Vulnerability Assessments

Benefit: The Vulnerability Assessment is easily an extension of the Business Impact Analysis and provides for the realistic dangers that an organization could be exposed to. From the Physical assessment, MTSS provides/uses tools from the government sector to include HLS-CAM (Homeland Security Comprehensive Assessment Model), BZPP (Buffer Zone Protection Program), and CPTED (Crime Prevention through Environmental Design).

Internally, MTSS uses Information Technology Assessments to include penetration tests to identify all vulnerability within an organization exposed to an outside source.

Description:

Externally: MTSS identifies physical and security based vulnerabilities.

Internally: Modern organizations are increasingly dependent on continuing operation of their computer-based systems. Continuity planning must include up-to-date assessment of the impact of failure or gradual obsolescence of these systems.  Often, this must begin with evaluating the financial risk exposure faced by the organization for various parts of the critical business applications.  A well-established software risk management methodology (decision tree analysis) is used to quantify these risks and select alternative solutions. The supporting documentation consists of the following activities:

  • Conduct thorough review and visual examination of the voice and data communication facilities and supporting infrastructure.
  • Develop and publish the facility’s inventory.
  • Schedule and complete interviews with client personnel responsible for telephone and data services, cable infrastructure, and utilities.
  • Organize meetings with Local Exchange Carrier(s), telephone system, wide area network, and LAN vendors to review the current facilities, configurations, and vendor single points of failure.
  • Conduct disaster recovery design reviews with selected client and vendor staff.
  • Current Value/Replacement-Cost Assessment: Establish a dollar value and replacement cost for the critical business systems.
  • Risk Exposure/Cost Benefit Analysis: Determine risk exposures, and develop solution cost options for each affected system.
  • Business Continuity Solution Implementation: Design and validate selected solutions that include process and operating procedures.
  • Software Maturity Review: Detailed review of existing software, system development and maintenance processes and procedures (applicable to organizations that develop and maintain their own systems).
  • Process/Operations Review: General review of current backup/recovery processes and operations that include testing and validation.