logo

Risk Assessment for Information Technology, Human Resource, and Network Infrastructure

To critically evaluate the need for information security in organisations; To gain an understanding of the concepts of due care, due diligence, and vicarious liability in the context of Information Security and IS/IT Risk Management; To be able to evaluate the control requirements and/or needs for a business environment; To gain an understanding of the complementary nature of various types of controls in mitigating risks; and To gain an appreciation of the importance of an Enterprise Wide Risk Management.

3 Pages840 Words79 Views
   

Added on  2023-03-20

About This Document

This document provides a risk assessment for Information Technology, Human Resource, and Network Infrastructure. It includes the identification and assessment of various risks in these categories, such as physical unauthorized access, cyber attacks, technical issues, internal disputes, power outages, mishandling of data, and more. The document also covers risks related to system interfaces, company directors and management, market factors, legal and procedural risks.

Risk Assessment for Information Technology, Human Resource, and Network Infrastructure

To critically evaluate the need for information security in organisations; To gain an understanding of the concepts of due care, due diligence, and vicarious liability in the context of Information Security and IS/IT Risk Management; To be able to evaluate the control requirements and/or needs for a business environment; To gain an understanding of the complementary nature of various types of controls in mitigating risks; and To gain an appreciation of the importance of an Enterprise Wide Risk Management.

   Added on 2023-03-20

ShareRelated Documents
RISK ASSESMENT:
1) RISK IDENTIFICATION AND ASSESSMENT:
Category Risk
ID
Type Risk description Threat source Threat event Vulnerabilities
INFORMATION
TECHNOLOGY
1 physical Physical unauthorized access
to the data
Unauthorized personnel The data is accessed without
authorization
Weak passwords and
identity verification
systems
2 cyber Data can be breached
through cyber attacks
External attackers Cyber attack on the database No cyber security
measures
3 technical Accidental deletion of data Intentional / Accidental All data deleted from database No data backup kept
4 internal Some infected by malware or
other malicious files
Employee storage drives like pen
drives, DVDs, etc.
All systems infected when personal
storage drives are inserted into
office system
No restrictions on using
personal flash drives
5 technical Internal glitches and bugs
causing poor performance
output of the system
Internal bugs System performance reduced /
system freeze
Lack of software updates
and patches
HUMAN RESOURCE 6 physical Physical unauthorized access
to the data
Unauthorized personnel The data is accessed without
authorization
No security system at the
data centres
7 staff Internal disputes created by
staff
Staff Boycott and complete shutdown of
business activities
Staff requests are not
fulfilled by the company
8 admin No proper communication
between staff and
management
Internal staff and management Lack of information and
misunderstanding
No predefined
communication
requirements
9 physical Power outage or electrical
supply failure
Contractor of supplier of
electricity
Power outage leading to shut down
of the operation of the centre.
No energy back up device
10 admin Unauthorized access and
mishandling of data
Under trained staff not using
classified data properly
Unauthorised person having access
to data and using it for personal
gain
No authorization system
NETWORK AND
INFRASTRUCTURE
11 physical Temperature affecting the
performance of hardware
Poor air conditioning
infrastructure
Power interruption/fluctuations in
voltage
No heat resistant
materials are available
12 physical Mishandling of IT equipments Windy conditions and dust
storms
Windy conditions cause more
incoming dust and dirt to the
buildings
The IT rooms are not
equipped with dust
filtering systems
13 admin Errors in the data center Managing partner for Data
centre
Failure to respond effectively in
critical situation
Not able to control where
the data is being stored
14 admin Lack of expertisement among Management Failure to respond effectively in Untrained in handling
Risk Assessment for Information Technology, Human Resource, and Network Infrastructure_1

End of preview

Want to access all the pages? Upload your documents or become a member.

Related Documents
Assignment On ICT Risks & Security Concerns
|13
|3436
|93

Cyber Crime Fundamental Report 2022
|11
|2538
|17

Secure Computer Networks
|13
|2163
|176