3664 Diploma of Information Technology (Network Engineering) 3663E Manage Risk

Risk Assessment and Management Report

Student: Teacher: Due Date: # of Pages:

Alana Reynard Brian Simmons 22 March 2004 12

Alana Reynard Page 1

Contents
Computing Equipment...................................................................................................................................3 Holy Family Campus...................................................................................................................................3 John Paul II Campus...................................................................................................................................3 Software Details and Licensing Agreements................................................................................................4 Software Details..........................................................................................................................................4 Licensing Arrangements..............................................................................................................................4 Financial Value of Equipment and Software...............................................................................................5 .........................................................................................................................................................................5 Maintenance Requests and System Performance........................................................................................6 Maintenance Requests.................................................................................................................................6 Computing System Performance.................................................................................................................6 Possible Risk Events.......................................................................................................................................7 Managing Risk Events: Risk Plans...............................................................................................................7 Risk Factor: Fire.........................................................................................................................................7 Risk Factor: Vandalism...............................................................................................................................8 Risk Factor: Theft........................................................................................................................................8 Risk Factor: Server Failure.........................................................................................................................9 Risk Factor: Virus Attack..........................................................................................................................10 Risk Management Process Review..............................................................................................................11 Risk Factor: Fire.......................................................................................................................................11 Risk Factor: Vandalism.............................................................................................................................11 Risk Factor: Theft......................................................................................................................................11 Risk Factor: Server Failure.......................................................................................................................12 Risk Factor: Virus Attack..........................................................................................................................12

Alana Reynard Page 2

Computing Equipment
St. Andrews College has two campuses; Holy Family (years 7 to 10) and John Paul II (Years 11 to 12). The two campuses are approximately one kilometre apart and are connected through an underground fibre optic cable.

Holy Family Campus

The Holy Family campus has two main computing labs, Benelong-7 (B7) and Benelong-8 (B8). B7 and B8 each contain 24 Hewlett Packard Intel Pentium MMX 200 MHz machines. These PCs all contain 64 MB of RAM and on average have 4 GB of hard drive storage space. The machines are currently running a Windows 98 operating system with a Novell NetWare client. The computers used for administration all contain CPUs upwards of Intel Celeron 2.0 GHz, with a minimum of 256 MB RAM.

John Paul II Campus

The John Paul II Campus (JPII) has three main computing labs. Rooms 12, 18 and 51 all contain approximately 24 computers each. Room 12 contains Intel Pentium IV 1.7GHz computers and Room 51 contains Compaq Intel Pentium IV 2.6GHz machines. Room 18 is a room dedicated to office administration lessons, including word processing, typing skills, filing etc. This room contains Pentium MMX 100MHz machines.

Alana Reynard Page 3

Software Details and Licensing Agreements

Software Details
The schools network operating system (NOS) is Novell NetWare on both campuses. The workstations are either using Windows 98 or 2000. Microsoft Office is installed on most workstations though the versions may vary. QBasic is used on some machines depending on the lessons that are carried out in the classroom.

Licensing Arrangements
Microsoft only offers a per seat licensing arrangement for their clients, therefore most of the software in the school is used under a per seat license. Some software is under a per site license, this arrangement is preferred by the school.

Alana Reynard Page 4

Financial Value of Equipment and Software

The amount of equipment within St. Andrews College can only be estimated as the age of the equipment varies greatly. Therefore depreciation comes into the equation. The main areas of value can be divided into three main areas: Network backbone: Approx $250,000.00 Upgrades: Approx $18,000.00 Cabling: Approx $32,000.00 Licensing: Approx $50,000.00

This gives an approximate financial value of $350,000.00 and over for equipment and software.

Alana Reynard Page 5

Maintenance Requests and System Performance

Maintenance Requests
The main areas of concern were rooms B7 and B8 on the Holy Family Campus. The IT department received complaints about the computers freezing while students were trying to use them. The complaints were lodged with the IT department through a complaint log sheet. The log sheet lists the time, date, room, teachers name and problems with computing equipment. After receiving these complaints the room was arranged to be vacated for a day during the week. The computers were then pulled apart and preventative maintenance was carried out. A zero fill was used on the hard drives to fix any problems with the drive, bad sectors etc. The machines were then all re-imaged using a defragmented Windows 98 image. If an urgent problem arises the IT technician will be contacted by telephone to alert him to it.

Computing System Performance

St Andrews College is currently using a 100 mbps network. The school runs on the theory that the amount of complaints that are received reflects the efficiency of the system. For example if very little complaints are received about the networks response time then the IT department considers the network response time to be acceptable. After the preventative maintenance was completed on rooms B7 and B8 the amount of complaints for that room, was reduced to very little.

Alana Reynard Page 6

Possible Risk Events

A possible risk event is an unplanned event that harmfully effects the schools network. A list of such events was compiled with the IT support officer at St. Andrews College: 1. 2. 3. 4. 5. Fire Vandalism Theft Server Failure Virus Attacks

Managing Risk Events: Risk Plans

Risk Factor: Fire
Fire in St. Andrews case refers to a deliberately light fire. The staff at St. Andrews felt that fire was a fairly high risk for their school. There are a few steps that can be taken to manage these risks, these include:

Risk Impact to Project

Medium (depending on severity of fire)

Risk Probability
Low

Risk Level (1-10 Scale)

3

Risk Plan Low Cost Management

1. Keep school gates locked after hours 2. Display signs around the perimeter of the school warning trespassers of surveillance cameras and patrolling security officers.

High Cost Management

1. Install surveillance cameras 2. Install fire retardant carpet, walls and desks The low cost management is a more feasible approach to controlling the fire risk at St. Andrews College. If the school gates were locked it would increase the difficulty to get into the school after hours. The signs would hopefully discourage a person intending on damaging the schools property from entering the school grounds.

Alana Reynard Page 7

Risk Factor: Vandalism

Vandalism refers to the malicious damage to the computing equipment at St. Andrews College. The main vandalism acts that occur are: 1. Removal of cables 2. Removal of mouse trackballs 3. Changing desktops 4. Changing setting on PC and monitor 5. Damaging CD-ROM mechanism 6. Forcing items into floppy drives

Risk Impact to Project

Medium

Risk Probability
High

Risk Level (1-10 Scale)

6

Risk Plan Low-Cost Management

1. Teach student and teachers about the proper cable set up for the computers so that they will be able to rectify the problem if they find one. 2. Students should show the teacher that their computer has a mouse with a trackball intact before they leave the classroom. 3. Disable the students rights to change the desktop 4. Re-image the computers regularly 5. Document which classes are using the classroom and at what time, to try and identify which class was in the room when the equipment was damaged. 6. Teach students and teachers to check for anything jamming the CD-ROM or floppy drive.

High Cost Management

1. Purchase mice with fixed trackballs 2. Purchase excess CD-ROM drives and floppy disk drives to use when other drives are damaged.

Risk Factor: Theft

Theft of equipment from the school

Risk Impact to Project

Medium
Alana Reynard Page 8

Risk Probability
Low

Risk Level
4

Risk Plan Low Cost Management

1. Create a sign in and out log for expensive equipment 2. Keep all equipment locked in classrooms or storerooms 3. When unusual events arise, for example open days or moving of equipment, all equipment should be immediately moved from one location to the other and secured. The new location should be documented and monitored

High Cost Management

1. Creating high security rooms for equipment, for example no windows and a strongroom door with limited amount of keys distributed. 2. Installing security alarms 3. Installing surveillance system

Risk Factor: Server Failure

A server failure refers to one of the schools network/file servers becoming unable to perform its duties at an acceptable speed. The main risks that arise with server failure include: 1. On John Paul II Campus the server room door is left slightly open to allow airflow as the room is not equipped with air conditioning. 2. On John Paul II Campus the servers are located on the floor of the strongroom with cables exposed. 3. Loss of power after school hours. 4. Problem with server hardware

Risk Impact to Project

High

Risk Probability
Low

Risk Level
6

Alana Reynard Page 9

Risk Plan Low Cost Management

1. Install vent above the strongroom door to drag in cool air. 2. Place the servers on a desk or shelf and tie cables together to keep them out of harms way 3. Keep server room door locked

High Cost Management

1. Install air-conditioning to strong room 2. Install new server enclosure with door

Risk Factor: Virus Attack

A virus attack maliciously effects the network servers and workstations. A virus has the ability to completely cripple the network. A virus may infect the school network through removable media (floppy disks and CDs) and through the internet.

Risk Impact to Project

Medium-High (depending on scale of virus)

Risk Probability
Medium

Risk Level
7

Risk Plan Low Cost Management

1. Stop students and teachers using removable media on school computers 2. Encourage students and teachers to have anti-virus software at home 3. Encourage students and teachers to have floppy disks to use within the school that are not used anywhere else. 4. Arrange with AV software provider to allow teachers to have the software installed on their home computers. 5. Encourage students to not download files of the internet from unknown sources.

High Cost Management

1. Restrict the internet accessibility, for example only allow students access to vital web pages. 2. Remove floppy drives and CD drives from workstations, forcing students and teachers to save to their home drive on the server.

Alana Reynard Page 10

Risk Management Process Review

The risk management process at St Andrews College will be broken down into the mentioned risks:

Risk Factor: Fire

Current Management
1. Security officers monitoring school outside hours 2. School gates locked after hours 3. Signs displayed around the perimeter of the school warning trespassers of surveillance cameras and patrolling security officers.

Review
The current management of a fire risk is appropriate as it stops most cases of deliberately light fires around the school. Whilst there is still a risk of fire occurring, for example a person could jump the fences, this risk is not high enough for the school to be concerned about. Any higher risk management would be expensive and excessive for the school.

Risk Factor: Vandalism

Current Management
1. Students should show the teacher that their computer has a mouse with a trackball intact before they leave the classroom. 2. Document which classes are using the classroom and at what time, to try and identify which class was in the room when the equipment was damaged.

Review
The current management of a vandalism risk needs improvement. Removal of cables is a major problem with the workstations; the students should be taught how to fix this problem themselves.

Risk Factor: Theft

Current Management
1. Sign in and out log for expensive equipment 2. All equipment locked in classrooms or storerooms 3. When unusual events arise, for example open days or moving of equipment, all equipment should be immediately moved from one location to the other and secured. The new location should be documented and monitored 4. High security rooms for equipment

Alana Reynard Page 11

Review
The school has taken measures to lower the risk of theft within the school. The management of this risk is appropriate as equipment is rarely stolen.

Risk Factor: Server Failure

Current Management
1. Ventilation system installed 2. Server room door locked at night 3. UPS installed

Review
The schools management of a server failure risk is poor. On the John Paul II Campus the server room door is left open within school hours. This allows any person to walk into the server room and possibly switch them off, turn off server power and remove cables. This could be improved by installing a vent above the door so that the door could be locked at all times. A desk could also be brought into the server room to place servers on. All cables should be tied and kept out of the rooms walkway.

Risk Factor: Virus Attack

Current Management
1. Students and teachers encouraged to have floppy disks to use within the school that are not used anywhere else. 2. AV software provider allows teachers to have the software installed on their home computers. 3. Students encouraged not to download files off the internet from unknown sources.

Review
The school has an excellent virus risk management system. The school has an agreement with McAfee to give the teachers copies of the software for their home computers. Students are also encouraged to not use media from home computers. The school has had very low occurrences of virus infection in the school. The school currently has no restriction on the internet; this could be considered as it would reduce the risk of a virus coming into the school over the internet.

Alana Reynard Page 12