1. RISK ASSESSMENT - BY ALFRED ALVA

DATE 2020

RISK = THREAT X VUNERABILTY



Risk is the likelyhood of financial loss


Ask your self these questions, then Call me 562-536-1000 (Alfred) to discuss what I do to lessen the damage.


What is the risk of a server crashing?


Is there trade secrets anywhere on a system?


How secure is customer data on your servers? potential lawsuite


Are systems up to date? --Microsoft Updates


Do all computers and servers have antivirus software.?


Do you have a intrusion detection system installed?


What are your costs downtime if a system goes down?


Can someone or employee steal your clients and transfer the data to a usb drive?


Do you live by flood, hurricane, or tornados that could destroy your network?


================What are the Threats===============

"Outside forces that could comprimise you infrastucture"


Hackers are not the top danger! You are responsible for your network.


a. Natural Disasters


b. location of server room is important.


c. System failure - High quality hardware are safer. Low quality is not dependable.


d. Do you have warrenties on any servers or computers?

e. Accidental human interferance or bad decisions like delete whole database.


f. Malicous Human intent like: Interceptions, impersonation, or interference.


g. Denial of service, Hacking, Bad wifi access point, Phishing


================Vunerabilities===================

a. What do you have to protect.


b. Does anyone have permissions to damage a system?


c. How easy is it to brake glass or entry to your business.


d. Is your office at a high crime area.


e. Do you have firewall, anti-virus,malware, Group policies.


f. Do you shread all information client paperwork.


g. Bad employee passwords increase your company’s exposure to security risks and guessed by unauthorized people.


==========Protections=================

Cloud services like AWS can secure your data.


a. What cloud service do you use and what is stored there?


b. Do you have a backup system?


c. Do you have redundency/clustering system like a mirror server when one crashes one takes over.


d. Do you use a sharing file system somewhere


e. Do you have virtualization in place.


==========Physical and operational security===========


a. Do you have a good lock on the servers?


b. Is there any servers on the floor that can be damaged some way.


c. Do you have any cridical information that is on a server and everyone knows which one it is?

d. What type of access do employees have.


e. who is allowedto accessserver room.


  1. Do you have a topology map or documentation how things are setup?

e. Do you have ISP information if internet goes down i.e account numbers, pin,security wuestions.


f. For a website, doyou have Web Hosting login or Domain host login information/ authorization?


g. Where is all the software/server disks to install to a new computers or re-install and is it licensed?


h. Can anyone walk into your building without a person to check them in?


I, Disposing of old devices with hard drive you can expose information.


==================Disaster Plan=======

a. What if servers go down? who gets a call and where is that information.


b. Do you have a disaster plan?


c. How long would it take if customer data goes down?

==============Mitigation =====

Something bad happened, what can be done to avoid the "bad" happening or how can it be minimized next time.


a. Event happens


b. You Analyze

c. Respond to the event

e. Ask the why did it happen?


f. Train employees to spot Phishing emails, identify a virus and pull the computer off the network.


g. Send test emails and fake phishing emails, to employees and see it they are spotting them. They have a service to do this https://cofense.com