part of the solution, you're part of the problem.   Tips on how to secure IoT devices, even the dumbest ones, so they can't be used as part of a DDoS botnet.  Use PRTG Network Monitor as one of the building blocks, to detect unusual…
For many of us, the  holiday season kindles the natural urge to give back to our friends, family members and communities. While it's easy for friends to notice the impact of such deeds, understanding the contributions of businesses and enterprises i…
In this Micro Tutorial viewers will learn how to restore single file or folder from Bare Metal backup image of their system. Tutorial shows how to restore files and folders from system backup. Often it is not needed to restore entire system when onl…
Here's a very brief overview of the methods PRTG Network Monitor (https://www.paessler.com/prtg) offers for monitoring bandwidth, to help you decide which methods you´d like to investigate in more detail.  The methods are covered in more detail in o…

937 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

9 Experts available now in Live!

Get 1:1 Help Now