I've just started a new Role at this school and the Head has asked for a Risk Assessment on the current IT Infrastucture as they are not confident on how the last technicain managed the system. I've never really had to do this type of assessment before and I'm looking for some pointers in what I should be looking for. The kit consists of Windows 2003/2008 Servers, an Exchange 2007 Server and a couple of Hyper-V boxes playing host to a number of Windows guests. They use DPM to backup the data to disk and Tape but this hasn't worked in a while because the overnight tapes are being filled up. So far I've come up with Backup, MS Update patching, Antivirus but was also thinking about Disaster Recovery, prehaps holding virtual images of all machines offsite to use along with a working backup.
don't forget teh network side of things as well - redundant links, broadband failover etc.
I'm also interested in the responses to this, mainly as i fail to see what you can risk assess with regards to a system. Surely you can only risk assess the way that people interact with the system?
More to do with the risk that the system will go titsup i think.
Originally Posted by Oaktech
so, identifying points of failure, conditions of failure, and disaster/incident recovery...
thats not really a risk assessment to my mind, but ok, i'm still interested...