StudentShare
Contact Us
Sign In / Sign Up for FREE
Search
Go to advanced search...
Free

Information System Risk Management - Essay Example

Cite this document
Summary
The paper "Information System Risk Management" examines the vulnerabilities, the potential threats, and the levels of security that could help mitigate the risks and allow uninterrupted workflow. Threats to an organization can be both internal sources and external…
Download full paper File format: .doc, available for editing
GRAB THE BEST PAPER95.2% of users find it useful
Information System Risk Management
Read Text Preview

Extract of sample "Information System Risk Management"

Information System Risk Management Introduction Information Systems are important to synchronize the different tasks assigned to different groups within the organization. IS helps streamline business processes, guarantees efficiency, and makes the organization resilient to accept the internal and external changes smoothly. The situation today is such that organizations cannot manage without the IS. The value of the computers and the IS is well recognized not just by the managers and executives. It has also not escaped the attention of hackers and cyber-criminals who attempt to damage the system and the organization. Threats to an organization can be both from internal sources and external. While the motives may vary, the system is vulnerable to several risks. This paper will examine the vulnerabilities, the potential threats and the levels of security that could help mitigate the risks and allow uninterrupted workflow. Risks and principles of Risks Risk has been defined as the chance of exposure to the adverse consequences of future events (Egbuji, 1999). The likelihood and consequences have to be understood to provide for the right security measures. For a risk to be understandable, according to the Software Engineering Institute (SEI, 2006) of Carnegie Mellon University, it must be expressed clearly. This also implies that possible losses must be identified. Risks have to be assessed continuously and used for decision-making. In the field of computer technology and the information systems, technology enhancement is an ongoing process, which further necessitates continuous risk assessment. Besides, the losses due to lack of security controls could be in the areas of production, revenue, damaged reputation, and financial performance. Benefits of proper security measures could result in enhanced operational efficiency and competitive advantages (Kim, 2006). An organization must invest in IS security and know where to cut corners. They should be able to spell the difference between security success and disaster (Gupta and Hammond, 2006). According to SEI, seven principles provide the framework to establish effective risk management. These include having a global perspective, the system should be at par with the larger systems, forward-looking view that is identifying and anticipating uncertainties, open communication – information and communication at all levels should be free flowing, integrated – risk management should be a vital and an integrated part of management, continuous – regular upgradation and constant vigil, shared product vision – having common purpose, shared vision, teamwork – working collectively towards a common goal. These principles imply that proper identification, estimation and evaluation of the vulnerabilities and threats are essential and the result should be used for planning information security requirements and taking risk control measures. Maguire (2002) clarifies that just because a risk can be identified does not mean it can be controlled. Risk management is affected by organizational elements, including social and cultural aspects (Tsohou et al., 2006). Security measures have to vary from industry to industry and across organizations. Kokolakis and Kiountouzis (2006) emphasize that security tools and mechanisms have limited effectiveness as security is primarily a people’s issue and an organizational issue. Knowledge Management (KM) has a positive impact on the effectiveness of the IS security management (Kokolakis & Kiountouzis). KM system can capture, store and disseminate knowledge by means of information technology. Knowledge in this context refers to codified information and can be categorized into two types – tacit and explicit. Tacit knowledge is transferred through personal interaction, mental models, technical skills and experience while explicit knowledge is easy to communicate but requires regular update. Protection of data implies confidentiality, integrity and availability. Security refers to a set of principles, regulations, methodologies, measures, techniques and tools to safeguard the Information System from potential threats. The various risks that an organization is subject to once the information system is up and running include fire, fraud, computer failure and unauthorized access (Awad et al., cited by Maguire). Security measures are essential even during the development and implementation of the system. Many organizations have integrated systems that are linked with the customers and suppliers. The financial implications of a system failure in such instances can be even more disastrous in the case of business-process re-engineering projects. If the system can be easily copied by competitors then heavy financial investment is not justified. There is also the risk of adopting unproven or untested technology. Information systems need to be managed. It is possible to hack into the client’s computer system 98 percent of the time, says Krause (cited by Gupta & Hammond). It is now very easy to copy and distribute software through the internet. Growth in IT has also led to a new category called the ‘computer criminals’. These criminals can be both within and outside the organization. Messages can be intercepted and manipulated; personal data can be illegally collected while validity of documents can be denied (Gupta & Hammond). Financial damages in the USA have been caused due to theft of information, financial fraud, viruses, insider net abuse and sabotage. Even though the new US federal laws require thorough safeguards to protect the security and confidentiality of non-financial data, the cyber attacks by terrorists and criminals are growing, which destroys the communications network and the computer system. Today virtually every employee has access to the system which has made the security issue more critical. Threats could be from internal sources or external. Threats to security can arise from hardware, software, people, external sources and physical security. Companies incorporate employee internet management (EIM) system which blocks the users from accessing inappropriate sites and contents (Kim, 2006). This helps to remain focused on the business goals and avoid legal liabilities. Filtering mechanisms help to prevent the employees from accessing the risk points. Business-to-business (B2B) e-commerce face risks to a very great extent. Investigations have revealed that several organized hacker groups from Russia and Ukraine have accessed several e-commerce computer systems in the USA by exploiting the known vulnerabilities (McCrohan, 2003). Microsoft had reported these vulnerabilities and subsequently also publicized how these could be fixed but many firms did not pay heed to it. As a result, the hackers could access proprietary information, customer database and credit card information. Apart from this e-commerce is also subject to hackers. Worms can be attached to emails that copy itself to all types of shared network resources. Senior managers do not lay serious emphasis on security measures. McCrohan insists that one of the main reasons why senior executives do not lay stress on security measures because they are unable to link it to profitability. Expenses on managing the risk of the information system are not considered essential. Implications and solutions Cyber crimes and hacking have increased to such an extent that consumers and commercial users do not have the confidence in the security of the basic systems. Private sector does not report the attacks making identification and tracing down the hackers difficult. As the need for information grows, so does the criminal’s methodology in manipulating the data and information being held in computers (Forcht & Pierson cited by Kundu, 2004). Computer disasters are a regular occurrence and they have an impact on the information management. While virus and hardware faults are very common, human negligence and communication problems occur moderately. Computer breakdown especially due to virus attacks are the most common crises. Computer disasters affect the collection and assimilation of internal and external data which results in failure in converting useful data in to information and knowledge. Smaller firms are vulnerable to attacks as they lack the financial resources and capability to develop a comprehensive information security system. If no procedures and policies are laid down the organization becomes susceptible to attacks even from insiders who have direct access to all information and information system (Gupta & Hammond). It is also common for companies to outsource internet-based work and these new relationships can create problems if not properly controlled and managed. A survey of firms in USA showed that there was no difference in the levels of abuse carried out by internal or external criminals. Every organization should foster appropriate training and awareness and develop its own unique security culture. Security functionalities may be built in the products but very often the users are unaware of it. Surveys have revealed that viruses top the area of concern followed by power failure, software problems, data integrity, and transaction integrity and data secrecy. Unless a business is actually hacked or faces any other form of disaster, they do not perceive a threat to security. It is generally observed by all researchers that organizations do not invest in information system security requirements as they are unable to relate it to performance and profitability. Top management intervention is essential because proprietary knowledge, database and valuable information are at stake. The information system is vulnerable to attacks and risks both from internal and external source; they can again be unintentional or purposefully done. Whatever be the motive, the ultimate outcome is the loss in terms of time, finance and information. Management must invest in IS security to prevent abuses even by the insiders leading the company to competitive disadvantage. This should be an ongoing process as technology tools continually evolve to meet the challenges of the network security. References: Egbuji, Angel. (1999), Records Management Journal, vol. 9, no. 2, August 1999, pp. 93– 116 Gupta, Atul. & Hammon, R. (2006), Information Management & Computer Security, Vol. 13 No. 4, 2006. pp. 297-310 Kim, Sangkyun. (2006), The Bottom Line Managing Library Finances, Vol. 19 No. 3, 2006 pp. 124-138 Kokolakis, Spyros. Belsis, Petros. & Kiountouzis, Evangelos (2006), Information Management & Computer Security, Vol. 13 No. 3, 2006. pp. 189-202 Kundu, Subhash. C (2004), Industrial Management & Data Systems, Vol. 104 No. 2 2004 pp. 136-143 Maguire, Stuart. (2002), Information Management & Computer Security, Vol. 10 No. 3, 2006. pp. 126-134 McCrohan, Kevin. F (2003), Journal of Business and Industrial Marketing, Vol. 18 No. 2. 2003. pp. 133-145 SEI (2006), Risk Management, Carnegie Mellon, 18 Sep 2006 Tsohou, Aggeliki. Karyda, Maria. Kokolakis, Spyros. & Kiountouzis, Evangelos . (2006), Information Management & Computer Security, Vol. 14 No. 3, 2006. pp. 198- 217 Read More
Cite this document
  • APA
  • MLA
  • CHICAGO
(Information System Risk Management Essay Example | Topics and Well Written Essays - 1500 words, n.d.)
Information System Risk Management Essay Example | Topics and Well Written Essays - 1500 words. https://studentshare.org/information-technology/1537676-information-system-risk-management-paper
(Information System Risk Management Essay Example | Topics and Well Written Essays - 1500 Words)
Information System Risk Management Essay Example | Topics and Well Written Essays - 1500 Words. https://studentshare.org/information-technology/1537676-information-system-risk-management-paper.
“Information System Risk Management Essay Example | Topics and Well Written Essays - 1500 Words”. https://studentshare.org/information-technology/1537676-information-system-risk-management-paper.
  • Cited: 0 times

CHECK THESE SAMPLES OF Information System Risk Management

Information Security

An Introduction to Information System Risk Management.... The security procedures of the information system also offer significant inputs in handling the information technology systems (Kissel & Et.... Information management: Strategy, Systems and Technologies.... Security Considerations in the system Development Life Cycle, Pp.... At this… The organization deals with healthcare so, because of its nature of work it needs to store a lot of information regarding healthcare, finance and similar other information Security Table of Contents Table of Contents 2 An Overview of information Security 3 Ensuring the Effectiveness of the information Security Policies 3Policies and Measures 4Protection of the Data and the Steps Involved 5Enhancing the information Security 6References 7An Overview of information SecurityThe basic concept of the information security in an organization involves providing assistance to the organization's mission....
2 Pages (500 words) Essay

Safety Management System in Aviation Industry

Safety in the aviation industry is an important aspect and this has been further reaffirmed by… This paper has examined the role of safety management system in the aviation sector and has further outlined the necessary strategies and steps that organizations in the aviation sector should employ so as to enhance The identified components of a robust safety management system plan for the aviation industry include safety policy, safety risk management, safety assurance and safety promotion....
12 Pages (3000 words) Research Paper

Risk and Security

An introduction to Information System Risk Management.... Potential Security ThreatsSome of the potential security threats for this company are as follows:Any employee can code significant parts of the management information system or place a password on these and use it to dictate his or her terms.... trategies to Minimize these Threats The first step in mitigating the security threats is to know about all the possible threats that an information system is vulnerable to....
1 Pages (250 words) Essay

Information Security Management

A group of staff members was set up to create recommendations on ways to improve a) the security of the information system, and b) the confidentiality of data, prevention of disaster, and safe storage devices. An appropriate judgment had to be put in place to ensure that team… The evaluation of risks has to be put in place to address the challenges.... The considerations included: Taking after this research, the There is a need for ensuring an appraisal of the operations of the information system at Hewlett-Packard in a bid to consolidate an organized arrangement in the prevention of danger....
24 Pages (6000 words) Essay

Risk Management in Enterprise Resource Planning Systems of Microsoft Dynamics GP

risk management is essential for the identification of possible risks that may affect the ERP system, strategic planning for activities with few risks and efficient mitigation of risks.... The risk management process comprises of several phases as highlighted by Aloini et al.... Enterprise resource planning software is one of the significant management programs being utilized by… Organizations and enterprises are heavily investing in the modern management information systems for the purpose of increasing output, attaining competitive advantage over competitors and establishing effective management and control strategies....
4 Pages (1000 words) Essay

Management Information System for Avalon Books

There is used of questionnaires, interviews of the employees, management and the investors, and observation.... nbsp; Avalon books as an organization have faced challenges in the past in management of information systems.... The company has also faced difficulties in maintaining consistent records as the information management system maintained are independent thus requires the intervention of an expert to harmonize the information.... There will be a use of online surveys, questionnaires, interviews of the employees, management and the investors, and observation....
13 Pages (3250 words) Research Paper

Information Systems Management: Boeing 787

"Information Systems management: Boeing 787" paper examines Boeing's 787 program that entails a spectacular shift in terms of strategy in the supply chain from conventional approaches in aerospace engineering.... Boeing bragged about its original manufacturing procedure as well as technological wonders… The management has also acknowledged the shortfall in the oversight of suppliers a few years back and has significantly staffed up Boeing's supplier management group since then....
13 Pages (3250 words) Case Study

The Risk Strategies of the Building Management System in System Security

"Risk Strategies of the Building management System in System Security" paper argues that security should not end once the system is in place.... There needs to be a continuous effort during the operations of the system to keep track of activities undertaken by the system and sniff out suspicious events… The risk strategies cited started all the way from the design phase in order to ensure that system security was at the core of the development of the building management system....
12 Pages (3000 words) Term Paper
sponsored ads
We use cookies to create the best experience for you. Keep on browsing if you are OK with that, or find out how to manage cookies.
Contact Us