IT Risk Assessment Plan
-
Upload
rohit-tripathy -
Category
Technology
-
view
601 -
download
0
description
Transcript of IT Risk Assessment Plan
IT Risk Assessment Project
Project Plan Document Introductory Project
Intricap, LLC
One month Pilot Project September 2013
Core Value Proposition
Any company with an IT organization has to perform IT Risk Assessments
mandatorily as part of various compliances.
This means every company worth its
salt.
Needs to be done annually
It is boring for IT and IT security managers.
IT Risk Assessments are done one-
on-one today
A mass customization solution through Internet and Technology will
find instant adoption.
Competition
None
Most of it is done
internally at present, or
through consultants done
one at a time.
What it takes to do IT Risk
Assessments today
You have to identify all critical ITEMS in IT infrastructure: Computers, Servers,
Switches, Networks, Locations
Identify THREATS that can do harm to each of them.
Figure out how VULNERABLE each item is
to each threat
For each vulnerable item, determine the LIKELIHOOD of getting effected.
Given a likelihood of getting affected, what will be the IMPACT on each item.
Given all of above, what is the RISK to
each item.
Document and Report
That seems complicated
No. Most of the ratings
are numbers from 1 to 5,
and all you need is to
multiply and add those
numbers to achieve Risk
Ratings
Is there a standard to comply
There are 3 Industry
known standards
NIST SP800-30
ISO 27005
OCTAVE
That’s lot of jargon
IT Industry needs jargon to look smart. Come on,
admit it. All of us boast a little. It is just
repackaging the same old wine, reordering
sequences, and uses slightly different phrases
So what is your offering
We will offer NIST SP800-
30 compliant Risk
Assessments online
through technology
platform.
Pricing !!!!!
We are working on
pricing. Nothing is fixed
yet
How much would be the possible charges ?
We really want a fast
adoption on this one. We
have not decided the
numbers yet, but we will
take it through a price
discovery mechanism.
What else is your value add ?
For the first time ever, we will offer VISUAL RISK
assessments.
All present Risk Assessments are excel based number
assignment. Boring Stuff.
We will make it exciting. Like visuals running, and playing a
game.
At the end of the game, your Risk Assessment is done.
Is making it lot of work
NO. In god’s name NOT.
You cannot believe how
easy it is to build cool
visuals using this totally
open technology HTML5.
So Just HTML5
And a bit of PHP and
Javascript.
We need to create Word
reports, so we will use
some third party tools
for it.
How much time to build ?
Maybe 15 days of work.
Maybe less.
Building it is not that hard
work.
MARKETING it is.
MARKETING
Yes. We have to reach all IT, and IT Security Managers all over.
Then get them to try it.
That has seemed to be a
toadfull of work elsewhere.
So !!!!!!
So out of box marketing
techniques would be the
most crucial factor in the
success of this project.
Its all about MARKETING
OK, and what are the returns ?
At 100 USD per customer paying, if 1000 customers sign
up, that is USD 100,000 per year.
With 10,000 customers, it is 1
Million USD per year.
The world market is 100,000 customers.
Remember it is PER YEAR, not
one time
That’s not bad for one month
of work
I told you so.
And regular costs ?
After initial heavy effort in building and marketing has been done, it will not take more than 2 people
to run the whole show.
This will be a profitable project.
Future ~!!
Once a relationship is
built with all IT Managers,
and if they kinda like you.
Then there are more
things to be done ;)
OK I am interested
All rights: INTRICAP, LLC
Prepared on a bus from Monterrey to Mexico
City,
1st September, 2013 .
Hurrah Internet on buses