Classic Catalog Company runs a small but rapidly growing catalog sales business.
ID: 3909783 • Letter: C
Question
Classic Catalog Company runs a small but rapidly growing catalog sales business. It outsourced its Web operations to a local ISP for several years, but as sales over the Web have become a larger portion of its business, it has decided to move its website onto its own internal computer systems. It has also decided to undertake a major upgrade of its own internal networks. The company has two buildings, an office complex and a warehouse. The two-story office building has 60 computers. The first floor has 40 computers, 30 of which are devoted to telephone sales. The warehouse, located 400 feet across the company’s parking lot from the office building, has about 100,000 square feet, all on one floor. The warehouse has 15 computers in the shipping department located at one end of the warehouse. The company is about to experiment with using wireless handheld computers to help employees more quickly locate and pick products for customer orders. Based on traffic projections for the coming year, the company plans to use a T1 connection from its office to its ISP. It has three servers: the main Web server, an email server, and an internal application server for its application systems (e.g., orders, payroll). Perform a risk assessment.
Explanation / Answer
Before starting with the Risk Assessment, we need to identify the different risks keeping the different scenario in mind. The first and the important thing is Classic Catalog Company will have its own website on its internal computers which means security of data and assets is of big concern. Data related to different clients and company details that needs to be kept confidential. In that case security of confidential data is important, apart from that protecting our equipments and computers from external attack. To perform Risk Assessment we will perform some steps and that are as follows:
Step 1: In these step we will identify the different problem associated,
1] Protection of Data from external attacks
2] Protection of Assets
3] If we are maintaining three servers Web Server, Email Server and Application Server, there should be proper connectivity among them and also we should keep some proxy servers, in case if any of the servers are not working on time.
4] To handle multiple request coming from clients we should aslo keep backup of the data on different server in case of emergency.
5] In order to handle many client request at a time we should have faster system and shorter response time.
Step 2: If in case problem occurs what can be the impact? , in short need to analyse upto what extent it is serious, what all things can be affected for example sales, datas, acquisition of clients.
1] If in case the server is down, all the sales will be affected.
2] If the website is not working properly due to technical issues, clients will be dissatisfied and that can alos create bad impact on the companys image.
3] If any external person hacks the computer or gets an access to companys and client information, they can misuse client details for example credit and payment details. These can harm the clients.
Step 3: In these step we will include some measures to avoid or to control the problem.
1] To avoid external attacks we can use firewalls, also to keep the data secured related to client and company we can have a separate room for servers where the entry is restricted.
2] To avoid the internal attacks we can have proper authentication and authorization system which includes allocation of different of user id and password along with the different rights to access those data.
3] We can have a qualified DBA who can have a proper control on database and the person who is using it.
4] We can have Network Administrator who can help us to maintain or take different security measures related to network.
5] We need to maintain a backup of all the data, so that in case the main server is harmed or for any issues is not under working, our data is protected and that data can be recovered.
6] In order to satisfy many customers at at time we should have highly configured computers and many computers so that the load on single machine is reduced.
Step 4: After performing all the above steps we need to analyse them properly and maintain it so that in future we can implement these steps when required.
1] Maintaining the problems and to measures to avoid and overcome them is important because, in case of emergency one is not going to have time to analyse on problem and deceide the measures to overcome them.
2] Secondly the person can be new to the company who is not aware of the risk assessment techniques or analysis that the previous person has done.
3] Basically Risk Assessment helps to identify the risk, how to overcome them, if in case risk occurs what the different control measures that can be taken.
Step 5: The last step we can include the different techniques apart from what we have already maintained in a file, because with time the percentage of rsik occurrence varies and with respect to that we can have different upgraded techniques or different software that can help us to avoid the problems.