Information Security: Risk Mitigation Summary Plan for InfoTech

Verified

Added on 2023/06/03

AI Summary

This report provides a high-level summary of a risk management plan for InfoTech, focusing on identifying and mitigating risks associated with its information system. It categorizes risks related to confidentiality, integrity, and accessibility, detailing specific threats such as unauthorized access, network exploitation, data repudiation, invalid data entry, and denial of service attacks. For each risk category, the plan proposes mitigation strategies, including user authorization protocols, firewall integration, vulnerability assessments, input controls, trail checks, and business continuity planning. The report also discusses the implications of the plan in the context of a real-world data breach incident, such as the Bank of Montreal (BMO) breach, highlighting the importance of risk assessment, network security, and data backup strategies to prevent similar incidents.

Running head: INFORMATION SECURITY
INFORMATION SECURITY
Name of the student:
Name of the university:
Author note:

Paraphrase This Document

Need a fresh take? Get an instant paraphrase of this document with our AI Paraphraser

INFORMATION SECURITY 1
Table of Contents
Introduction:....................................................................................................................................2
Risk categorization..........................................................................................................................2
Risk mitigation:...............................................................................................................................3
Implication of summary plan in a chosen incident:.........................................................................6
References:......................................................................................................................................7

2INFORMATION SECURITY
Summary plan for risk mitigation for the information system
Introduction:
This is a high level summary of risk management plan for the InfoTech. This plan has
been developed to identify different risk associated with the information system. This plan not
only defines the risk in term of different risk category, it also identifies the risk mitigation plan in
terms of the risk categories.
Information system and the risk:
Information system is an important asset for any company. It contains different
information about the organization, its structure, employees, transactional data and many more
sensitive information related to the company (Reijonen et al. 2015). Hence it is an essential
aspect for any company to secure the information system. The risk for an information system is
the risk of confidentiality, integrity and accessibility (Bocken and Short 2016).
Risk categorization
The categorization of risk will help to identify risk as per the likelihood and probability
and nature of the risk (Laukkanen 2015). The nature of the risk can be identified appropriately in
this risk categorization (Porterfield 2015). The risk of the information system as per the
categorization has been provided bellow:
confidentiality Access of the system is not authorized
Exploitation of network by hackers
Transactional data is repudiated

3INFORMATION SECURITY
integrity Data entered by the vendor is not valid
Trail control employed is not proper and
complete
Backend system is not properly integrated
accessibility System is not working properly
Attack of the network and system with virus
and worms
Denial of service by the hackers
Risk mitigation:
confidentiality Access of the system is not
authorized
Authorization of the
system with proper
techniques. The user
have to assign a proper
username and password
for the system so that it
become difficult for
someone not having the
proper authorization to
access the system
(Warren 2017).

Paraphrase This Document

Need a fresh take? Get an instant paraphrase of this document with our AI Paraphraser

4INFORMATION SECURITY
Exploitation of network by
hackers
The network need to be
integrated with the
firewall and encryption
algorithm. Due to this it
is not possible to exploit
the network easily.
Transactional data is
repudiated
In order to protect the
transactional data the
possible strategy are
assessment of system
vulnerability, detection
of intrusion, testing for
penetration and review
of computer log (Warren
2017).
integrity Data entered by the vendor is
not valid
Input controls need to be
integrated with the system
(Warren 2017). This will
include field check and
validity check of the
system (Porterfield 2015).
Trail control employed is not In order to deal with this

5INFORMATION SECURITY
proper and complete issue limit check and
reasonable check has to be
done. It is an effective
approach (Dan 2015).
Backend system is not
properly integrated
Before the system is
integrated with the
backend server, the code
of the server should be
reviewed and software
testing also need to be
done (Warren 2017).
accessibility System is not working
properly
Business continuity plan
need to be developed and
data backup need to be
integrated (Porterfield
2015).
Attack of the network and
system with virus and worms
Assessment of system
vulnerability.
Denial of service by the
hackers
Detection of intrusion and
penetration testing.

6INFORMATION SECURITY
Implication of summary plan in a chosen incident:
One of the recent major data breach is the incident of Bank of Montreal also known as
BMO, the fourth largest bank of Canada. According to the official statement, the data breach has
stolen confidential data of more than 90,000 customers which include data about the account
number, transactional history and other personal information as well.
One of the major reason that was identified was the lack of proper assessment and risk
identification with risk prioritization. Hence a lot of issue has not been identified which has
resulted in the data breach. The risk categorization described in the summary plan need to be
incorporated for avoiding such breaches.
Next it was identified that the there was no strategy for network security and the system
authorization. The strategy for mitigating the associated risk has been identified in the risk
mitigation plan of the summary plan described.
The data was not properly backed up and there was issue of data availability and
accessibility due to the data breach. The associated risk, its reason and the risk mitigation plan
has also been included in the summary plan. Hence it can be said that the summary plan has been
designed in such a way that it has the potential to address these kind data breaches and issue with
the information system.

Paraphrase This Document

Need a fresh take? Get an instant paraphrase of this document with our AI Paraphraser

7INFORMATION SECURITY
References:
Bocken, N.M.P. and Short, S.W., 2016. The business process technology: a comprehensive
discussion. McGraw-Hill, Inc.
Chan, C., 2014, January. Management and business issues for information security plan.
Dan, A., the scope and status of information security plan, 2015. Method and apparatus for
leading effective execution.
Laukkanen, T., 2015. The definition and scope of information technology in volatile market.
Industrial Marketing Management, 42, pp.35-46.
Management Institute.
Porterfield, T.E., 2015. Business process management: an empirical investigation of information
system scope and success. International Journal of Business Management, 40(6), pp.435-455.
Raisch, W., 2016. Towards a sufficiency-driven information assessment of as-Is Workflow
Modelling, 18, pp.41-61.
Reijonen, H., Hirvonen, S., Nagy, G., Laukkanen, T. and Gabrielsson, M., 2015. The guide for
successful information system integration and implementation. Industrial technology
Management, 51, pp.35-46.
Warren. N, 2017, January. The importance of post evaluation for successful information security
plan, Modelling and implementation: an intuitive guide.