Assessing the Risks of Creating a Business Information System
Added on 2023-03-23
7 Pages855 Words60 Views
SURNAME 1
Student name
Lecturer’s name
Unit title
Date
Assessing the Risks of Creating a Business Information System
When assessing the risks of creating a business information system, it is important to
come up with the scope and focus of the system. For an IT business, the focus would be on the
assets by identifying the assets that should be included and clear definition of what and where the
data is contained. The focus should aim to acquire an understanding of the amount of
information that will be stored and shared within the system (Ružić-Dimitrijević, 2009). Another
factor to include under the scope of the company’s risk assessment is the threats landscape that
concerns the business. Under threats, the assets identified are classified under categories of the
ones susceptible to attacks from risky external actors and the ones vulnerable to internal threats.
The general goal for the analysis is for the business to develop a common understanding
of risk over multiple business units and functions that will enable the managers to handle risk
cost-effectively on an enterprise broad basis. The business also aims to get an improved
understanding of threat for competitive advantage (Ross, 2018). Through the analysis the
business also targets to achieve cost savings by improving management of inner resources and
assigning capital more efficiently. Different cyber security product categories such as next-
generation firewalls, next-generation intrusion prevention, web gateway and advanced malware
protection could be used in developing the cyber security measure. One party that will be
involved is Cisco Company which is a leader in the networking field. The company offers among
Student name
Lecturer’s name
Unit title
Date
Assessing the Risks of Creating a Business Information System
When assessing the risks of creating a business information system, it is important to
come up with the scope and focus of the system. For an IT business, the focus would be on the
assets by identifying the assets that should be included and clear definition of what and where the
data is contained. The focus should aim to acquire an understanding of the amount of
information that will be stored and shared within the system (Ružić-Dimitrijević, 2009). Another
factor to include under the scope of the company’s risk assessment is the threats landscape that
concerns the business. Under threats, the assets identified are classified under categories of the
ones susceptible to attacks from risky external actors and the ones vulnerable to internal threats.
The general goal for the analysis is for the business to develop a common understanding
of risk over multiple business units and functions that will enable the managers to handle risk
cost-effectively on an enterprise broad basis. The business also aims to get an improved
understanding of threat for competitive advantage (Ross, 2018). Through the analysis the
business also targets to achieve cost savings by improving management of inner resources and
assigning capital more efficiently. Different cyber security product categories such as next-
generation firewalls, next-generation intrusion prevention, web gateway and advanced malware
protection could be used in developing the cyber security measure. One party that will be
involved is Cisco Company which is a leader in the networking field. The company offers among
SURNAME 2
the broadest lineups of security products of any vendor. Their products include firepower
NGIPS, Firepower Management Center,Cisco Umbrella, Cisco Cloudlock as well as Cisco
Advanced Malware protection.
Some of the network assets include customer database, user devices such as laptops,
tablets and personal phones as well as company data and information including customer
information and employee information.
Cyber-security threats to the business network
Source of threat What may take place Enabler
Hacker Breach company database SQL penetration
Denial of service Loss of events and accessing
network resources
Multiple users accessing
common resources at the
same time
Spoofing Company information is Operating system through
End user
device End user
device
End user
device
End user
device
Company database
Customer data
Company data
Employee data
the broadest lineups of security products of any vendor. Their products include firepower
NGIPS, Firepower Management Center,Cisco Umbrella, Cisco Cloudlock as well as Cisco
Advanced Malware protection.
Some of the network assets include customer database, user devices such as laptops,
tablets and personal phones as well as company data and information including customer
information and employee information.
Cyber-security threats to the business network
Source of threat What may take place Enabler
Hacker Breach company database SQL penetration
Denial of service Loss of events and accessing
network resources
Multiple users accessing
common resources at the
same time
Spoofing Company information is Operating system through
End user
device End user
device
End user
device
End user
device
Company database
Customer data
Company data
Employee data
SURNAME 3
leaked to the public illegal access to the database
Tampering Customer information is
illegally accessed and certain
data could be misused such
as credit information
Insecure wireless connections
Likelihood of the cyber-security threats occurring
Threat type Likelihood Description
hacking Possible Other companies in the IT
business have reported cases
of network hacking
Denial of service Certain With multiple users sharing
common resources under the
network, denial of service
looks to occur often
Spoofing Unlikely Only authorized users with
appropriate authenticating
credentials can access the
company database
Tampering Rare Insecure wireless connections
are common and difficult to
identify but attacks through
these networks require skilled
programmers to carry out
hence are not popular.
. Consequence scale
Threat type Consequence Description
hacking serious Sensitive company data that
forms part of their
competitive edge is leaked to
the public losing its market
value
Denial of service Moderate System will experience
downtime for several minutes
or hours
Spoofing Catastrophic Private user information and
network activities can be
revealed breaching users’
leaked to the public illegal access to the database
Tampering Customer information is
illegally accessed and certain
data could be misused such
as credit information
Insecure wireless connections
Likelihood of the cyber-security threats occurring
Threat type Likelihood Description
hacking Possible Other companies in the IT
business have reported cases
of network hacking
Denial of service Certain With multiple users sharing
common resources under the
network, denial of service
looks to occur often
Spoofing Unlikely Only authorized users with
appropriate authenticating
credentials can access the
company database
Tampering Rare Insecure wireless connections
are common and difficult to
identify but attacks through
these networks require skilled
programmers to carry out
hence are not popular.
. Consequence scale
Threat type Consequence Description
hacking serious Sensitive company data that
forms part of their
competitive edge is leaked to
the public losing its market
value
Denial of service Moderate System will experience
downtime for several minutes
or hours
Spoofing Catastrophic Private user information and
network activities can be
revealed breaching users’
End of preview
Want to access all the pages? Upload your documents or become a member.
Related Documents
Risk Assessment Report- Docslg...
|11
|1091
|30
IoT Security: Risks and Mitigation Techniqueslg...
|10
|865
|302
Cyber Security: BYOD Risk Assessment, Certificate-based Authentication, and Anti-phishing Guidelinelg...
|9
|2240
|285
Information Security Managementlg...
|11
|1872
|423
Assignment | Information System Securitylg...
|17
|3949
|3
Mitigation Strategies for Distributed Denial of Service (DDoS) Attacklg...
|7
|1857
|53