Page 28 - Risk Management Bulletin April -June 2021
P. 28

RMAI BULLETIN APRIL TO JUNE 2021


             and vulnerabilities at data centers should be    How to conduct a simple risk analysis
             performed regularly based on the size and complexity  Several metrics are examined when assessing risk,
             of the company. Larger and more densely populated  including the likelihood of an event occurring, the
             data centers should be assessed more frequently,  impact on the organization and its employees, the
             perhaps quarterly or even monthly. These assessments  severity of the impact and the resources -- for
             may be affected by the number of remote workers and  example, funding, equipment and people -- needed to
             their demand for IT resources, such as applications,  mitigate the risk.
             data files and databases.                        Using a consistent scale for quantification can help
             Results of these assessments can be used to fine-tune  evaluate and assess a risk, threat or vulnerability. The
             system administration, incident response, backup and  table below presents a simple risk analysis metric in
             recovery, data protection and management, disaster  which a specific risk, threat or vulnerability is evaluated
             recovery, physical and local access security, and  by rating factors on a scale of 0.0 to 1.0
             environmental management activities.             This sample's risk rating metrics are the
             Network risk assessments can also be affected by the  following:
             number of remote workers. The demand for greater  Y  Likelihood: 0.0 (unlikely) to 1.0 (absolutely will
             bandwidth means more frequent reviews of            occur)
             bandwidth usage, response times and overall network  Y  Severity: 0.0 (no damage) to 1.0 (total destruction)
             throughput.                                      Y  Impact: 0.0 (no impact) to 1.0 (total loss)

             The internet is the network service used most    Y  Resources: 0.0 (none needed) to 1.0 (extremely
             frequently by workers to gain access to services and  costly and resource-intensive)
             applications, but managing internet risks is generally  Values for these metrics can be obtained from a variety
             outside an organization's control. The same holds true  of sources, such as risk tables, insurance companies
             for managing risks associated with workers accessing  and actuarial tables. They can also be estimated based
             the internet through local telecom operators. Yet,  on experimental data.
             users can proactively monitor network performance
                                                              The last column of the sample table includes risk
             using a variety of specialized tools. They can also  ratings, which can be used to identify the risks, threats
             contact network providers -- both ISPs and local  and vulnerabilities that need the most urgent
             telecom operators -- in the event performance    attention. The risk ratings based on calculated score
             anomalies are detected.                          are the following:

             Remote worker assessments are the final leg of the  Y  0.000 to 0.150 = low to minimal business risk
             process. The risk factors an enterprise assesses can be  indicated
             tweaked to more accurately reflect a remote      Y  0.160 to 0.200 = moderate to high business risk
             workforce risk assessment strategy. Employees       indicated
             working at home or at an alternate office location must  Y  0.210 to 0.250 = serious business risk indicated
             be diligent in managing and maintaining their systems
                                                              Y  0.260 to 0.300 = catastrophic business risk
             and remote access resources. This can be done in    indicated
             partnership with IT staff and help desk teams assigned
                                                              Final considerations
             to manage  remote communications activities.
                                                              Performing risk assessments that involve remote and
             Employees working remotely can face external risks
                                                              hybrid employees is essential in today's dispersed
             that go beyond technology issues -- among them,
                                                              workplace. While the process is largely the same as for
             dealing with young children and other family
                                                              other risk assessments, modifying processes to
             members, as well as tending to health issues and
                                                              accommodate the unique risks, threats and
             mental wellness. Many of these issues have emerged  vulnerabilities associated with remote working can
             from the pandemic and challenge employees and    help prevent businesses from experiencing downtime,
             organizations alike.                             lost revenue and productivity, and more.



                                                           26
   23   24   25   26   27   28   29   30   31   32   33