Using MONARC for risk analysis in a university / faculty environment – definition of primary assets #591
Replies: 1 comment
-
|
Hello,
That is absolutely correct. The primary assets could be a service, department, operation cycle and secondary are particulat physical or virtual assets that have associated risks.
There is a global asset terminology that allows to avoid the duplications of the risks in the global analysis view, reduce the time of the evaluation and treatment. |
Beta Was this translation helpful? Give feedback.
Uh oh!
There was an error while loading. Please reload this page.
-
Hello,
I am currently working on a risk analysis using the MONARC methodology as part of my master’s thesis.
The analysis is focused on an academic environment (faculty at a university), not a commercial company.
In many examples and tutorials, primary assets are defined around typical organizational units such as HR department, Finance department, or general Business processes.
In our case, the main mission of the faculty is:
The faculty critically depends on several IT services, such as:
My questions are:
Is it methodologically correct in MONARC to define primary assets at a higher, more abstract level (e.g. “IT services supporting education and research”), and then model the individual technical services (DNS, AD, Wi-Fi, etc.) as supporting assets?
Would it be acceptable to treat education and research as business/mission context, rather than defining them as separate primary assets, in order to avoid duplication of risks and supporting services?
I want to stay strictly aligned with the MONARC methodology and its recommended asset hierarchy.
Thank you very much for your guidance.
Beta Was this translation helpful? Give feedback.
All reactions