This doth be a machine-wrought text which may contain errors!
To wit, ‘tis well to know that perils do exist, yet little doth it avail thee if thou knowest not which threats be most pertinent to thy system. A risk analysis doth aid thee in prioritizing: what shouldst thou guard, what may go awry, and what ought thou to do thereupon?
What is a Risk Analysis?
A risk analysis is a systematic review wherein thou:
- Dost discover what may go awry
- Doth assess how likely ‘tis to occur
- Doth consider how grievous the consequence be
- Dost propose measures to diminish the peril
Thou needest not be a security expert to perform this. ‘Tis about thinking systematically.
Step by Step
Dersom du ønsker å sette opp en enkel server, er det noen steg du må følge. Først må du velge en passende maskinvareløsning. Dette kan være en dedikert server, en virtuell maskin, eller til og med en gammel datamaskin du har liggende. Deretter må du installere et operativsystem, som for eksempel Ubuntu Server eller CentOS. Når operativsystemet er på plass, kan du begynne å installere den programvaren du trenger for å kjøre serveren din, for eksempel en webserver (Apache eller Nginx) og en database (MySQL eller PostgreSQL). Til slutt må du konfigurere serveren slik at den er tilgjengelig fra internett, ved å sette opp port forwarding og eventuelt et domenenavn.
If thou dost desire to set up a simple server, there be certain steps thou must pursue. First, thou must choose a fitting hardware solution. This may be a dedicated server, a virtual machine, or even an old computer which doth lie idle. Thereafter, thou must install an operating system, such as Ubuntu Server or CentOS. When the operating system is in place, thou mayst begin to install the software thou requirest to run thy server, for example, a webserver (Apache or Nginx) and a database (MySQL or PostgreSQL). Lastly, thou must configure the server so that it is accessible from the internet, by setting up port forwarding and perchance a domain name.
Forberedelser
Før du begynner, sørg for at du har følgende:
- En datamaskin med internettilgang.
- Et operativsystem (Ubuntu Server anbefales).
- En SSH-klient (for eksempel PuTTY).
- Grunnleggende kunnskaper om kommandolinjen.
Preparations
Ere thou beginnest, ensure thou hast the following:
- A computer with internet access.
- An operating system (Ubuntu Server is recommended).
- An SSH client (such as PuTTY).
- Basic knowledge of the command line.
1. Valuing of Goods: What Possessions Have We?
Ere thou canst guard aught, thou must needs know what doth belong to thee. Make list of the most precious values within the system:
| Value | Instance | Wherefore of Import? |
|---|---|---|
| Data | User data, project files | Cannot be recreated |
| Services | Web server, email, file storage | Folk do depend upon them |
| Hardware | Servers, network equipment | Costs coin and time to replace |
| Reputation | The trust users bear unto the system | Sore hard to rebuild |
2. Risk Identification: What May Befall?
Ponder upon what may threaten thy values:
| Risk | Description |
|---|---|
| Ransomware | Files encrypted and ransom demanded |
| Power Outage | Servers and networks do fall |
| Disk Failure | Data is lost |
| Phishing | Some do yield their passwords |
| Misconfiguration | A change which doth bring down a service |
| Natural Event | Fire, water damage, tempest |
3. Consider Likelihood and Consequence
For each peril, thou shalt assess two things upon a scale (e.g. 1-5):
- Likelihood: How likely is ‘t that this shall come to pass?
- Consequence: How grievous shall it be, should it so occur?
Risk Value = Likelihood × Consequence
| Peril | Likelihood (1-5) | Consequence (1-5) | Risk Value |
|---|---|---|---|
| Disc Failure | 3 | 4 | 12 |
| Ransomware | 2 | 5 | 10 |
| Phishing | 4 | 3 | 12 |
| Power Outage | 2 | 3 | 6 |
| Misconfiguration | 3 | 3 | 9 |
The higher the risk value, the more priority shouldst thou give to the measures.
Risikomatrise
A risk matrix doth show this visually with hues:
- 🟢 Low (1-6): Risk acceptable, yet keep a watchful eye upon it
- 🟡 Medium (7-14): ‘Tis meet to have measures in place
- 🔴 High (15-25): Doth require most urgent action
4. Propose Remedies
For each peril of high or middling value, do thou suggest such remedies:
| Peril | Remedy |
|---|---|
| Disc Failure | Backup (the 3-2-1 rule), RAID upon the servers |
| Ransomware | Updates, backup offline, instruction |
| Phishing | Awareness, MFA, email filtering |
| Misconfiguration | Documentation, change log, snapshot ere change |
5. Documents and Pursue
The risk analysis is not a task for a single time only. Write it down, share it with the company of thy team, and review it with constancy (e.g. every half-year, or after an event doth occur).
Task 1 - Perform a Mini-Risk Analysis
Choose a system with which thou art familiar (e.g., thine own personal computer, a Virtual Machine thou hast set up, or the school’s network) and proceed through the steps:
- List up 3-5 values (what doth matter?)
- Find 3-5 risks (what may go awry?)
- Assign each point a probability and consequence (1-5)
- Propose measures for those with the highest risk value
Employ a spreadsheet or a simple table in Markdown.
Summary
- A hazard analysis doth aid thee in prioritizing safeguards.
- The steps be: valuation of worth, identification of peril, assessment of likelihood/consequence, measures taken, and documentation.
- Risk value = likelihood × consequence.
- Hazard analysis is not a task for once alone, ‘tis to be updated oft.
Thou mayest download a template for risk assessment at Datatilsynet.