INF80043: IS/IT Risk Management Report for Young Acorn Foundation
VerifiedAdded on  2022/09/29
|29
|6717
|25
Report
AI Summary
This report presents an IS/IT risk management analysis for the Young Acorn Foundation (ACORN), a non-profit organization focused on community development. The project involves the expansion of ACORN's Child Development Activities (CDA) through its Community Development Program (CDP) across multiple countries. The report begins with an executive summary, table of contents, and an introduction to ACORN's background, purpose, and scope. It then delves into risk management, including risk assessment using the ISO/IEC 27001 framework, identification of threats and vulnerabilities (electronic, physical, employee compliance, human errors, and managerial), control analysis, impact analysis using qualitative methods, and risk determination. The report also includes control recommendations, an overview of relevant laws and regulations, and a detailed risk mitigation analysis with recommendations. Finally, the report concludes with a summary of findings and recommendations for effective risk management strategies to address the identified risks within ACORN's CDP project.
Running head: IS/ IT RISK MANAGEMENT
IS/ IT Risk Management Project: The Young Acorn Foundation
Name of the Student
Name of the University
Author’s Note
IS/ IT Risk Management Project: The Young Acorn Foundation
Name of the Student
Name of the University
Author’s Note
Paraphrase This Document
Need a fresh take? Get an instant paraphrase of this document with our AI Paraphraser
1
IS/ IT RISK MANAGEMENT
Executive Summary
ACORN is a non-profit organization that was looking forward to extend and improve its
CDA or the Child Development Activities. Through the utilization of the Community
Development Program or CDP, the organization has been looking forward to the expansion
and operation of the business amongst the different countries. Through this, the organization
is trying to put forward the employment opportunities of the under-developed people as well
along with the business expansions. The operations would also involve the likelihood of the
competitive environment that the NFP organizations are in right-now, even with the threat of
the competitors. Now, since the area of operations is going to spread throughout different
countries, it is essential to identify that the project might have several risks that need to be
identified and mitigated at the same time. The following will be a detailed and demonstrated
if the project would have several associated risks where the information regarding the
provided project about CDP for ACORN would result into risks for the project. The salient
features about a Risk Mitigation Framework would be used for analysing the impending risks
along with the identification and analysis of the threats and vulnerabilities related to the
technical, operational and managerial risks. It would then continue through an impact
analysis of the threats with quantitative methods, thorough control assessment and likelihood
analysis relating to the critical vulnerabilities, and the understanding of the Legal and the
Regulatory requirement as well as the key environmental factors that have been affecting the
organization. In the end, the recommendations would also be made for the effective risk
mitigation strategies of the identified risks.
IS/ IT RISK MANAGEMENT
Executive Summary
ACORN is a non-profit organization that was looking forward to extend and improve its
CDA or the Child Development Activities. Through the utilization of the Community
Development Program or CDP, the organization has been looking forward to the expansion
and operation of the business amongst the different countries. Through this, the organization
is trying to put forward the employment opportunities of the under-developed people as well
along with the business expansions. The operations would also involve the likelihood of the
competitive environment that the NFP organizations are in right-now, even with the threat of
the competitors. Now, since the area of operations is going to spread throughout different
countries, it is essential to identify that the project might have several risks that need to be
identified and mitigated at the same time. The following will be a detailed and demonstrated
if the project would have several associated risks where the information regarding the
provided project about CDP for ACORN would result into risks for the project. The salient
features about a Risk Mitigation Framework would be used for analysing the impending risks
along with the identification and analysis of the threats and vulnerabilities related to the
technical, operational and managerial risks. It would then continue through an impact
analysis of the threats with quantitative methods, thorough control assessment and likelihood
analysis relating to the critical vulnerabilities, and the understanding of the Legal and the
Regulatory requirement as well as the key environmental factors that have been affecting the
organization. In the end, the recommendations would also be made for the effective risk
mitigation strategies of the identified risks.
2
IS/ IT RISK MANAGEMENT
Table of Contents
1. Introduction............................................................................................................................3
1.1 Background of the Organization......................................................................................3
1.2 Purpose.............................................................................................................................3
1.3 Scope................................................................................................................................4
2. Risk Management...................................................................................................................4
2.1 Risk Assessment...............................................................................................................4
2.1.1 System Characterization - Utilizing the salient features of the Risk Mitigation
Framework ISO/IEC 27001...............................................................................................5
2.1.2 Identification of the threats and vulnerabilities, threats and their impacts to the
Company............................................................................................................................6
2.1.3 Control Analysis measures........................................................................................7
2.1.3 Control Analysis........................................................................................................8
2.1.5 Impact Analysis by Qualitative Methods................................................................10
2.1.6 Risk Determination.................................................................................................12
2.1.7 Control Recommendation.......................................................................................18
2.1.8 Laws and Regulations.............................................................................................18
2.2. Risk Mitigation..............................................................................................................18
2.2.1 Risk Mitigation Analysis and Recommendation.....................................................20
3. Conclusion............................................................................................................................21
References................................................................................................................................23
IS/ IT RISK MANAGEMENT
Table of Contents
1. Introduction............................................................................................................................3
1.1 Background of the Organization......................................................................................3
1.2 Purpose.............................................................................................................................3
1.3 Scope................................................................................................................................4
2. Risk Management...................................................................................................................4
2.1 Risk Assessment...............................................................................................................4
2.1.1 System Characterization - Utilizing the salient features of the Risk Mitigation
Framework ISO/IEC 27001...............................................................................................5
2.1.2 Identification of the threats and vulnerabilities, threats and their impacts to the
Company............................................................................................................................6
2.1.3 Control Analysis measures........................................................................................7
2.1.3 Control Analysis........................................................................................................8
2.1.5 Impact Analysis by Qualitative Methods................................................................10
2.1.6 Risk Determination.................................................................................................12
2.1.7 Control Recommendation.......................................................................................18
2.1.8 Laws and Regulations.............................................................................................18
2.2. Risk Mitigation..............................................................................................................18
2.2.1 Risk Mitigation Analysis and Recommendation.....................................................20
3. Conclusion............................................................................................................................21
References................................................................................................................................23
⊘ This is a preview!⊘
Do you want full access?
Subscribe today to unlock all pages.
Trusted by 1+ million students worldwide
3
IS/ IT RISK MANAGEMENT
1. Introduction
1.1 Background of the Organization
ACORN or Young Acorn Foundation is a tier 2 NFP organization. They are focused
on the community development within marginalized areas. ACORN is mainly operating in
the Asia and Pacific regions and has a presence in every major city of Australia, Asia and
Pacific countries for successful coordination of community development activities or CDA
and fund-raising campaigns. ACORN even launched a new CDP or community development
program for encouraging the under developed communities in working altogether within a
cooperative model and producing products like natural produce or crafts. They have been
operating in multiple countries, however is following Australian laws. It often becomes
difficult when the employees operating in the host country are needed to divulge confidential
information to the respective authority of the host country, which might be deemed as
incorrect under the laws of Australia.
1.2 Purpose
Risk management can be referred to as the procedure to identify, assess as well as
control different types of threats to the earnings and capital of an organization (Lam 2014).
These distinctive threats and risks can easily and promptly stem from a wider variety of
different sources like financial uncertainties, errors in strategic management, natural
disasters, legal liabilities and many more. A successful risk management plan can easily save
the consideration of several potential risks and threats as well as protection of the future of
that particular company (Hopkin 2018). The reason is that a robust risk management plan is
considered as quite helpful for the organization in establishment of processes and avoiding
potential threats to reduce the impacts efficiently.
IS/ IT RISK MANAGEMENT
1. Introduction
1.1 Background of the Organization
ACORN or Young Acorn Foundation is a tier 2 NFP organization. They are focused
on the community development within marginalized areas. ACORN is mainly operating in
the Asia and Pacific regions and has a presence in every major city of Australia, Asia and
Pacific countries for successful coordination of community development activities or CDA
and fund-raising campaigns. ACORN even launched a new CDP or community development
program for encouraging the under developed communities in working altogether within a
cooperative model and producing products like natural produce or crafts. They have been
operating in multiple countries, however is following Australian laws. It often becomes
difficult when the employees operating in the host country are needed to divulge confidential
information to the respective authority of the host country, which might be deemed as
incorrect under the laws of Australia.
1.2 Purpose
Risk management can be referred to as the procedure to identify, assess as well as
control different types of threats to the earnings and capital of an organization (Lam 2014).
These distinctive threats and risks can easily and promptly stem from a wider variety of
different sources like financial uncertainties, errors in strategic management, natural
disasters, legal liabilities and many more. A successful risk management plan can easily save
the consideration of several potential risks and threats as well as protection of the future of
that particular company (Hopkin 2018). The reason is that a robust risk management plan is
considered as quite helpful for the organization in establishment of processes and avoiding
potential threats to reduce the impacts efficiently.
Paraphrase This Document
Need a fresh take? Get an instant paraphrase of this document with our AI Paraphraser
4
IS/ IT RISK MANAGEMENT
1.3 Scope
It is required to maintain risk management plan for all types of IT or IS assets and
resources in a company. ACORN is a tier 2 not for profit organization and they have included
new aspects and features for their business. This report will be outlining a brief discussion on
the case study of ACORN that will discuss in details about the project that ACORN is taking
up as the CDP. The potential risks according to the Risk Mitigation Framework of ISO/IEC
27001 would be considered in this cane along with the segregation of the risks according to
the technical, operational and managerial aspects. The risk mitigation strategies would also be
identified along with the recommendations that the organizations would most likely be taking
up for having a solution to all the impending risks.
2. Risk Management
2.1 Risk Assessment
The primary problem that has been concerning ACORN has been the new Community
Development Program or CDP that ACORN is trying to achieve. This is going to aim at the
encouragement of the under-developed communities such that they can come forward and
work together for achieving a cooperative model. This was also because, with this
collaboration, the organization wanted to enable the manufacturing of certain products as
well as put forward the encouragement of the under-developed people. The program was
unique and it was operating for multiple countries. Therefore, as per the countries where the
project and the organization would operate in, there would be legislative variances for the
operations as well. The market is competitive enough in this particular area where NFPs are
trying to innovate strategies to bring forth the people who are less privileged in the society.
IS/ IT RISK MANAGEMENT
1.3 Scope
It is required to maintain risk management plan for all types of IT or IS assets and
resources in a company. ACORN is a tier 2 not for profit organization and they have included
new aspects and features for their business. This report will be outlining a brief discussion on
the case study of ACORN that will discuss in details about the project that ACORN is taking
up as the CDP. The potential risks according to the Risk Mitigation Framework of ISO/IEC
27001 would be considered in this cane along with the segregation of the risks according to
the technical, operational and managerial aspects. The risk mitigation strategies would also be
identified along with the recommendations that the organizations would most likely be taking
up for having a solution to all the impending risks.
2. Risk Management
2.1 Risk Assessment
The primary problem that has been concerning ACORN has been the new Community
Development Program or CDP that ACORN is trying to achieve. This is going to aim at the
encouragement of the under-developed communities such that they can come forward and
work together for achieving a cooperative model. This was also because, with this
collaboration, the organization wanted to enable the manufacturing of certain products as
well as put forward the encouragement of the under-developed people. The program was
unique and it was operating for multiple countries. Therefore, as per the countries where the
project and the organization would operate in, there would be legislative variances for the
operations as well. The market is competitive enough in this particular area where NFPs are
trying to innovate strategies to bring forth the people who are less privileged in the society.
5
IS/ IT RISK MANAGEMENT
2.1.1 System Characterization - Utilizing the salient features of the Risk Mitigation
Framework ISO/IEC 27001
This particular Risk Mitigation framework has several features that is used for
developing the risk mitigation strategies for the Information Security Management System or
ISMS that involves the procedures to analyse the legal, technical and physical controls during
the risk management process for an organization (Sweeting 2017). In the case for the
ACORN organization as well, there are several forms of the framework that would be
followed for the identification and the approach towards the risk mitigation plan, beginning
with the following:
ï‚· Providing the definition for a security policy
ï‚· Defining the scope for the ISMS utility in the CDP project
ï‚· Conducting the risk assessment and the management of the identified risks
ï‚· Selection of the Control Objectives that need to be implemented
ï‚· Preparation of the statement of applicability
There are several features of the framework that need to be addressed in this case as
well, continuing with the sections including the following features:
ï‚· Assessing the risk
ï‚· Maintaining the security policy
ï‚· IS for the organization
ï‚· Management of asset
ï‚· Securing the Human Resource
ï‚· Ensuring the physical and environmental security during the CDP
ï‚· Access Control
ï‚· Acquisition of the information security
IS/ IT RISK MANAGEMENT
2.1.1 System Characterization - Utilizing the salient features of the Risk Mitigation
Framework ISO/IEC 27001
This particular Risk Mitigation framework has several features that is used for
developing the risk mitigation strategies for the Information Security Management System or
ISMS that involves the procedures to analyse the legal, technical and physical controls during
the risk management process for an organization (Sweeting 2017). In the case for the
ACORN organization as well, there are several forms of the framework that would be
followed for the identification and the approach towards the risk mitigation plan, beginning
with the following:
ï‚· Providing the definition for a security policy
ï‚· Defining the scope for the ISMS utility in the CDP project
ï‚· Conducting the risk assessment and the management of the identified risks
ï‚· Selection of the Control Objectives that need to be implemented
ï‚· Preparation of the statement of applicability
There are several features of the framework that need to be addressed in this case as
well, continuing with the sections including the following features:
ï‚· Assessing the risk
ï‚· Maintaining the security policy
ï‚· IS for the organization
ï‚· Management of asset
ï‚· Securing the Human Resource
ï‚· Ensuring the physical and environmental security during the CDP
ï‚· Access Control
ï‚· Acquisition of the information security
⊘ This is a preview!⊘
Do you want full access?
Subscribe today to unlock all pages.
Trusted by 1+ million students worldwide
6
IS/ IT RISK MANAGEMENT
ï‚· Business Continuity Management
ï‚· Compliance
2.1.2 Identification of the threats and vulnerabilities, threats and their impacts to the
Company
The threat and vulnerability identification would follow through several aspects of
ACRON and its business operation to fully understand the project, its operation and the
impact it would have on the business to identify the required risks for the CDP project on the
organization. Therefore, it is important to identify the following business aspects to clearly
identify the risks associated with the project for the business:
i) Identification of Threats: This is yet another vital and significant stage in the
respective information security risk management for any particular organization (Webb et al.
2014). The potential causes of information and assets would be identified and hence it would
be much easier for the company to identify their potential threats, related to information
security as well as information technology. It is also effective in reducing the impacts of
hacking and similar threats (Brustbauer 2016). The treats that have been identified in this
aspect for the ACORN organization lies as pointed out in the table as below:
Possible Threats Threat Assessment
1. Electronic Threats There might be electronic devices used for
the implementation of the project
procedures, that might have threats
regarding the information storage, capturing
and retrieval within the devices.
2. Physical Threats The occurrence of accidents due to the less
considerations of security during the project
might result into physical or mental harm to
the employees.
3. Employee Compliance Threats There might be occurrences that the people
involved in the project might not find it
difficult to or may be have misinterpreted
information about the legal compliances,
resulting into not following them altogether.
4. Human Errors General human errors also have a threat of
IS/ IT RISK MANAGEMENT
ï‚· Business Continuity Management
ï‚· Compliance
2.1.2 Identification of the threats and vulnerabilities, threats and their impacts to the
Company
The threat and vulnerability identification would follow through several aspects of
ACRON and its business operation to fully understand the project, its operation and the
impact it would have on the business to identify the required risks for the CDP project on the
organization. Therefore, it is important to identify the following business aspects to clearly
identify the risks associated with the project for the business:
i) Identification of Threats: This is yet another vital and significant stage in the
respective information security risk management for any particular organization (Webb et al.
2014). The potential causes of information and assets would be identified and hence it would
be much easier for the company to identify their potential threats, related to information
security as well as information technology. It is also effective in reducing the impacts of
hacking and similar threats (Brustbauer 2016). The treats that have been identified in this
aspect for the ACORN organization lies as pointed out in the table as below:
Possible Threats Threat Assessment
1. Electronic Threats There might be electronic devices used for
the implementation of the project
procedures, that might have threats
regarding the information storage, capturing
and retrieval within the devices.
2. Physical Threats The occurrence of accidents due to the less
considerations of security during the project
might result into physical or mental harm to
the employees.
3. Employee Compliance Threats There might be occurrences that the people
involved in the project might not find it
difficult to or may be have misinterpreted
information about the legal compliances,
resulting into not following them altogether.
4. Human Errors General human errors also have a threat of
Paraphrase This Document
Need a fresh take? Get an instant paraphrase of this document with our AI Paraphraser
7
IS/ IT RISK MANAGEMENT
making several problematic situations that
might lead to immense risk in respecting the
integrity of the project information.
5. Managerial Threats The management threats might be
mismanagement of the people associated
with the project leading to further errors in
the overall management of the project
including all the information associated with
it.
Table 1: Threat Analysis Table
(Source: Created by the Author)
ii) Identification of Vulnerabilities: The system level as well as software
vulnerabilities are eventually putting the availability, integrity or confidentiality of each and
every identified asset at risk. It is required for successful identification of the deficiencies and
weaknesses in the organizational processes effectively and without much complexity.
Moreover, information compromising would be lowered and the organization would be
benefitted (Teller, Kock and Gemünden 2014). The information vulnerabilities that lie in this
regard for the business of ACORN related to the CDP project is the primary vulnerability of
the business.
2.1.3 Control Analysis measures
iv) Identification of Controls: The final stage in this process of information security
risk management would be successful identification of controls (Fenz et al. 2014). This type
of control directly addresses the identified threat and provides ways for mitigating it
successfully. It is generally done after reviewing each and every risk and also after cross
referencing the user directory of that specific company.
ACORN, being one of the most significant and popular charity organizations, is
required to maintain their information security and information technological management
practices properly, so that any threat or risk does not become vulnerable for them (Pritchard
and PMP 2014). These risks and threats comprise of a major negative impact on the
IS/ IT RISK MANAGEMENT
making several problematic situations that
might lead to immense risk in respecting the
integrity of the project information.
5. Managerial Threats The management threats might be
mismanagement of the people associated
with the project leading to further errors in
the overall management of the project
including all the information associated with
it.
Table 1: Threat Analysis Table
(Source: Created by the Author)
ii) Identification of Vulnerabilities: The system level as well as software
vulnerabilities are eventually putting the availability, integrity or confidentiality of each and
every identified asset at risk. It is required for successful identification of the deficiencies and
weaknesses in the organizational processes effectively and without much complexity.
Moreover, information compromising would be lowered and the organization would be
benefitted (Teller, Kock and Gemünden 2014). The information vulnerabilities that lie in this
regard for the business of ACORN related to the CDP project is the primary vulnerability of
the business.
2.1.3 Control Analysis measures
iv) Identification of Controls: The final stage in this process of information security
risk management would be successful identification of controls (Fenz et al. 2014). This type
of control directly addresses the identified threat and provides ways for mitigating it
successfully. It is generally done after reviewing each and every risk and also after cross
referencing the user directory of that specific company.
ACORN, being one of the most significant and popular charity organizations, is
required to maintain their information security and information technological management
practices properly, so that any threat or risk does not become vulnerable for them (Pritchard
and PMP 2014). These risks and threats comprise of a major negative impact on the
8
IS/ IT RISK MANAGEMENT
organizational customer base, specifically, when the risk has impacted the sensitive data. The
customers of the organization might be losing confidence and would not feel that the data is
safe and secured, which is quite vulnerable for the organization of ACORN as it is concerned
with charity services (Glendon and Clarke 2015). The impact of this risk is even tied to the
kind of data involved. Following would be a probable control the threats identified:
Threats Identified Control Measures
1. Electronic Threats Management of the monitoring of the
working for the devices
2. Physical Threats Monitoring the factors under which the
people have been working on and if they are
suitable according to the required project
works for ensuring the safety of the people.
3. Employee Compliance Threats Communicating feasibly to find out all the
business compliance information are
understood well by the employees.
4. Human Errors Monitor the work for the people according
to the set standardized plan for the project.
5. Managerial Threats Management monitoring to be done at set
intervals.
Table 2: Control Analysis Table
(Source: Created by the Author)
2.1.3 Control Analysis
Identified Threats Control Assessment Likelihood Analysis
Electronic Threats The issue related to electronic threats could
be effectively resolved by implementation
of security measures within these devices.
The easiest mode of security is
standardization of software, using network
protection measures, keeping software up
graded and updated and also bolstering
access control (Lavell and Maskrey 2014).
Furthermore, employees should also be
trained properly so that they are able to use
the electronic devices in a better manner.
Somewhat Likely
Physical Threats The respective physical threats of the
organization of ACORN are extremely
vulnerable for their IT IS or confidential
data (Gatzert and Martin 2015). These
should be eradicated effectively for
Very Likely
IS/ IT RISK MANAGEMENT
organizational customer base, specifically, when the risk has impacted the sensitive data. The
customers of the organization might be losing confidence and would not feel that the data is
safe and secured, which is quite vulnerable for the organization of ACORN as it is concerned
with charity services (Glendon and Clarke 2015). The impact of this risk is even tied to the
kind of data involved. Following would be a probable control the threats identified:
Threats Identified Control Measures
1. Electronic Threats Management of the monitoring of the
working for the devices
2. Physical Threats Monitoring the factors under which the
people have been working on and if they are
suitable according to the required project
works for ensuring the safety of the people.
3. Employee Compliance Threats Communicating feasibly to find out all the
business compliance information are
understood well by the employees.
4. Human Errors Monitor the work for the people according
to the set standardized plan for the project.
5. Managerial Threats Management monitoring to be done at set
intervals.
Table 2: Control Analysis Table
(Source: Created by the Author)
2.1.3 Control Analysis
Identified Threats Control Assessment Likelihood Analysis
Electronic Threats The issue related to electronic threats could
be effectively resolved by implementation
of security measures within these devices.
The easiest mode of security is
standardization of software, using network
protection measures, keeping software up
graded and updated and also bolstering
access control (Lavell and Maskrey 2014).
Furthermore, employees should also be
trained properly so that they are able to use
the electronic devices in a better manner.
Somewhat Likely
Physical Threats The respective physical threats of the
organization of ACORN are extremely
vulnerable for their IT IS or confidential
data (Gatzert and Martin 2015). These
should be eradicated effectively for
Very Likely
⊘ This is a preview!⊘
Do you want full access?
Subscribe today to unlock all pages.
Trusted by 1+ million students worldwide
9
IS/ IT RISK MANAGEMENT
ensuring that security is being maintained
under every circumstance. One of the most
efficient solution for physical threat would
be locking the server rooms and placing
server room under surveillance. The
workstations should be secured properly
and a specific layer of security to the
portable devices should be added so that
there exists no scope for such threats
(Pulwarty and Sivakumar 2014). Moreover,
ACORN should improve their defence
against the physical security threats.
Technical threats are extremely common for
the organization and since they are dealing
in several countries, technical failure could
be quite common for dealing with these
issues, it is vital to ensure that each and
every system is upgraded on a periodical
basis and the respective contingencies are
being well monitored and evaluated under
every circumstance (Lundqvist 2015).
Furthermore, they would be able to deal
with these issues in future as well.
Compliance
Violations
The solution for any type of compliance
violation in the organization of ACRON
would be establishment of a stronger
foundation for the business. After getting
proper training, the employees would be
able to build a culture of integrity and
revaluation of the strategies (Teller, Kock
and Gemünden 2014). Thus, it would be
easier for them to reduce compliance
violations effectively in ACRON.
Somewhat Likely
Failure in
Infrastructures
Infrastructure failure issues can be resolved
by involving cloud storage in the business.
It is required to ensure that the data or other
organizational information is not dependent
on the systems and servers and should be
kept on virtual platform for better file
syncing and sharing of services so that these
are securely connected to the distributed
data sources (Meyer and Reniers 2016).
Implementation of an IT disaster recovery
planning is yet another important solution
for this issue.
Less Likely
Human Errors The issue of human error could be resolved
by providing periodical training to the
staffs. Access to the sensitive systems
Very Likely
IS/ IT RISK MANAGEMENT
ensuring that security is being maintained
under every circumstance. One of the most
efficient solution for physical threat would
be locking the server rooms and placing
server room under surveillance. The
workstations should be secured properly
and a specific layer of security to the
portable devices should be added so that
there exists no scope for such threats
(Pulwarty and Sivakumar 2014). Moreover,
ACORN should improve their defence
against the physical security threats.
Technical threats are extremely common for
the organization and since they are dealing
in several countries, technical failure could
be quite common for dealing with these
issues, it is vital to ensure that each and
every system is upgraded on a periodical
basis and the respective contingencies are
being well monitored and evaluated under
every circumstance (Lundqvist 2015).
Furthermore, they would be able to deal
with these issues in future as well.
Compliance
Violations
The solution for any type of compliance
violation in the organization of ACRON
would be establishment of a stronger
foundation for the business. After getting
proper training, the employees would be
able to build a culture of integrity and
revaluation of the strategies (Teller, Kock
and Gemünden 2014). Thus, it would be
easier for them to reduce compliance
violations effectively in ACRON.
Somewhat Likely
Failure in
Infrastructures
Infrastructure failure issues can be resolved
by involving cloud storage in the business.
It is required to ensure that the data or other
organizational information is not dependent
on the systems and servers and should be
kept on virtual platform for better file
syncing and sharing of services so that these
are securely connected to the distributed
data sources (Meyer and Reniers 2016).
Implementation of an IT disaster recovery
planning is yet another important solution
for this issue.
Less Likely
Human Errors The issue of human error could be resolved
by providing periodical training to the
staffs. Access to the sensitive systems
Very Likely
Paraphrase This Document
Need a fresh take? Get an instant paraphrase of this document with our AI Paraphraser
10
IS/ IT RISK MANAGEMENT
should be limited and a strong DR plan
should be developed to ensure that better
accessibility of data is possible without
getting indulged into such threats or risks
(Hayne and Free 2014). Identification of the
primary sources of inaccuracy is the second
significant and important solution of various
human errors. It could even be resolved by
involving special working force.
Unified business
policy for multi-
nation operation
This threat may lead to the failure of the
CDP project completely in one part of the
country and success of the project for
ACORN in another. A unified success can
never be achieved for ACORN.
Very Likely
Table 3: Likelihood Analysis Table
(Source: Created by the Author)
2.1.5 Impact Analysis by Qualitative Methods
Information security risk management is considered as one of the most important and
significant requirements in any business, even for the CDP project for ACORN. It helps in
successful management of risks and threats related to the confidential information or data as
well as the resources or assets that help in initiating the risk impact to a high level (Van
Staveren 2018). The 6 identified threats of ACORN are needed to be treated with the help of
proper standards, guidelines and frameworks. Following would be the analysis of the impact
of the identified threat with the help of the qualitative methods about the information
gathered regarding the project:
Identified threats Impact analysis
Electronic Threats The information storage and management system would be
hampered on the basis of the threats that might be implemented to
the project and the organization (Iqbal et al. 2015). Failure or risk
in the electronics used in the project would mean jeopardizing the
IS/ IT RISK MANAGEMENT
should be limited and a strong DR plan
should be developed to ensure that better
accessibility of data is possible without
getting indulged into such threats or risks
(Hayne and Free 2014). Identification of the
primary sources of inaccuracy is the second
significant and important solution of various
human errors. It could even be resolved by
involving special working force.
Unified business
policy for multi-
nation operation
This threat may lead to the failure of the
CDP project completely in one part of the
country and success of the project for
ACORN in another. A unified success can
never be achieved for ACORN.
Very Likely
Table 3: Likelihood Analysis Table
(Source: Created by the Author)
2.1.5 Impact Analysis by Qualitative Methods
Information security risk management is considered as one of the most important and
significant requirements in any business, even for the CDP project for ACORN. It helps in
successful management of risks and threats related to the confidential information or data as
well as the resources or assets that help in initiating the risk impact to a high level (Van
Staveren 2018). The 6 identified threats of ACORN are needed to be treated with the help of
proper standards, guidelines and frameworks. Following would be the analysis of the impact
of the identified threat with the help of the qualitative methods about the information
gathered regarding the project:
Identified threats Impact analysis
Electronic Threats The information storage and management system would be
hampered on the basis of the threats that might be implemented to
the project and the organization (Iqbal et al. 2015). Failure or risk
in the electronics used in the project would mean jeopardizing the
11
IS/ IT RISK MANAGEMENT
project information related to the employees and the under
privileged people.
Physical Threats The physical threats would impact on the device management that
would result into the threats related to the project information
related to the employees and the under privileged people
Compliance
Violations
The information security management within an organization
works under several compliances that need to be maintained
related to the information security systems (Grote 2015). Not
abiding by the compliances might bring about legal complications
in ACORN.
Failure in
Infrastructures
The failure in the infrastructure may eventually bring about
downfall of the entire project.
Human Errors The human errors in management of project information related to
the employees and the under privileged people might bring about
several problems about violation of confidential information
regulations.
Unified business
policy for multi-
nation operation
The compliance of the information security legislation in one
country for CDP project might be non-compliance of another
country (Lundqvist 2014). This may result into the failure of the
project in one country even if it is successful in others. An overall
success of the business project cannot be attained.
Table 4: Impact Analysis
(Source: Created by the Author)
IS/ IT RISK MANAGEMENT
project information related to the employees and the under
privileged people.
Physical Threats The physical threats would impact on the device management that
would result into the threats related to the project information
related to the employees and the under privileged people
Compliance
Violations
The information security management within an organization
works under several compliances that need to be maintained
related to the information security systems (Grote 2015). Not
abiding by the compliances might bring about legal complications
in ACORN.
Failure in
Infrastructures
The failure in the infrastructure may eventually bring about
downfall of the entire project.
Human Errors The human errors in management of project information related to
the employees and the under privileged people might bring about
several problems about violation of confidential information
regulations.
Unified business
policy for multi-
nation operation
The compliance of the information security legislation in one
country for CDP project might be non-compliance of another
country (Lundqvist 2014). This may result into the failure of the
project in one country even if it is successful in others. An overall
success of the business project cannot be attained.
Table 4: Impact Analysis
(Source: Created by the Author)
⊘ This is a preview!⊘
Do you want full access?
Subscribe today to unlock all pages.
Trusted by 1+ million students worldwide
1 out of 29
Related Documents
Your All-in-One AI-Powered Toolkit for Academic Success.
 +13062052269
info@desklib.com
Available 24*7 on WhatsApp / Email
![[object Object]](/_next/static/media/star-bottom.7253800d.svg)
Unlock your academic potential
Copyright © 2020–2025 A2Z Services. All Rights Reserved. Developed and managed by ZUCOL.