Exploring F.A.I.R. – Backing up and Setting the Stage

by kriggins on February 10, 2009

in Risk Management

This is the next post in our Exploring F.A.I.R. series. Links to previous posts can be found here.

I didn't plan very well when I jumped right into things with my last post about assets. I made the statement that the information hosted on the web server was not an asset and I was rightfully corrected by several folks.

Where I erred was in having some preconceived ideas of where things were going to go and not sharing those ideas with you ahead of time. That being said, those ideas have changed and I am going to start sharing them in this post.

I am going to follow in the footsteps of others (i.e. steal their ideas) and flesh out our scenario first.  I am essentially copying what Chris did, although not quite as detailed.

Below you will find a description of the organization that we are performing our assessment for along with a Loss Magnitude Table which we will talk about later. The next post will present the characteristics of the system we will be assessing.

Welcome to Oblivia!

Oblivia is a small country that is just now entering the technological age. Needless to say, maturity in their information technology infrastructure is a bit lacking.

The sole source of income for the government is the taxes they assess on companies doing business in the country. Citizens do not pay taxes and there are no tariffs on imports or exports. ( I know, work with me here.) Their tax code is quite complicated and there are many different rates depending on business type, revenue, etc. Annual tax revenue for the country is $10,000,000 and their budget, which they adhere to very well, is $9,000,000. ( I told you, it's a small country!)

They have decided to publish the tax code on the internet and, in the interests of having a transparent tax code, have declared that public representation to be the authoritative source.

We have been hired to assess the web server and infrastructure that has been put in place to publish the tax code.

Below is the Loss Magnitude Table for the Oblivian government.

Severe (Sv) >$1,000,000
High (H) $500,000-$1,000,000
Significant (Sg) $250,000-$499,000
Moderate (M) $100,000-$249,999
Low (L) $50,000-$99,999
Very Low (VL) <$50,000

Keep tuned in as we describe the infrastructure in the next installment of "Exploring F.A.I.R." As always, comment are not only welcome, you are encouraged to let me know what you think.

-Kevin

Reblog this post [with Zemanta]

{ 4 comments… read them below or add one }

Alex February 10, 2009 at 8:00 pm

I’m really looking forward to it, Kevin!

Reply

kriggins February 10, 2009 at 8:13 pm

Thanks Alex!

Reply

Christian February 10, 2009 at 11:03 pm

I really enjoy the work that you and Chris do on walking through FAIR scenarios.. very cool!

Reply

kriggins February 11, 2009 at 8:52 am

Thanks Christian!

Reply

Leave a Comment

Previous post:

Next post: