Based on the given case study, the author, as an independent auditor brought in by Dalton, Walton, & Carlton’s management performs the task of conducting an audit of their entire IT infrastructure, organization, and processes.
What are the assets that you would assess? Create a prioritized asset list based on criticality or functionality. (Feel free to make assumptions based on the case.)
I would prefer to assess the hardware and software assets on priority basis. Once enabled, the hardware inventory data provides you with all the system information including the available disk space, type of processor and the OS in each computer. On the other hand, software inventory agent provides information such as file types and there versions available on several client computers.
Identify and describe at least three threats to the IT infrastructure.
Threats to IT infrastructure can be many. Three of them are listed below:
1. Human threats: These include terrorist attacks, cyber-attacks, explosions, bombing etc.
2. Natural Threats: These include earthquakes, huge storms, volcanic eruptions, tsunamis etc.
3. Accidental/Technical threats: These include fires, electric shocks, system bursting etc.
What are the threat agents associated with the threats?
The various threat agents associated with threats are humans, natural weather conditions and technical equipments.
Are these threats natural, accidental, or deliberate threats?
These may be natural or accidental or even deliberate threats.
Describe each threat's impact and likelihood
1. Human threats: Impact of human threats can be very destructive in nature and its likelihood depends upon the political and socio-economic conditions of the particular state where the IT infrastructure is.
2. Natural threats: Impact can again be extremely dangerous and destructive in nature. Its likelihood depends upon geographical locations.
3. Accidental threats: The impact can again be completely destroying in nature. These types of threats can be avoided to maximum possible with a employing an effective administrative and security staff.