IT Security













The Information Technology  Network 

IT Trends - Jobs - Training - Contracts - Books


Information  Threat and Risk Analysis

     You have a good IT infrastructure and it is working fine. Ever thought it is prone to many threats and risks?  Every business has risk.  Every equipment is prone for failure which may result in business loss. And then we have terrorism, natural calamities. Is your IT infrastructure capable of taking care of all threats and risks?

   A risk analysis is a systematic examination of assets, threats, and vulnerabilities in your organization.  This risk analysis provides the foundation for the development of an appropriate IT Security Program. Risk analysis is extremely important to determine the level of protection required for your IT infrastructure such as networks, applications, systems, facilities and other enterprise assets. 

   A risk analysis shall identify dependence and vulnerabilities on existing IT assets. Look for the probabilities of threats occurring to existing IT assets and possible damage or losses due to the threats, if they occur. Identify the safeguards or countermeasures to be designed to reduce the threats and vulnerabilities to an acceptable level.

   For every threat you can have more than one strategy or countermeasure. Depending on the seriousness of the threat one must adapt to the appropriate strategy to make the best use of available resources.

   The main goal of the risk analysis process is to determine an acceptable level of risk that considers the security of organization and its shared resources,  This also shall address business strategy and the overall cost of countermeasures. 

    Risk analysis must be done when introducing significant new processes/systems are introduced or being considered. Risk analysis has to be done when major changes are made to an organizationís existing IT Infrastructure.  

  The following shall be taken care of while conducting a risk analysis.

 Information Asset Review

    Identify the criteria to take inventory of your IT infrastructure. Document the criterion. Do an exhaustive, item by item asset review and record the same. All hardware and software must be properly identified. Identify the assets that are critical to ongoing operations or which contain confidential or critical data. If you are introducing new systems or processes, review whether the current IT infrastructure can take care of the new requirement. Else, if you are procuring new systems ( software and/or hardware), analyze whether the new systems create any mismatch or  introduce threat to IT flow.

  Business Impact Analysis

   These days entire business depends on your IT infrastructure. Any failure of the computing environment disrupts the business. If you have an ERP, you may have configured the equipment dispatch procedure.  If the workstation fails, you can not simply dispatch the equipment even if the equipment manufactured is ready. You may need to have a strategy in place to take care of these failures. Do you have an alternative server handy to replace or replication/backup in place? What if your email system fails and critical business mails bounce off the net?

    Hence the purpose of the business impact analysis is to document the potential impact of loss of the assets on your organization.  Consider all the possible losses covering operational, financial, and legal impacts.

 Vulnerability Analysis

    Every IT infrastructure has its own vulnerability. Hence vulnerability analysis may be used to identify vulnerabilities associated with information assets.  You would have by now completed the information asset review. Now you analyze the vulnerability associated with this existing IT infrastructure.

 Threat Analysis

   IT infrastructure deals with lot of data and the communications.  More and more telecommunication resources depend on computers and telecommunication is becoming an integral part of IT infrastructure. A threat analysis shall be conducted to identify threats that could result in the intentional or accidental destruction, modification of data. The cause for a threat could be from external as well as within the organization.  It is easier to handle external threat using firewalls etc. However internal threats are the most difficult as they may know more on how to break your systems. Address all kind of threats.

 Risk Analysis

    Consolidate and review the vulnerabilities and threats to all identified assets of your IT infrastructure.  This is called risk analysis. Risk analysis is aimed at laying foundation for security program planning after determining the likelihood and impact of the vulnerabilities and threats.


    You know your IT infrastructure well. And you are the best person to identify vulnerabilities and risks in your IT infrastructure.  Review and document them properly. Educate the users of the computing environment regarding the effective usage of hardware and software. Any unintentional data damage affects the organization and its business. Take care of Back ups (preferably in geographically different location.). Never keep back up on the same machine. Keep your disaster recovery programs in place. Emails have become critical in todayís world. Ensure that email flow is never interrupted. As long as your computing environment is healthy, you can have a nice and peaceful life.