Risk Assessment for Information Technology, Human Resource, and Network Infrastructure

Verified

Added on 2023/03/20

AI Summary

This document provides a risk assessment for Information Technology, Human Resource, and Network Infrastructure. It includes the identification and assessment of various risks in these categories, such as physical unauthorized access, cyber attacks, technical issues, internal disputes, power outages, mishandling of data, and more. The document also covers risks related to system interfaces, company directors and management, market factors, legal and procedural risks.

Contribute Materials

Your contribution can guide someone’s learning journey. Share your documents today.

RISK ASSESMENT:
1) RISK IDENTIFICATION AND ASSESSMENT:
Category Risk
ID
Type Risk description Threat source Threat event Vulnerabilities
INFORMATION
TECHNOLOGY
1 physical Physical unauthorized access
to the data
Unauthorized personnel The data is accessed without
authorization
Weak passwords and
identity verification
systems
2 cyber Data can be breached
through cyber attacks
External attackers Cyber attack on the database No cyber security
measures
3 technical Accidental deletion of data Intentional / Accidental All data deleted from database No data backup kept
4 internal Some infected by malware or
other malicious files
Employee storage drives like pen
drives, DVDs, etc.
All systems infected when personal
storage drives are inserted into
office system
No restrictions on using
personal flash drives
5 technical Internal glitches and bugs
causing poor performance
output of the system
Internal bugs System performance reduced /
system freeze
Lack of software updates
and patches
HUMAN RESOURCE 6 physical Physical unauthorized access
to the data
Unauthorized personnel The data is accessed without
authorization
No security system at the
data centres
7 staff Internal disputes created by
staff
Staff Boycott and complete shutdown of
business activities
Staff requests are not
fulfilled by the company
8 admin No proper communication
between staff and
management
Internal staff and management Lack of information and
misunderstanding
No predefined
communication
requirements
9 physical Power outage or electrical
supply failure
Contractor of supplier of
electricity
Power outage leading to shut down
of the operation of the centre.
No energy back up device
10 admin Unauthorized access and
mishandling of data
Under trained staff not using
classified data properly
Unauthorised person having access
to data and using it for personal
gain
No authorization system
NETWORK AND
INFRASTRUCTURE
11 physical Temperature affecting the
performance of hardware
Poor air conditioning
infrastructure
Power interruption/fluctuations in
voltage
No heat resistant
materials are available
12 physical Mishandling of IT equipments Windy conditions and dust
storms
Windy conditions cause more
incoming dust and dirt to the
buildings
The IT rooms are not
equipped with dust
filtering systems
13 admin Errors in the data center Managing partner for Data
centre
Failure to respond effectively in
critical situation
Not able to control where
the data is being stored
14 admin Lack of expertisement among Management Failure to respond effectively in Untrained in handling

Secure Best Marks with AI Grader

Need help grading? Try our AI Grader for instant feedback on your assignments.

💎 Get Pro

staff for data management critical situation unexpected high volume
data
15 technical Data can be breached
through cyber attacks
External attackers Cyber attack on the database No intrusion detection
systems development
16 admin Physical data storage system
used
Non-reputed data backup
company
Data loss without warning Appointment of backup
people was done on
personal reasons
17 admin Conflicts within various
departments
Other departments Risk budget factors Lack of inter-
departmental
communication
SYSTEM INTERFACES 18 Physical Interface not well developed Employees Accidental damaged caused by
employees to the equipment
Hardware replacement,
information backup in the
computer
19 Physical Implementation Delay due to
Use of poor quality products
Technicians Network not being adequately
connected to the computers for
which employees cannot have
access to the system
Contractor for the
construction insured or
policy for control
20 Technical Zero technical updates Market Company fall behind due to the lack
of knowledge of new technologies
and keeping up with market needs
There is no technology
manager responsible for
new technologies
21 Technical Low system performance due
to outdated systems
Technological platform Not enough support from the
technological infrastructure to the
growing business
Not able to support the
new branches national
and international that will
result in slower processes
22 Technical Lack of staff expertise within
the company
Employees Process delay due to the lack of
knowledge of the platform
Appropriate training for
the employees
23 Technical Inaccurate data Employees Employees over or under pay due to
an error in the data entering
Non-Qualified employees
able to correct or check
the work done
COMPANY DIRECTORS
AND MANAGEMENT
24 Physical Management and staff errors
in the project
Technician Company functions might stop for a
period of time
The company is not
continuously checking the
infrastructure
25 Physical Construction and installation
of data centre – too
expensive
Technician/contractors Data centre can suffer a physical
attack
Information is not backed
up daily
26 Physical Accidents and disasters due
to environmental effects
Natural disasters sufferer of an environmental
disaster
Information is not backed
up daily
27 Physical Unlimited access to physical
resources of the company
Criminal Damage to the physical data
facilities
There is no insurance

LEGAL PROCEDURAL
RISKS
28 technical Credit card data of donors is
compromised
Data loss due to inadequate data
security in database
Employees save credit card data in
other locations temporarily due to
non-awareness of data security
Poorly maintained
databases
29 admin Mishandling and stealing of
copyright data
Wrong handling of data Data being saved in inappropriate
folders such as unclassified
locations
Non-hardened databases
and data lists
30 admin No compliance with standard
set by the government
Non-trained staff dealing with
government systems
Entering of classified data into
unclassified systems
No checks done on
systems for the
classification of data

1 out of 3

+13062052269

info@desklib.com

Risk Assessment for Information Technology, Human Resource, and Network Infrastructure

Contribute Materials

Secure Best Marks with AI Grader

Related Documents

Cybersecurity Threats and Countermeasures

Cyber Crime Fundamental Report 2022

Secure Computer Networks