Assessing the Risks of Creating a Business Information System

Verified

Added on 2023/03/23

AI Summary

When assessing the risks of creating a business information system, it is important to come up with the scope and focus of the system. For an IT business, the focus would be on the assets by identifying the assets that should be included and clear definition of what and where the data is contained. The focus should aim to acquire an understanding of the amount of information that will be stored and shared within the system. Another factor to include under the scope of the company’s risk assessment is the threats landscape that concerns the business. Under threats, the assets identified are classified under categories of the ones susceptible to attacks from risky external actors and the ones vulnerable to internal threats. The general goal for the analysis is for the business to develop a common understanding of risk over multiple business units and functions that will enable the managers to handle risk cost-effectively on an enterprise broad basis. The business also aims to get an improved understanding of threat for competitive advantage. Through the analysis the business also targets to achieve cost savings by improving management of inner resources and assigning capital more efficiently.

Contribute Materials

Your contribution can guide someone’s learning journey. Share your documents today.

SURNAME 1
Student name
Lecturer’s name
Unit title
Date
Assessing the Risks of Creating a Business Information System
When assessing the risks of creating a business information system, it is important to
come up with the scope and focus of the system. For an IT business, the focus would be on the
assets by identifying the assets that should be included and clear definition of what and where the
data is contained. The focus should aim to acquire an understanding of the amount of
information that will be stored and shared within the system (Ružić-Dimitrijević, 2009). Another
factor to include under the scope of the company’s risk assessment is the threats landscape that
concerns the business. Under threats, the assets identified are classified under categories of the
ones susceptible to attacks from risky external actors and the ones vulnerable to internal threats.
The general goal for the analysis is for the business to develop a common understanding
of risk over multiple business units and functions that will enable the managers to handle risk
cost-effectively on an enterprise broad basis. The business also aims to get an improved
understanding of threat for competitive advantage (Ross, 2018). Through the analysis the
business also targets to achieve cost savings by improving management of inner resources and
assigning capital more efficiently. Different cyber security product categories such as next-
generation firewalls, next-generation intrusion prevention, web gateway and advanced malware
protection could be used in developing the cyber security measure. One party that will be
involved is Cisco Company which is a leader in the networking field. The company offers among

Secure Best Marks with AI Grader

Need help grading? Try our AI Grader for instant feedback on your assignments.

💎 Get Pro

SURNAME 2
the broadest lineups of security products of any vendor. Their products include firepower
NGIPS, Firepower Management Center,Cisco Umbrella, Cisco Cloudlock as well as Cisco
Advanced Malware protection.
Some of the network assets include customer database, user devices such as laptops,
tablets and personal phones as well as company data and information including customer
information and employee information.
Cyber-security threats to the business network
Source of threat What may take place Enabler
Hacker Breach company database SQL penetration
Denial of service Loss of events and accessing
network resources
Multiple users accessing
common resources at the
same time
Spoofing Company information is Operating system through
End user
device End user
device
End user
device
End user
device
Company database
Customer data
Company data
Employee data

SURNAME 3
leaked to the public illegal access to the database
Tampering Customer information is
illegally accessed and certain
data could be misused such
as credit information
Insecure wireless connections
Likelihood of the cyber-security threats occurring
Threat type Likelihood Description
hacking Possible Other companies in the IT
business have reported cases
of network hacking
Denial of service Certain With multiple users sharing
common resources under the
network, denial of service
looks to occur often
Spoofing Unlikely Only authorized users with
appropriate authenticating
credentials can access the
company database
Tampering Rare Insecure wireless connections
are common and difficult to
identify but attacks through
these networks require skilled
programmers to carry out
hence are not popular.
. Consequence scale
Threat type Consequence Description
hacking serious Sensitive company data that
forms part of their
competitive edge is leaked to
the public losing its market
value
Denial of service Moderate System will experience
downtime for several minutes
or hours
Spoofing Catastrophic Private user information and
network activities can be
revealed breaching users’

SURNAME 4
privacy while using the
company network
Tampering Minor Accessing and modifying
company data on its servers
through unauthorized
wireless means is difficult
hence not common.
. Risk Function and assessment measures
Likelihood/Consequence Irrelevant Unimportant Reasonable severe tragic
Unusual Tampering
Likely hacking
Sure Denial of
service
Doubtful Spoofing
Risk Treatment
Serious
Catastrophic
Moderate
Hacker Introduces
malicious code
through SQL
penetration
Possible
Company database
Customer data
Company data
Employee data
Unauthorized
user
Penetrates the
company network
through spoofing
Unlikely
Company staff
Experiencing
DDos and system
crashes
Certain The internet

Paraphrase This Document

Need a fresh take? Get an instant paraphrase of this document with our AI Paraphraser

💎 Try AI Paraphraser

SURNAME 5
Relations between threats and assets
Handling
Handling Cost Danger Risk decrease
Management
1:Setting up firewalls
within the network to
reduce unauthorized
low Risk 1 Monitor to acceptable
Hacker Sensitive
company data
is leaked
Unacceptable
Employee database
Company
Employees
System
experiencing
downtime
Acceptable
Data
recovery
Network resources
Company
reputation
Unauthorized
user
Exposing data
to third parties
Monitor
Customer
information
Customer
data
privacy

SURNAME 6
access
Managament
2:Adding more
network components
to reduce number of
shared devices
Expensive Risk2 Monitor to acceptable
Treatment 3:
Including encryption
and authenticating
measures within the
network
Moderate Risk 3 Unacceptable to
monitor

SURNAME 7
References
Ross, R. S. (2018, December 20). Privacy, Risk Management Framework for Information
Systems and Organizations: A System Life Cycle Approach for Security and Privacy.
Retrieved from NIST: https://www.nist.gov/publications/risk-management-framework-
information-systems-and-organizations-system-life-cycle
Ružić-Dimitrijević, B. N. ( 2009). Risk Assessment of Information Technology Systems. Issues
in Informing Science and Information Technology, 570-620.

1 out of 7

+13062052269

info@desklib.com

Assessing the Risks of Creating a Business Information System

Contribute Materials

Secure Best Marks with AI Grader

Paraphrase This Document

Related Documents

Risk Assessment Report- Docs

IoT Security: Risks and Mitigation Techniques

Cyber Security: BYOD Risk Assessment, Certificate-based Authentication, and Anti-phishing Guideline

Information Security Management

Assignment | Information System Security

Mitigation Strategies for Distributed Denial of Service (DDoS) Attack