Skip to main content

Checklist for Infrastructure risk assessment


  1. Dependence on technology
    • Level of automation
      • All
      • Extensive
      • Many
      • Some
      • Few
    • Sophistication
      • Leading edge
      • Real time
      • Mix of real time and batch
      • Batch mode
      • Basic
    • Allowable downtime
      • Greater than an hour
      • Greater than a day
      • Greater than a week
      • Greater than a month
      • Revert to paper
  2. External interaction
    • Outsourcing
      • Complete outsource
      • Most key activities outsourced
      • Outsourcing of some key activities
      • Some outsourcing
      • No outsourcing
    • Partner and contracters
      • Untested suppliers
      • Less well known suppliers
      • Range of partners with some smaller suppliers
      • Established partners
      • Reputable partners
    • Business unit user computing external to the system
      • Vital part of operations
      • Supplemental
      • Regular
      • Some
      • Minimal
  3. Skills and resources
    • Qualification and training
      • Inexperienced and inadequately trained staff
      • Poorly trained staff
      • Mix of qualified and inexperienced staff
      • Good range of skilled staff
      • High calibre of staff
    • Workload
      • Insufficient resources
      • Shortfall in resources
      • Resources adequate for current needs and informal planning of future needs
      • Sufficient staff to meet current workload
      • At predetermined levels
    • Management structure
      • No management
      • No management defined
      • Management function suitable for current resources
      • Accountability is clear
      • High level enterprise representation
    • Staff churn
      • No stability
      • Low morale
      • Regular churn
      • Limited churn and satisfactory replacement strategy
      • Negligible churn
  4. Changing environment
    • Major projects
      • Extremely high activity stretching resources to the limit
      • High volume with intermittent capacity problems
      • Within resource ability
      • Limited
      • Minimal
    • Custom development
      • Extremely high activity of development
      • High volume of development activity
      • Balanced development and packaged solutions
      • Majority of solutions are packaged
      • Packaged solutions
    • Leading edge technology
      • Leading edge technology
      • New technology introduced
      • Some level of recent technology change
      • Low level of technology change
      • Stable technology
    • Business resources
      • All business activities being reorganised
      • Major reorganisation
      • Some core business processes reorganised
      • Some elements of the business reorganised
      • No significant changes
  5. Reliability of systems
    • Complexity
      • Very large and complex systems
      • Large systems
      • Moderately large systems
      • Majority simple systems
      • Small or simple systems
    • Fragmentation
      • Separate ‘islands’ of systems
      • Majority of information is relayed manually
      • Resources adequate for current needs and informal planning of future needs
      • Interfaces between systems automated
      • Fully integrated
    • Scalablity
      • Environment is volatile
      • Difficult to predict changes
      • Occasional emergency changes
      • Changes can be predicted
      • Demand is stable
    • Error rate
      • Constant error rate
      • Regular error rate
      • Occasional errors
      • Errors rare
      • No errors
    • Stability
      • Systems inflexible and majority of needs are not addressed
      • Systems inflexible
      • Delays experienced
      • Stable and all key needs addressed
      • Systems are stable and all needs addressed
  6. Focus on business environment
    • Business interaction
      • No coordination with business
      • Some involvement of business
      • Business needs considered in strategy
      • Business requirements a priority
      • Strategic part of business
    • Management awareness
      • Management and business users are not aware of value and risk of systems
      • Management aware of value and risk but business users are not
      • High level addressed and limited knowledge of lower levels
      • Understanding of systems is a high priority
      • Full awareness of value and risk
    • Satisfy requirements
      • Requirements not addressed
      • Systems unsatisfactory
      • Systems satisfy core requirements
      • Most systems satisfy requirement
      • Business needs are satisfied
  7. Value of information
    • Fraud
      • Business has highly desirable assets
      • Significant range of valuable information
      • Some valuable information
      • Information not valuable
      • Minimal desirable assets
    • Legislation
      • Highly regulated
      • Extensive regulation and compliance activity
      • Some systems need to be adapted for compliance
      • Some relevance
      • Minimal impact
    • Data sensitivity
      • Information is highly sensitive and confidential
      • High confidential information stored
      • Important information stored
      • Limited storage of information
      • Minimal system use
    • Reputation
      • Company involved in highly sensitive activity
      • Company has high profile
      • Company is well known
      • Little reason for damage to reputation
      • Low profile
Labels:

Comments

Post a Comment

Popular posts from this blog

easywall - Web interface for easy use of the IPTables firewall on Linux systems written in Python3.

Firewalls are becoming increasingly important in today’s world. Hackers and automated scripts are constantly trying to invade your system and use it for Bitcoin mining, botnets or other things. To prevent these attacks, you can use a firewall on your system. IPTables is the strongest firewall in Linux because it can filter packets in the kernel before they reach the application. Using IPTables is not very easy for Linux beginners. We have created easywall - the simple IPTables web interface . The focus of the software is on easy installation and use. Access this neat software over on github: easywall
Post a Comment
Read more

No Scrubs: The Architecture That Made Unmetered Mitigation Possible

When building a DDoS mitigation service it’s incredibly tempting to think that the solution is scrubbing centers or scrubbing servers. I, too, thought that was a good idea in the beginning, but experience has shown that there are serious pitfalls to this approach. Read the post of at Cloudflare's blog: N o Scrubs: The Architecture That Made Unmetered Mitigation Possible
Post a Comment
Read more

Should You Buy A UniFi Dream Machine, USG, USG Pro, or Dream Machine Pro?

 
Post a Comment
Read more