Potential Data Risk in Information Technology Management
Added on 2023-03-29
7 Pages1841 Words497 Views
|
|
|
Running head: INFORMATION TECHNOLOGY MANAGEMENT
Information Technology Management
Name of the Student
Name of the University
Author’s Note
Information Technology Management
Name of the Student
Name of the University
Author’s Note
1
INFORMATION TECHNOLOGY MANAGEMENT
Introduction
The report is prepared for a private business organization providing tourism accommodation in
New Zealand. The risk in the current business process is evaluated by identifying the steps
involved in the current business process and the controls that can be applied for the mitigation of
the risk is applied for eliminating the problems. The application used by the system and the
vendors are evaluated for identifying the sensitivity of data and storing them in a secure backend
repository. The update frequency of baseline register and the technology used for the
development of the system is evaluated for adding information in the asset and managing
security practice in the organization (Bessis, 2015). For the identification of potential data risk
associated with the project the baseline policy of the organization is analyzed and it includes the
personal information policy, governance policy and security policy. The assets of the
organization are needed to be classified and the output of the project is needed to be identified
for the management of the needs of the potential customers. The risk of storing the personal data
and information and integration of data for the development of the project is evaluated for the
identification of potential data risk and suggesting risk mitigation plan.
Potential Data Risk in the Project
There are different potential data risk associated with the development of the project and
they are needed to be eliminated such that the decision making capacity can be improved. An
audit is needed to be performed on the data governance policy for identifying the flaws in the
current policy. The risk associated is the loss of personal data and information from the
repository system. The loss of customer ID, Customer Name and credit card information can
cause a huge loss for the organization since the reliability of the customer would be lost and thus
they would not use the service in future (Hopkin, 2018). The risk of fetching the data from
multitude helps in providing key analytic service. The following are the risk identified for the
tourism accommodation are given below:
Hardware and Software Failure – The corruption of the data and failure of the hardware device
can cause loss of organizational information and impose a huge loss in the business.
Password theft – The malicious hacker can target a user for getting their password and log in to
the account for performing illegal activity.
INFORMATION TECHNOLOGY MANAGEMENT
Introduction
The report is prepared for a private business organization providing tourism accommodation in
New Zealand. The risk in the current business process is evaluated by identifying the steps
involved in the current business process and the controls that can be applied for the mitigation of
the risk is applied for eliminating the problems. The application used by the system and the
vendors are evaluated for identifying the sensitivity of data and storing them in a secure backend
repository. The update frequency of baseline register and the technology used for the
development of the system is evaluated for adding information in the asset and managing
security practice in the organization (Bessis, 2015). For the identification of potential data risk
associated with the project the baseline policy of the organization is analyzed and it includes the
personal information policy, governance policy and security policy. The assets of the
organization are needed to be classified and the output of the project is needed to be identified
for the management of the needs of the potential customers. The risk of storing the personal data
and information and integration of data for the development of the project is evaluated for the
identification of potential data risk and suggesting risk mitigation plan.
Potential Data Risk in the Project
There are different potential data risk associated with the development of the project and
they are needed to be eliminated such that the decision making capacity can be improved. An
audit is needed to be performed on the data governance policy for identifying the flaws in the
current policy. The risk associated is the loss of personal data and information from the
repository system. The loss of customer ID, Customer Name and credit card information can
cause a huge loss for the organization since the reliability of the customer would be lost and thus
they would not use the service in future (Hopkin, 2018). The risk of fetching the data from
multitude helps in providing key analytic service. The following are the risk identified for the
tourism accommodation are given below:
Hardware and Software Failure – The corruption of the data and failure of the hardware device
can cause loss of organizational information and impose a huge loss in the business.
Password theft – The malicious hacker can target a user for getting their password and log in to
the account for performing illegal activity.
2
INFORMATION TECHNOLOGY MANAGEMENT
Denial of Service – The attacker can get the access of the system and block authorized users to
get the access of the website or the information system
Spam, Scam and Phishing – The unsolicited email can be sent by the hacker to fool the people
for getting their personal details and use it for their benefits (Glendon & Clarke, 2015). Email
spoofing and other social engineering tools can be used for disguising the user and gather
information.
Security Breaches – The physical break in or online intrusion can cause gaining access of the
sensitive information residing in the information system and use it for monetary benefit or with
the intension to cause huge financial loss for the organization.
Virus – Sophisticated codes can be used for infecting the system or corrupt any files or
information residing in the database. The virus are codes with self-replication property such that
it can spread to different computers connected in the network and disrupt the operation of the
information system.
Human Error – Carelessness in disposal of data or accidentally opening of the infected
attachment, visiting malicious websites can cause the information system to be infected or
gaining access of the information that can be used by the malicious hacker illegally breaking into
the information system (Almeida, Hankins & Williams, 2017).
Natural Disaster – Fire, cyclone and flood can also risk the information system and its
infrastructure. The damage of computer hardware and servers can cause loss of customer
transaction records and thus failure of the information system.
Suggested Controls of Risk
Hardware and Software Failure –
The cause of failure of hardware and software is needed to be identified and a 24*7 power
backup is needed to be arranged such that the hardware are running and it is needed to be tested
for identifying any error in the system at a regular time interval. A maintenance plan is needed to
be developed such that the servers are checked up regularly and the health of the servers are in
optimum condition (Aven, 2016). Proper cooling arrangement should be used for the server
INFORMATION TECHNOLOGY MANAGEMENT
Denial of Service – The attacker can get the access of the system and block authorized users to
get the access of the website or the information system
Spam, Scam and Phishing – The unsolicited email can be sent by the hacker to fool the people
for getting their personal details and use it for their benefits (Glendon & Clarke, 2015). Email
spoofing and other social engineering tools can be used for disguising the user and gather
information.
Security Breaches – The physical break in or online intrusion can cause gaining access of the
sensitive information residing in the information system and use it for monetary benefit or with
the intension to cause huge financial loss for the organization.
Virus – Sophisticated codes can be used for infecting the system or corrupt any files or
information residing in the database. The virus are codes with self-replication property such that
it can spread to different computers connected in the network and disrupt the operation of the
information system.
Human Error – Carelessness in disposal of data or accidentally opening of the infected
attachment, visiting malicious websites can cause the information system to be infected or
gaining access of the information that can be used by the malicious hacker illegally breaking into
the information system (Almeida, Hankins & Williams, 2017).
Natural Disaster – Fire, cyclone and flood can also risk the information system and its
infrastructure. The damage of computer hardware and servers can cause loss of customer
transaction records and thus failure of the information system.
Suggested Controls of Risk
Hardware and Software Failure –
The cause of failure of hardware and software is needed to be identified and a 24*7 power
backup is needed to be arranged such that the hardware are running and it is needed to be tested
for identifying any error in the system at a regular time interval. A maintenance plan is needed to
be developed such that the servers are checked up regularly and the health of the servers are in
optimum condition (Aven, 2016). Proper cooling arrangement should be used for the server
End of preview
Want to access all the pages? Upload your documents or become a member.
Related Documents