Skip to main content

Checklist for Infrastructure risk assessment


  1. Dependence on technology
    • Level of automation
      • All
      • Extensive
      • Many
      • Some
      • Few
    • Sophistication
      • Leading edge
      • Real time
      • Mix of real time and batch
      • Batch mode
      • Basic
    • Allowable downtime
      • Greater than an hour
      • Greater than a day
      • Greater than a week
      • Greater than a month
      • Revert to paper
  2. External interaction
    • Outsourcing
      • Complete outsource
      • Most key activities outsourced
      • Outsourcing of some key activities
      • Some outsourcing
      • No outsourcing
    • Partner and contracters
      • Untested suppliers
      • Less well known suppliers
      • Range of partners with some smaller suppliers
      • Established partners
      • Reputable partners
    • Business unit user computing external to the system
      • Vital part of operations
      • Supplemental
      • Regular
      • Some
      • Minimal
  3. Skills and resources
    • Qualification and training
      • Inexperienced and inadequately trained staff
      • Poorly trained staff
      • Mix of qualified and inexperienced staff
      • Good range of skilled staff
      • High calibre of staff
    • Workload
      • Insufficient resources
      • Shortfall in resources
      • Resources adequate for current needs and informal planning of future needs
      • Sufficient staff to meet current workload
      • At predetermined levels
    • Management structure
      • No management
      • No management defined
      • Management function suitable for current resources
      • Accountability is clear
      • High level enterprise representation
    • Staff churn
      • No stability
      • Low morale
      • Regular churn
      • Limited churn and satisfactory replacement strategy
      • Negligible churn
  4. Changing environment
    • Major projects
      • Extremely high activity stretching resources to the limit
      • High volume with intermittent capacity problems
      • Within resource ability
      • Limited
      • Minimal
    • Custom development
      • Extremely high activity of development
      • High volume of development activity
      • Balanced development and packaged solutions
      • Majority of solutions are packaged
      • Packaged solutions
    • Leading edge technology
      • Leading edge technology
      • New technology introduced
      • Some level of recent technology change
      • Low level of technology change
      • Stable technology
    • Business resources
      • All business activities being reorganised
      • Major reorganisation
      • Some core business processes reorganised
      • Some elements of the business reorganised
      • No significant changes
  5. Reliability of systems
    • Complexity
      • Very large and complex systems
      • Large systems
      • Moderately large systems
      • Majority simple systems
      • Small or simple systems
    • Fragmentation
      • Separate ‘islands’ of systems
      • Majority of information is relayed manually
      • Resources adequate for current needs and informal planning of future needs
      • Interfaces between systems automated
      • Fully integrated
    • Scalablity
      • Environment is volatile
      • Difficult to predict changes
      • Occasional emergency changes
      • Changes can be predicted
      • Demand is stable
    • Error rate
      • Constant error rate
      • Regular error rate
      • Occasional errors
      • Errors rare
      • No errors
    • Stability
      • Systems inflexible and majority of needs are not addressed
      • Systems inflexible
      • Delays experienced
      • Stable and all key needs addressed
      • Systems are stable and all needs addressed
  6. Focus on business environment
    • Business interaction
      • No coordination with business
      • Some involvement of business
      • Business needs considered in strategy
      • Business requirements a priority
      • Strategic part of business
    • Management awareness
      • Management and business users are not aware of value and risk of systems
      • Management aware of value and risk but business users are not
      • High level addressed and limited knowledge of lower levels
      • Understanding of systems is a high priority
      • Full awareness of value and risk
    • Satisfy requirements
      • Requirements not addressed
      • Systems unsatisfactory
      • Systems satisfy core requirements
      • Most systems satisfy requirement
      • Business needs are satisfied
  7. Value of information
    • Fraud
      • Business has highly desirable assets
      • Significant range of valuable information
      • Some valuable information
      • Information not valuable
      • Minimal desirable assets
    • Legislation
      • Highly regulated
      • Extensive regulation and compliance activity
      • Some systems need to be adapted for compliance
      • Some relevance
      • Minimal impact
    • Data sensitivity
      • Information is highly sensitive and confidential
      • High confidential information stored
      • Important information stored
      • Limited storage of information
      • Minimal system use
    • Reputation
      • Company involved in highly sensitive activity
      • Company has high profile
      • Company is well known
      • Little reason for damage to reputation
      • Low profile
Labels:

Comments

Post a Comment

Popular posts from this blog

LDWin: Link Discovery for Windows

LDWin supports the following methods of link discovery: CDP - Cisco Discovery Protocol LLDP - Link Layer Discovery Protocol Download LDWin from here.
Post a Comment
Read more

Battery Room Explosion

A hydrogen explosion occurred in an Uninterruptible Power Source (UPS) battery room. The explosion blew a 400 ft2 hole in the roof, collapsed numerous walls and ceilings throughout the building, and significantly damaged a large portion of the 50,000 ft2 building. Fortunately, the computer/data center was vacant at the time and there were no injuries. Read more about the explosion over at hydrogen tools here .
Post a Comment
Read more

STG (SNMP Traffic Grapher)

This freeware utility allows monitoring of supporting SNMPv1 and SNMPv2c devices including Cisco. Intended as fast aid for network administrators who need prompt access to current information about state of network equipment. Access STG here (original site) or alternatively here .
Post a Comment
Read more