Funding Sme – The Challenges And Risk Within - Mezzanine Financing - Part - 8
Sample IT Risk Assessment of an SME
-
Upload
imran-ahmed -
Category
Data & Analytics
-
view
79 -
download
1
Transcript of Sample IT Risk Assessment of an SME
Risk Assessment ExampleFor Small-Medium Enterprises (SMEs)
Created by Imran Ahmed (ImranahmedIT) www.imran-ahmed.co.uk
Introduction
Risk assessment is the determination of
quantitative or qualitative value of risk
related to a concrete situation and a
recognized threat (also called hazard).
Created by Imran Ahmed (ImranahmedIT) www.imran-ahmed.co.uk
Risk Assessment
Risks assessments are normally based on a scale
(i.e.1-5 or 1-10)
The main analysis consists of the following:
Type of Risk
Risk Management
Risk Outcome
It also includes a figure on the severity of each risk by
calculating the probability figure multiplied by the
impact figure
Created by Imran Ahmed (ImranahmedIT) www.imran-ahmed.co.uk
Risk Table (1)
Created by Imran Ahmed (ImranahmedIT) www.imran-ahmed.co.uk
*(Risk assessment is based on a scale of 1 - 10 with 1 being the lowest)
Risk Probability ImpactRisk
ExposureRisk Management Risk Outcome
Carrying mobile
devices or
removable media
e.g. USB, laptop
7 10 70System should only be connectible when
set up by IT department
Keep data secure and help to connect to the systems
safely and securely to prevent any data breaches.
Control of Staff
Access 8 8 64 Monitor staff control
Protect personal information and track which staff
members accessed which data at any given time in
case of any damage done accidentally or
purposefully.
Staff not using
strong encryption
to access system
5 8 40
Create password rules (e.g. have to
include 1 special character) for maximum
security and ensure they follow security
procedures outlined in the relevant
policy.
Keeps data more protected and make it much harder
for unauthorised users to break into the system to
steal data.
Lack of
knowledge for
staff
4 8 32Keep staff updated regularly, e.g. weekly
announcements.
To ensure staff are aware of the risks involved so
they can work with each other to keep personal
information secure and help reduce chances of data
breaches.
Risk Table (2)
Created by Imran Ahmed (ImranahmedIT) www.imran-ahmed.co.uk
*(Risk assessment is based on a scale of 1 - 10 with 1 being the lowest)
Risk Probability ImpactRisk
ExposureRisk Management Risk Outcome
Hardware failure
/ Software failure3 10 30
Have backups for server onsite and at an
offsite location
Protect information in case of fire or other disaster
so it can be recoverable with minimum downtime.
Finger print data 2 8 16Secure system with heavy encryption and
physical security if required.
Protect personal information from unauthorised
users.
Keeping
information
accurate
2 4 8
Ensure information is accurate and up to
date by constantly updating files when
information has been provided and
ensure old records are safely destroyed.
Ensures data is valid and old versions are not stored
which may cause confusion. It also helps ensure safe
destruction of old data that was held.
Ensure
information is
complete and
preserved.
1 5 5Ensure information is complete and
preserved to keep its integrity.
To ensure completeness of information so there are
no misinterpretations of data.
Thanks for reading!
If you like to contact me, feel free to head over to my website: www.imran-ahmed.co.uk
You can also see my other SlideShare presentations
Alternatively, visit my Blog page
Any feedback welcome: [email protected]
Created by Imran Ahmed (ImranahmedIT) www.imran-ahmed.co.uk