Application of Risk Management
YieldMore is a small agricultural company that produces and sells fertilizer products. The company operates through its headquarters in a small town in Indiana. Outside its headquarters, there are two large production facilities—one in Nebraska and one in Oklahoma. Furthermore, YieldMore employs sales force personnel in every state in the U.S. to serve its customers locally. The company has three servers located at its headquarters—Active Directory Server, a Linux application server, and an Oracle database server. The application server hosts YieldMore’s primary software application, which is proprietary program managing inventory, sales, supply-chain, and customer information. The database server manages all data stored locally with direct attached storage. All three major sites use Ethernet cabled local area networks (LANs) to connect the users’ Windows Vista workstations via industry standard, managed switches. The remote production facilities connect to headquarters via routers T-1 (1.54 mbps telecomm circuit) LAN connections provided by an external Internet service providers (ISP) and share an Internet connection through a firewall at headquarters. Individual sales personnel throughout the country connect to YieldMore’s network via virtual private network (VPN) software through their individual Internet connections, typically in a home office. Task:
I would have to say the most likely pairs of threat/vulnerability are location, equipment failure, social engineering, Denial of Service (DOS), and Mal ware. These threats seem to be the most problematic for this company. The first one is location; the servers are all housed in the company headquarters where if a natural or manmade disaster would cripple the company’s infrastructure. They need to distribute their servers to different locations. Another pair is equipment failure; each server has its own specific function that it handles and nothing else. It would help mitigate some of the risk that would happen if each server handled their own problems. Social engineering is a problem because it is dependent on the user which another person can hack the person for information that could get access to the organizations system. DOS is a problem because the public systems are not protected by firewalls and anti-virus program. This makes service availability a loss. The final problem is malware which is caused by the lack of anti-virus or out of date virus definitions. The impact of this is usually the loss of server or information depending on what the virus was originally intended to do. There are six risk management steps you can use to protect your company:
1. Determining the objectives of the organization,
2. Identifying exposures to loss
3. Measuring those same exposures,
4. Selecting alternatives,
5. Implementing a solution,
6. Monitoring the results.
I would suggest using all six steps to insure that my company is protected. The primary objective of an organization growth will determine its strategy for managing various risks. Identification and measurement of risks are relatively straightforward concepts.