SlideShare a Scribd company logo

Sample Risk Assessment

Download as DOCX, PDF
S
Scott Johnson

Risk Assessment prepared as a project during PMP coursework.

1 of 13
Running head: MCBRIDE FINANCIAL SECURITY RISK ASSESSMENT 1 McBride Financial Security Risk Assessment Team C: REDACTED CMGT 542 July 17, 2011
MCBRIDE FINANCIAL SECURITY RISK ASSESSMENT 2 McBride Financial Security Risk Assessment The McBride Financial Services company is planning to place their new office in the Sioux Falls, South Dakota market. Information for the preparation of a Risk Assessment has been gathered from a recent interview of Hugh McBride by Abram LaBelle of Smith Systems Consulting. Smith Systems Consulting will be integrating the information systems network and supporting the technology over the long term. McBride seeks to invest some $200,000 on website development, aimed at the ability to gather prospective client applications over the web, and follow-up with a small staff of loan officers and administrative staff in the local market area where the client is located. Our survey of the proposed 41st Street & Minnesota Avenue location in Sioux Falls, South Dakota has yielded a number of risks for McBride Financial Services to be aware of and potentially mitigate if possible or consider contingency plans in response if the risk occurs. Our survey has classified risks by four major categories: Physical Security; Risk of Terrorism, Natural, and Manmade Disasters; Economic; and Technical Risks. Physical Security McBride Financial Services seeks to use 800 to 1000 square foot ground-level, single story offices in mixed-use retail or strip-style professional office locations. There are several concerns for a company that possesses financial records for their clients in these types of locations(McBride Financial Services, 2011). First, ground-level offices with windows should be given particular consideration to the placement of furniture, the direction facing of computer screens, and the need for secured file storage of paperwork. Computer screens that are left on at night, visible from exterior office
MCBRIDE FINANCIAL SECURITY RISK ASSESSMENT 3 windows can easily be read with the naked eye or with binoculars from outside of the building. Personal information on a database record, left on the screen, could be transcribed by a passerby with no other physical access to the building. Likewise, file cabinets or desks placed near the windows could also be the source of the same personal information disclosure if documents are left in view. Second, ground level offices are inherently more attractive to thieves. Financial companies with high grade copiers, large computer flat screens, employee-owned iPods and iPads left on desks, and business laptops are a very tempting target for an opportunistic thief. While the ground-level offices are more convenient for clients, if customer visits are infrequent or not necessary, consider a second or higher story location or budget for a very thorough physical security system. Third, near the proposed location, the general area and neighborhood is a mixture of mostly run-down retail strip malls with some gentrification that has been slowly taking shape. There is a pronounced population of check-cashing stores, bars, and liquor stores in the immediate area, as many as thirty within a 2 mile radius, known to have large amounts of cash on hand and are magnets for robbery and burglary activity. Locations with a high concentration of these types of businesses in the vicinity indicates a neighborhood in decline, and where the residents have little financial resources to spend (Khalfani-Cox, 2011) (Google, 2011). Locations in the immediate vicinity of less than 0.5 miles are listed below and their distance to the proposed intersection location(Google, 2011): Wells Fargo 100 yards Medium risk – bank robbery Cash Depot 100 yards High risk – robbery
MCBRIDE FINANCIAL SECURITY RISK ASSESSMENT 4 Home Federal Bank 0.2 miles Medium risk – bank robbery Check Into Cash 0.2 miles High risk – robbery Good Sprits Wine & Liquor 100 yards High risk – random crime Taylor’s Pantry & Liquor 100 yards High risk – random crime Poppadox Pub 0.3 miles Medium risk – random crime Crow Bar & Casino 0.3 miles Medium risk – random crime Risk of Terrorism, Natural and Manmade Disasters Our survey of the risk of toxic chemicals in the area indicated this was a very low overall risk. The neighborhood is on the boundary of large areas of residential single family homes and light commercial, office, retail, and small mixed-use commercial buildings. There were no industrial properties found within a comfortable distance from the location. A nearby printing press, Sisson Printing at 3400 South Minnesota Avenue, approximately four blocks from the subject location, represents a risk of hazardous chemicals release. Commercial printing presses generate solid waste including empty containers, used film packs, outdated chemicals that are disposed of, damaged plates, bad printing & spoilage and large amounts of scrap paper. Wastewater from printing operations can contain lubricating oils, waste ink, cleanup solvents, photographic chemicals, acids, alkalis, and plate coatings, as well metals such as silver, iron, chromium, copper and barium. Air emissions include volatile organic compounds, alcohols, boiled inks, and wetting agents as well as nitrous dioxide and sulfur dioxide. The culmination of toxic ink and bleaches used by modern printing presses can have adverse effects on the surrounding environment (Illinois State University, 2011).
MCBRIDE FINANCIAL SECURITY RISK ASSESSMENT 5 There is a single source of transportation and transit risk of a chemical or hazardous spill of some kind, the I-229 freeway, serving as the through-city business loop for the I-29 North/South Interstate is located approximately 0.25 miles south of the proposed office location and carries truck & trailer traffic throughout the day, including petroleum, agricultural chemicals, and ethanol products. Sioux Falls, South Dakota has a very large population of government agencies and buildings at the city, state, and federal levels, most within 2.5 miles of the proposed office location. Several are located less than 1.5 miles from the office and may represent a low risk of foreign or domestic terrorism(Google, 2011): Veterans of Foreign Wars (Fraternal 0.2 miles Very low risk Organization) Sioux Falls Fire Training Center (first 0.3 miles Very low risk responder training) US Social Security Administration 1.3 miles Low risk Minnehaha Juvenile Training Center 1.0 miles Low risk US Air Force Health Professional Recruiting 1.1 miles Low risk US Housing & Urban Development 1.3 miles Low risk US Military Entrance Processing Station 1.5 miles Medium risk (MEPS) The State of South Dakota has an active and sometimes violent history of political opposition demonstrations. South Dakota is a very conservative state, and has only a single
MCBRIDE FINANCIAL SECURITY RISK ASSESSMENT 6 abortion clinic, and is located at Planned Parenthood, 6511 West 41st Street, Sioux Falls, South Dakota – approximately 3.7 miles (albeit on the same street) as the proposed office location. There are no doctors in South Dakota willing to perform abortions for fear of retribution on their families and/or careers, so a doctor flies into Sioux Falls once per day from Minneapolis to meet with patients and perform the procedures. State law prohibits the use of insurance or healthcare benefits or subsidies for any type of abortion under any circumstances, so it is largely a cash- only service. The office is located across the street from Roosevelt High School in an unmarked building, facing away from the street and with a private fenced parking lot. The building is secured and locked, and patients must request entry from a door-button & speaker – only patients with an appointment are admitted. The waiting area has a bulletproof glass reception area, and Kevlar-reinforced walls due to fear of attacks by protestors that picket seven days per week in front of the location (Nieves, 2005). Two similarly ultra-conservative groups are located 0.7 miles from the proposed office location and frequently picket, clash with, and publish anti-abortion rhetoric in media outlets. The Alpha Center, and the Take Charge of Your Life Organization. SoDAK A.N.S.W.E.R. Coalition is an ultra left-wing political organization, openly socialist/communist and supportive of ideals most Americans would find offensive, such as Pro- Palestinian / Anti-Israeli protests, Israeli & US flag burning, and openly supports the overthrow of the US government and Constitution. Their office location is located 0.2 miles from the proposed McBride Financial Services location. A recent media article written by the group included their protest of the first execution of capital punishment in South Dakota in sixty years: “The death penalty is promoted by ruling class supporters as a so-called deterrent to crime, but in reality it is a way for the capitalist class to kill working-class people, especially
MCBRIDE FINANCIAL SECURITY RISK ASSESSMENT 7 African Americans.” The person executed happened to be a white male that admitted guilt and waived his rights to appeals. (SoDAK A.N.S.W.E.R Coalition, 2011). Due to the extreme nature of their rhetoric and occasionally violent comments and protests, it is conceivable that they may choose to make stronger political statements in the future, resulting in harm to others. Economic Risks Presently, eight real estate companies remain within a 1.5 mile radius of the office location. Of those, only two, RE/MAX and Century 21 Advantage, have more than 2 agents in their office. Several years ago, as many as thirty companies were in the same market area(Google, 2011). Many locations listed as real estate offices have vacated and are now occupied by different companies in different industries. Year over year housing price trends by neighborhood in Sioux Falls continue to show steep declines from the previous year, with only one section of the city showing a modest gain. The median selling price of a house in Sioux Falls is $149,900, or about half of what the average seller’s asking list price is at $297,171, indicating that buyers and sellers have very different expectations for executing a sales contract (Trulia, 2011). Housing inventory numbers represent approximately a six-month supply of homes on the market, with numbers greater than adequate for ninety-days indicating a “Declining Market” condition, with year over year average sales prices down by as much as 8.7% from the same month in 2010 (Trulia, 2011), with middle and affluent neighborhoods the hardest-hit. With the home mortgage system in disrepair, high unemployment levels, and the national banking system still cautious with regard to the real estate market, it may be some time before the economic indicators for the Sioux Falls real estate market recover (Trulia, 2011) (Johnson, July).
MCBRIDE FINANCIAL SECURITY RISK ASSESSMENT 8 Technical Risks The company seeks to fully outsource their information technology services with a budget of $500.00 per month (McBride Financial Services, 2011) despite the very large initial capital outlay of $200,000 for a fully automated mortgage application website and electronic decision-engine. The company lacks any technically-minded leadership internally (McBride Financial Services, 2011) and the very low monthly support budget seems very low in that consideration, while being the primary source of business and revenue for the company. We question whether the $500.00 per month budget figure is sufficient to manage enhancements and upgrades to the enterprise-class ecommerce website, secure the company databases from external intrusion, maintain desktop end-user systems, and properly secure and monitor for intrusion attempts to the client financial records systems while seeking to interconnect eight offices with shared data and resources(McBride Financial Services, 2011). Mitigation Recommendations Physical Risks Industry best-practices for office management that the banking industry uses can be of significant value. To protect client information, keep window coverings closed or use blinds to obscure visibility into the office and arrange workstations so as to avoid visibility of the computer screens from outside through and adjacent window. Utilize idle-timeout settings on computers to blank a screen that may potentially contain sensitive client personal financial information after five minutes of no activity. Institute company policies that require personal financial documents to be stored in locked filing cabinets when not in use and at the close of business every day.
MCBRIDE FINANCIAL SECURITY RISK ASSESSMENT 9 Employees are also vulnerable to random acts of crime, and annual security awareness training should be conducted. This can include topics and requirements such as information security mentioned above, as well as personal security and being aware of their surroundings. A monitored business-grade security system should be installed, and automatically activated after hours. Consider the use of perimeter-only security system features as an added measure of security for employees that may be working after normal business hours. For physical security, and all other threats, the first line of defense should be a thorough data backup system that is regularly monitored and tested. Company information security policies should prohibit the storage of personal information or client financial data on local PCs, hard drives, flash drives, or removable disk media that is vulnerable to theft. If required for business purposes, strong disk or tape encryption should be used. Risk of Terrorism, Natural, and Manmade Disasters These risks are primarily a threat to the human resource of the business. Mitigation strategies include regular daily data backup and general employee security awareness. The business can be alerted to a growing threat condition resulting from future socio-political factors by taking an active or passive interest in local news and politics, and being aware of any growing or scheduled protests in the immediate area and taking any precautions that may be warranted if needed. Economic Risks The current real estate market crisis is a nationwide, systemic condition and there is little or nothing that an individual company can do to correct this macroeconomic trend. Mitigation measures to consider are: keeping recurring costs as low as possible after opening the office until economic conditions have shown improvement for several quarters. Avoid long-term office
MCBRIDE FINANCIAL SECURITY RISK ASSESSMENT 10 or equipment lease agreements that would hamper defensive business decisions later if warranted. Technical Risks Consider having one or more company managers attend some web development and information technology support seminars intended for business leaders. A better understanding of technical and ecommerce support objectives and strategies can assist in matching business strategy and requirements to available resources. Regularly revisit monthly business plans and capital budgets to ensure available resources are properly prioritized for stable business operation. Avoid single-sourced exclusivity clauses in technical support contracts. In the event that a quality-of-service, responsiveness, or other problems are exhibited by the support provider, there should not be any contractual damages incurred by the cancellation of the agreement and selection of a new provider. Longer term, as cash flows stabilize and can support the overhead, consider adding a technical manager to oversee support agreements and future website maintenance, enhancement, and refreshment. Conclusions The proposed new location for McBride Financial should prove adequate and able to meet the company’s needs. Several risks do exist however, with the most threatening of those potentially being the company’s own business plan, and external industry economic factors beyond the limiting control of mitigation planning. The opening of a new location can be quite an experience for any company. McBride Financial has successfully identified a wide array of potential risks that range from high to low with various impacts to their daily operations. Although it is impossible to plan for every event,
MCBRIDE FINANCIAL SECURITY RISK ASSESSMENT 11 McBride Financial has gone through great lengths to mitigate every foreseen risk that could potentially occur. Through risk analysis and management, they have provided themselves a solid foundation on which they can continue to grow and succeed.
MCBRIDE FINANCIAL SECURITY RISK ASSESSMENT 12 References Google. (2011, 07 16). Google Maps. Retrieved 07 16, 2011, from Google Maps Sioux Falls, South Dakota: http://maps.google.com Illinois State University. (2011, July 17). Illinois State University. Retrieved July 17, 2011, from Illinois State University: http://www.istc.illinois.edu/info/library_docs/manuals/printing/p2pract.htm Johnson, S. (July, 17 2011). Licesned Broker-Officer, California Department of Real Estate #01400015. (S. Johnson, Interviewer) Khalfani-Cox, L. (2011, May 12). Payday Lenders Fuel Crime, Drive Down Residential Property Values. Retrieved July 31, 2011, from AOL Original, WalletPop Personal Finance: http://www.walletpop.com/2011/05/12/payday-lenders-fuel-crime-drive-down- property-values/ McBride Financial Services. (2011, 07 17). McBride Financial Services Intranet. Retrieved 07 17, 2011, from McBride Financial Services Intranet: https://ecampus.phoenix.edu/secure/aapd/cist/vop/Business/McBride/Intranet Nieves, E. (2005, December 27). Planned Parenthood in South Dakota. Retrieved 07 15, 2011, from Washington Post: http://www.washingtonpost.com/wp- dyn/content/article/2005/12/26/ar2005122600747.html SoDAK A.N.S.W.E.R Coalition. (2011, 07 15). SoDAK A.N.S.W.E.R Coalition. Retrieved 07 15, 2011, from SoDAK A.N.S.W.E.R Coalition: http://www.sodakanswers.org/events10.htm Swann, J. (2004). Protecting Your Physical Bank. Community Banker, 7-10.
MCBRIDE FINANCIAL SECURITY RISK ASSESSMENT 13 Trulia. (2011, July 29). Sioux Falls Real Estate Overview. Retrieved July 31, 2011, from Trulia: http://www.trulia.com/real_estate/Sioux_Falls-South_Dakota/

Recommended

Risk asssessment
Risk asssessmentRisk asssessment
Risk asssessmentBradleyBarnes16
 
Elements of security risk assessment and risk management
Elements of security risk assessment and risk managementElements of security risk assessment and risk management
Elements of security risk assessment and risk managementhealthpoint
 
EHR meaningful use security risk assessment sample document
EHR meaningful use security risk assessment sample documentEHR meaningful use security risk assessment sample document
EHR meaningful use security risk assessment sample documentdata brackets
 
Business Plan: Risks & Challenges
Business Plan: Risks & ChallengesBusiness Plan: Risks & Challenges
Business Plan: Risks & ChallengesKofi Kafui Kornu
 
HIPAA security risk assessments
HIPAA security risk assessmentsHIPAA security risk assessments
HIPAA security risk assessmentsJose Ivan Delgado, Ph.D.
 
Hipaa Gap Assessment.Sanitized Report
Hipaa Gap Assessment.Sanitized ReportHipaa Gap Assessment.Sanitized Report
Hipaa Gap Assessment.Sanitized Reporttbeckwith
 
mediaPhotography shoot risk assessment form
mediaPhotography shoot risk assessment formmediaPhotography shoot risk assessment form
mediaPhotography shoot risk assessment formLydiaCharlotteCooke
 
Risk assessment on information security
Risk assessment on information securityRisk assessment on information security
Risk assessment on information securityAngelo Sala
 

Recommended

Risk asssessment
Risk asssessmentRisk asssessment
Risk asssessmentBradleyBarnes16
 
Elements of security risk assessment and risk management
Elements of security risk assessment and risk managementElements of security risk assessment and risk management
Elements of security risk assessment and risk managementhealthpoint
 
EHR meaningful use security risk assessment sample document
EHR meaningful use security risk assessment sample documentEHR meaningful use security risk assessment sample document
EHR meaningful use security risk assessment sample documentdata brackets
 
Business Plan: Risks & Challenges
Business Plan: Risks & ChallengesBusiness Plan: Risks & Challenges
Business Plan: Risks & ChallengesKofi Kafui Kornu
 
HIPAA security risk assessments
HIPAA security risk assessmentsHIPAA security risk assessments
HIPAA security risk assessmentsJose Ivan Delgado, Ph.D.
 
Hipaa Gap Assessment.Sanitized Report
Hipaa Gap Assessment.Sanitized ReportHipaa Gap Assessment.Sanitized Report
Hipaa Gap Assessment.Sanitized Reporttbeckwith
 
mediaPhotography shoot risk assessment form
mediaPhotography shoot risk assessment formmediaPhotography shoot risk assessment form
mediaPhotography shoot risk assessment formLydiaCharlotteCooke
 
Risk assessment on information security
Risk assessment on information securityRisk assessment on information security
Risk assessment on information securityAngelo Sala
 
Meaningful Use and Security Risk Analysis
Meaningful Use and Security Risk AnalysisMeaningful Use and Security Risk Analysis
Meaningful Use and Security Risk AnalysisEvan Francen
 
Example security risk assessment tool july 2010
Example security risk assessment tool july 2010Example security risk assessment tool july 2010
Example security risk assessment tool july 2010WarrenGreen
 
Hira
HiraHira
Hirafiresafety98
 
Near miss report
Near miss reportNear miss report
Near miss reportTarique Hussain
 
13 toolbox meeting form
13 toolbox meeting form13 toolbox meeting form
13 toolbox meeting formAHMED NADIM JILANI
 
Incident reporting form
Incident reporting formIncident reporting form
Incident reporting formhanu suwardi
 
Physical Security Assessment
Physical Security AssessmentPhysical Security Assessment
Physical Security AssessmentFaheem Ul Hasan
 
Physical Security Assessments
Physical Security AssessmentsPhysical Security Assessments
Physical Security AssessmentsTom Eston
 
Master plan for Solid Waste Management in Mumbai, India
Master plan for Solid Waste Management in Mumbai, IndiaMaster plan for Solid Waste Management in Mumbai, India
Master plan for Solid Waste Management in Mumbai, IndiaPratima Pandey
 
Construction safety management
Construction safety managementConstruction safety management
Construction safety managementGERServices
 
Safety in hospitals
Safety in hospitalsSafety in hospitals
Safety in hospitalsaranli
 
Hospital security services
Hospital security servicesHospital security services
Hospital security servicesNc Das
 
Supply Chain Risk Management
Supply Chain Risk ManagementSupply Chain Risk Management
Supply Chain Risk ManagementAnand Subramaniam
 
Business Plan
Business PlanBusiness Plan
Business PlanAkhil Gupta
 
Cyber Threat Landscape
Cyber Threat LandscapeCyber Threat Landscape
Cyber Threat LandscapeErnest (E.J.) Hilbert
 
Clear Security Systems on Bandit Barriers
Clear Security Systems on Bandit BarriersClear Security Systems on Bandit Barriers
Clear Security Systems on Bandit BarriersPhoenix_ONE
 
Identity Theft Protection
Identity Theft ProtectionIdentity Theft Protection
Identity Theft ProtectionMark Bustamonte
 
Cybersecurity A Community Approach - 20151109
Cybersecurity A Community Approach - 20151109Cybersecurity A Community Approach - 20151109
Cybersecurity A Community Approach - 20151109Frank Backes
 
Introduction to Emergency Preparedness
Introduction to Emergency PreparednessIntroduction to Emergency Preparedness
Introduction to Emergency PreparednessJerry Becker
 
Cybersecurity: What Defense Lawyers Need to Know about Cyberliability, Cyberc...
Cybersecurity: What Defense Lawyers Need to Know about Cyberliability, Cyberc...Cybersecurity: What Defense Lawyers Need to Know about Cyberliability, Cyberc...
Cybersecurity: What Defense Lawyers Need to Know about Cyberliability, Cyberc...Shawn Tuma
 
Life Lock Customer Selling
Life Lock Customer SellingLife Lock Customer Selling
Life Lock Customer SellingCharles Seay
 
AVSS: Facility Management Law School
AVSS: Facility Management Law SchoolAVSS: Facility Management Law School
AVSS: Facility Management Law SchoolIAVMWHQ
 

More Related Content

Viewers also liked

Meaningful Use and Security Risk Analysis
Meaningful Use and Security Risk AnalysisMeaningful Use and Security Risk Analysis
Meaningful Use and Security Risk AnalysisEvan Francen
 
Example security risk assessment tool july 2010
Example security risk assessment tool july 2010Example security risk assessment tool july 2010
Example security risk assessment tool july 2010WarrenGreen
 
Incident reporting form
Incident reporting formIncident reporting form
Incident reporting formhanu suwardi
 
Physical Security Assessment
Physical Security AssessmentPhysical Security Assessment
Physical Security AssessmentFaheem Ul Hasan
 
Physical Security Assessments
Physical Security AssessmentsPhysical Security Assessments
Physical Security AssessmentsTom Eston
 
Master plan for Solid Waste Management in Mumbai, India
Master plan for Solid Waste Management in Mumbai, IndiaMaster plan for Solid Waste Management in Mumbai, India
Master plan for Solid Waste Management in Mumbai, IndiaPratima Pandey
 
Construction safety management
Construction safety managementConstruction safety management
Construction safety managementGERServices
 
Safety in hospitals
Safety in hospitalsSafety in hospitals
Safety in hospitalsaranli
 
Hospital security services
Hospital security servicesHospital security services
Hospital security servicesNc Das
 
Supply Chain Risk Management
Supply Chain Risk ManagementSupply Chain Risk Management
Supply Chain Risk ManagementAnand Subramaniam
 

Viewers also liked (14)

Meaningful Use and Security Risk Analysis
Meaningful Use and Security Risk AnalysisMeaningful Use and Security Risk Analysis
Meaningful Use and Security Risk Analysis
 
Example security risk assessment tool july 2010
Example security risk assessment tool july 2010Example security risk assessment tool july 2010
Example security risk assessment tool july 2010
 
Hira
HiraHira
Hira
 
Near miss report
Near miss reportNear miss report
Near miss report
 
13 toolbox meeting form
13 toolbox meeting form13 toolbox meeting form
13 toolbox meeting form
 
Incident reporting form
Incident reporting formIncident reporting form
Incident reporting form
 
Physical Security Assessment
Physical Security AssessmentPhysical Security Assessment
Physical Security Assessment
 
Physical Security Assessments
Physical Security AssessmentsPhysical Security Assessments
Physical Security Assessments
 
Master plan for Solid Waste Management in Mumbai, India
Master plan for Solid Waste Management in Mumbai, IndiaMaster plan for Solid Waste Management in Mumbai, India
Master plan for Solid Waste Management in Mumbai, India
 
Construction safety management
Construction safety managementConstruction safety management
Construction safety management
 
Safety in hospitals
Safety in hospitalsSafety in hospitals
Safety in hospitals
 
Hospital security services
Hospital security servicesHospital security services
Hospital security services
 
Supply Chain Risk Management
Supply Chain Risk ManagementSupply Chain Risk Management
Supply Chain Risk Management
 
Business Plan
Business PlanBusiness Plan
Business Plan
 

Similar to Sample Risk Assessment

Clear Security Systems on Bandit Barriers
Clear Security Systems on Bandit BarriersClear Security Systems on Bandit Barriers
Clear Security Systems on Bandit BarriersPhoenix_ONE
 
Identity Theft Protection
Identity Theft ProtectionIdentity Theft Protection
Identity Theft ProtectionMark Bustamonte
 
Cybersecurity A Community Approach - 20151109
Cybersecurity A Community Approach - 20151109Cybersecurity A Community Approach - 20151109
Cybersecurity A Community Approach - 20151109Frank Backes
 
Introduction to Emergency Preparedness
Introduction to Emergency PreparednessIntroduction to Emergency Preparedness
Introduction to Emergency PreparednessJerry Becker
 
Cybersecurity: What Defense Lawyers Need to Know about Cyberliability, Cyberc...
Cybersecurity: What Defense Lawyers Need to Know about Cyberliability, Cyberc...Cybersecurity: What Defense Lawyers Need to Know about Cyberliability, Cyberc...
Cybersecurity: What Defense Lawyers Need to Know about Cyberliability, Cyberc...Shawn Tuma
 
Life Lock Customer Selling
Life Lock Customer SellingLife Lock Customer Selling
Life Lock Customer SellingCharles Seay
 
AVSS: Facility Management Law School
AVSS: Facility Management Law SchoolAVSS: Facility Management Law School
AVSS: Facility Management Law SchoolIAVMWHQ
 
ISM Forward Scan_Risky Realities of Counterfeiting
ISM Forward Scan_Risky Realities of CounterfeitingISM Forward Scan_Risky Realities of Counterfeiting
ISM Forward Scan_Risky Realities of CounterfeitingAdriana Sanford
 
Casues of Cybercrime and Preventive Measures.pptx
Casues of Cybercrime and Preventive Measures.pptxCasues of Cybercrime and Preventive Measures.pptx
Casues of Cybercrime and Preventive Measures.pptxJzendoCulbertson
 
Threat Finance – How financial institutions and governments can choke off fin...
Threat Finance – How financial institutions and governments can choke off fin...Threat Finance – How financial institutions and governments can choke off fin...
Threat Finance – How financial institutions and governments can choke off fin...emermell
 
Where we are now: economic crime, corruption and money laundering in the new ...
Where we are now: economic crime, corruption and money laundering in the new ...Where we are now: economic crime, corruption and money laundering in the new ...
Where we are now: economic crime, corruption and money laundering in the new ...Peter Lilley
 
LifeLock Customer Selling V1
LifeLock Customer Selling V1LifeLock Customer Selling V1
LifeLock Customer Selling V1Ellis Curlee
 
Fraud and risk communication
Fraud and risk communicationFraud and risk communication
Fraud and risk communicationRosetta
 
Internet Threats and Risk Mitigation
Internet Threats and Risk MitigationInternet Threats and Risk Mitigation
Internet Threats and Risk MitigationBrandProtect
 
The Hidden Exposures of Technology
The Hidden Exposures of TechnologyThe Hidden Exposures of Technology
The Hidden Exposures of Technologysmithad612
 
What is Money Laundering - An Introduction
What is Money Laundering - An Introduction What is Money Laundering - An Introduction
What is Money Laundering - An Introduction Peter Lilley
 

Similar to Sample Risk Assessment (20)

Cyber Threat Landscape
Cyber Threat LandscapeCyber Threat Landscape
Cyber Threat Landscape
 
Clear Security Systems on Bandit Barriers
Clear Security Systems on Bandit BarriersClear Security Systems on Bandit Barriers
Clear Security Systems on Bandit Barriers
 
Identity Theft Protection
Identity Theft ProtectionIdentity Theft Protection
Identity Theft Protection
 
Cybersecurity A Community Approach - 20151109
Cybersecurity A Community Approach - 20151109Cybersecurity A Community Approach - 20151109
Cybersecurity A Community Approach - 20151109
 
Introduction to Emergency Preparedness
Introduction to Emergency PreparednessIntroduction to Emergency Preparedness
Introduction to Emergency Preparedness
 
Cybersecurity: What Defense Lawyers Need to Know about Cyberliability, Cyberc...
Cybersecurity: What Defense Lawyers Need to Know about Cyberliability, Cyberc...Cybersecurity: What Defense Lawyers Need to Know about Cyberliability, Cyberc...
Cybersecurity: What Defense Lawyers Need to Know about Cyberliability, Cyberc...
 
Life Lock Customer Selling
Life Lock Customer SellingLife Lock Customer Selling
Life Lock Customer Selling
 
AVSS: Facility Management Law School
AVSS: Facility Management Law SchoolAVSS: Facility Management Law School
AVSS: Facility Management Law School
 
Security Risks Infographic
Security Risks InfographicSecurity Risks Infographic
Security Risks Infographic
 
ISM Forward Scan_Risky Realities of Counterfeiting
ISM Forward Scan_Risky Realities of CounterfeitingISM Forward Scan_Risky Realities of Counterfeiting
ISM Forward Scan_Risky Realities of Counterfeiting
 
IDT Red Flags White Paper By Wrf
IDT Red Flags White Paper By WrfIDT Red Flags White Paper By Wrf
IDT Red Flags White Paper By Wrf
 
Casues of Cybercrime and Preventive Measures.pptx
Casues of Cybercrime and Preventive Measures.pptxCasues of Cybercrime and Preventive Measures.pptx
Casues of Cybercrime and Preventive Measures.pptx
 
Threat Finance – How financial institutions and governments can choke off fin...
Threat Finance – How financial institutions and governments can choke off fin...Threat Finance – How financial institutions and governments can choke off fin...
Threat Finance – How financial institutions and governments can choke off fin...
 
Where we are now: economic crime, corruption and money laundering in the new ...
Where we are now: economic crime, corruption and money laundering in the new ...Where we are now: economic crime, corruption and money laundering in the new ...
Where we are now: economic crime, corruption and money laundering in the new ...
 
LifeLock Customer Selling V1
LifeLock Customer Selling V1LifeLock Customer Selling V1
LifeLock Customer Selling V1
 
Fraud and risk communication
Fraud and risk communicationFraud and risk communication
Fraud and risk communication
 
Internet Threats and Risk Mitigation
Internet Threats and Risk MitigationInternet Threats and Risk Mitigation
Internet Threats and Risk Mitigation
 
Rsa europe 2012 active defense-hack back lecture
Rsa europe 2012 active defense-hack back lectureRsa europe 2012 active defense-hack back lecture
Rsa europe 2012 active defense-hack back lecture
 
The Hidden Exposures of Technology
The Hidden Exposures of TechnologyThe Hidden Exposures of Technology
The Hidden Exposures of Technology
 
What is Money Laundering - An Introduction
What is Money Laundering - An Introduction What is Money Laundering - An Introduction
What is Money Laundering - An Introduction
 

Sample Risk Assessment

  • 1. Running head: MCBRIDE FINANCIAL SECURITY RISK ASSESSMENT 1 McBride Financial Security Risk Assessment Team C: REDACTED CMGT 542 July 17, 2011
  • 2. MCBRIDE FINANCIAL SECURITY RISK ASSESSMENT 2 McBride Financial Security Risk Assessment The McBride Financial Services company is planning to place their new office in the Sioux Falls, South Dakota market. Information for the preparation of a Risk Assessment has been gathered from a recent interview of Hugh McBride by Abram LaBelle of Smith Systems Consulting. Smith Systems Consulting will be integrating the information systems network and supporting the technology over the long term. McBride seeks to invest some $200,000 on website development, aimed at the ability to gather prospective client applications over the web, and follow-up with a small staff of loan officers and administrative staff in the local market area where the client is located. Our survey of the proposed 41st Street & Minnesota Avenue location in Sioux Falls, South Dakota has yielded a number of risks for McBride Financial Services to be aware of and potentially mitigate if possible or consider contingency plans in response if the risk occurs. Our survey has classified risks by four major categories: Physical Security; Risk of Terrorism, Natural, and Manmade Disasters; Economic; and Technical Risks. Physical Security McBride Financial Services seeks to use 800 to 1000 square foot ground-level, single story offices in mixed-use retail or strip-style professional office locations. There are several concerns for a company that possesses financial records for their clients in these types of locations(McBride Financial Services, 2011). First, ground-level offices with windows should be given particular consideration to the placement of furniture, the direction facing of computer screens, and the need for secured file storage of paperwork. Computer screens that are left on at night, visible from exterior office
  • 3. MCBRIDE FINANCIAL SECURITY RISK ASSESSMENT 3 windows can easily be read with the naked eye or with binoculars from outside of the building. Personal information on a database record, left on the screen, could be transcribed by a passerby with no other physical access to the building. Likewise, file cabinets or desks placed near the windows could also be the source of the same personal information disclosure if documents are left in view. Second, ground level offices are inherently more attractive to thieves. Financial companies with high grade copiers, large computer flat screens, employee-owned iPods and iPads left on desks, and business laptops are a very tempting target for an opportunistic thief. While the ground-level offices are more convenient for clients, if customer visits are infrequent or not necessary, consider a second or higher story location or budget for a very thorough physical security system. Third, near the proposed location, the general area and neighborhood is a mixture of mostly run-down retail strip malls with some gentrification that has been slowly taking shape. There is a pronounced population of check-cashing stores, bars, and liquor stores in the immediate area, as many as thirty within a 2 mile radius, known to have large amounts of cash on hand and are magnets for robbery and burglary activity. Locations with a high concentration of these types of businesses in the vicinity indicates a neighborhood in decline, and where the residents have little financial resources to spend (Khalfani-Cox, 2011) (Google, 2011). Locations in the immediate vicinity of less than 0.5 miles are listed below and their distance to the proposed intersection location(Google, 2011): Wells Fargo 100 yards Medium risk – bank robbery Cash Depot 100 yards High risk – robbery
  • 4. MCBRIDE FINANCIAL SECURITY RISK ASSESSMENT 4 Home Federal Bank 0.2 miles Medium risk – bank robbery Check Into Cash 0.2 miles High risk – robbery Good Sprits Wine & Liquor 100 yards High risk – random crime Taylor’s Pantry & Liquor 100 yards High risk – random crime Poppadox Pub 0.3 miles Medium risk – random crime Crow Bar & Casino 0.3 miles Medium risk – random crime Risk of Terrorism, Natural and Manmade Disasters Our survey of the risk of toxic chemicals in the area indicated this was a very low overall risk. The neighborhood is on the boundary of large areas of residential single family homes and light commercial, office, retail, and small mixed-use commercial buildings. There were no industrial properties found within a comfortable distance from the location. A nearby printing press, Sisson Printing at 3400 South Minnesota Avenue, approximately four blocks from the subject location, represents a risk of hazardous chemicals release. Commercial printing presses generate solid waste including empty containers, used film packs, outdated chemicals that are disposed of, damaged plates, bad printing & spoilage and large amounts of scrap paper. Wastewater from printing operations can contain lubricating oils, waste ink, cleanup solvents, photographic chemicals, acids, alkalis, and plate coatings, as well metals such as silver, iron, chromium, copper and barium. Air emissions include volatile organic compounds, alcohols, boiled inks, and wetting agents as well as nitrous dioxide and sulfur dioxide. The culmination of toxic ink and bleaches used by modern printing presses can have adverse effects on the surrounding environment (Illinois State University, 2011).
  • 5. MCBRIDE FINANCIAL SECURITY RISK ASSESSMENT 5 There is a single source of transportation and transit risk of a chemical or hazardous spill of some kind, the I-229 freeway, serving as the through-city business loop for the I-29 North/South Interstate is located approximately 0.25 miles south of the proposed office location and carries truck & trailer traffic throughout the day, including petroleum, agricultural chemicals, and ethanol products. Sioux Falls, South Dakota has a very large population of government agencies and buildings at the city, state, and federal levels, most within 2.5 miles of the proposed office location. Several are located less than 1.5 miles from the office and may represent a low risk of foreign or domestic terrorism(Google, 2011): Veterans of Foreign Wars (Fraternal 0.2 miles Very low risk Organization) Sioux Falls Fire Training Center (first 0.3 miles Very low risk responder training) US Social Security Administration 1.3 miles Low risk Minnehaha Juvenile Training Center 1.0 miles Low risk US Air Force Health Professional Recruiting 1.1 miles Low risk US Housing & Urban Development 1.3 miles Low risk US Military Entrance Processing Station 1.5 miles Medium risk (MEPS) The State of South Dakota has an active and sometimes violent history of political opposition demonstrations. South Dakota is a very conservative state, and has only a single
  • 6. MCBRIDE FINANCIAL SECURITY RISK ASSESSMENT 6 abortion clinic, and is located at Planned Parenthood, 6511 West 41st Street, Sioux Falls, South Dakota – approximately 3.7 miles (albeit on the same street) as the proposed office location. There are no doctors in South Dakota willing to perform abortions for fear of retribution on their families and/or careers, so a doctor flies into Sioux Falls once per day from Minneapolis to meet with patients and perform the procedures. State law prohibits the use of insurance or healthcare benefits or subsidies for any type of abortion under any circumstances, so it is largely a cash- only service. The office is located across the street from Roosevelt High School in an unmarked building, facing away from the street and with a private fenced parking lot. The building is secured and locked, and patients must request entry from a door-button & speaker – only patients with an appointment are admitted. The waiting area has a bulletproof glass reception area, and Kevlar-reinforced walls due to fear of attacks by protestors that picket seven days per week in front of the location (Nieves, 2005). Two similarly ultra-conservative groups are located 0.7 miles from the proposed office location and frequently picket, clash with, and publish anti-abortion rhetoric in media outlets. The Alpha Center, and the Take Charge of Your Life Organization. SoDAK A.N.S.W.E.R. Coalition is an ultra left-wing political organization, openly socialist/communist and supportive of ideals most Americans would find offensive, such as Pro- Palestinian / Anti-Israeli protests, Israeli & US flag burning, and openly supports the overthrow of the US government and Constitution. Their office location is located 0.2 miles from the proposed McBride Financial Services location. A recent media article written by the group included their protest of the first execution of capital punishment in South Dakota in sixty years: “The death penalty is promoted by ruling class supporters as a so-called deterrent to crime, but in reality it is a way for the capitalist class to kill working-class people, especially
  • 7. MCBRIDE FINANCIAL SECURITY RISK ASSESSMENT 7 African Americans.” The person executed happened to be a white male that admitted guilt and waived his rights to appeals. (SoDAK A.N.S.W.E.R Coalition, 2011). Due to the extreme nature of their rhetoric and occasionally violent comments and protests, it is conceivable that they may choose to make stronger political statements in the future, resulting in harm to others. Economic Risks Presently, eight real estate companies remain within a 1.5 mile radius of the office location. Of those, only two, RE/MAX and Century 21 Advantage, have more than 2 agents in their office. Several years ago, as many as thirty companies were in the same market area(Google, 2011). Many locations listed as real estate offices have vacated and are now occupied by different companies in different industries. Year over year housing price trends by neighborhood in Sioux Falls continue to show steep declines from the previous year, with only one section of the city showing a modest gain. The median selling price of a house in Sioux Falls is $149,900, or about half of what the average seller’s asking list price is at $297,171, indicating that buyers and sellers have very different expectations for executing a sales contract (Trulia, 2011). Housing inventory numbers represent approximately a six-month supply of homes on the market, with numbers greater than adequate for ninety-days indicating a “Declining Market” condition, with year over year average sales prices down by as much as 8.7% from the same month in 2010 (Trulia, 2011), with middle and affluent neighborhoods the hardest-hit. With the home mortgage system in disrepair, high unemployment levels, and the national banking system still cautious with regard to the real estate market, it may be some time before the economic indicators for the Sioux Falls real estate market recover (Trulia, 2011) (Johnson, July).
  • 8. MCBRIDE FINANCIAL SECURITY RISK ASSESSMENT 8 Technical Risks The company seeks to fully outsource their information technology services with a budget of $500.00 per month (McBride Financial Services, 2011) despite the very large initial capital outlay of $200,000 for a fully automated mortgage application website and electronic decision-engine. The company lacks any technically-minded leadership internally (McBride Financial Services, 2011) and the very low monthly support budget seems very low in that consideration, while being the primary source of business and revenue for the company. We question whether the $500.00 per month budget figure is sufficient to manage enhancements and upgrades to the enterprise-class ecommerce website, secure the company databases from external intrusion, maintain desktop end-user systems, and properly secure and monitor for intrusion attempts to the client financial records systems while seeking to interconnect eight offices with shared data and resources(McBride Financial Services, 2011). Mitigation Recommendations Physical Risks Industry best-practices for office management that the banking industry uses can be of significant value. To protect client information, keep window coverings closed or use blinds to obscure visibility into the office and arrange workstations so as to avoid visibility of the computer screens from outside through and adjacent window. Utilize idle-timeout settings on computers to blank a screen that may potentially contain sensitive client personal financial information after five minutes of no activity. Institute company policies that require personal financial documents to be stored in locked filing cabinets when not in use and at the close of business every day.
  • 9. MCBRIDE FINANCIAL SECURITY RISK ASSESSMENT 9 Employees are also vulnerable to random acts of crime, and annual security awareness training should be conducted. This can include topics and requirements such as information security mentioned above, as well as personal security and being aware of their surroundings. A monitored business-grade security system should be installed, and automatically activated after hours. Consider the use of perimeter-only security system features as an added measure of security for employees that may be working after normal business hours. For physical security, and all other threats, the first line of defense should be a thorough data backup system that is regularly monitored and tested. Company information security policies should prohibit the storage of personal information or client financial data on local PCs, hard drives, flash drives, or removable disk media that is vulnerable to theft. If required for business purposes, strong disk or tape encryption should be used. Risk of Terrorism, Natural, and Manmade Disasters These risks are primarily a threat to the human resource of the business. Mitigation strategies include regular daily data backup and general employee security awareness. The business can be alerted to a growing threat condition resulting from future socio-political factors by taking an active or passive interest in local news and politics, and being aware of any growing or scheduled protests in the immediate area and taking any precautions that may be warranted if needed. Economic Risks The current real estate market crisis is a nationwide, systemic condition and there is little or nothing that an individual company can do to correct this macroeconomic trend. Mitigation measures to consider are: keeping recurring costs as low as possible after opening the office until economic conditions have shown improvement for several quarters. Avoid long-term office
  • 10. MCBRIDE FINANCIAL SECURITY RISK ASSESSMENT 10 or equipment lease agreements that would hamper defensive business decisions later if warranted. Technical Risks Consider having one or more company managers attend some web development and information technology support seminars intended for business leaders. A better understanding of technical and ecommerce support objectives and strategies can assist in matching business strategy and requirements to available resources. Regularly revisit monthly business plans and capital budgets to ensure available resources are properly prioritized for stable business operation. Avoid single-sourced exclusivity clauses in technical support contracts. In the event that a quality-of-service, responsiveness, or other problems are exhibited by the support provider, there should not be any contractual damages incurred by the cancellation of the agreement and selection of a new provider. Longer term, as cash flows stabilize and can support the overhead, consider adding a technical manager to oversee support agreements and future website maintenance, enhancement, and refreshment. Conclusions The proposed new location for McBride Financial should prove adequate and able to meet the company’s needs. Several risks do exist however, with the most threatening of those potentially being the company’s own business plan, and external industry economic factors beyond the limiting control of mitigation planning. The opening of a new location can be quite an experience for any company. McBride Financial has successfully identified a wide array of potential risks that range from high to low with various impacts to their daily operations. Although it is impossible to plan for every event,
  • 11. MCBRIDE FINANCIAL SECURITY RISK ASSESSMENT 11 McBride Financial has gone through great lengths to mitigate every foreseen risk that could potentially occur. Through risk analysis and management, they have provided themselves a solid foundation on which they can continue to grow and succeed.
  • 12. MCBRIDE FINANCIAL SECURITY RISK ASSESSMENT 12 References Google. (2011, 07 16). Google Maps. Retrieved 07 16, 2011, from Google Maps Sioux Falls, South Dakota: http://maps.google.com Illinois State University. (2011, July 17). Illinois State University. Retrieved July 17, 2011, from Illinois State University: http://www.istc.illinois.edu/info/library_docs/manuals/printing/p2pract.htm Johnson, S. (July, 17 2011). Licesned Broker-Officer, California Department of Real Estate #01400015. (S. Johnson, Interviewer) Khalfani-Cox, L. (2011, May 12). Payday Lenders Fuel Crime, Drive Down Residential Property Values. Retrieved July 31, 2011, from AOL Original, WalletPop Personal Finance: http://www.walletpop.com/2011/05/12/payday-lenders-fuel-crime-drive-down- property-values/ McBride Financial Services. (2011, 07 17). McBride Financial Services Intranet. Retrieved 07 17, 2011, from McBride Financial Services Intranet: https://ecampus.phoenix.edu/secure/aapd/cist/vop/Business/McBride/Intranet Nieves, E. (2005, December 27). Planned Parenthood in South Dakota. Retrieved 07 15, 2011, from Washington Post: http://www.washingtonpost.com/wp- dyn/content/article/2005/12/26/ar2005122600747.html SoDAK A.N.S.W.E.R Coalition. (2011, 07 15). SoDAK A.N.S.W.E.R Coalition. Retrieved 07 15, 2011, from SoDAK A.N.S.W.E.R Coalition: http://www.sodakanswers.org/events10.htm Swann, J. (2004). Protecting Your Physical Bank. Community Banker, 7-10.
  • 13. MCBRIDE FINANCIAL SECURITY RISK ASSESSMENT 13 Trulia. (2011, July 29). Sioux Falls Real Estate Overview. Retrieved July 31, 2011, from Trulia: http://www.trulia.com/real_estate/Sioux_Falls-South_Dakota/