- •Final report
- •I. Executive Summary II. Recommendations
- •1.1 Operational Environment and System Configuration
- •1.1.1 The Risk Assessment Team
- •1.1.2 Organization Details of SpecOrg
- •1.1.3 Physical Plant and Physical Security
- •1.1.4 System Configuration
- •1.2 Terms and Definitions
- •Introduction 13
- •1.3 Risk Analysis Methodology
- •1.4 RiskWatch Parameters and Data Analysis
- •I. Executive Summary
- •Executive Summary 2
- •2.1 Summary of asset categories
- •2.2 Assets within category
- •II. Recommendations
- •5.2.1 Physical Access Control
- •5.2.4 Contract Specifications
- •5.2.7 Life Cycle Management
- •5.2.9 Personnel Clearances
- •5.2.12 Risk Analysis
- •5.1 Summary of safeguards
- •Initial costs
- •5 Others (16.0%)
1.1 Operational Environment and System Configuration
The four sections below, numbered 1.1.1 through 1.1.4, provide detailed information about:
The team responsible for the management of risks within the enterprise;
The organizational details of the enterprise;
The physical plant and measures in place to ensure physical security;
The configuration of systems that are deemed within the scope of this analysis;
1.1.1 The Risk Assessment Team
[[[
The Risk Analysis Team for the analysis of SpecOrg consisted of NAME, Project Manager; NAME, Assistant Project Manager, and NAME, Senior Security Analyst.
The following individuals provided considerable support to the project by providing advice on risk analysis and internal control review planning, meeting to discuss the progress of the risk analysis effort, and reviewing and commenting on risk analysis deliverables:
NAME Office of Computer Operations
NAME Office of Computer Operations 3. NAME Office of Computer Operations 4. NAME Office of Computer Operations 5. NAME Office of Computer Operations 6. NAME Office of Computer Operations
NAME Office of Computer Operations
NAME Office of Information Resources Management
NAME Office of Information Resources Management
NAME Office of Information Resources Management
NAME Office of Budget and Administration
NAME Office of Budget and Administration
]]]
1.1.2 Organization Details of SpecOrg
Organization and Staffing
The Office of Computer Operations, which is headed by [[[NAME]]]. [[[NAME]]], directs the management, operation, and maintenance of all SpecOrg facilities and equipment (see organization chart immediately below). SpecOrg's staffing level is [[[xx]]].
[[[
[[[NAME]]] is the current contractor for the DATA CENTER. [[[NAME]]] is the project manager for the [[[NAME Contract]]] which is responsible for performing tasks assigned by SpecOrg for the operation and maintenance of SpecOrg facilities (see organization chart on page 9). SpecOrg and its subcontractor, [[[NAME]]], have [[[xx]]] staff assigned to this contract. ]]]
[[[
THE DATA CENTER provides data processing for SpecOrg application systems, program management systems, SpecOrg financial management and other administrative systems, and decision support systems supporting SpecOrg policy formulation. For the approximate 7,000 Statewide users, the data center processes approximately
50,000 batch jobs and 26,000 individual sessions per month; along with about 150,000 tape mounts. In addition, the data center maintains near 100% availability of the system for its users ]]]
Figure 1 [[[ PLACE ORGANIZATION CHART HERE ]]]
1.1.3 Physical Plant and Physical Security
[[[
Data Center Building
SpecOrg Data Center is a Government-owned, contractor-operated facility housed in the NAME building at ADDRESS which is a 32,000+ square foot facility which consists of the following: computer equipment area, office area, uninterruptible power system area, tape library area, and warehouse.
Physical Security
The NAME Building is a single level building of masonry construction with embedded windows around the perimeter. There are twelve (12) exterior doors leading into the facility. Two (2) doors are secured via a card key system, and six (10) are manually locked at all times. The facility is equipped with an intrusion detection alarm system that is monitored by the local security service.
One of the two entrances controlled by the card system is located in the front of the building facing NAME Road. The other is the visitors' entrance located on the side of the building facing the parking lot. The visitors' entrance is monitored by a security guard twenty-four (24) hours a day, seven (7) days a week. The visitors' entrance card key system is in operation Monday through Friday from 6:00 P.M. to 6:00 A.M. and twenty-four (24) hours a day on weekends and holidays. Although the front door card key system is operational twenty-four (24) hours a day, seven (7) days a week, the exterior door is bolted and key locked from 6:00 P.M. to 6:00 A.M.
The Computer room has four entrances. All four entrances are off a hallway that leads into a raised floor, recessed ceiling environment. Each door has a card key system with different access levels that is in operation twenty-four (24) hours a day, seven (7) days a week.
Fire Detection and Suppression
The fire detection system consists of heat detectors and Ionization-type smoke detectors located above and below the suspended ceiling and under the raised floor. When an alarm sounds, a panel inside the computer room indicates which device detected the problem. The fire alarm system is also monitored by the local security service.
The building contains an automatic fire suppression system consisting of a "total-flooding, wet-pipe system" with sprinkler heads above and below the suspended ceiling. Energy Management
The data center is environmentally controlled by twelve 20 ton Liebert air conditioning units that compensate for the generated heat load, which varies across the seasons. Heat and air conditioning are provided to office space external to the data center by roof-mounted units and a oil-fired, hot water baseboard heat system. The warehouse area is environmentally controlled by a eight-ton, roof-mounted heat pump.
Electrical power is provided by redundant feeds originating in separate commercial electric power substations. Critical electrical power is provided by two Emmerson Electric automatic transfer switches and two Liebert Uninterruptible Power Systems (UPS), with 15-minute battery backup. One of the two 500 KVA UPS systems is modular in design, with a total capacity of 2,000 kVA.
Off-Site Data Storage
The data center backs-up all data media storage on a daily basis. The data are then transported to the NAME off-site storage facility in ADDRESS. The NAME facility subcontract is managed by the NAME Contractor. NAME meets all Government requirements for an off-site storage facility.
Hot-Site for Disaster Recovery
SpecOrg has a contract with NAME of ADDRESS, for hot-site support. In the event of a total or partial disaster at SpecOrg data center and the decision is made to activate the hot-site, a designated team will travel to the hot site to operate the facility in place of the SpecOrg data center. ]]]