Filling in this section with the help of this threats guide is an excellent exercise for looking at your current procedures and protection in place and can be an eye-opener on how responsive your organisation actually is to particular threats.
In the threats section of the Input Wizard We have some pre-configured threats with more coming shortly that you’re able to select from the drop-down menu.
From here you need to consider the threat in relation to the type of business you are. For example, if we select phishing as a threat for our restaurant business, the chance of losing market positioning is going to be low because phishing doesn’t really impact a restaurant’s ability to serve customers or make food any less tasty!
*You may find a slight decrease in people perhaps signing up for a newsletter or engaging on social media as a result of feeling like the business is less secure so you can’t say it will have no impact for certain. But this threat is actually fairly low to the business.
So, therefore we’ve input 2 days of turnover loss potentially where you close to fortify your IT infrastructure with your high, medium and low impact users.
The relative rate of sales in this instance would be around 80% of that whole day as you wouldn’t trade for those 24 hours but you may have the residual turnover from the previous day or even still be taking bookings for the rest of the week, for example. Workday loss for the users are all similar as no one can work if the restaurants or head office are closed but you could send in cleaning staff or wait staff to do checks, cleaning or paperwork whilst they wait for IT to finish so they wouldn’t lose as many days work.
Now, let’s look at what happens with a larger threat, so click on the plus sign to the right hand side which will add a new field for a new threat. In this example we’re going to be adding Ransomware as well.
So, the chance of losing market positioning is medium because whilst the ransomware is on your system you’re unable to use any of the technology on the compromised network. This could be taking payments in the restaurant, ordering systems and using other hardware.
As you would need to remove the ransomware from the network as well as any compromised devices and then reinstall backups you could be looking at over 3-4 days of turnover loss or more depending on the amount of system effected. Again the relative rate of sales would be around 80%. If the relative rate of sales is something you’re still unsure of, use 50% as a default percentage.
Now, here is where there is a real difference compared to the first example, and it’s in the workday loss for users. Think back to the company information section where we asked you to consider the ways different users will be affected by technology and you’ll be able to easily fill this section.
For example, high impact users will likely lose the full 3-4 days of working time whilst waiting to get things back up and running. However this might be reduced if you have secondary sites or use the cloud and high-impact staff are able to work from home.
Now, if you want to use a custom threat for your business that isn’t in the list, perhaps it’s something specific or unique to your industry you can input it by going to the ‘Add threat type’ box, typing in your threat, adding it to the threats list and then selecting from the drop-down as normal.
Note that these are not universal and are only relevant to your account, so you can add any threats you like without other users being able to select them yourself.
You might also want to use Boardish to cover threats outside of cyber security or tech, for example to analyse and quantify the risk of fire and flood to your building as well as non-technical issues like health and safety procedures or risks of injury but we’ll cover non-conventional uses of Boardish in another tutorial.
For each threat you can enable or disable them. We recommend that you don’t delete threats or solutions, particularly if you’ve completed any more steps after this point. This is because you’ll need to delete the rest of the related information in each section to remove it entirely from the dashboard. Enabling or disabling however is as easy as a checkbox and you can return to the threat later if it becomes relevant again.
Then, don’t forget to click save and next before moving on to the next section.
If you have any questions or concerns about filling in the threats section not found on this threats guide, feel free to ask a question in our online Facebook community or drop us an email.
Boardish isn’t just designed for you to use for IT budgeting but helps IT professionals understand the type of answers they need for a full proposal and analysis. Not having all the answers is okay, it can help you start a conversation in your own organisation. You can also:
Boardish is currently still in Beta, so as with any new software, we’re doing our best to work out the kinks. If you discover a bug or you’re struggling to use Boardish. Please contact us directly or via the Facebook community so we can help you out.
Within the Input Wizard in both the Threats and Solutions section there is a button where you can input your own custom threat or solution. This will then add it to the normal drop-down list.
There isn’t currently a full threat list within the Boardish app, but we’d be happy to discuss this further and provide one to you if you contact us directly.
It is our recommendations that you only ‘disable’ the threats and solutions that you don’t want showing on your dashboard. Otherwise you’ll have to go through each stage of the input wizard deleting the relevant information. It’s quicker and more effective to disable, and then you can enable again in the future if necessary.
We offer free consulting and assistance filling in Boardish for your organisation, so feel free to drop us an email and we can schedule a call to go through Boardish with you.