1. IT Risk Assessment Project
Project Plan Document
Introductory Project
Intricap, LLC
One month Pilot Project
September 2013
2. Core Value Proposition
Any company with an IT organization
has to perform IT Risk Assessments
mandatorily as part of various
compliances.
This means every company worth its
salt.
Needs to be done annually
It is boring for IT and IT security
managers.
IT Risk Assessments are done one-
on-one today
A mass customization solution
through Internet and Technology will
find instant adoption.
4. What it takes to do IT Risk
Assessments today
You have to identify all critical ITEMS in
IT infrastructure: Computers, Servers,
Switches, Networks, Locations
Identify THREATS that can do harm to
each of them.
Figure out how VULNERABLE each item is
to each threat
For each vulnerable item, determine the
LIKELIHOOD of getting effected.
Given a likelihood of getting affected,
what will be the IMPACT on each item.
Given all of above, what is the RISK to
each item.
Document and Report
5. That seems complicated
No. Most of the ratings
are numbers from 1 to 5,
and all you need is to
multiply and add those
numbers to achieve Risk
Ratings
6. Is there a standard to comply
There are 3 Industry
known standards
NIST SP800-30
ISO 27005
OCTAVE
7. That’s lot of jargon
IT Industry needs jargon
to look smart. Come on,
admit it. All of us boast a
little. It is just
repackaging the same old
wine, reordering
sequences, and uses
slightly different phrases
8. So what is your offering
We will offer NIST SP800-
30 compliant Risk
Assessments online
through technology
platform.
10. How much would be the possible charges ?
We really want a fast
adoption on this one. We
have not decided the
numbers yet, but we will
take it through a price
discovery mechanism.
11. What else is your value add ?
For the first time ever, we will
offer VISUAL RISK
assessments.
All present Risk Assessments
are excel based number
assignment. Boring Stuff.
We will make it exciting. Like
visuals running, and playing a
game.
At the end of the game, your
Risk Assessment is done.
12. Is making it lot of work
NO. In god’s name NOT.
You cannot believe how
easy it is to build cool
visuals using this totally
open technology HTML5.
13. So Just HTML5
And a bit of PHP and
Javascript.
We need to create Word
reports, so we will use
some third party tools
for it.
14. How much time to build ?
Maybe 15 days of work.
Maybe less.
Building it is not that hard
work.
MARKETING it is.
15. MARKETING
Yes. We have to reach all
IT, and IT Security
Managers all over.
Then get them to try it.
That has seemed to be a
toadfull of work elsewhere.
16. So !!!!!!
So out of box marketing
techniques would be the
most crucial factor in the
success of this project.
Its all about MARKETING
17. OK, and what are the returns ?
At 100 USD per customer
paying, if 1000 customers sign
up, that is USD 100,000 per
year.
With 10,000 customers, it is 1
Million USD per year.
The world market is 100,000
customers.
Remember it is PER YEAR, not
one time
19. And regular costs ?
After initial heavy effort
in building and marketing
has been done, it will not
take more than 2 people
to run the whole show.
This will be a profitable
project.
20. Future ~!!
Once a relationship is
built with all IT Managers,
and if they kinda like you.
Then there are more
things to be done ;)
21. OK I am interested
All rights: INTRICAP, LLC
rohit@intricap.com
Prepared on a bus from Monterrey to Mexico
City,
1st September, 2013 .
Hurrah Internet on buses