Risk Assessment in IT: Organizational Structure and Management
VerifiedAdded on  2021/05/30
|18
|4915
|12
Report
AI Summary
This report provides a detailed overview of information technology (IT) management within organizations, emphasizing the critical role of IT in storing, retrieving, and managing data. It discusses various theories of IT management, including Contingency Theory, Systems Theory, Theory X and Theory Y, and Chaos Theory, illustrating their practical applications in real-life business scenarios. The report identifies key risks and issues in IT management, such as hardware and software failures, viruses, and other threats, and explores strategies for mitigating these risks. It also highlights the importance of risk assessment in safeguarding confidential information and ensuring the smooth operation of business activities. The report concludes by underscoring the necessity of proactive risk management in maintaining the integrity and security of an organization's IT infrastructure.
Running head: ORGANIZATIONAL STRUCTURE
Organizational Structure
Name of the Student
Name of the University
Author’s Note:
Organizational Structure
Name of the Student
Name of the University
Author’s Note:
Paraphrase This Document
Need a fresh take? Get an instant paraphrase of this document with our AI Paraphraser
1
ORGANIZATIONAL STRUCTURE
Table of Contents
Introduction................................................................................................................................2
Discussion..................................................................................................................................3
IT Management......................................................................................................................3
Various Theories of IT Management.....................................................................................4
Conceptual Application of IT Management Theories in Real Life Situations.......................5
Risks or Issues in IT Management.........................................................................................7
Mitigating or Assessing Various Risks in IT Business........................................................11
Conclusion................................................................................................................................13
References................................................................................................................................15
ORGANIZATIONAL STRUCTURE
Table of Contents
Introduction................................................................................................................................2
Discussion..................................................................................................................................3
IT Management......................................................................................................................3
Various Theories of IT Management.....................................................................................4
Conceptual Application of IT Management Theories in Real Life Situations.......................5
Risks or Issues in IT Management.........................................................................................7
Mitigating or Assessing Various Risks in IT Business........................................................11
Conclusion................................................................................................................................13
References................................................................................................................................15
2
ORGANIZATIONAL STRUCTURE
Introduction
Information technology or IT can be defined as the utilization of various systems or
computers that are utilized for the purpose of storing, retrieving, manipulating and finally
transmitting the data or information for any particular organization or business (Eason 2014).
This information technology is thus considered as the core subset of ICT or information and
communications technology. The information technology is responsible for the
encompassment of the various information distribution techniques like telephones or
televisions (Schwalbe 2015). The various products as well as services within any specific
economy are eventually linked with the information technology, which include e commerce,
software, hardware, electronics, and equipments of telecom, internet, semiconductors and
many more. The management of this information technology is known IT management or
information technology management. It is the basic type of discipline where each and every
resource of information technology of any particular company or organization are solely
controlled and managed as per the requirements or the priorities of the business (Bilbao-
Osorio, Dutta and Lanvin 2013). All these resources subsequently include the tangible
investments such as networks, data, information, and computer software, facilities of data
centre and computer hardware. Moreover, the employees or the personnel of the organization
are also considered as the tangible investments or assets of that organization. The
responsibility of the management of information technology in an organization mainly entails
all the significant functionalities of the business like change management, organization,
control, budgeting, network planning, software designing, support to technical and staffing
(Dahlstrom, Walker and Dziuban 2013). The most important objective of the IT management
is the generation of value through the utilization of proper and significant technology.
ORGANIZATIONAL STRUCTURE
Introduction
Information technology or IT can be defined as the utilization of various systems or
computers that are utilized for the purpose of storing, retrieving, manipulating and finally
transmitting the data or information for any particular organization or business (Eason 2014).
This information technology is thus considered as the core subset of ICT or information and
communications technology. The information technology is responsible for the
encompassment of the various information distribution techniques like telephones or
televisions (Schwalbe 2015). The various products as well as services within any specific
economy are eventually linked with the information technology, which include e commerce,
software, hardware, electronics, and equipments of telecom, internet, semiconductors and
many more. The management of this information technology is known IT management or
information technology management. It is the basic type of discipline where each and every
resource of information technology of any particular company or organization are solely
controlled and managed as per the requirements or the priorities of the business (Bilbao-
Osorio, Dutta and Lanvin 2013). All these resources subsequently include the tangible
investments such as networks, data, information, and computer software, facilities of data
centre and computer hardware. Moreover, the employees or the personnel of the organization
are also considered as the tangible investments or assets of that organization. The
responsibility of the management of information technology in an organization mainly entails
all the significant functionalities of the business like change management, organization,
control, budgeting, network planning, software designing, support to technical and staffing
(Dahlstrom, Walker and Dziuban 2013). The most important objective of the IT management
is the generation of value through the utilization of proper and significant technology.
⊘ This is a preview!⊘
Do you want full access?
Subscribe today to unlock all pages.
Trusted by 1+ million students worldwide
3
ORGANIZATIONAL STRUCTURE
The following report outlines a brief discussion on the management issues of
information technology. One of the major and significant management issues of the IT is risk
assessment. There are various types of risks present in a business and all those risks are
required to be mitigated properly. This report will be focusing on the risk assessment of any
organization with proper mitigation strategies.
Discussion
IT Management
An organization or company has various functions or processes within it. These
processes or functions help to define the business properly and substantially (Holtshouse
2013). The process of managing all the resources of information technology, right from
equipments like software and hardware to the personnel of the organization is known as
management of information technology or IT management. These resources are properly
managed or controlled as per the needs or requirements of the organization and thus
involving every tangible resource are maintained with this particular management (Lloyd
2017). The resource allocation and the strategic planning also become easier with this type
management of information technology. The IT manager is responsible for the proper
implementation and maintenance of the infrastructure of the organizational technology. The
businesses eventually rely on the system of central information processing for the purpose of
supporting the efficient and effective management of data and communication of data
(Laudon and Laudon 2015). With the management of information technology, the
requirements of the organizational operations are monitored. Moreover, the strategies are
researched and thus an extremely cost effective as well as efficient system is built for
achieving all the organizational goals and objectives.
ORGANIZATIONAL STRUCTURE
The following report outlines a brief discussion on the management issues of
information technology. One of the major and significant management issues of the IT is risk
assessment. There are various types of risks present in a business and all those risks are
required to be mitigated properly. This report will be focusing on the risk assessment of any
organization with proper mitigation strategies.
Discussion
IT Management
An organization or company has various functions or processes within it. These
processes or functions help to define the business properly and substantially (Holtshouse
2013). The process of managing all the resources of information technology, right from
equipments like software and hardware to the personnel of the organization is known as
management of information technology or IT management. These resources are properly
managed or controlled as per the needs or requirements of the organization and thus
involving every tangible resource are maintained with this particular management (Lloyd
2017). The resource allocation and the strategic planning also become easier with this type
management of information technology. The IT manager is responsible for the proper
implementation and maintenance of the infrastructure of the organizational technology. The
businesses eventually rely on the system of central information processing for the purpose of
supporting the efficient and effective management of data and communication of data
(Laudon and Laudon 2015). With the management of information technology, the
requirements of the organizational operations are monitored. Moreover, the strategies are
researched and thus an extremely cost effective as well as efficient system is built for
achieving all the organizational goals and objectives.
Paraphrase This Document
Need a fresh take? Get an instant paraphrase of this document with our AI Paraphraser
4
ORGANIZATIONAL STRUCTURE
This particular management is separate from the management information system or
MIS (Willcocks 2013). The management information system refers to the various methods of
management that helps in decision making. However, management of information technology
refers to the management of activities that are completely related to information technology
or IT.
Various Theories of IT Management
The management of information technology is a vast domain that comprises of
various important theories. These theories help to understand the entire ideology of the IT
management and have various applications in the business or organizations (Van Der Aalst,
La Rosa and Santoro 2016). The several theories of the information technology management
are as follows:
i) Contingency Theory: This is the first and the foremost theory of IT management.
This particular theory demonstrates that the managers should take decisions that are
completely based on the situation that is occurring now (Laudon and Laudon 2016). The
action should be taken on the basis of the aspects or features that are vital for the situation.
All the managers utilize the leadership approaches in this scenario.
ii) Systems Theory: The second important theory of the management of the
information technology is the systems theory. The manager has the ability to identify the
difference in systems affect ting the employees or vice versa (Bloom et al. 2014). Any
specific system is eventually made up of the various portions or parts that are working
together for achieving the goal.
iii) Theory X and Theory Y: The third important theory of the management of the
information technology is the Theory X and Theory Y. The first theory X or the management
theory that any individual chooses for utilizing is eventually influenced by the beliefs
ORGANIZATIONAL STRUCTURE
This particular management is separate from the management information system or
MIS (Willcocks 2013). The management information system refers to the various methods of
management that helps in decision making. However, management of information technology
refers to the management of activities that are completely related to information technology
or IT.
Various Theories of IT Management
The management of information technology is a vast domain that comprises of
various important theories. These theories help to understand the entire ideology of the IT
management and have various applications in the business or organizations (Van Der Aalst,
La Rosa and Santoro 2016). The several theories of the information technology management
are as follows:
i) Contingency Theory: This is the first and the foremost theory of IT management.
This particular theory demonstrates that the managers should take decisions that are
completely based on the situation that is occurring now (Laudon and Laudon 2016). The
action should be taken on the basis of the aspects or features that are vital for the situation.
All the managers utilize the leadership approaches in this scenario.
ii) Systems Theory: The second important theory of the management of the
information technology is the systems theory. The manager has the ability to identify the
difference in systems affect ting the employees or vice versa (Bloom et al. 2014). Any
specific system is eventually made up of the various portions or parts that are working
together for achieving the goal.
iii) Theory X and Theory Y: The third important theory of the management of the
information technology is the Theory X and Theory Y. The first theory X or the management
theory that any individual chooses for utilizing is eventually influenced by the beliefs
5
ORGANIZATIONAL STRUCTURE
regarding attitudes of workers (Galliers and Leidner 2014). All the managers who solely
believe the fact that the employees usually lack any ambition and require incentives or
motivation for increasing the productivity subsequently lean towards the Theory X. however,
Theory Y states that employees are driven naturally and have the thirst to take responsibility.
iv) Chaos Theory: The fourth important theory of the management of the information
technology is the chaos theory. There is always a constant alteration in business. In spite of
the fact that there are various circumstances or events that could be controlled, there are few
that could not controlled and managed (Von Solms and Van Niekerk 2013). Chaos theory
identifies those changes that are inevitable and are rarely managed. When the organizations
grow, the possibility as well as the complexity of any type of susceptible event, increases.
Conceptual Application of IT Management Theories in Real Life Situations
The information technology management is the most important requirement in any
business. The entire management of the organizational structure becomes explicitly easier
with this particular management (Wang and Lu 2013). There above mentioned various
theories of the management of information technology comprise of various conceptual
applications in the real life situations. Hence, the conceptual applications of all the above
mentioned IT management theories within real life situations are as follows:
i) Contingency Theory: The contingency theory comprises of various significant
applications within the information technological world (Hahn et al. 2013). The first and the
foremost utilization is that it could be utilized for assessing the effectiveness of any specific
individual for any particular role and check the reasons for the ineffectiveness or
effectiveness of the individual (Elmaghraby and Losavio 2014). The next significant
application of the contingency theory mainly includes helping in the implementation of
ORGANIZATIONAL STRUCTURE
regarding attitudes of workers (Galliers and Leidner 2014). All the managers who solely
believe the fact that the employees usually lack any ambition and require incentives or
motivation for increasing the productivity subsequently lean towards the Theory X. however,
Theory Y states that employees are driven naturally and have the thirst to take responsibility.
iv) Chaos Theory: The fourth important theory of the management of the information
technology is the chaos theory. There is always a constant alteration in business. In spite of
the fact that there are various circumstances or events that could be controlled, there are few
that could not controlled and managed (Von Solms and Van Niekerk 2013). Chaos theory
identifies those changes that are inevitable and are rarely managed. When the organizations
grow, the possibility as well as the complexity of any type of susceptible event, increases.
Conceptual Application of IT Management Theories in Real Life Situations
The information technology management is the most important requirement in any
business. The entire management of the organizational structure becomes explicitly easier
with this particular management (Wang and Lu 2013). There above mentioned various
theories of the management of information technology comprise of various conceptual
applications in the real life situations. Hence, the conceptual applications of all the above
mentioned IT management theories within real life situations are as follows:
i) Contingency Theory: The contingency theory comprises of various significant
applications within the information technological world (Hahn et al. 2013). The first and the
foremost utilization is that it could be utilized for assessing the effectiveness of any specific
individual for any particular role and check the reasons for the ineffectiveness or
effectiveness of the individual (Elmaghraby and Losavio 2014). The next significant
application of the contingency theory mainly includes helping in the implementation of
⊘ This is a preview!⊘
Do you want full access?
Subscribe today to unlock all pages.
Trusted by 1+ million students worldwide
6
ORGANIZATIONAL STRUCTURE
changes or alterations in the roles and responsibilities that the management might need to
make to bring effectiveness to the role of the person leading the same.
ii) Systems Theory: This particular theory also comprises of various applications in
real life scenarios (Buczak and Guven 2016). Systems theory is utilized as the tool to
understand different characteristics of the functionality of a business. For an instance, the
different parts of any business cannot operate alone from one another. Rather, all the
departments are interrelated with each other (Wells et al. 2014). Each and every part of a
system should work together. The Systems theory hence refers to this particular kind of
interaction for the enabling process as the entire separate sub systems allow each other in
performing effectively (Sou, Sandberg and Johansson 2013).
iii) Theory X and Theory Y: Theory X usually proves to be the most efficient or
effective for work consistency (Cavelty 2014). Theory X completes any IT work properly and
perfectly. The followers of Theory Y might comprise of a better relation with the higher
authorities, and thus potentially comprising of a healthy environment within the workplace
(Gupta, Agrawal and Yamaguchi 2016).
iv) Chaos Theory: The applications of chaos theory is much different from the rest of
the management theories (Laudon and Laudon 2016). Within the technological world, this
theory is applicable in domains like cryptography, robotics and many more. In cryptography,
the chaos or the non linear dynamics are being utilized for the design of various primitives of
cryptography. These algorithms solely include the algorithms of encryptions, hashing
functions, streaming ciphers, steganography, secured pseudo random number generator,
watermarking and many more (Sou, Sandberg and Johansson 2013). Most of these algorithms
are eventually based on the uni modal chaotic maps and hence a large portion of all these
algorithms utilize the controlling parameters as well as initial condition of all those chaotic
ORGANIZATIONAL STRUCTURE
changes or alterations in the roles and responsibilities that the management might need to
make to bring effectiveness to the role of the person leading the same.
ii) Systems Theory: This particular theory also comprises of various applications in
real life scenarios (Buczak and Guven 2016). Systems theory is utilized as the tool to
understand different characteristics of the functionality of a business. For an instance, the
different parts of any business cannot operate alone from one another. Rather, all the
departments are interrelated with each other (Wells et al. 2014). Each and every part of a
system should work together. The Systems theory hence refers to this particular kind of
interaction for the enabling process as the entire separate sub systems allow each other in
performing effectively (Sou, Sandberg and Johansson 2013).
iii) Theory X and Theory Y: Theory X usually proves to be the most efficient or
effective for work consistency (Cavelty 2014). Theory X completes any IT work properly and
perfectly. The followers of Theory Y might comprise of a better relation with the higher
authorities, and thus potentially comprising of a healthy environment within the workplace
(Gupta, Agrawal and Yamaguchi 2016).
iv) Chaos Theory: The applications of chaos theory is much different from the rest of
the management theories (Laudon and Laudon 2016). Within the technological world, this
theory is applicable in domains like cryptography, robotics and many more. In cryptography,
the chaos or the non linear dynamics are being utilized for the design of various primitives of
cryptography. These algorithms solely include the algorithms of encryptions, hashing
functions, streaming ciphers, steganography, secured pseudo random number generator,
watermarking and many more (Sou, Sandberg and Johansson 2013). Most of these algorithms
are eventually based on the uni modal chaotic maps and hence a large portion of all these
algorithms utilize the controlling parameters as well as initial condition of all those chaotic
Paraphrase This Document
Need a fresh take? Get an instant paraphrase of this document with our AI Paraphraser
7
ORGANIZATIONAL STRUCTURE
maps as the keys. The similarity within the cryptographic system and the chaotic maps is the
most important motivation for designing the chaos of cryptographic algorithms. Robotics is
yet another area, which gets advantages from the chaos theory (Van Der Aalst, La Rosa and
Santoro 2016). Apart of using robots in any trial and error type refinement for interacting
with environment, the chaos theory is utilized for building a specific predictive model. The
chaotic dynamics are exhibited by the robots having passive walking bipeds.
Risks or Issues in IT Management
The system of information technology like the networks or the computers always
comprise of various confidential information or data (Hong, Liu and Govindarasu 2014). This
information technology thus plays the most significant role in all the organizations. The most
significant activities of the business have the high chance to be vulnerable to several risks or
threats. The IT management is responsible for mitigating all these risks eventually (Abawajy
2014). The various risks for the information technology are as follows:
i) Hardware Failure: The first and the foremost security issue in any information
system is the failure of their hardware (Ben-Asher and Gonzalez 2015). This type of problem
mainly arises when any type of malfunction in observed within the electromechanical
components like tapes or disks or even any type of electronic circuits that are integrated
within any particular computer system (Knowles et al. 2015). The electronics circuits are the
most important and significant parts of the computer system and hence any type of
discrepancy within these circuits leads to the failure of the hardware completely. It is evident
to mention that if the hardware will be a failure, the entire computer system or information
technology will be a major failure and the organization could be in grave danger (McNeil,
Frey and Embrechts 2015). The proper recovery from this type of hardware failure needs
either complete replacement or repairing of that offending or erroneous part.
ORGANIZATIONAL STRUCTURE
maps as the keys. The similarity within the cryptographic system and the chaotic maps is the
most important motivation for designing the chaos of cryptographic algorithms. Robotics is
yet another area, which gets advantages from the chaos theory (Van Der Aalst, La Rosa and
Santoro 2016). Apart of using robots in any trial and error type refinement for interacting
with environment, the chaos theory is utilized for building a specific predictive model. The
chaotic dynamics are exhibited by the robots having passive walking bipeds.
Risks or Issues in IT Management
The system of information technology like the networks or the computers always
comprise of various confidential information or data (Hong, Liu and Govindarasu 2014). This
information technology thus plays the most significant role in all the organizations. The most
significant activities of the business have the high chance to be vulnerable to several risks or
threats. The IT management is responsible for mitigating all these risks eventually (Abawajy
2014). The various risks for the information technology are as follows:
i) Hardware Failure: The first and the foremost security issue in any information
system is the failure of their hardware (Ben-Asher and Gonzalez 2015). This type of problem
mainly arises when any type of malfunction in observed within the electromechanical
components like tapes or disks or even any type of electronic circuits that are integrated
within any particular computer system (Knowles et al. 2015). The electronics circuits are the
most important and significant parts of the computer system and hence any type of
discrepancy within these circuits leads to the failure of the hardware completely. It is evident
to mention that if the hardware will be a failure, the entire computer system or information
technology will be a major failure and the organization could be in grave danger (McNeil,
Frey and Embrechts 2015). The proper recovery from this type of hardware failure needs
either complete replacement or repairing of that offending or erroneous part.
8
ORGANIZATIONAL STRUCTURE
ii) Software Failure: The second significant security issue with the information
system of any information technology organization is the software failure (Bessis 2015). The
failure of software eventually means that the entire work of the system would be stopped. The
software could be anything, i.e. it can either be the operating system or the working principles
of the system. It can be simply defined as the inability of any particular program for
continuing with the processes for the cause of logic that is completely erroneous logic (Lam
2014). The other types of software failures are server crashing or software crashing.
Moreover, some software is extremely expensive and thus the organization could be suffering
from significant financial losses due to this type of failure.
iii) Viruses: The third important and significant risk or issue in an information
technology structure of a company is virus (Ben-Asher and Gonzalez 2015). The virus can be
defined as the particular kind of malicious software program, which when executed,
subsequently replicates itself by means of modification of all other vital programs of
computer and finally inserting the code that it is comprised of. As soon as the replication is
succeeded, all the affected regions are termed as infected with any specific computer virus or
similar malicious codes.
iv) Malware: The fourth important and significant risk or issue in an information
technology structure of a company is malware (Abawajy 2014). As the name suggests,
malware, or simply malicious software, is the particular file or program, which is extremely
harmful for the user of an information system. This malware could be anything like Trojan
horses, computer viruses, spyware and worms. All of these malicious codes or programs
could be performing various functions, which include deletion of confidential data, stealing,
encrypting of sensitive information, hijacking or altering the core functions of computing and
finally monitoring the computer activities of a user without proper permission and
authentication (Sou, Sandberg and Johansson 2013).
ORGANIZATIONAL STRUCTURE
ii) Software Failure: The second significant security issue with the information
system of any information technology organization is the software failure (Bessis 2015). The
failure of software eventually means that the entire work of the system would be stopped. The
software could be anything, i.e. it can either be the operating system or the working principles
of the system. It can be simply defined as the inability of any particular program for
continuing with the processes for the cause of logic that is completely erroneous logic (Lam
2014). The other types of software failures are server crashing or software crashing.
Moreover, some software is extremely expensive and thus the organization could be suffering
from significant financial losses due to this type of failure.
iii) Viruses: The third important and significant risk or issue in an information
technology structure of a company is virus (Ben-Asher and Gonzalez 2015). The virus can be
defined as the particular kind of malicious software program, which when executed,
subsequently replicates itself by means of modification of all other vital programs of
computer and finally inserting the code that it is comprised of. As soon as the replication is
succeeded, all the affected regions are termed as infected with any specific computer virus or
similar malicious codes.
iv) Malware: The fourth important and significant risk or issue in an information
technology structure of a company is malware (Abawajy 2014). As the name suggests,
malware, or simply malicious software, is the particular file or program, which is extremely
harmful for the user of an information system. This malware could be anything like Trojan
horses, computer viruses, spyware and worms. All of these malicious codes or programs
could be performing various functions, which include deletion of confidential data, stealing,
encrypting of sensitive information, hijacking or altering the core functions of computing and
finally monitoring the computer activities of a user without proper permission and
authentication (Sou, Sandberg and Johansson 2013).
⊘ This is a preview!⊘
Do you want full access?
Subscribe today to unlock all pages.
Trusted by 1+ million students worldwide
9
ORGANIZATIONAL STRUCTURE
v) Human Error: This is yet another significant problem in any information system
or information technology of a company. The employees or the staffs of the organization are
responsible for this type of problems (Cavelty 2014). These types of attacks occur due to the
wrong steps of the users either accidentally or deliberately.
vi) Spams: The sixth important and significant risk or issue in an information
technology structure of a company is spamming (Wells et al. 2014). The electronic
spamming can be defined as the utilization of an electronic messaging system for sending any
spam or unsolicited message, especially like advertising, and also sending various messages
again and again on the same website.
vii) Phishing: The next significant security issue in the IT structure of an organization
is phishing (Hong, Liu and Govindarasu 2014). It is the core attempt to obtain or gain any
kind of sensitive or confidential information such as passwords or usernames by means of
malicious activities and also by disguising as an entity that is trustworthy.
viii) Sniffing: This is the eight significant security risks in the information technology
of any organization. The hackers or the attackers utilize this type of cyber attack for the
purpose of capturing the data or information (Gupta, Agrawal and Yamaguchi 2016).
Packet sniffing is utilized by hackers for capturing the data the moment it is being transmitted
on any network.
ix) Spoofing: When the network security is taken into account, an attack of spoofing
is extremely common and vulnerable for any organization (Buczak and Guven 2016). It is the
situation where any one program or person successfully pretends as the next by simply
falsifying the data, and hence gaining an illegal benefit.
ORGANIZATIONAL STRUCTURE
v) Human Error: This is yet another significant problem in any information system
or information technology of a company. The employees or the staffs of the organization are
responsible for this type of problems (Cavelty 2014). These types of attacks occur due to the
wrong steps of the users either accidentally or deliberately.
vi) Spams: The sixth important and significant risk or issue in an information
technology structure of a company is spamming (Wells et al. 2014). The electronic
spamming can be defined as the utilization of an electronic messaging system for sending any
spam or unsolicited message, especially like advertising, and also sending various messages
again and again on the same website.
vii) Phishing: The next significant security issue in the IT structure of an organization
is phishing (Hong, Liu and Govindarasu 2014). It is the core attempt to obtain or gain any
kind of sensitive or confidential information such as passwords or usernames by means of
malicious activities and also by disguising as an entity that is trustworthy.
viii) Sniffing: This is the eight significant security risks in the information technology
of any organization. The hackers or the attackers utilize this type of cyber attack for the
purpose of capturing the data or information (Gupta, Agrawal and Yamaguchi 2016).
Packet sniffing is utilized by hackers for capturing the data the moment it is being transmitted
on any network.
ix) Spoofing: When the network security is taken into account, an attack of spoofing
is extremely common and vulnerable for any organization (Buczak and Guven 2016). It is the
situation where any one program or person successfully pretends as the next by simply
falsifying the data, and hence gaining an illegal benefit.
Paraphrase This Document
Need a fresh take? Get an instant paraphrase of this document with our AI Paraphraser
10
ORGANIZATIONAL STRUCTURE
x) Denial of Service Attacks: It is again one of the most common cyber threats or
risks in the information technology structure of any specific company or organization
(Galliers and Leidner 2014). A DoS attack or simply a denial of service attack is the distinct
cyber attack, in which the attacker seeks into the network resource or machine for making it
completely unavailable for the authorized users. The services or the network of the host is
disrupted due to this. Denial of service attacks has become explicitly dangerous for the
organizations and these should be mitigated at every circumstance (Von Solms and Van
Niekerk 2013). The next version of security risk of the IT structure in any organization is the
DDoS attacks or distributed denial of service attacks. Here, a series of various computers are
added and thus the entire IT structure of the company is at stake.
xi) Security Breaches: A security breach can be defined as the particular activity that
is occurred from outside of an organization that contravenes or bypasses the various policies,
procedures and practices of security (Laudon and Laudon 2016). Security violation occurs
when similar internal activity is occurred. This is extremely dangerous for any organization.
xii) Hacking: The next important risk or problem in the IT structure of an
organization is hacking. It is the process of identification of weaknesses within a computer
system or network with the purpose of exploiting the weaknesses in gaining the access
(Bloom et al. 2014). The most significant example of this hacking is utilizing algorithm for
cracking passwords and thus gaining access into the system. The person, who does hacking,
is known as a hacker. He is even termed as an attacker.
xiii) Passwords Theft: The next type of security risk in the organization is passwords
theft. It is way of unauthorized or unauthenticated interception or taking of any information
that is completed based on computer (Van Der Aalst, La Rosa and Santoro 2016).
Password theft is the core act for stealing the confidential or sensitive credentials or
ORGANIZATIONAL STRUCTURE
x) Denial of Service Attacks: It is again one of the most common cyber threats or
risks in the information technology structure of any specific company or organization
(Galliers and Leidner 2014). A DoS attack or simply a denial of service attack is the distinct
cyber attack, in which the attacker seeks into the network resource or machine for making it
completely unavailable for the authorized users. The services or the network of the host is
disrupted due to this. Denial of service attacks has become explicitly dangerous for the
organizations and these should be mitigated at every circumstance (Von Solms and Van
Niekerk 2013). The next version of security risk of the IT structure in any organization is the
DDoS attacks or distributed denial of service attacks. Here, a series of various computers are
added and thus the entire IT structure of the company is at stake.
xi) Security Breaches: A security breach can be defined as the particular activity that
is occurred from outside of an organization that contravenes or bypasses the various policies,
procedures and practices of security (Laudon and Laudon 2016). Security violation occurs
when similar internal activity is occurred. This is extremely dangerous for any organization.
xii) Hacking: The next important risk or problem in the IT structure of an
organization is hacking. It is the process of identification of weaknesses within a computer
system or network with the purpose of exploiting the weaknesses in gaining the access
(Bloom et al. 2014). The most significant example of this hacking is utilizing algorithm for
cracking passwords and thus gaining access into the system. The person, who does hacking,
is known as a hacker. He is even termed as an attacker.
xiii) Passwords Theft: The next type of security risk in the organization is passwords
theft. It is way of unauthorized or unauthenticated interception or taking of any information
that is completed based on computer (Van Der Aalst, La Rosa and Santoro 2016).
Password theft is the core act for stealing the confidential or sensitive credentials or
11
ORGANIZATIONAL STRUCTURE
information from the unknowing victims with an intention to compromise security or privacy
and hence obtaining the confidential information.
xiv) Dishonesty of Staffs: Another significant problem with the security of
information technology is the dishonesty of staffs or employees. This is also termed as insider
attacks (Bilbao-Osorio, Dutta and Lanvin 2013). The insider attacks should be reduced for
solving all types of staff dishonesty.
xv) Natural Disasters: The next significant problem with the information technology
or information systems of any organization is the natural disasters (Dahlstrom, Walker and
Dziuban 2013). Earthquakes, floods are the most important and significant problems of the
structure.
All the above mentioned risks are extremely dangerous for the organization and hence
they should be mitigated with utmost security and cautiousness. The following paragraphs
will describe the mitigation of assessing of the risks within an IT structure.
Mitigating or Assessing Various Risks in IT Business
There are five ways to mitigate all the above mentioned risks in an Information
Technology structure of an organization (Schwalbe 2015). They are as follows:
i) Identification of all associated credentials, remote users and accounts: The first
way to mitigate the risks is the proper identification of all the important credentials, accounts
or remote users (Willcocks 2013). The keys of SSH, passwords as well as hard coded
credentials must be kept for getting proper visibility to the fact that who are accessing the
critical systems of an organization.
ii) Locking down of credentials: The second step is to lock down all the credentials.
The moment each and every account, remote user and credential are identified, it is the time
ORGANIZATIONAL STRUCTURE
information from the unknowing victims with an intention to compromise security or privacy
and hence obtaining the confidential information.
xiv) Dishonesty of Staffs: Another significant problem with the security of
information technology is the dishonesty of staffs or employees. This is also termed as insider
attacks (Bilbao-Osorio, Dutta and Lanvin 2013). The insider attacks should be reduced for
solving all types of staff dishonesty.
xv) Natural Disasters: The next significant problem with the information technology
or information systems of any organization is the natural disasters (Dahlstrom, Walker and
Dziuban 2013). Earthquakes, floods are the most important and significant problems of the
structure.
All the above mentioned risks are extremely dangerous for the organization and hence
they should be mitigated with utmost security and cautiousness. The following paragraphs
will describe the mitigation of assessing of the risks within an IT structure.
Mitigating or Assessing Various Risks in IT Business
There are five ways to mitigate all the above mentioned risks in an Information
Technology structure of an organization (Schwalbe 2015). They are as follows:
i) Identification of all associated credentials, remote users and accounts: The first
way to mitigate the risks is the proper identification of all the important credentials, accounts
or remote users (Willcocks 2013). The keys of SSH, passwords as well as hard coded
credentials must be kept for getting proper visibility to the fact that who are accessing the
critical systems of an organization.
ii) Locking down of credentials: The second step is to lock down all the credentials.
The moment each and every account, remote user and credential are identified, it is the time
⊘ This is a preview!⊘
Do you want full access?
Subscribe today to unlock all pages.
Trusted by 1+ million students worldwide
1 out of 18
Related Documents
Your All-in-One AI-Powered Toolkit for Academic Success.
 +13062052269
info@desklib.com
Available 24*7 on WhatsApp / Email
![[object Object]](/_next/static/media/star-bottom.7253800d.svg)
Unlock your academic potential
Copyright © 2020–2025 A2Z Services. All Rights Reserved. Developed and managed by ZUCOL.