Death Star Risk Assessment

We would like to thank Lord Vader and the executive team for the time and support they have given us in undertaking our risk assessment of the new Death Star weapons platform.  We understand that you have finished your initial development, and plan to go live in the very near future if the system tests codenamed Alderaan are successful.

We have considered the project risks in the areas of people, process and technology.

People risks.  The choice of armour for your troops appears to be more focussed on brand management than functionality.  Our assessment has found the following untreated risks:

(1) the armour does not protect against blaster fire; [risk moderate]

(2) the lack of identity badges increases the risk of social engineering attacks. [risk high]

Process risks.  There is little evidence that an effective management system has been deployed.  Our assessment has found the following untreated risks:

(1) management by force of personality and threat of death can be effective in small teams, but does not scale; [risk low]

(2) there are few documented processes for the management of the detention cells, trash compactor and other operational systems. [risk moderate]

Technology risks.  The specifications for the Death Star do not appear to effectively cover non-functional operational components.  Our assessment has found the following untreated risks:

(1) there is no technical security around the management interfaces to the weapons platform; [risk high]

(2) a small unshielded vent port has been detected that has full access to the central core. [risk high]

Our recommendation is that you correct each of these risks before going live, even if it delays the project.

Phil Kernick Chief Technology Officer
@philkernick www.cqr.com