Comprehensive Information Systems Risk and Security Report for Council

Verified

Added on 2021/06/16

AI Summary

This report provides an executive summary and detailed analysis of information systems risk and security within The Shire of Cornersea community. It identifies key stakeholders, including management, the IT department, and the community itself, and assesses the challenges associated with implementing e-services and upgrading IT infrastructure. The report emphasizes the importance of data security, recommending measures such as secure server rooms, data replication, and controlled data access. The Enterprise Risk Management (ERM) approach is advocated to address business operational challenges and ensure the community's long-term goals are met. It covers risk identification, assessment, evaluation, and management, and includes a focus on business continuity policies and IT department preparedness. The report also explores the impact of information system failures and proposes contingency strategies to mitigate operational issues, supported by relevant academic sources.

Information Systems Risk and Security
Name
Institution
Professor
Course
Date

Secure Best Marks with AI Grader

Need help grading? Try our AI Grader for instant feedback on your assignments.

Executive Summary
Implementation of Information system to facilitate service delivery was an impressive idea. It
usually improvds service delivery as well as help in making key decisions concerning the
community. Despite benefits realized from Information systems, there are many issues that need
to be addressed to make its actualization successful. The key stakeholders target in The
Cornersea community risk framework analysis are; management, IT department, HP
management, community employees and community itself. The risk and security framework
analysis would cover; problems faced when implementing Information system and analysis of
the possible solutions to mitigate the issues. To mitigate IT issues, the Enterprise Risk
Management (ERM) has been adopted. It is the best approach because it can be used to solve
business operational challenges and issues that might limit community from achieving its long
term goals. Business continuity policies would need to be evaluated in order to help community
move forward regardless of challenges faced. There is business interruption by information
system failure and its impact analysis need to be done. IT department preparedness to handle
emergencies have been assessed, contingency strategies have been formulated as well as
contingency plan to be followed when mitigating operational issues.
Introduction
Information system security is an important aspect that should be considered by all IT
managers. Having established security loopholes in the organization, the IT manager have to
come up with safety measures which are meant to secure both organizational data and IT
infrastructure as well (Chen, Kataria & Krishnan 2011, p. 399). The council’s IT department is
coupled with some issues that holds at back the success of the services that are offered to The
Shire of Cornersea community. To facilitate service delivery, the council has established e-

services but its ability to operate smoothly has been interrupted by management inability to
upgrade the infrastructure. There is need for legal structures to reinforce information system
security parameters in the council (Kim 2012, p.268478). It is very strange to have server rooms
that have access to all department employees. In secure IT infrastructure, server rooms should be
strongly secured, both physically and logically. The server rooms should be fitted with fire
security controls such as automatic fire detection and very responsive cooling systems
(Vasarhelyi & Halper 2018, p. 92). With such sensitive data center, information replication
should be given the highest priority. To make sure data is secure and its availability is
maintained, data buck up should have alternative mechanisms to avoid interruptions.
Organizational data cannot be entrusted with third parties and having external entities with all
data access privileges from the serer rooms is quite dangerous. To be sure of secure data storage,
only one employee should be entrusted with data center. With existence of security holes in the
organizations firewall, IT department need to create honey pots to track the attackers (Qiu et al
2018, p. 424)
Intended audience/stakeholders
The first group of stakeholders would be organizational management, the CEO and
Directors. These are very key stakeholders because they scrutinize and approve all organizational
proposals regarding Information system security (Haes et al 2013, p. 312). Next, the IT
department which is mandated to support efficient and effective operations of all information
systems in the community. These are stakeholders with very delicate responsibilities because any
lapse on the service delivery would be directed to the department. The departmental employees
are to secure all the data, make sure all systems are available and up to date. Similarly, HP
organization is another key stakeholder because they have access to the community’s data.

Having access to the server makes them control the community data and operate on very strict
terms. Additionally, entire community employees should be aware of the proposed changes
because they need to align themselves with very strict data security regulations to be set up.
Finally, the community itself should be informed on the changes. When upgrades are being done,
service delivery interruptions are possible and it is important to alert system users (Vasarhelyi &
Halper 2018, p. 103).
Scope
In the development of information system framework, IT security problems will be
evaluated extensively. Possible solutions to the problems will have the highest priority in order
to solve organizational IT issues. The impact of the IT operational and policy changes would be
done to evaluate possible outcomes. Finally, possible IT preparedness and contingency strategies
would be done.
Approach
The enterprise risk management (ERM) is the recommended approach when solving IT
issues (Brokers 2018). The ERM has been advocated because it focuses on general business
operation challenges as well as limiting factors to vision achievement. The ERM implementation
follows the following framework steps; risks identification which tries to identify risks that limit
success of the organization. Next step is assessment of already identified risks. Further,
Evaluation is done to determine business willingness to solve the issues. Finally, management of
the risks with aim of reducing likelihood of risk occurring and its impact.

Secure Best Marks with AI Grader

Need help grading? Try our AI Grader for instant feedback on your assignments.

Bibliography
Brokers, P. 2018. Approach to Risk Management - Pound Gates. [Online] Pound Gates.
Available at: http://www.poundgates.com/managing-risk/approach-risk-management/ [Accessed
14 May 2018].
Chen, P.Y., Kataria, G. and Krishnan, R., 2011. Correlated failures, diversification, and
information security risk management. MIS quarterly, pp.397-422.
Haes, S.D. Van Grembergen, W. and Debreceny, R.S., 2013. COBIT 5 and enterprise
governance of information technology: Building blocks and research opportunities. Journal of
Information Systems, 27(1), pp.307-324.
Kim, H., 2012. Security and vulnerability of SCADA systems over IP-based wireless sensor
networks. International Journal of Distributed Sensor Networks, 8(11), p.268478.
Qiu, M., Gai, K., Thuraisingham, B., Tao, L. and Zhao, H., 2018. Proactive user-centric secure
data scheme using attribute-based semantic access controls for mobile clouds in financial
industry. Future Generation Computer Systems, 80, pp.421-429.
Vasarhelyi, M.A. and Halper, F.B., 2018. The continuous audit of online systems. In Continuous
Auditing: Theory and Application (pp. 87-104). Emerald Publishing Limited.