PricingBlogAbout Us

Enterprise-Wide Risk Management Framework: INF80043 Report

Verified

Added on  2023/03/20

|3
|840
|79
Report
AI Summary
This report presents a comprehensive risk assessment, covering various categories such as information technology, human resources, network and infrastructure, and legal/procedural risks. It identifies numerous potential threats, vulnerabilities, and risk events, detailing their sources and impacts on organizational functions. The assessment includes a detailed analysis of the scenario involving a data breach and outlines the roles and responsibilities of IT managers, CIOs, and CEOs in addressing such incidents. Furthermore, the report explores the importance of risk management processes, including risk identification, control, and mitigation, while emphasizing the need for a systematic approach. It also addresses the concepts of due care, due diligence, and vicarious liability in information security, alongside the significance of contingency planning and incident response. The report provides insights into the impacts of information asset exploitation, the importance of information security, and the roles of management in ensuring IS/IT asset security. The report draws upon the course INF80043, emphasizing the need for proactive measures to prepare for worst-case scenarios and the integration of IS/IT risk management into business strategy and governance.
tabler-icon-diamond-filled.svg

Contribute Materials

Your contribution can guide someone’s learning journey. Share your documents today.
Document Page
RISK ASSESMENT:
1) RISK IDENTIFICATION AND ASSESSMENT:
Category Risk
ID
Type Risk description Threat source Threat event Vulnerabilities
INFORMATION
TECHNOLOGY
1 physical Physical unauthorized access
to the data
Unauthorized personnel The data is accessed without
authorization
Weak passwords and
identity verification
systems
2 cyber Data can be breached
through cyber attacks
External attackers Cyber attack on the database No cyber security
measures
3 technical Accidental deletion of data Intentional / Accidental All data deleted from database No data backup kept
4 internal Some infected by malware or
other malicious files
Employee storage drives like pen
drives, DVDs, etc.
All systems infected when personal
storage drives are inserted into
office system
No restrictions on using
personal flash drives
5 technical Internal glitches and bugs
causing poor performance
output of the system
Internal bugs System performance reduced /
system freeze
Lack of software updates
and patches
HUMAN RESOURCE 6 physical Physical unauthorized access
to the data
Unauthorized personnel The data is accessed without
authorization
No security system at the
data centres
7 staff Internal disputes created by
staff
Staff Boycott and complete shutdown of
business activities
Staff requests are not
fulfilled by the company
8 admin No proper communication
between staff and
management
Internal staff and management Lack of information and
misunderstanding
No predefined
communication
requirements
9 physical Power outage or electrical
supply failure
Contractor of supplier of
electricity
Power outage leading to shut down
of the operation of the centre.
No energy back up device
10 admin Unauthorized access and
mishandling of data
Under trained staff not using
classified data properly
Unauthorised person having access
to data and using it for personal
gain
No authorization system
NETWORK AND
INFRASTRUCTURE
11 physical Temperature affecting the
performance of hardware
Poor air conditioning
infrastructure
Power interruption/fluctuations in
voltage
No heat resistant
materials are available
12 physical Mishandling of IT equipments Windy conditions and dust
storms
Windy conditions cause more
incoming dust and dirt to the
buildings
The IT rooms are not
equipped with dust
filtering systems
13 admin Errors in the data center Managing partner for Data
centre
Failure to respond effectively in
critical situation
Not able to control where
the data is being stored
14 admin Lack of expertisement among Management Failure to respond effectively in Untrained in handling
tabler-icon-diamond-filled.svg

Secure Best Marks with AI Grader

Need help grading? Try our AI Grader for instant feedback on your assignments.
Document Page
staff for data management critical situation unexpected high volume
data
15 technical Data can be breached
through cyber attacks
External attackers Cyber attack on the database No intrusion detection
systems development
16 admin Physical data storage system
used
Non-reputed data backup
company
Data loss without warning Appointment of backup
people was done on
personal reasons
17 admin Conflicts within various
departments
Other departments Risk budget factors Lack of inter-
departmental
communication
SYSTEM INTERFACES 18 Physical Interface not well developed Employees Accidental damaged caused by
employees to the equipment
Hardware replacement,
information backup in the
computer
19 Physical Implementation Delay due to
Use of poor quality products
Technicians Network not being adequately
connected to the computers for
which employees cannot have
access to the system
Contractor for the
construction insured or
policy for control
20 Technical Zero technical updates Market Company fall behind due to the lack
of knowledge of new technologies
and keeping up with market needs
There is no technology
manager responsible for
new technologies
21 Technical Low system performance due
to outdated systems
Technological platform Not enough support from the
technological infrastructure to the
growing business
Not able to support the
new branches national
and international that will
result in slower processes
22 Technical Lack of staff expertise within
the company
Employees Process delay due to the lack of
knowledge of the platform
Appropriate training for
the employees
23 Technical Inaccurate data Employees Employees over or under pay due to
an error in the data entering
Non-Qualified employees
able to correct or check
the work done
COMPANY DIRECTORS
AND MANAGEMENT
24 Physical Management and staff errors
in the project
Technician Company functions might stop for a
period of time
The company is not
continuously checking the
infrastructure
25 Physical Construction and installation
of data centre – too
expensive
Technician/contractors Data centre can suffer a physical
attack
Information is not backed
up daily
26 Physical Accidents and disasters due
to environmental effects
Natural disasters sufferer of an environmental
disaster
Information is not backed
up daily
27 Physical Unlimited access to physical
resources of the company
Criminal Damage to the physical data
facilities
There is no insurance
Document Page
LEGAL PROCEDURAL
RISKS
28 technical Credit card data of donors is
compromised
Data loss due to inadequate data
security in database
Employees save credit card data in
other locations temporarily due to
non-awareness of data security
Poorly maintained
databases
29 admin Mishandling and stealing of
copyright data
Wrong handling of data Data being saved in inappropriate
folders such as unclassified
locations
Non-hardened databases
and data lists
30 admin No compliance with standard
set by the government
Non-trained staff dealing with
government systems
Entering of classified data into
unclassified systems
No checks done on
systems for the
classification of data
chevron_up_icon
1 out of 3
circle_padding
hide_on_mobile
zoom_out_icon
logo.png

Your All-in-One AI-Powered Toolkit for Academic Success.

  +13062052269
info@desklib.com

Available 24*7 on WhatsApp / Email

[object Object]
Unlock your academic potential

© 2024   |   Zucol Services PVT LTD   |   All rights reserved.