IT Risk Profiles Registeration

Department : Information Technology

Unit : Technology Application
Risk Area : Disaster Recovery Managent
Created By : Mr.Lors Les
Reviewed By : Mr. EK Sindeng
Created Date : 16/09/2019

Likelihood
No Risk Name Risk Nature Consequence Existing Controls Causes Implication Recommendation Remediation Action Severity Risk Owner
(1 - 5)
1 Single Point of Hardware failure A single point of failure (SPOF) is a Single points of failure (SPOF) must Engineer has running production System not redundant, it is 3 system application or any Clustering technology must be Prepared proposal and 4 Asset management manager
(SPOF) potential risk posed by a flaw in the be identified from the host all the server system with single server single point of failure can resource on the server will not used to allow a duplicate copy propose the project to IT unit manager
design, implementation or way to the allocated storage. devices without backup server or compromise the availability of availability of the server sytem production to charimain or commitee IT network infra manager
configuration of a circuit or system in redundant server workloads for access when hardware fail or run on a second physical server. If for approval
which one fault or malfunction causes and Productivity suffering. down . the first server failed, the second
an entire system to stop operating would take over to preserve
access to the application and
avoid the SPOF
2 Poorly documented Performce the task without clear work This can lead to the exposure of Engineer is controlling by Policy yet to define and 3 Vulneribility and gaps in system Define strong policy , document Start to work wtih plan 3 IT Unit manager
configuration and recovery plan or procedure it make it operation knowledgeable staff being imporperly record every action Performe the task without configuration is occured configuration record and and follow the standard System Engineer
procedures fail to operate the system recovery unavailable following a major modify or change configuration of procedure and action plan lack of data modify and record precedure and policy IT Network infratstructure
outage or disaster recovery plan sytem or network configuration.it activities
don't have clear proccedure
define to performe the task

3 Inexistent change management Poor planned changing are frequently
policies
4 Human error
5 Single copy backups
6 Disk/Raid Failure
7 Physical Network Failure
8 Power Failure
A lack of change management is Engineer perform the job without Unmanage change control all 3 vulneribility and gaps in system define strong policy , document Define strong policy , 3 IT Unit manager
identified as the cause for storage probably one of the most common policy change control systems or server production configuration is occured configuration record and document configuration System Engineer
failure of data loss. vulnerabilities, but is often mangement change or modify the setting, it lack of data modify and record precedure record and precedure IT Network infratstructure
vulnerabilities or gap in the server overlooked because IT personnel cause missed more it operation procedure
system has occured. typically don't consider themselves control
threat agents. However, poorly
planned changes are frequently
identified as the cause for storage
failure of data loss.
it’s not the equipment’s fault.it was backup data will error or currupted, Engineer has backup data and Daily job performance with 2 Missed procdeure and policy, it Must high comitment to performe Must high comitment to 2 IT Unit manager
installed wrong or not properly data will loss copy to storage without doube wrong procdeure , it lead more lead more mistake that infliuen the task performe the task System Engineer
maintained or testing before and business operation will difficult check or test restore mistake that infliuen with IT with IT operation and company create strong policy , guideline create strong policy , IT Network infratstructure
deployment to operate so data backup source got error operation and company sometime it become intruder, guideline
and not available to use some insider and sabotage
times
Probality of data loss is high if you have There is potential exposure to data Engineer has copied data backup haven't comply with it security 3 One single copy backups is Set plan , procedure and create Set plan , procedure and 2 IT Unit manager
only one copy of data backup which loss in the event backup storage only one set due to space storage policy and data disaster corupted or erro can not backup policy to performe the create backup policy to System Engineer
mean one set backup copy is media is damaged or lost. is limited recovery policy restore, the data will loss job performe the job IT Network infratstructure
corupted , data will loss plan
Raid configuration is not correctly Hard disk fail by wrong implement Engineer has implemented raid Third party is doing implement 3 Data management is not Check SLA with third party and Study more about raid 2 IT Unit manager
deploy when there is one hard disk fail , raid technology, it affeced to data without follow the standard of raid raid as scope in SLA without comply with data securiy policy more clarify about quality of confiuration technology DBA Unit manager
all data is lost security and availability technology configuration and follow with standard of raid and it makes more impact in engineer and follow stanard of IT and try to understand all IT Network infratstructure
data security policy technology configuration and IT data controling and security policy. feature and data security manager
security policy management mangement
Createa strong policy and
procedure.
When network fail there is unaccess to No redundancies built into the Engineer is operating the job No redundancies built into the 2 Infrastructure is exposed to Netowrk redundant link must Mainternance all network 4 IT Unit manager
all production server or information architecture without planning about network architecture physical damage, which can apply device and link including IT Network Infra manager
sytem , email , internet. Loss connection to check email or fail or unavailablity Single link to between endpoint lead to outages and congestion create managment policy relate information system
access to any resource on the it is single point failure of to server production or services unavailability to network failure and bycreate a procedure to
server connection, it doesn't have or other network devices mainternance perform the job and
and internet. redundant network link policy management
control.
Power outage and UPS can not handle All network devices will be Engineer haven't plan Poor managemnt, controling 3 File corruption Prepare proposal to buy a Check power supply and 3 IT Unit manager
long hour and all network devices will shutdown after power failure long mainternanc or testing UPS or any and mainternace policy Software corruption generator for backup power. prepare new ups for IT Network Infra manager
not available to access hour power supply circuit in correct Drive read instability, which Review all documents control endpoit or any network
so operation productivity of manner prevents access to the data on and also policy in roder to devices which serving run
organization will also impacted. the disk prepare precedure and schedule operation.
to mainternance.

9 Environment failure
Lost server room key or card access to
physical device or data center
Unable to access data centre or
any network devices while there is
urgent issue has occured
Eginneer is poor management of
access door , Key or card access
to data center
not have policy or asset
mangement plan relate to
authorize or unauthorize access
Poor management of 3 Unable to access to server room
controlling security access door or data centor for urgent check
(key and id card) the problem or any failure of
network devices or systems.
Prepare access door
management policy
Arrange security control box for
storing the key or access card
to all physical network devices.
Contact to suppliers 3 IT Unit manager
/vendors to support in IT Network Infra manager
order to unlocked the
door
10 Poor asset management Lack of asset information system and
network devices list . It possible to get
attack from unauthorize access
Unable to support or mainternance Engineer is controlling information
of infrmation system and network system and network without full
devices information of asset list, and it
difficult to mainternance and
control the network devices in
oganization
Not address asset management
policy or precedure to
performce the task.
Not strong policy and
management plan
4 Lack information of controling or
manage information system and
device it can easily attack from
unauthorize due to miss
mainternance and update
patch to the server system
Create a policy to mananage all
asset infromation system and
network devices.
mainnternance and update all
asset change or modify must
record to inventory list.
Prepared a plan to 4 Asset management manager
conduct inventory list all IT unit manager
network devices and IT network infra manager
information system.
Create proccedure and
policy for asset
management