Risk Management & Mitigation Plan for Data Center Environment

Abstract

To ensure company stability in running a business, the management team of the company must be aware of risks that could arise under various condition. These risks should be identified and mitigated as early as possible, before its effect the company. No matter what resource its affected, either core or support resource risks must be mitigated to avoid loss and damage to the company. Data Centre is one of the core resources of a company; it keeps the company information and used daily in the company. If by any causes, the data center could not be accessed or function; normally, it would cause a great loss to the company. This paper discussed the used of Facilitated Risk Analysis and Assessment Process (FRAAP) technique to list and mitigate risk to the company data center. There are four steps of FRAAP technique used in this paper: creating risk description list, creating a risk sensitivity profile, creating risk exposure rating, and creating mitigating control list. The used of FRAAP technique, resulted in identification of two type of risk which are confidentiality and availability. The mitigation plan in this paper, cover the steps planned to mitigated risk resulted from information leak (Confidentiality); ex. hacking, virus, Etc. and natural disaster (Availability); ex. Flood, earthquake, fire, Etc. These planned mitigation steps are divided into three lists, which are: Risks response, Emergency Response Steps, Recovery steps, and restoration steps of the company data center.