IT Risk Assessment Project

Project Plan Document Introductory Project

Intricap, LLC

One month Pilot Project September 2013

Core Value Proposition

Any company with an IT organization has to perform IT Risk Assessments

mandatorily as part of various compliances.

This means every company worth its

salt.

Needs to be done annually

It is boring for IT and IT security managers.

IT Risk Assessments are done one-

on-one today

A mass customization solution through Internet and Technology will

find instant adoption.

Competition

None

Most of it is done

internally at present, or

through consultants done

one at a time.

What it takes to do IT Risk

Assessments today

You have to identify all critical ITEMS in IT infrastructure: Computers, Servers,

Switches, Networks, Locations

Identify THREATS that can do harm to each of them.

Figure out how VULNERABLE each item is

to each threat

For each vulnerable item, determine the LIKELIHOOD of getting effected.

Given a likelihood of getting affected, what will be the IMPACT on each item.

Given all of above, what is the RISK to

each item.

Document and Report

That seems complicated

No. Most of the ratings

are numbers from 1 to 5,

and all you need is to

multiply and add those

numbers to achieve Risk

Ratings

Is there a standard to comply

There are 3 Industry

known standards

NIST SP800-30

ISO 27005

OCTAVE

That’s lot of jargon

IT Industry needs jargon to look smart. Come on,

admit it. All of us boast a little. It is just

repackaging the same old wine, reordering

sequences, and uses slightly different phrases

So what is your offering

We will offer NIST SP800-

30 compliant Risk

Assessments online

through technology

platform.

Pricing !!!!!

We are working on

pricing. Nothing is fixed

yet

How much would be the possible charges ?

We really want a fast

adoption on this one. We

have not decided the

numbers yet, but we will

take it through a price

discovery mechanism.

What else is your value add ?

For the first time ever, we will offer VISUAL RISK

assessments.

All present Risk Assessments are excel based number

assignment. Boring Stuff.

We will make it exciting. Like visuals running, and playing a

game.

At the end of the game, your Risk Assessment is done.

Is making it lot of work

NO. In god’s name NOT.

You cannot believe how

easy it is to build cool

visuals using this totally

open technology HTML5.

So Just HTML5

And a bit of PHP and

Javascript.

We need to create Word

reports, so we will use

some third party tools

for it.

How much time to build ?

Maybe 15 days of work.

Maybe less.

Building it is not that hard

work.

MARKETING it is.

MARKETING

Yes. We have to reach all IT, and IT Security Managers all over.

Then get them to try it.

That has seemed to be a

toadfull of work elsewhere.

So !!!!!!

So out of box marketing

techniques would be the

most crucial factor in the

success of this project.

Its all about MARKETING

OK, and what are the returns ?

At 100 USD per customer paying, if 1000 customers sign

up, that is USD 100,000 per year.

With 10,000 customers, it is 1

Million USD per year.

The world market is 100,000 customers.

Remember it is PER YEAR, not

one time

That’s not bad for one month

of work

I told you so.

And regular costs ?

After initial heavy effort in building and marketing has been done, it will not take more than 2 people

to run the whole show.

This will be a profitable project.

Future ~!!

Once a relationship is

built with all IT Managers,

and if they kinda like you.

Then there are more

things to be done ;)

OK I am interested

All rights: INTRICAP, LLC

rohit@intricap.com

Prepared on a bus from Monterrey to Mexico

City,

1st September, 2013 .

Hurrah Internet on buses