SBM4304 - Evaluating IS Security and Risk Management at Altium Limited

Verified

Added on 2023/06/08

AI Summary

This essay provides an in-depth analysis of Information System (IS) security and risk management at Altium Limited, an Australian software company specializing in PC-based electronics design software. It begins by outlining Altium's services and how information systems support its business operations, particularly in marketing, sales, production, accounting, and finance. The essay then discusses General Management Controls (GMCs) implemented by Altium, focusing on law and compliance, integrity and competence, and safeguards. It further explores Application Controls (ACs) such as completeness checks, validity checks, identification, authentication, authorization, input control, and forensic control. A comparison of ACs and GMCs highlights their roles in securing the information system and managing organizational resources. The essay evaluates risk management techniques for reliability, confidentiality, availability, integrity, and security, including loss prevention and risk avoidance, as well as techniques for risk identification, assessment, and control, such as separation and loss reduction. Finally, it details Altium's audit plan and process, covering audit requirement identification, report requirement noting, conflict of interest assessments, risk assessment, document and record assessment, discussion of scope and objectives, procedural information collection, evaluation of various controls and plan execution.

Contribute Materials

Your contribution can guide someone’s learning journey. Share your documents today.

Running head: IS SECURITY AND RISK MANAGEMENT
IS Security and Risk Management: Altium Limited
Name of the Student
Name of the University
Author’s Note:

Secure Best Marks with AI Grader

Need help grading? Try our AI Grader for instant feedback on your assignments.

1
IS SECURITY AND RISK MANAGEMENT
Introduction
Information system has two perspectives, which are functional and structural
perspectives. The functional perspective defines that the information system is the
technologically implemented or deployed medium to record, store and finally eliminate the
linguistic expressions and support of inference making (Holtshouse, 2013). The structural
perspective defines that the information system comprises of a set of processes, models,
people and technology to form a cohesive structure and serving some of the organizational
purposes or functions. This information system is the collection of interlinked elements,
which eventually collect, distribute, process or manipulate information for the purpose of
decision making and judgments within any company. Moreover, the coordination or control
is also checked with the help of information system and thus the managers can easily analyze
the several problems.
This essay will be explaining the information system security as well as risk
management for the popular Australian software company, Altium Limited. This particular
organization provides PC based electronics design software for the engineers, who can design
PCB or printed circuit boards. The proper use of information system for the business
operations will be given here with the general management and application controls of
Altium Limited. The risk management techniques and audit plan or process will also be
provided in this essay.
Discussion
1. Services of Altium and Use of Information System
Altium Limited is the Australian public software organization that provides personal
computerized electronics design software. The clients of this organization are those

2
IS SECURITY AND RISK MANAGEMENT
engineers, who are designing PCB or printed circuit board (Altium. 2018). The most
significant products and services of this organization are Altium designer, Altium Live,
Altium Vault, Autotrax and Easytrax, CircuitMaker, CircuitStudio, P CAD, NanoBoard,
TASKING and PDN Analyzer. These are various software or design software tools that the
clients get from this organization (Altium. 2018). Moreover, the FPGAs or field
programmable gate arrays are utilized by them instead of the individual components in a
PCB. For working within the organization, the staffs or employees get various services of
information system.
The business operations of this organization are extremely unique and popular in
respect to other organizations. The outcome of the business operations in Altium is the
harvesting of asset values by the business. They have implemented information system within
their business for enhancing the various business operations and thus is termed as one of the
most important and significant organizations in Australia (Eason, 2014). The most significant
use of information system for the business processes is for the marketing and sales. Since this
is a software company, this particular business function is extremely important for their
business. Hence, information system is required in Altium Limited. Moreover, the
production, accounting and finance departments are also managed with the help of
information system and thus these business operations are well executed by this organization.
Apart from these the management support system, transaction processing system, executive
information system and the decision support systems are the major parts of this information
system. The higher level of competitiveness is another significant advantage of information
system in the business of Altium Limited (Dahlstrom, Walker & Dziuban, 2013). The
presence of the customer care service is the next benefit of information system for the
business operations of this organization. Cost effectiveness is another significant benefit of IS
in Altium’s business operations.

3
IS SECURITY AND RISK MANAGEMENT
2. General Management Controls of Altium
GMC or general management control can be defined as the management function that
has aimed to achieve the several organizational goals in a scheduled time. This particular
system helps in gathering and using the relevant and confidential information for the
successful evaluation of the performance of various resources of organization such as
financial and physical resources (Marchewka, 2014). The several strategies of organization
are easily implemented with the help of GMC. The procedure for management controlling
mainly included the proper performance is being compared with a planned performance. The
second step in this process is the difference within the two is being measured before
contribution to difference is recognized. Finally appropriate action is to be taken wither for
minimization or elimination of the identified differences. There are two types of general
management controls, which are preventive and detective controls. Detective management
control is utilized to identify the several irregularities only when they occur. The second type
is preventive management control (Lloyd, 2017). This type of general management control is
utilized to discourage the errors. Hence, the errors are prevented even before they occur. The
main objective of implementing GMCs is that it helps to control the overall management of
the organization easily and promptly.
There are various general management controls that Altium Limited has implemented
within their organization. Since, this is a software company; these general management
controls are extremely important and significant for them. The GMCs of Altium Limited
comprises of three distinct components, which are setting standards, measuring the overall
performance and finally undertaking appropriate actions (Dahlstrom & Bichsel, 2014). The
various changes or alterations are done with these controls and the assurance level is provided
for protecting the various products and processes of Altium Limited. The GMCs of Alitum
are given below:

Secure Best Marks with AI Grader

Need help grading? Try our AI Grader for instant feedback on your assignments.

4
IS SECURITY AND RISK MANAGEMENT
i) Law and Compliance: The costs, obligations and operations of the organization are
well maintained with the help of law and compliance. Hence, rules are maintained with
excellence.
ii) Integrity as well as Competence: The integrity as well as competence is the other
important GMCs of Altium Limited (Schwalbe, 2015). The competitive advantages are
obtained with these GMCs.
iii) Safeguard: The data or other resources of the organization are protected with
safeguards and thus is termed as one of the most vital GMC of Altium Limited.
3. Application Controls of Altium
AC or application control helps to maintain security or privacy for all the assets or
resources. This security maintenance helps in providing reliability and confidentiality and
thus the business operations of that particular organization is saved (Luftman et al., 2013).
The data risks are reduced and the mitigation strategies can easily eradicate the risks. The
most significant application controls or ACs of Altium Limited are as follows:
i) Completeness Checks: The first AC is completeness check. The processing of
records are ensured properly.
ii) Validity Checks: Only valid and justified data or information is processed and this
particular fact is ensured with validity checks.
iii) Identification: Unique identification of all the users is ensured by identification.
iv) Authentication: Authentication is another important application control of Altium
Limited and thus is maintained by the organization (Brooks, 2016).

5
IS SECURITY AND RISK MANAGEMENT
v) Authorization: Only authorized and approved users have the authority to access the
confidential data or information.
vi) Input Control: The input is being controlled and hence all the unauthorized access
is controlled (Tafti, Mithas & Krishnan, 2013). Moreover, data integrity and confidentiality
are maintained with the input control.
vii) Forensic Control: The data is corrected on time and made appropriate and thus
the forensic control is applied in Altium Limited.
4. Comparison of AC and GMC for Information System
The comparison of AC and GMC in an information system for Altium Limited is as
follows:
i) The AC can control the security and privacy of information system by controlling
the software and transactions. There are various factors that depend on the application
controls (Ullah & Lai, 2013). The GMCs however manage the entire organizational resources
and depend on setting standards, measurement of performance and correct actions taking.
ii) The GMC of Altium is linked with the AC and hence the functionalities could be
easily supported by this connection. GMC majorly controls the servers and end user
environments or mainframes.
5. Evaluation of Techniques for Risk Management
a) Reliability, confidentiality, availability, integrity and security
Risk management techniques are utilized for managing the various risks in an
organization (Hills, 2018). The two risk management techniques of Altium Limited for
reliability, confidentiality, integrity, availability and security are as follows:

6
IS SECURITY AND RISK MANAGEMENT
i) Loss Prevention: This technique helps to prevent the losses caused by risks in IS.
ii) Risk Avoidance: This technique helps to avoid the threats and risks for securing
the IS.
b) Risk identification, assessment and control
Identification of risk is required for proper prevention and precaution (Cui et al.,
2015). The two risk management techniques of Altium Limited for identification, assessment
and control are as follows:
i) Separation: This technique helps to detect the catastrophe types within the business
processes.
ii) Reduction of Loss: This technique helps to reduce the total loss of the company
caused for risks.
6. Audit Plan and Audit Process in Altium
Audit can be defined as the official inspection of the accounts of an organization to
check whether the official documents or resources are not being utilized properly. It is the
most systematic as well as independent examination of accounts and records so that the
management of the organization is assured of the integrity and confidentiality of their
resources and data (Von Solms & Van Niekerk, 2013).
Audit planning is the most important part of audit that is being conducted at the start
of the audit process and thus ensuring that proper attention is being given to all the identified
problems and vital areas. This type of planning is the process of developing the general
strategy and the detailed approach for audit extension and timing. The auditor is responsible
for performing his or her audit in the most efficient and effective manner (Madon & Krishna,
2018). The several benefits of the audit plan mainly involve obtaining necessary evidence for

Paraphrase This Document

Need a fresh take? Get an instant paraphrase of this document with our AI Paraphraser

7
IS SECURITY AND RISK MANAGEMENT
several circumstances, keeping audit costs at the most reasonable level, avoiding
misunderstandings with clients, ensuring that the problems are properly identified and
knowing the scope of the audit program.
Altium Limited has made their own audit plan for the betterment of the business. The
audit plan of this particular organization is as follows:
i) Identification of Audit Requirement: The first step in this process is the proper
identification of audit requirement (Lloyd, 2017).
ii) Noting Report Requirements: The second step in the audit plan is noting and
learning about the various report requirements. These requirements are important for
understanding the various causes of audit.
iii) Conflicts in Interest Assessments: The conflicts in the interest assessments is the
next significant step in audit planning.
iv) Risk Assessment: The risks are assessed in this step and hence audit is done easily
(Schwalbe, 2015). This even helps to eradicate the dangerous risks.
v) Document and Record Assessment: The final step in this audit plan is the
assessment of the document and records. This type of assessment often requires relevant
details.
The audit process of Altium Limited is as follows:
i) Discussion of Scope and Objectives: The scope and objectives of the organization
is well discussed and thus this is the first step in this process.
ii) Procedural Information Collection: The detailed procedural information is
collected in this step and this helps to take necessary measures (Brooks, 2016).

8
IS SECURITY AND RISK MANAGEMENT
iii) Evaluation of Various Controls: The existing controls are evaluated in this step
and thus are considered as one of the most significant criteria in auditing.
iv) Plan Execution: Finally the plan is well executed and this is the final step.
Conclusion
Therefore, from this essay, conclusion can be drawn that information system utilizes
the computer technology for performing all the intended tasks. This type of system could
involve only software and personal computer. Apart from these, the information system can
even include numerous computers of different sizes and the communication networks or
databases. The most significant components of this information system are resources of
people like IS specialists and system analysts, hardware like computer equipments and
associate devices, software like processes and programs, data and networks like network
supports and communication media. The activity orientation of the information system is
also emphasized in this manner. Thus, the security of this information system is extremely
important and is kept on top priority. Risk management abilities are the next important and
significant requirements of this type of computer system. This essay has properly outlined the
entire security and risk management of the most recognized and established software
organization of Australia, namely, Altium Limited. The various details regarding application
controls and general management controls are discussed here. Confidentiality, integrity and
various other factors related to risks are explained in this essay with four risk management
techniques for Altium Limited. The process and plan of auditing in Altium are provided in
the above essay.
The recommendation for Altium Limited is to implement management information
system within their business. This type of information system mainly emphasizes on the

9
IS SECURITY AND RISK MANAGEMENT
interconnection of various social elements and technologies hence their business processes
would be easier.

Secure Best Marks with AI Grader

Need help grading? Try our AI Grader for instant feedback on your assignments.

10
IS SECURITY AND RISK MANAGEMENT
References
Brooks, D. C. (2016). ECAR study of undergraduate students and information
technology (Vol. 4, No. 3, p. 2). 2016.
Cui, T., Ye, H. J., Teo, H. H., & Li, J. (2015). Information technology and open innovation:
A strategic alignment perspective. Information & Management, 52(3), 348-358.
Dahlstrom, E., & Bichsel, J. (2014). ECAR Study of Undergraduate Students and Information
Technology, 2014. Educause.
Dahlstrom, E., Walker, J. D., & Dziuban, C. (2013). ECAR study of undergraduate students
and information technology(p. 2013). 2013.
Eason, K. D. (2014). Information technology and organisational change. CRC Press.
Hills, J. (2018). Information technology and industrial policy. Routledge.
Holtshouse, D. K. (2013). Information technology for knowledge management. Springer
Science & Business Media.
Lloyd, I. (2017). Information technology law. Oxford University Press.
Luftman, J., Zadeh, H. S., Derksen, B., Santana, M., Rigoni, E. H., & Huang, Z. D. (2013).
Key information technology and management issues 2012–2013: an international
study. Journal of Information Technology, 28(4), 354-366.
Madon, S., & Krishna, S. (2018). The Digital Challenge: Information Technology in the
Development Context: Information Technology in the Development Context.
Routledge.
Marchewka, J. T. (2014). Information technology project management. John Wiley & Sons.

11
IS SECURITY AND RISK MANAGEMENT
PCB Design Software | Innovation For PCB Design | Altium. (2018). Retrieved from
https://www.altium.com/ [Accessed on 09 Aug. 2018].
Schwalbe, K. (2015). Information technology project management. Cengage Learning.
Tafti, A., Mithas, S., & Krishnan, M. S. (2013). The effect of information technology–
enabled flexibility on formation and market value of alliances. Management
Science, 59(1), 207-225.
Ullah, A., & Lai, R. (2013). A systematic review of business and information technology
alignment. ACM Transactions on Management Information Systems (TMIS), 4(1), 4.
Von Solms, R., & Van Niekerk, J. (2013). From information security to cyber
security. computers & security, 38, 97-102.