sample risk assessment

Running head: MCBRIDE FINANCIAL SECURITY RISK ASSESSMENT 1

McBride Financial Security Risk Assessment

Team C: REDACTED

CMGT 542

July 17, 2011

MCBRIDE FINANCIAL SECURITY RISK ASSESSMENT 2

McBride Financial Security Risk Assessment

The McBride Financial Services company is planning to place their new office in the

Sioux Falls, South Dakota market. Information for the preparation of a Risk Assessment has

been gathered from a recent interview of Hugh McBride by Abram LaBelle of Smith Systems

Consulting. Smith Systems Consulting will be integrating the information systems network and

supporting the technology over the long term.

McBride seeks to invest some $200,000 on website development, aimed at the ability to

gather prospective client applications over the web, and follow-up with a small staff of loan

officers and administrative staff in the local market area where the client is located.

Our survey of the proposed 41st Street & Minnesota Avenue location in Sioux Falls,

South Dakota has yielded a number of risks for McBride Financial Services to be aware of and

potentially mitigate if possible or consider contingency plans in response if the risk occurs.

Our survey has classified risks by four major categories: Physical Security; Risk of

Terrorism, Natural, and Manmade Disasters; Economic; and Technical Risks.

Physical Security

McBride Financial Services seeks to use 800 to 1000 square foot ground-level, single

story offices in mixed-use retail or strip-style professional office locations. There are several

concerns for a company that possesses financial records for their clients in these types of

locations (McBride Financial Services, 2011).

First, ground-level offices with windows should be given particular consideration to the

placement of furniture, the direction facing of computer screens, and the need for secured file


storage of paperwork. Computer screens that are left on at night, visible from exterior office

windows can easily be read with the naked eye or with binoculars from outside of the building.

Personal information on a database record, left on the screen, could be transcribed by a passerby

with no other physical access to the building. Likewise, file cabinets or desks placed near the

windows could also be the source of the same personal information disclosure if documents are

left in view.

Second, ground level offices are inherently more attractive to thieves. Financial

companies with high grade copiers, large computer flat screens, employee-owned iPods and

iPads left on desks, and business laptops are a very tempting target for an opportunistic thief.

While the ground-level offices are more convenient for clients, if customer visits are infrequent

or not necessary, consider a second or higher story location or budget for a very thorough

physical security system.

Third, near the proposed location, the general area and neighborhood is a mixture of

mostly run-down retail strip malls with some gentrification that has been slowly taking shape.

There is a pronounced population of check-cashing stores, bars, and liquor stores in the

immediate area, as many as thirty within a 2 mile radius, known to have large amounts of cash

on hand and are magnets for robbery and burglary activity. Locations with a high concentration

of these types of businesses in the vicinity indicates a neighborhood in decline, and where the

residents have little financial resources to spend (Khalfani-Cox, 2011) (Google, 2011).

Locations in the immediate vicinity of less than 0.5 miles are listed below and their

distance to the proposed intersection location (Google, 2011):

Wells Fargo 100 yards Medium risk – bank robbery


Cash Depot 100 yards High risk – robbery

Home Federal Bank 0.2 miles Medium risk – bank robbery

Check Into Cash 0.2 miles High risk – robbery

Good Sprits Wine & Liquor 100 yards High risk – random crime

Taylor’s Pantry & Liquor 100 yards High risk – random crime

Poppadox Pub 0.3 miles Medium risk – random crime

Crow Bar & Casino 0.3 miles Medium risk – random crime

Risk of Terrorism, Natural and Manmade Disasters

Our survey of the risk of toxic chemicals in the area indicated this was a very low overall

risk. The neighborhood is on the boundary of large areas of residential single family homes and

light commercial, office, retail, and small mixed-use commercial buildings. There were no

industrial properties found within a comfortable distance from the location.

A nearby printing press, Sisson Printing at 3400 South Minnesota Avenue, approximately

four blocks from the subject location, represents a risk of hazardous chemicals release.

Commercial printing presses generate solid waste including empty containers, used film packs,

outdated chemicals that are disposed of, damaged plates, bad printing & spoilage and large

amounts of scrap paper. Wastewater from printing operations can contain lubricating oils, waste

ink, cleanup solvents, photographic chemicals, acids, alkalis, and plate coatings, as well metals

such as silver, iron, chromium, copper and barium. Air emissions include volatile organic

compounds, alcohols, boiled inks, and wetting agents as well as nitrous dioxide and sulfur


dioxide. The culmination of toxic ink and bleaches used by modern printing presses can have

adverse effects on the surrounding environment (Illinois State University, 2011).

There is a single source of transportation and transit risk of a chemical or hazardous spill

of some kind, the I-229 freeway, serving as the through-city business loop for the I-29

North/South Interstate is located approximately 0.25 miles south of the proposed office location

and carries truck & trailer traffic throughout the day, including petroleum, agricultural

chemicals, and ethanol products.

Sioux Falls, South Dakota has a very large population of government agencies and

buildings at the city, state, and federal levels, most within 2.5 miles of the proposed office

location. Several are located less than 1.5 miles from the office and may represent a low risk of

foreign or domestic terrorism (Google, 2011):

Veterans of Foreign Wars (Fraternal

Organization)

0.2 miles Very low risk

Sioux Falls Fire Training Center (first

responder training)

0.3 miles Very low risk

US Social Security Administration 1.3 miles Low risk

Minnehaha Juvenile Training Center 1.0 miles Low risk

US Air Force Health Professional Recruiting 1.1 miles Low risk

US Housing & Urban Development 1.3 miles Low risk

US Military Entrance Processing Station

(MEPS)

1.5 miles Medium risk


The State of South Dakota has an active and sometimes violent history of political

opposition demonstrations. South Dakota is a very conservative state, and has only a single

abortion clinic, and is located at Planned Parenthood, 6511 West 41st Street, Sioux Falls, South

Dakota – approximately 3.7 miles (albeit on the same street) as the proposed office location.

There are no doctors in South Dakota willing to perform abortions for fear of retribution on their

families and/or careers, so a doctor flies into Sioux Falls once per day from Minneapolis to meet

with patients and perform the procedures. State law prohibits the use of insurance or healthcare

benefits or subsidies for any type of abortion under any circumstances, so it is largely a cash-

only service. The office is located across the street from Roosevelt High School in an unmarked

building, facing away from the street and with a private fenced parking lot. The building is

secured and locked, and patients must request entry from a door-button & speaker – only patients

with an appointment are admitted. The waiting area has a bulletproof glass reception area, and

Kevlar-reinforced walls due to fear of attacks by protestors that picket seven days per week in

front of the location (Nieves, 2005).

Two similarly ultra-conservative groups are located 0.7 miles from the proposed office

location and frequently picket, clash with, and publish anti-abortion rhetoric in media outlets.

The Alpha Center, and the Take Charge of Your Life Organization.

SoDAK A.N.S.W.E.R. Coalition is an ultra left-wing political organization, openly

socialist/communist and supportive of ideals most Americans would find offensive, such as Pro-

Palestinian / Anti-Israeli protests, Israeli & US flag burning, and openly supports the overthrow

of the US government and Constitution. Their office location is located 0.2 miles from the


proposed McBride Financial Services location. A recent media article written by the group

included their protest of the first execution of capital punishment in South Dakota in sixty years:

“The death penalty is promoted by ruling class supporters as a so-called deterrent to

crime, but in reality it is a way for the capitalist class to kill working-class people, especially

African Americans.” The person executed happened to be a white male that admitted guilt and

waived his rights to appeals. (SoDAK A.N.S.W.E.R Coalition, 2011).

Due to the extreme nature of their rhetoric and occasionally violent comments and

protests, it is conceivable that they may choose to make stronger political statements in the

future, resulting in harm to others.

Economic Risks

Presently, eight real estate companies remain within a 1.5 mile radius of the office

location. Of those, only two, RE/MAX and Century 21 Advantage, have more than 2 agents in

their office. Several years ago, as many as thirty companies were in the same market area

(Google, 2011). Many locations listed as real estate offices have vacated and are now occupied

by different companies in different industries.

Year over year housing price trends by neighborhood in Sioux Falls continue to show

steep declines from the previous year, with only one section of the city showing a modest gain.

The median selling price of a house in Sioux Falls is $149,900, or about half of what the average

seller’s asking list price is at $297,171, indicating that buyers and sellers have very different

expectations for executing a sales contract (Trulia, 2011). Housing inventory numbers represent

approximately a six-month supply of homes on the market, with numbers greater than adequate

for ninety-days indicating a “Declining Market” condition, with year over year average sales


prices down by as much as 8.7% from the same month in 2010 (Trulia, 2011), with middle and

affluent neighborhoods the hardest-hit. With the home mortgage system in disrepair, high

unemployment levels, and the national banking system still cautious with regard to the real estate

market, it may be some time before the economic indicators for the Sioux Falls real estate market

recover (Trulia, 2011) (Johnson, July).

Technical Risks

The company seeks to fully outsource their information technology services with a

budget of $500.00 per month (McBride Financial Services, 2011) despite the very large initial

capital outlay of $200,000 for a fully automated mortgage application website and electronic

decision-engine. The company lacks any technically-minded leadership internally (McBride

Financial Services, 2011) and the very low monthly support budget seems very low in that

consideration, while being the primary source of business and revenue for the company.

We question whether the $500.00 per month budget figure is sufficient to manage

enhancements and upgrades to the enterprise-class ecommerce website, secure the company

databases from external intrusion, maintain desktop end-user systems, and properly secure and

monitor for intrusion attempts to the client financial records systems while seeking to

interconnect eight offices with shared data and resources (McBride Financial Services, 2011).

Mitigation Recommendations

Physical Risks

Industry best-practices for office management that the banking industry uses can be of

significant value. To protect client information, keep window coverings closed or use blinds to

obscure visibility into the office and arrange workstations so as to avoid visibility of the


computer screens from outside through and adjacent window. Utilize idle-timeout settings on

computers to blank a screen that may potentially contain sensitive client personal financial

information after five minutes of no activity. Institute company policies that require personal

financial documents to be stored in locked filing cabinets when not in use and at the close of

business every day.

Employees are also vulnerable to random acts of crime, and annual security awareness

training should be conducted. This can include topics and requirements such as information

security mentioned above, as well as personal security and being aware of their surroundings.

A monitored business-grade security system should be installed, and automatically

activated after hours. Consider the use of perimeter-only security system features as an added

measure of security for employees that may be working after normal business hours.

For physical security, and all other threats, the first line of defense should be a thorough

data backup system that is regularly monitored and tested. Company information security

policies should prohibit the storage of personal information or client financial data on local PCs,

hard drives, flash drives, or removable disk media that is vulnerable to theft. If required for

business purposes, strong disk or tape encryption should be used.

Risk of Terrorism, Natural, and Manmade Disasters

These risks are primarily a threat to the human resource of the business. Mitigation

strategies include regular daily data backup and general employee security awareness. The

business can be alerted to a growing threat condition resulting from future socio-political factors

by taking an active or passive interest in local news and politics, and being aware of any growing


or scheduled protests in the immediate area and taking any precautions that may be warranted if

needed.

Economic Risks

The current real estate market crisis is a nationwide, systemic condition and there is little

or nothing that an individual company can do to correct this macroeconomic trend. Mitigation

measures to consider are: keeping recurring costs as low as possible after opening the office

until economic conditions have shown improvement for several quarters. Avoid long-term office

or equipment lease agreements that would hamper defensive business decisions later if

warranted.

Technical Risks

Consider having one or more company managers attend some web development and

information technology support seminars intended for business leaders. A better understanding

of technical and ecommerce support objectives and strategies can assist in matching business

strategy and requirements to available resources.

Regularly revisit monthly business plans and capital budgets to ensure available

resources are properly prioritized for stable business operation.

Avoid single-sourced exclusivity clauses in technical support contracts. In the event that

a quality-of-service, responsiveness, or other problems are exhibited by the support provider,

there should not be any contractual damages incurred by the cancellation of the agreement and

selection of a new provider. Longer term, as cash flows stabilize and can support the overhead,

consider adding a technical manager to oversee support agreements and future website

maintenance, enhancement, and refreshment.


Conclusions

The proposed new location for McBride Financial should prove adequate and able to

meet the company’s needs. Several risks do exist however, with the most threatening of those

potentially being the company’s own business plan, and external industry economic factors

beyond the limiting control of mitigation planning.

The opening of a new location can be quite an experience for any company. McBride

Financial has successfully identified a wide array of potential risks that range from high to low

with various impacts to their daily operations. Although it is impossible to plan for every event,

McBride Financial has gone through great lengths to mitigate every foreseen risk that could

potentially occur. Through risk analysis and management, they have provided themselves a solid

foundation on which they can continue to grow and succeed.


References

Google. (2011, 07 16). Google Maps. Retrieved 07 16, 2011, from Google Maps Sioux Falls,

South Dakota: http://maps.google.com

Illinois State University. (2011, July 17). Illinois State University. Retrieved July 17, 2011, from

Illinois State University:

http://www.istc.illinois.edu/info/library_docs/manuals/printing/p2pract.htm

Johnson, S. (July, 17 2011). Licesned Broker-Officer, California Department of Real Estate

#01400015. (S. Johnson, Interviewer)

Khalfani-Cox, L. (2011, May 12). Payday Lenders Fuel Crime, Drive Down Residential

Property Values. Retrieved July 31, 2011, from AOL Original, WalletPop Personal

Finance: http://www.walletpop.com/2011/05/12/payday-lenders-fuel-crime-drive-down-

property-values/

McBride Financial Services. (2011, 07 17). McBride Financial Services Intranet. Retrieved 07

17, 2011, from McBride Financial Services Intranet:

https://ecampus.phoenix.edu/secure/aapd/cist/vop/Business/McBride/Intranet

Nieves, E. (2005, December 27). Planned Parenthood in South Dakota. Retrieved 07 15, 2011,

from Washington Post:

http://www.washingtonpost.com/wp-dyn/content/article/2005/12/26/ar2005122600747.ht

ml

SoDAK A.N.S.W.E.R Coalition. (2011, 07 15). SoDAK A.N.S.W.E.R Coalition. Retrieved 07 15,

2011, from SoDAK A.N.S.W.E.R Coalition: http://www.sodakanswers.org/events10.htm


Swann, J. (2004). Protecting Your Physical Bank. Community Banker, 7-10.

Trulia. (2011, July 29). Sioux Falls Real Estate Overview. Retrieved July 31, 2011, from Trulia:

http://www.trulia.com/real_estate/Sioux_Falls-South_Dakota/

sample risk assessment

Documents