Organisation Information
If included, you will receive a customised analysis for your
organisation. The results will be kept confidential. If you are
hesitant to fill in the details, either remain anonymous or contact me on
amz@yahoo.com .
Company Name (optional)
E-Mail address (optional)
Country (optional)
United States
Afghanistan
Albania
Algeria
American Samoa
Angola
Anguilla
Antartica
Antigua
Argentina
Armenia
Aruba
Ascension Island
Australia
Austria
Azerbaijan
Bahamas
Bahrain
Bangladesh
Barbados
Belarus
Belgium
Belize
Benin
Bermuda
Bhutan
Bolivia
Bosnia-Herzegovina
Botswana
Brazil
British Virgin Islands
Brunei
Bulgaria
Barkinoa Faso
Burundi
Camaroon
Cambodia
Canada
Cape Verde Islands
Cayman Islands
Central African Rep.
Chad Republic
Chile
China
Colombia
Comoros
Congo
Cook Islands
Costa Rica
Croatia
Cyprus
Czech Republic
Denmark
Diego Garcia
Djibouti
Dominica
Dominican Republic
Ecuador
Egypt
El Salvador
Eqitorial Guinea
Eritrea
Estonia
Ethiopia
Faeroe Islands
Falkland Islands
Fiji Islands
Finland
French Guiana
French Polynesia
France
French Antilles
Gabon
Gambia
Georgia
Germany
Ghana
Gibralter
Greece
Greenland
Grenada
Guadeloupe
Guam
Guantanemo Bay
Guatemala
Guinea
Guinea Bissau
Guyana
Haiti
Honduras
Hong Kong
Hungary
Iceland
India
Indonesia
Iran
Iraq
Ireland
Isreal
Italy
Ivory Coast
Jamaica
Japan
Jordan
Kazakhstan
Kenya
Kiribati
Korea (South)
Korea (North)
Kuwait
Kyrgyzstan
Laos
Latvia
Lebanon
Lesotho
Liberia
Libya
Lithuania
Luxembourg
Macao
Macedonia
Madagascar
Malawi
Malaysia
Maldives
Mali Republic
Malta
Marshall Islands
Mauritania
Mauritius
Mexico
Micronesia
Moldiva (CIS)
Mongolia
Montserrat
Morocco
Mozambique
Namibia
Nauru
Nepal
Netherland Antilles
Netherlands
Nevis
New Calidonia
New Zealand
Nicaragua
Niger
Nigeria
Niue Island
Norfork Island
Norway
Oman
Pakistan
Palau
Panama
Papua New Guinia
Paraguay
Peru
Philipines
Poland
Portugal
Qatar
Reunion Island
Romania
Russia
Rwanda
Saipan
Sao Tome
Saudi Arabia
Senegal Republic
Seychelles Island
Sierrra Leone
Singapore
Slovenia
Soloman Island
Somalia
South Africa
Spain
Sri Lanka
St Helen
St Kitts
St Lucia
St Pierre
St Vincent
Sudan
Suriname
Swaziland
Sweden
Switzerland
Syria
Taiwan
Tanzania
Thailand
Togo
Tonga
Trinidad & Tobago
Tunisia
Turkey
Turks/Caicos
Tuvalu
Uganda
Ukraine
United Arab Emirates
United Kingdom
Canada
Uruguay
Vanuatu
Venezuela
Viet Nam
Wallis / Futuna
West Samoa
Yemen Republic
Yugoslavia
Zaire
Zambia
Zimbabwe
IT Assets
These values are a rough estimate of the perceived value of
the organisational
intangible IT assets. You may want to consult your Financial
Controller if you are not sure.
Total Value of IT Assets ($)
Include the perceived value of the IT Assets, even those that
are not part of the assets that are at risk. Confused about this term:
READ MORE HERE!
Total Value of IT Assets at Stake (% of Total Assets)
The percentage of the assets at risk. If your on-line
portion is a small percentage of the total IT infrastructure, put a small
percentage. Refer to the organisational model
if you are confused.
Confidentiality and Integrity Loss (% of Assets at Stake)
The percentage of Assets at Stake that would be lost in one attack. E.g. if data is stolen or the
integrity of data is compromised.
Vulnerabilities
These values are a rough estimate of the perceived
vulnerabilities of your IT assets.
Probability that there is a Vulnerability in your Information Assets (0-1)
If you have no clue of this figure, which will be the result
of research on your particular system, leave the default.
Cost to Fix Vulnerabilities (Patches, Updates, Upgrades -$ per month)
This is the total cost per month that you will be charged by
the IT people and suppliers to fix vulnerabilities in your IT systems.
Cost to Breach Vulnerabilities
(one-time - $)
This is the amount that a hacker would have to spend to
actually exploit a vulnerability of your system. If you are unsure about this
figure, leave the default value.
Defence Mechanisms
Include the total cost of any defence mechanisms such as
antivirus systems, firewalls, intrusion detection systems.
Cost to Build (One time - $)
The total cost including hardware and software of the
infrastructure that currently defends your organisation's IT assets.
Cost to Maintain (Annual - $)
Include the maintenance costs that you pay or plan to pay on
the defence mechanisms. Include the wages paid to your IT Security
personnel if you think these are relevant.
Attacks
These values are a rough estimate of the perceived threats of
your IT assets.
Cost to Break (One-time - $)
Include the cost that an attacker will have to incur to break
into your defence mechanisms. If unsure you are kindly asked to keep this
field as default.
Probability that there is a Threat to your System in One Month (0-1)
Depending on the attractiveness of your site, and your
firewall and IDS logs you may have a gut feeling on the probability that your
site will be attacked.
Disaster and Recovery
Loss of Revenue if IT Assets are compromised ($ per hour of downtime)
If you are working on an e-commerce site, this may be related
to the average number of sales per hour that you have transacted on this
website. If you do not use the web-site to conduct e-commerce, then you
might want to put zero.
Cost to Rebuild Lost IT Assets (Total Man-hour rate -$/h)
This is the total cost per hour that you will be charged by
the IT people to restore from backups the information lost or to fix the damage
done to the IT assets.
Total Expected Down Time (Annual - h)
This will be dictated by the Service Level Agreement (SLA)
that you have with the organisation in question. If unsure, enter the
maximum tolerable downtime period that you expect. For a 99%
availability, this will be 87.6 hours.
IT Budget
These figures relate to what you or your financial controller
has budgeted for IT this year.
Value of IT budget (Annual - $)
The total annual IT budget for the current year.
Value of IT security budget (Annual - $)
The IT security budget including any maintenance costs or any
licences that you will pay in the coming year (including any fees that are
provisional should an attack be successful on your site).