The client has 2 offices in a city building. The client has a server hosted by AWS Services. The client provides design and project management services for their customers. Several files are generated for each customer, and these are kept on the cloud server in a folder for each customer. The web server hosts a job scheduling database that tracks job tasks and their details and status as well as bookings made for each job. Now, only staff have access to information on both servers. The opportunity: The client has successfully used AWS services to host the web and file server for the past 3 years. As the business grows the client has the capability to develop its interactions with their own customers. The client would like to provide customers of the business read access to the details of their job bookings only and read access only to some of their project files. The client is concerned about security risk of providing more access. The problem: After watching the impact of recent floods in QLD and NSW and bushfires in VIC last year the customer is worried about the impact to the business if the instance in the AWS cloud is lost. Last year a trojan was uploaded to an on-premise file server resulting in a ransom demand and files on the file server were encrypted. Files were unavailable for 8 hours while the server was restored from backups. The customer information created 4 hours prior to the outage was lost and had to be recreated from conversation notes and emails. The client has emphasized the importance of making sure that customer information is not lost even in disaster conditions. The client wants a plan to ensure the data is resilient. The client is concerned about the security of the dynamic web service as it opens to customers as well as employees. They want the customers to have a good experience using this portal. If bookings are lost or corrupted this might have consequences such as penalties from downstream contractors. This important for the reputation of the business. 2.4 Evaluate severity of impact and disruption of risk events Assess the impact of the threats and vulnerabilities identified. Assess the likelihood of occurrence of the risks. 2.5 Document outcomes of impact analysis according to organisational policies and procedures Determine and report on the inherent risk of components. Complete the BIA template with the details of your analysis 3.5 Document architecture design according to business needs Complete the architecture design. Make sure all components are labelled with names and metadata.