Information Risk Encountered by Apple Inc - Coursework Example

Number: Paper: Introduction Information management (IM) refers to the collection of information from more than one source managed and distributed to many audiences. Management of a particular company control their processing and planning structure with the help of information that are relevant for corporate functioning and evaluation of information. This information is required for meeting the demand of client and fulfils the objectives of the company. This information enables the clients to develop ideas regarding the company (Wurzler, 2013). The following project highlights details regarding information risk that is encountered by Apple Inc. related to could computing, which is the best method to revamp information technology infrastructures. During 1970s, the information system generally referred to the files that are maintained manually with the help of file maintenance. This paper-based files and records were replaced by information technology. The adoption of the new technology brought about huge differences in the management of information. However, with the advent of new information technology, information management was no longer a simpler job to execute. Information management cannot be performed by every individual as it requires huge knowledge base regarding its usage. The understanding is developed through a number of theories, which provides relevant information pertaining to the system. With the advent of electronic means of information management, it became difficult for the individuals to manage it properly (Wurzler, 2013; Pironti, 2014). During the late 1990s, information was disseminated across the computer networks at a regular basis by the network managers, who later became the information managers. These mangers encountered huge difficulties in pursuing complex tasks pertaining to software and hardware. With the help of present tools and techniques, information management has become an important resource for every organisation. However, there are numerous risks associated with it and the cost of the information system is very high. The cost has limited many small companies to adopt the new information technology for their business purpose. From the above mentioned details regarding information management, it can be summarized that information management takes into account retrieving, organizing, securing, acquiring and maintenance of information (Pironti, 2014). Research In the present business world, the paper files have been replaced by electronic files that are stored in the computers. This new trend of storing information has developed a new industry. The interesting part of this industry is that it has also encountered tremendous advancement with respect technological up gradation. This has encouraged the companies to manage huge source of data and secure them from vulnerable activities. The technological advancements have taken place very quickly which have changed the business paradigm of the 21st century. However, this advancement in information technology has given rise to risks. These risks can be defined as information risk (Wurzler, 2013; Lemieux, 2004). It can be defined as the probability that confidential electronical information can be accessed by unauthorised or exploited parties. It is not difficult to identify few companies that have encountered information risks. The news related to unauthorised access of sensitive data is the key factor that gives rise to information risk. It has become a growing problem for every sector worldwide. The main elements of risks that are vulnerable to computer networks relates to unauthorized access of private data. This particular risk has grown in every sector where technology is utilized. Information risks are basically identified and managed by the risk managers of a company. However, due to its severity over the years, the risk managers find it difficult to overcome it properly. Thus, when the word information risk is uttered in conference room that has many risk managers, the environment becomes quite. The managers provide various reasons when they are questioned regarding the safety of the electronic information. They are quite unclear about the level of protection required for measuring the effectiveness of the electronic infraction and provide solutions. The records and information that are managed by a company for years are subject to threats that are arising due to the inability of the risk managers to protect them. The threats have the capacity to damage information and records that are managed by the company for years including private information. The risks are one of the main reasons behind system failures, such as systemic problems with information and records. During any extreme incident of risk, there can be heavy loss of data, which may also lead to corporate failures (Wurzler, 2013; Lemieux, 2004). The figure provided below highlights few recent high profile cases pertaining to information risk. The figure identifies how the poor quality information and records are vulnerable for a company. Thus, the figure states that every company should concentrate in managing the information relate risks. Figure 1: Consequences of failure in managing risk (Source: Lemieux, 2004) Despite the failure of managing different forms of risk in the information system, many companies do not view it as a vital issue. The risk in the information system is not concentrated as the main area of focus in the company and as a result, this information is subject to unauthorised access. It is observed that in most of the companies the line mangers deal with information risks. They address these risks on ad hoc basis throughout the business processes by employing internal audit, IT, legal and records management. The main approach of these mangers in addressing the risk is loss avoidance oriented (Lemieux, 2004). According to Farahmand et al. (2003), risk management is divided into three major parts, which are elaborated in the figure below: Figure 2: Steps in risk management (Source: Chen, 2009) These three steps are also followed during information risk management. The initial stage of risk assessment is executed in order to identify the risks and understand its core details so as to provide solutions accordingly. The risk mitigation process is followed after the risks are assessed properly and the effectiveness of the solutions is also measured. This risk mitigation process undertakes applications of software, which can protect the information and records for the long run. The final stage of information risk management is assessing the effectiveness of solutions. The main aim of the third stage is to gauge and verify whether the solutions of risk mitigation are valid. If the solution does not meet the objectives of overcoming the risk, then the processes are updated (Alberts & Dorofee, 2002). The security professionals of information technology sector manage information risks at a regular basis. However, sometimes it is difficult for them to protect the information system, where numerous unauthorised vendors’ access is observed and each of them consumes valuable time. The risks pertaining to electronically stored information have continued to increase every years since Computer Security Institute (CSI) have started to collect information still 1999 (John Wurzler). The threats can be defined as internal and external. There are few major issues, which has been highlighted in the past years. For example, Symantec had accused the companies in United States (US) for Intellectual Property (IP) theft and the cost for the same action had amounted to $250 billion a year. However, the global cyber crime has amounted to $114 billion annually (Symantec, 2012). Additionally, the FBI report had confirmed the fact that the company insiders are a vital source of competitors, who have the ability to steal data. The report had described the common traits of the insiders who are involved in theft of information in electronically sources. The insiders are in technical position of the company, who breach the agreements and policies of the contract that they sign during employment. The company insiders provide the company trade details to competitor sources and as a result the trade secrets are revealed to the world (Mercuri, 2003). Risk Assessment The main focus of the project is cloud computing issues encountered by Apple Inc. Cloud computing is the best method applied by the companies, who wants to revamp their information technology infrastructures. Nevertheless, there are numerous issues linked with the cloud computing concept. Moreover, it is worth mentioning that cloud computing have several benefits too. It is advantageous for everyone to adopt a new technology, which can help in providing necessary information when required. Most users of cloud computing have encountered several issues over the years but they have overcome it as the concept has become familiar to them (Alberts & Dorofee, 2002). Apple Inc has informed in its investigating reports that its iCloud service has been exploited by vulnerable sources. These sources have hacked the accounts of several celebrities and have published obscene videos and pictures. The media reports suggested that the hacks have stemmed from the individual accounts. These accounts are on iCloud, which is an online service for storing pictures, music and other data in the Apple devices. Apple’s spokesperson, Net Kerris have declared that the company takes the privacy of the users very seriously and have thus, investigated the situation very cautiously (Wakabayashi, 2014; Alberts & Dorofee, 2002). A post on online code sharing site by GitHub, a user had discovered a particular bug in My iPhone service of Apple, which can track location of missing phones and allows users to disable the mobile phone remotely when stolen. The bug allows the hacker to try the passwords until it is identified. This inconvenience has resulted in dissatisfaction of the customers of Apple products (Samson, 2012). Communication of the risk Information risk has become a significant issue presently. It is observed that several companies find it difficult to protect their private information and trade details from unauthorized access. Renowned company like Apple Inc has encountered serious issues pertaining to its iCloud services. The investigation report prepared by the company clearly identified the fact that they are unable to protect the private photos and videos of customers, which are stored in the Apple devices. Thus, Apple Inc is looking forward to solve the problem by employing powerful software. Recommendation Information risk can be avoided by involving the following steps that are described henceforth. There should be efficient control on management costs so as to maintain proper information and records (Alberts & Dorofee, 2002). The assessment and measurement process of the information should be improved to escalate management function. There should be higher level of preparedness for reviewing the outside access points in order to minimize operational disruptions. Apple Inc in order to avoid or mitigate information risk should aim at minimizing its management cost and maximize safety and security of its applications. Apart from the above mentioned approaches, the companies can adopt either requirement-based or event-based approach. The former approach takes into account all the information that is related to the requirements of business at a regular basis. However, the latter identify and manage that information, which fails to match the requirements of company and does not follow regulations of higher authorities. References Alberts, C. & Dorofee, A. (2002). Managing information security risks: the OCTAVE approach. Reading: Addison Wesley. Chen, T. (2009). Information Security and Risk Management. Encyclopedia of Multimedia Technology and Networking, 2, 1-15. Farahmand, F., Navathe, S., Sharp, G. & Enslow, P. (2003). Managing vulnerabilities of information systems to security incidents. 2nd International Conf. on Entertainment Computing, 348-354. Lemieux, V. (2004). Two Approaches to Managing Information Risks. The Infromation Management Journal, 56-62. Mercuri, R. (2003). Analyzing security costs. Communications of the ACM, 46, 15-18. Pironti, J. (2014). Key Elements of an Information Risk Management Program: Transforming Information Security Into Information Risk Management. Retrieved from http://www.isaca.org/Journal/Past-Issues/2008/Volume-2/Pages/Key-Elements-of-an-Information-Risk-Management-Program-Transforming-Information-Security-Into-Inform1.aspx Samson, T. (2012). Apple iCloud breach proves Wozniaks point about cloud risks. Retrieved from http://www.infoworld.com/article/2618094/cloud-security/apple-icloud-breach-proves-wozniak-s-point-about-cloud-risks.html Symantec. (2012). Behavioural Risk Indicators of Malicious InsiderTheft of Intellectual Property. Retrieved from www.symantec.com   Wakabayashi, D. (2014). Apple Investigating Reports of iCloud Vulnerabilities. Retrieved from http://online.wsj.com/articles/apple-investigating-reports-of-icloud-vulnerabilities-1409608366 Wurzler, J. (2013). Information Risks & Risk Management. SANS Institute InfoSec Reading Room, 2-37. Read More