Risk Management

During this phase, you should identify the risks associated with your network infrastructure relative to the needs and requirements of the organization.

These areas might include, but aren’t necessarily limited to:

• ▶▶ Servers
• ▶▶ Backup Solutions
• ▶▶ Email
• ▶▶ Telecommunications
• ▶▶ Firewalls
• ▶▶ Method of IT Support

Now that you’ve identified your risks, it’s time to begin analysis of each one. In order to do so, you must understand the link between the identified risk and how it relates to the organization.

For example, if you identify your backup solution as being local, file and folder only – you need to evaluate the risk associated with a ransomware attack or a disaster that destroys your entire facility resulting in your backups being encrypted or destroyed respectively.

Once you’ve implemented a solution to address an identified risk, an important step is to map risks as they relate to different documents, policies, procedures and business processes as these may change once the solution has been introduced.

It should go without saying that some risks are more acceptable than others due to their probability or general impact on the business. A risk that may cause an inconvenience as opposed to downtime shouldn’t be considered a top priority; however, it is still a risk and should be included somewhere in your rankings.

Ranking helps you gain perspective on what risks exist within your network infrastructure as well as possible solutions to address them. This provides you with some additional insight since you may see several “low risk” items that would supersede a single “high risk” item if they were to occur simultaneously; however, in some cases, a number of low risk items can be addressed at one time via a single solution. An example of this might be the identification of a local, file and folder only backup solution coupled with a premise-based server. This server also houses your telecommunications solution and email meaning a multitude of risk factors exist were the server to fail.

Given this example, a hardware failure would result in you not only losing access to your server and associated data, but a failure of your email and telephone system; however, a Datto Business Continuity and Disaster Recovery solution would address all of these risks by allowing your organization to transition all of your server processes to the local Datto appliance until such time as the server is back online.

ThrottleNet recommends establishing a risk management solution allowing all stakeholders to discuss any identified risks as well as a possible solution. This allows upper management to review the risks as well as suggested solutions and any progress on implementation.

There will always be risks that fall outside of your purview, but that are always present such as market conditions or compliance requirements. This is an area where your team must be diligent in identifying risk and communicating said risk to all stakeholders.

At a minimum, you should perform a risk analysis annually to make any needed adjustments as well as to account for any risks that may have surfaced since the analysis was completed.