Risk Determination & Decision Tree Analysis
praveen1993
RiskDeterminationWorksheet-Student.xlsxCorpoarate Assets Risk Summary
| Asset Under Review: Customer Realtionship Management System | Financial Loss | Legal Impacts | Embarrassment | Probability - Impact | Risk Score | Possible Safeguards | Safeguard Cost | ||
| Unauthorized Disclosure | 0 | 0 | 0 | 0 | 0 | ||||
| Unauthorized Modification | 0 | 0 | 0 | 0 | 0 | ||||
| Unavailability | 0 | 0 | 0 | 0 | 0 | ||||
| Unauthorized Destruction | 0 | 0 | 0 | 0 | 0 | ||||
| Unauthorized Access | 0 | 0 | 0 | 0 | 0 | ||||
| Asset Under Review: Supply Chain Management System | Financial Loss | Legal Impacts | Embarrassment | Probability - Impact | Risk Score | Possible Safeguards | Safeguard Cost | ||
| Unauthorized Disclosure | 0 | 0 | 0 | 0 | 0 | ||||
| Unauthorized Modification | 0 | 0 | 0 | 0 | 0 | ||||
| Unavailability | 0 | 0 | 0 | 0 | 0 | ||||
| Unauthorized Destruction | 0 | 0 | 0 | 0 | 0 | ||||
| Unauthorized Access | 0 | 0 | 0 | 0 | 0 | ||||
| Asset Under Review: Employee Training System | Financial Loss | Legal Impacts | Embarrassment | Probability - Impact | Risk Score | Possible Safeguards | Safeguard Cost | ||
| Unauthorized Disclosure | 0 | 0 | 0 | 0 | 0 | ||||
| Unauthorized Modification | 0 | 0 | 0 | 0 | 0 | ||||
| Unavailability | 0 | 0 | 0 | 0 | 0 | ||||
| Unauthorized Destruction | 0 | 0 | 0 | 0 | 0 | ||||
| Unauthorized Access | 0 | 0 | 0 | 0 | 0 | ||||
| Asset Under Review: Enterprise Data Center | Financial Loss | Legal Impacts | Embarrassment | Probability - Impact | Risk Score | Possible Safeguards | Safeguard Cost | ||
| Fire | 0 | 0 | 0 | 0 | 0 | ||||
| Water Damage | 0 | 0 | 0 | 0 | 0 | ||||
| Production Environment Unavailability | 0 | 0 | 0 | 0 | 0 | ||||
| Development Environment Unavailability | 0 | 0 | 0 | 0 | 0 | ||||
| Loss of Facilities Power | 0 | 0 | 0 | 0 | 0 | ||||
| Primary Network Area Storage Device Unavailabity | 0 | 0 | 0 | 0 | 0 | ||||
| Theft of Computing Equipement | 0 | 0 | 0 | 0 | 0 | ||||
| Unauthorized Access into EDC | 0 | 0 | 0 | 0 | 0 | ||||
| Complete a qualitiative risk assessment for the each of the corpoarate assets using the predefined risk tables above and cooresponding refernce table on the reference tab in the workbook. |
Occupation Analysis
| Asset Under Review: Corporate Financial Data | Vulnerability | Total | ||||
| Occupation | Unauthorized Access | Unauthorized Modification | Unauthorized Disclousure | Distruction | ||
| Chief Executive Officer | 0 | |||||
| Chief Financial Officer | 0 | |||||
| Chief Information Systems Officer | 0 | |||||
| Chief Technology Officer | 0 | |||||
| Executive Secretary | 0 | |||||
| Director of Engineering | 0 | |||||
| VP Finance & Accounting | 0 | |||||
| VP Human Resources | 0 | |||||
| Senior Accountatnts -CPA | 0 | |||||
| Junior Accountants | 0 | |||||
| Director of Telecommunications | 0 | |||||
| Director of Enterprise Applications | 0 | |||||
| Senior Application Developer | 0 | |||||
| Junior Application Devloper | 0 | |||||
| Database Administrator | 0 | |||||
| Network Administrator | 0 | |||||
| Production Supervisor | 0 | |||||
| Manager of Facilities Maintenance | 0 | |||||
| Helpdesk Technician | 0 | |||||
| Shipping Clerk | 0 | |||||
| Risk Level | Value | |||||
| Greatest Risk | 6 | |||||
| Great Risk | 5 | |||||
| Moderate Risk | 4 | |||||
| Limited Risk | 3 | |||||
| Low Risk | 2 | |||||
| No Risk | 1 | |||||
| Completet the occupation analysis Table above and then evaluate the results and answer the quetsions below | ||||||
| How is this analysis Useful? | ||||||
| Which occupations pose the highest risks to unauthorized modification to corpoarte financial data? | ||||||
| Which occupations pose the least risks to unauthorized modification to corpoarte financial data? | ||||||
| What safegauards would you implement to help prevent the unauthorized authorization of corporate finainical data? | ||||||
Decision Tree
| CRM Decision Tree Diagarm | |||||||||||||
| Examine the decisoon treet diagarem above; next complete each of the decision trree branch analysis using the tables below; evaluate the final results and answer the question as to your recommnedation for the best option | |||||||||||||
| Custom Development | |||||||||||||
| Branch 1 | Cost | High | Moderate | Low | Branch Total | Value | |||||||
| In-House Development | Probability | Value | Total | Probability | Value | Total | Probability | Value | Total | ||||
| $10,000,000 | 0.10 | $12,000,000 | $1,200,000 | $10,000,000 | $0 | 0.70 | $0 | $1,200,000 | -$8,800,000 | ||||
| Branch 2 | Cost | High | Moderate | Low | |||||||||
| Outsource Development | Probability | Value | Total | Probability | Value | Total | Probability | Value | Total | ||||
| $9,700,000 | $0 | 0.60 | $0 | $6,000,000 | $0 | $0 | -$9,700,000 | ||||||
| COTS | |||||||||||||
| Branch 1 | Cost | High | Moderate | Low | Branch Total | Value | |||||||
| On-Premise COTS | Probability | Value | Total | Probability | Value | Total | Probability | Value | Total | ||||
| $7,500,000 | $15,000,000 | $0 | $0 | 0.20 | $0 | $0 | -$7,500,000 | ||||||
| Branch 2 | Cost | High | Moderate | Low | |||||||||
| Hosted COTS | Probability | Value | Total | Probability | Value | Total | Probability | Value | Total | ||||
| $6,500,000 | 0.80 | $0 | $0 | 0.10 | $0 | $0 | -$6,500,000 | ||||||
| Which option would provide the best overall value and why? | |||||||||||||
| * Note: one of the branch values should resullt in a negative number. |
References
| Financial Loss | Valuation Score | Threat Vulnerability Work Table | ||||||
| Less than $2,000 | 1 | Impact | ||||||
| Between $2K and $20K | 2 | Low | Medium | High | ||||
| Between $20K and $50K | 3 | Probability | High | 3 | 6 | 9 | ||
| Between $50K and $100K | 4 | Medium | 2 | 5 | 8 | |||
| Between $100K and $300K | 5 | Low | 1 | 4 | 7 | |||
| Between $300K and $500K | 6 | |||||||
| Between $500K and $1M | 7 | |||||||
| Between $1M and $5M | 8 | |||||||
| Between $5M and $10M | 9 | |||||||
| Between $10M and $30M | 10 | |||||||
| Between $30M and $100M | 11 | |||||||
| Greater Than $100M | 12 | |||||||
| Legal Implication | Valuation Score | |||||||
| Under $5K | 1 | |||||||
| Between $5K and $10K | 4 | |||||||
| Between $10K and $50K | 5 | |||||||
| Between $50K an $1M and/or CIO liable for prosecution | 8 | |||||||
| Over $1M and/or Officers and/or Directors Liable | 10 | |||||||
| Enterprise Embarrassment | Valuation Score | |||||||
| Embarrasment restricted to within the project of work site | 1 | |||||||
| Embarrassment spread to other work areas of operating group or division | 2 | |||||||
| Embarrassment spread throughout the enterprise | 3 | |||||||
| Public made aware thorugh local press | 5 | |||||||
| Adverse national press | 7 | |||||||
| Stcok proce impacted | 10 | |||||||
| Priority | Score | |||||||
| Low | 1 | |||||||
| Low to Medium | 2 | |||||||
| Medium | 3 | |||||||
| Medium to High | 4 | |||||||
| High | 5 | |||||||
| Annual Loss Multiplier Table | ||||||||
| Occurrence Frequency | Multplier | |||||||
| Never | 0.000 | |||||||
| Once in 300 Years | 0.003 | |||||||
| Once in 200 Years | 0.005 | |||||||
| Once in 100 Years | 0.010 | |||||||
| Once in 50 Years | 0.020 | |||||||
| Once in 25Years | 0.040 | |||||||
| Once in 10 Years | 0.100 | |||||||
| Once in 5 Years | 0.200 | |||||||
| Once in 2 Years | 0.500 | |||||||
| Yearly | 1.000 | |||||||
| Twice a Year | 2.000 | |||||||
| Once a Month | 12.000 | |||||||
| Once a Week | 52.000 | |||||||
| Once a Day | 365.000 | |||||||
