Potential Data Risk in Information Technology Management
VerifiedAdded on 2023/03/29
|7
|1841
|497
AI Summary
This report discusses the potential data risks in information technology management and suggests controls to mitigate these risks. It covers hardware and software failure, password theft, denial of service, spam and phishing, security breaches, viruses, human error, and natural disasters. The report provides insights into identifying and managing these risks for improved information system performance.
Contribute Materials
Your contribution can guide someone’s learning journey. Share your
documents today.
Running head: INFORMATION TECHNOLOGY MANAGEMENT
Information Technology Management
Name of the Student
Name of the University
Author’s Note
Information Technology Management
Name of the Student
Name of the University
Author’s Note
Secure Best Marks with AI Grader
Need help grading? Try our AI Grader for instant feedback on your assignments.
1
INFORMATION TECHNOLOGY MANAGEMENT
Introduction
The report is prepared for a private business organization providing tourism accommodation in
New Zealand. The risk in the current business process is evaluated by identifying the steps
involved in the current business process and the controls that can be applied for the mitigation of
the risk is applied for eliminating the problems. The application used by the system and the
vendors are evaluated for identifying the sensitivity of data and storing them in a secure backend
repository. The update frequency of baseline register and the technology used for the
development of the system is evaluated for adding information in the asset and managing
security practice in the organization (Bessis, 2015). For the identification of potential data risk
associated with the project the baseline policy of the organization is analyzed and it includes the
personal information policy, governance policy and security policy. The assets of the
organization are needed to be classified and the output of the project is needed to be identified
for the management of the needs of the potential customers. The risk of storing the personal data
and information and integration of data for the development of the project is evaluated for the
identification of potential data risk and suggesting risk mitigation plan.
Potential Data Risk in the Project
There are different potential data risk associated with the development of the project and
they are needed to be eliminated such that the decision making capacity can be improved. An
audit is needed to be performed on the data governance policy for identifying the flaws in the
current policy. The risk associated is the loss of personal data and information from the
repository system. The loss of customer ID, Customer Name and credit card information can
cause a huge loss for the organization since the reliability of the customer would be lost and thus
they would not use the service in future (Hopkin, 2018). The risk of fetching the data from
multitude helps in providing key analytic service. The following are the risk identified for the
tourism accommodation are given below:
Hardware and Software Failure – The corruption of the data and failure of the hardware device
can cause loss of organizational information and impose a huge loss in the business.
Password theft – The malicious hacker can target a user for getting their password and log in to
the account for performing illegal activity.
INFORMATION TECHNOLOGY MANAGEMENT
Introduction
The report is prepared for a private business organization providing tourism accommodation in
New Zealand. The risk in the current business process is evaluated by identifying the steps
involved in the current business process and the controls that can be applied for the mitigation of
the risk is applied for eliminating the problems. The application used by the system and the
vendors are evaluated for identifying the sensitivity of data and storing them in a secure backend
repository. The update frequency of baseline register and the technology used for the
development of the system is evaluated for adding information in the asset and managing
security practice in the organization (Bessis, 2015). For the identification of potential data risk
associated with the project the baseline policy of the organization is analyzed and it includes the
personal information policy, governance policy and security policy. The assets of the
organization are needed to be classified and the output of the project is needed to be identified
for the management of the needs of the potential customers. The risk of storing the personal data
and information and integration of data for the development of the project is evaluated for the
identification of potential data risk and suggesting risk mitigation plan.
Potential Data Risk in the Project
There are different potential data risk associated with the development of the project and
they are needed to be eliminated such that the decision making capacity can be improved. An
audit is needed to be performed on the data governance policy for identifying the flaws in the
current policy. The risk associated is the loss of personal data and information from the
repository system. The loss of customer ID, Customer Name and credit card information can
cause a huge loss for the organization since the reliability of the customer would be lost and thus
they would not use the service in future (Hopkin, 2018). The risk of fetching the data from
multitude helps in providing key analytic service. The following are the risk identified for the
tourism accommodation are given below:
Hardware and Software Failure – The corruption of the data and failure of the hardware device
can cause loss of organizational information and impose a huge loss in the business.
Password theft – The malicious hacker can target a user for getting their password and log in to
the account for performing illegal activity.
2
INFORMATION TECHNOLOGY MANAGEMENT
Denial of Service – The attacker can get the access of the system and block authorized users to
get the access of the website or the information system
Spam, Scam and Phishing – The unsolicited email can be sent by the hacker to fool the people
for getting their personal details and use it for their benefits (Glendon & Clarke, 2015). Email
spoofing and other social engineering tools can be used for disguising the user and gather
information.
Security Breaches – The physical break in or online intrusion can cause gaining access of the
sensitive information residing in the information system and use it for monetary benefit or with
the intension to cause huge financial loss for the organization.
Virus – Sophisticated codes can be used for infecting the system or corrupt any files or
information residing in the database. The virus are codes with self-replication property such that
it can spread to different computers connected in the network and disrupt the operation of the
information system.
Human Error – Carelessness in disposal of data or accidentally opening of the infected
attachment, visiting malicious websites can cause the information system to be infected or
gaining access of the information that can be used by the malicious hacker illegally breaking into
the information system (Almeida, Hankins & Williams, 2017).
Natural Disaster – Fire, cyclone and flood can also risk the information system and its
infrastructure. The damage of computer hardware and servers can cause loss of customer
transaction records and thus failure of the information system.
Suggested Controls of Risk
Hardware and Software Failure –
The cause of failure of hardware and software is needed to be identified and a 24*7 power
backup is needed to be arranged such that the hardware are running and it is needed to be tested
for identifying any error in the system at a regular time interval. A maintenance plan is needed to
be developed such that the servers are checked up regularly and the health of the servers are in
optimum condition (Aven, 2016). Proper cooling arrangement should be used for the server
INFORMATION TECHNOLOGY MANAGEMENT
Denial of Service – The attacker can get the access of the system and block authorized users to
get the access of the website or the information system
Spam, Scam and Phishing – The unsolicited email can be sent by the hacker to fool the people
for getting their personal details and use it for their benefits (Glendon & Clarke, 2015). Email
spoofing and other social engineering tools can be used for disguising the user and gather
information.
Security Breaches – The physical break in or online intrusion can cause gaining access of the
sensitive information residing in the information system and use it for monetary benefit or with
the intension to cause huge financial loss for the organization.
Virus – Sophisticated codes can be used for infecting the system or corrupt any files or
information residing in the database. The virus are codes with self-replication property such that
it can spread to different computers connected in the network and disrupt the operation of the
information system.
Human Error – Carelessness in disposal of data or accidentally opening of the infected
attachment, visiting malicious websites can cause the information system to be infected or
gaining access of the information that can be used by the malicious hacker illegally breaking into
the information system (Almeida, Hankins & Williams, 2017).
Natural Disaster – Fire, cyclone and flood can also risk the information system and its
infrastructure. The damage of computer hardware and servers can cause loss of customer
transaction records and thus failure of the information system.
Suggested Controls of Risk
Hardware and Software Failure –
The cause of failure of hardware and software is needed to be identified and a 24*7 power
backup is needed to be arranged such that the hardware are running and it is needed to be tested
for identifying any error in the system at a regular time interval. A maintenance plan is needed to
be developed such that the servers are checked up regularly and the health of the servers are in
optimum condition (Aven, 2016). Proper cooling arrangement should be used for the server
3
INFORMATION TECHNOLOGY MANAGEMENT
rooms and data is needed to be backed up regularly such that no data is lost during the
maintenance of the server.
Password theft –
The users should be trained or aware about the use of secure password and two factor
authentication is needed to be used such that the fraudulent transactions can be prevented
(McNeil, Frey & Embrechts, 2015). The use of biometric authentication can reduce threat of
password theft and the users are needed to be trained to change their password at a regular
interval of time such that the risk can be mitigated.
Denial of Service –
The flow of traffic in the network is needed to be monitored and there are different automated
tools that can be used for alerting the admin when the traffic flow from a particular source
increases and recognize the attack. Diversion of the traffic can help in rerouting the traffic away
from the target and filters can also be applied by identifying the pattern of the traffic for blocking
the malicious traffic to reach the server (Ho et al., 2015). More information about the attack can
be gathered by reviewing the security logs and application of improvement for future resilience.
Spam, Scam and Phishing –
Training sessions can be conducted for educating the employees about spam email and phishing.
A spam filter can be used for the detection of virus and blank senders. The system is also needed
to be updated with latest security patches and updates and antivirus solution is needed to be
installed for the detection of all the equipment’s. The development of a security policy and web
filter can also be helpful for blocking malicious websites and increase the security of the system
(Bromiley et al., 2015). The sensitive computer information is needed to be encrypted and
HTML email can be disabled for eliminating the spam, scam and phishing risks.
Security Breaches –
For the mitigation of the security breach the data protection is needed to be prioritized and the
response against each of the breach is needed to be documented such that it can reduce the stress
during the attack and follow the document for mitigation of the risk. Data is needed to be
collected about the breach by analyzing the security logs and packet traces from different
INFORMATION TECHNOLOGY MANAGEMENT
rooms and data is needed to be backed up regularly such that no data is lost during the
maintenance of the server.
Password theft –
The users should be trained or aware about the use of secure password and two factor
authentication is needed to be used such that the fraudulent transactions can be prevented
(McNeil, Frey & Embrechts, 2015). The use of biometric authentication can reduce threat of
password theft and the users are needed to be trained to change their password at a regular
interval of time such that the risk can be mitigated.
Denial of Service –
The flow of traffic in the network is needed to be monitored and there are different automated
tools that can be used for alerting the admin when the traffic flow from a particular source
increases and recognize the attack. Diversion of the traffic can help in rerouting the traffic away
from the target and filters can also be applied by identifying the pattern of the traffic for blocking
the malicious traffic to reach the server (Ho et al., 2015). More information about the attack can
be gathered by reviewing the security logs and application of improvement for future resilience.
Spam, Scam and Phishing –
Training sessions can be conducted for educating the employees about spam email and phishing.
A spam filter can be used for the detection of virus and blank senders. The system is also needed
to be updated with latest security patches and updates and antivirus solution is needed to be
installed for the detection of all the equipment’s. The development of a security policy and web
filter can also be helpful for blocking malicious websites and increase the security of the system
(Bromiley et al., 2015). The sensitive computer information is needed to be encrypted and
HTML email can be disabled for eliminating the spam, scam and phishing risks.
Security Breaches –
For the mitigation of the security breach the data protection is needed to be prioritized and the
response against each of the breach is needed to be documented such that it can reduce the stress
during the attack and follow the document for mitigation of the risk. Data is needed to be
collected about the breach by analyzing the security logs and packet traces from different
Paraphrase This Document
Need a fresh take? Get an instant paraphrase of this document with our AI Paraphraser
4
INFORMATION TECHNOLOGY MANAGEMENT
location of the network (Giannakis & Papadopoulos, 2016). A firewall is needed to be deployed
for the management of data traffic and filter the malicious traffic such that the malicious user
doesn’t have access of internal network of the organization.
Virus –
The installation of antivirus software and updating with signature can help in eliminating the risk
of virus. The use of pen drives and configuring the firewall to block the malicious websites can
also eliminate the risk of infection and improve the security of the framework.
Human Error –
Training program is needed to be arranged for increasing awareness and reducing the human
error. The enforcement of security policy can also help in reducing the incident and improve the
security of the network and information system.
Natural Disaster –
Proper preventive measures are needed to be taken and the data is needed to be backed up
regularly such that the natural disaster cannot affect the information and the potential loss is
reduced. Backup hardware device and the configuration are needed to be saved such that less
time is needed for the restoration of the network. The backup of data is needed to be stored
redundantly in cloud servers such that the physical damage of the network infrastructure and
hardware have less impact on the information system.
Conclusion
From the above report it can be concluded that with the proper identification of the risk
associated with the development and management of the business information system. The
impact of the risk is evaluated based on the severity and application mitigation for resolving the
issue and improve the performance of the information system. The screening activities are also
need to be determined such that the project risk can be computed efficiently and none of the
elements go out of scope during the computation of the risk. All the risk is needed to be managed
and determined based on their priorities and user inputs for the preparation of the risk mitigation
plan. There are different multivariate statistical models that can be applied for the evaluated for
the estimating the cost, schedule and specific factors that are needed for the development of the
INFORMATION TECHNOLOGY MANAGEMENT
location of the network (Giannakis & Papadopoulos, 2016). A firewall is needed to be deployed
for the management of data traffic and filter the malicious traffic such that the malicious user
doesn’t have access of internal network of the organization.
Virus –
The installation of antivirus software and updating with signature can help in eliminating the risk
of virus. The use of pen drives and configuring the firewall to block the malicious websites can
also eliminate the risk of infection and improve the security of the framework.
Human Error –
Training program is needed to be arranged for increasing awareness and reducing the human
error. The enforcement of security policy can also help in reducing the incident and improve the
security of the network and information system.
Natural Disaster –
Proper preventive measures are needed to be taken and the data is needed to be backed up
regularly such that the natural disaster cannot affect the information and the potential loss is
reduced. Backup hardware device and the configuration are needed to be saved such that less
time is needed for the restoration of the network. The backup of data is needed to be stored
redundantly in cloud servers such that the physical damage of the network infrastructure and
hardware have less impact on the information system.
Conclusion
From the above report it can be concluded that with the proper identification of the risk
associated with the development and management of the business information system. The
impact of the risk is evaluated based on the severity and application mitigation for resolving the
issue and improve the performance of the information system. The screening activities are also
need to be determined such that the project risk can be computed efficiently and none of the
elements go out of scope during the computation of the risk. All the risk is needed to be managed
and determined based on their priorities and user inputs for the preparation of the risk mitigation
plan. There are different multivariate statistical models that can be applied for the evaluated for
the estimating the cost, schedule and specific factors that are needed for the development of the
5
INFORMATION TECHNOLOGY MANAGEMENT
information system. The project database and the project improvement competency and
computational method for bootstrapping and resampling is needed to be managed for eliminating
the insufficiency. A sensitivity analysis is also performed where the changes in the outcome of
the project is evaluated for identifying the influence of the variable that have an influence on
risk. The basic functionality of performing the risk analysis is to breaking the problems into
different elements that are essential and can be addressed for getting desired results for the
management.
INFORMATION TECHNOLOGY MANAGEMENT
information system. The project database and the project improvement competency and
computational method for bootstrapping and resampling is needed to be managed for eliminating
the insufficiency. A sensitivity analysis is also performed where the changes in the outcome of
the project is evaluated for identifying the influence of the variable that have an influence on
risk. The basic functionality of performing the risk analysis is to breaking the problems into
different elements that are essential and can be addressed for getting desired results for the
management.
6
INFORMATION TECHNOLOGY MANAGEMENT
Bibliography
Almeida, H., Hankins, K. W., & Williams, R. (2017). Risk management with supply
contracts. The Review of Financial Studies, 30(12), 4179-4215.
Aven, T. (2016). Risk assessment and risk management: Review of recent advances on their
foundation. European Journal of Operational Research, 253(1), 1-13.
Bessis, J. (2015). Risk management in banking. John Wiley & Sons.
Bromiley, P., McShane, M., Nair, A., & Rustambekov, E. (2015). Enterprise risk management:
Review, critique, and research directions. Long range planning, 48(4), 265-276.
Chance, D. M., & Brooks, R. (2015). Introduction to derivatives and risk management. Cengage
Learning.
Giannakis, M., & Papadopoulos, T. (2016). Supply chain sustainability: A risk management
approach. International Journal of Production Economics, 171, 455-470.
Glendon, A. I., & Clarke, S. (2015). Human safety and risk management: A psychological
perspective. Crc Press.
Hillson, D., & Murray-Webster, R. (2017). Understanding and managing risk attitude.
Routledge.
Ho, W., Zheng, T., Yildiz, H., & Talluri, S. (2015). Supply chain risk management: a literature
review. International Journal of Production Research, 53(16), 5031-5069.
Hopkin, P. (2018). Fundamentals of risk management: understanding, evaluating and
implementing effective risk management. Kogan Page Publishers.
McNeil, A. J., Frey, R., & Embrechts, P. (2015). Quantitative risk management:
Concepts. Economics Books.
Wiengarten, F., Humphreys, P., Gimenez, C., & McIvor, R. (2016). Risk, risk management
practices, and the success of supply chain integration. International Journal of
Production Economics, 171, 361-370.
INFORMATION TECHNOLOGY MANAGEMENT
Bibliography
Almeida, H., Hankins, K. W., & Williams, R. (2017). Risk management with supply
contracts. The Review of Financial Studies, 30(12), 4179-4215.
Aven, T. (2016). Risk assessment and risk management: Review of recent advances on their
foundation. European Journal of Operational Research, 253(1), 1-13.
Bessis, J. (2015). Risk management in banking. John Wiley & Sons.
Bromiley, P., McShane, M., Nair, A., & Rustambekov, E. (2015). Enterprise risk management:
Review, critique, and research directions. Long range planning, 48(4), 265-276.
Chance, D. M., & Brooks, R. (2015). Introduction to derivatives and risk management. Cengage
Learning.
Giannakis, M., & Papadopoulos, T. (2016). Supply chain sustainability: A risk management
approach. International Journal of Production Economics, 171, 455-470.
Glendon, A. I., & Clarke, S. (2015). Human safety and risk management: A psychological
perspective. Crc Press.
Hillson, D., & Murray-Webster, R. (2017). Understanding and managing risk attitude.
Routledge.
Ho, W., Zheng, T., Yildiz, H., & Talluri, S. (2015). Supply chain risk management: a literature
review. International Journal of Production Research, 53(16), 5031-5069.
Hopkin, P. (2018). Fundamentals of risk management: understanding, evaluating and
implementing effective risk management. Kogan Page Publishers.
McNeil, A. J., Frey, R., & Embrechts, P. (2015). Quantitative risk management:
Concepts. Economics Books.
Wiengarten, F., Humphreys, P., Gimenez, C., & McIvor, R. (2016). Risk, risk management
practices, and the success of supply chain integration. International Journal of
Production Economics, 171, 361-370.
1 out of 7
Related Documents
![[object Object]](/_next/image/?url=%2F_next%2Fstatic%2Fmedia%2Flogo.6d15ce61.png&w=640&q=75){kind=small}
Your All-in-One AI-Powered Toolkit for Academic Success.
+13062052269
info@desklib.com
Available 24*7 on WhatsApp / Email
![[object Object]](/_next/static/media/star-bottom.7253800d.svg)
Unlock your academic potential
© 2024 | Zucol Services PVT LTD | All rights reserved.