fbpx

Security Risk Review/Contingency Plan | Buy Assignments Online

Scenario:  Information Security Risk Review/ Assessment and Business Continuity

This week your team needs to look at the Risk Review/Assessment for Ben’s organization. This document provides the basis for which security risks will be addressed and in what order of priority. It also outlines a plan for business continuity in the event of a natural disaster.

Don't use plagiarized sources. Get Your Assignment on
Security Risk Review/Contingency Plan | Buy Assignments Online
Just from $13/Page
Order Now

Within your team, discuss the process for assessing risk within Ben’s organization. Risk can include threats to information security and business continuity. Take the top three significant risks to be mitigated by priority. In addition, discuss the following: (Answer the following to incorporate the info in the PPT)

  • List the types of natural and man-made disasters that could lead to an interruption of business services
  • Come to a consensus on a plan to ensure business recovery following a flood
  • Discuss how to implement the plan

MAIN INSTRUCTIONS FOR PPT

(Use information from chapter 12 attached, to use as one of the references)

 

Ben’s business is located in an area that is prone to floods and power disruptions.

Leveraging your Week Three Learning Team collaborative discussion, “Information Security Risk Review/ Assessment and Business Continuity,” create a 10- to 12-slide media-rich Microsoft® PowerPoint® presentation with speaker notes that explains the following:

  • The key elements to include in a plan that will help ensure that Ben will be able to continue to service his customers following a flood
  • The key items to consider when creating a contingency plan in the event the offsite data backup becomes unavailable
  • The key aspects of implementing such a plan

Note: This assignment contributes to your final project in Week Five, “Security Policy Presentation: Final Project,” in which you will compile your PowerPoint® presentation slides from each week’s individual assignment to create your final presentation.

 

THE MAIN USES FOR AN IT SYSTEM

Communication purposes-in collecting and distributing information, and the IT system can make the process to be more efficient

Operations Management-IT system offers more complete and more recent information.

Communication purposes

Part of management is gathering and distributing information, and the IT system can make this process more efficient by allowing Ben to communicate efficiently

 

Operations Management

IT system offers more complete and more recent information, allowing Ben to operate the company more efficiently. Ben can use information systems to gain a cost advantage over competitors or to differentiate himself by offering better customer service. Sales data give Ben insights about what customers are buying and let him provide better services that are selling well. With guidance from the information system, Ben can streamline his operations.

*

THE MAIN USES FOR AN IT SYSTEM

Decision-Making- the IT system can help Ben make better decisions by providing all the needed information

Record-Keeping- the shop requires records of its operations for financial and regulatory functions

 

Decision-Making

The company information system can help Ben make better decisions by delivering all the information he needs and by modeling the results of his decisions. When Ben has accurate, up-to-date information, he can make the choices with confidence

 

Record-Keeping

Your company needs records of its activities for financial and regulatory purposes as well as for finding the causes of problems and taking corrective action. The information system stores documents and revision histories, communication records and operational data

*

DATA TYPES AND RISKS

All data should be classified into either one of the following

Restricted Data-Data whose unauthorized disclosure, modification or destruction could lead to high level of risk to the business e.g. data protected by state

Data classification based on its level of sensitivity and the impact to the business should that data be disclosed, altered or destroyed without authorization. The classification of data helps determine what baseline security controls are appropriate for safeguarding that data. All data should be classified into one of three classifications:

Restricted Data

Data should be classified as Restricted when the unauthorized disclosure, alteration or destruction of that data could cause a significant level of risk to the business or its affiliates. Examples of Restricted data include data protected by state or federal privacy regulations and data protected by confidentiality agreements.

*

DATA TYPES AND RISKS

Private Data-Data whose unauthorized disclosure, modification or destruction could lead to moderate level of risk to the business .

Public Data-Data whose unauthorized disclosure, modification or destruction could lead to little or no risk to the business

 

Private Data

Data should be classified as Private when the unauthorized disclosure, alteration or destruction of that data could result in a moderate level of risk to the business or its affiliates.

 

Public Data

Data should be classified as Public when the unauthorized disclosure, alteration or destruction of that data would results in little or no risk to the business and its affiliates. While little or no controls are required to protect the confidentiality of Public data, some level of control is required to prevent unauthorized modification or destruction of Public data.

*

EXAMPLES OF DATA RISKS ASSOCIATED WITH THE SYSTEM

Low Risk-Information available on the business website and Business contact information not designated as “private”

Moderate Risk-Customer records and purchase orders, Personnel files and personal contact information

High Risk-Social Security Numbers and Credit card numbers

 

Low Risk

• Research data

• Information available on the business website

• Policy and procedure manuals

• Job postings

• Business contact information not designated as “private”

• Information in the public domain

Moderate Risk

• customer records and purchase orders

• Staff personnel files, benefits, salary, birth date, personal contact information

• Non-public business policies and policy manuals

• Non-public contracts

• Business internal memos and email, non-public reports, budgets, plans, financial info

• Business employee ID numbers

 

High Risk

• Social Security Numbers

• Credit card numbers

• Financial account numbers

• Driver’s license numbers

• Passport and visa numbers

Data leakage or unintentional sharing of private data as a result of inappropriately classified data

Fraud and misuse of data or theft due to unclear or improper access to customer and suppliers’ resources

Social engineering attacks and phishing

Loss of reputation or legal Implications due to inappropriate e-mail handling and inappropriate utilization of utilities such as messengers or Skype

*

COMMON RISKS ASSOCIATED WITH THE SYSTEM

Inappropriate data access, virus infection, fraud and misuse of the system

Data theft from non-limited access to BYOD devices by employees

Data leakage or unintentional sharing of private

Social engineering attacks and phishing

Loss of reputation or legal Implications

Inappropriate data access due to improperly defined or applied authentication and authorization causing

Virus infection and misuse of the system as a result of non-limited administrative access to physical infrastructure

Data theft from non-limited access to BYOD devices by employees

Unapproved access and data misuse due to weak user passwords in system and applications

Data leakage or unintentional sharing of private data as a result of inappropriately classified data

Fraud and misuse of data or theft due to unclear or improper access to customer and suppliers’ resources

Social engineering attacks and phishing

Loss of reputation or legal Implications due to inappropriate e-mail handling and inappropriate utilization of utilities such as messengers or Skype

*

PRIORITIZED LIST OF THE RISKS IDENTIFIED

Risk Likelihood Low Risk Moderate Risk High Risk Very High Risk
Inappropriate data access in secure file storage Moderate
Virus infection of business network infrastructure High
Fraud High
Misuse of the system Moderate
Data theft
Data leakage or unintentional sharing High
Loss of reputation or legal Implications Low

Inappropriate data access due to improperly defined or applied authentication and authorization causing

Virus infection and misuse of the system as a result of non-limited administrative access to physical infrastructure

Data theft from non-limited access to BYOD devices by employees

Unapproved access and data misuse due to weak user passwords in system and applications

Data leakage or unintentional sharing of private data as a result of inappropriately classified data

Fraud and misuse of data or theft due to unclear or improper access to customer and suppliers’ resources

Social engineering attacks and phishing

Loss of reputation or legal Implications due to inappropriate e-mail handling and inappropriate utilization of utilities such as messengers or Skype

*

RISKS MITIGATION

The installation of reliable antivirus software

Utilization of complex passwords in each of the computers and Web-based applications

Provision of guidelines through employee training on dos and don’ts of utilizing systems and Internet.

Creation of security policy to addresses the responsibilities, rights and duties of employees

 

Risks Mitigation

The installation of reliable antivirus software which acts as the final line of defense from unwanted attacks. The antivirus program detects and removes virus and malware as well as filter possibly malicious downloads or emails.

All employees must utilize complex passwords in each of the computers and Web-based applications that require key for access. Complex passwords make it hard for hackers to crack them.

Installation of encryption software that protects data related to credit cards and bank accounts. Strong encryption algorithms transform readable data into unreadable codes that make altering of information difficult to accomplish. Even when data is lost it becomes obsolete without the keys used to encrypt the data.

Provision of guidelines through employee training on dos and don’ts of utilizing systems and Internet. For example, on how to handle suspicious emails. A security policy provides guidelines on putting limited access to critical data, taking of regular back-ups and the securing of Wi-Fi Networks that are highly vulnerable to attacks.

The security policy to addresses the responsibilities, rights and duties of employees

*

REFERENCES

Berson, A., & Dubov, L. (2011). Master data management and data governance. New York: McGraw-Hill.

DeLuccia, J. J. (2008). IT compliance and controls: Best practices for implementation. Hoboken, N.J: John Wiley & Sons.

Dufey, G., In Frenkel, M., Hommel, U., & Rudolf, M. (2005). Risk management: Challenge and opportunity. Berlin: Springer.

Communication purposes

Part of management is gathering and distributing information, and the IT system can make this process more efficient by allowing Ben to communicate efficiently

Operations Management

IT system offers more complete and more recent information, allowing Ben to operate the company more efficiently. Ben can use information systems to gain a cost advantage over competitors or to differentiate himself by offering better customer service. Sales data give Ben insights about what customers are buying and let him provide better services that are selling well. With guidance from the information system, Ben can streamline his operations.

*

Decision-Making

The company information system can help Ben make better decisions by delivering all the information he needs and by modeling the results of his decisions. When Ben has accurate, up-to-date information, he can make the choices with confidence

 

Record-Keeping

Your company needs records of its activities for financial and regulatory purposes as well as for finding the causes of problems and taking corrective action. The information system stores documents and revision histories, communication records and operational data

*

Data classification based on its level of sensitivity and the impact to the business should that data be disclosed, altered or destroyed without authorization. The classification of data helps determine what baseline security controls are appropriate for safeguarding that data. All data should be classified into one of three classifications:

Restricted Data

Data should be classified as Restricted when the unauthorized disclosure, alteration or destruction of that data could cause a significant level of risk to the business or its affiliates. Examples of Restricted data include data protected by state or federal privacy regulations and data protected by confidentiality agreements.

*

Private Data

Data should be classified as Private when the unauthorized disclosure, alteration or destruction of that data could result in a moderate level of risk to the business or its affiliates.

 

Public Data

Data should be classified as Public when the unauthorized disclosure, alteration or destruction of that data would results in little or no risk to the business and its affiliates. While little or no controls are required to protect the confidentiality of Public data, some level of control is required to prevent unauthorized modification or destruction of Public data.

*

Low Risk

• Research data

• Information available on the business website

• Policy and procedure manuals

• Job postings

• Business contact information not designated as “private”

• Information in the public domain

 

Moderate Risk

• customer records and purchase orders

• Staff personnel files, benefits, salary, birth date, personal contact information

• Non-public business policies and policy manuals

• Non-public contracts

• Business internal memos and email, non-public reports, budgets, plans, financial info

• Business employee ID numbers

 

High Risk

• Social Security Numbers

• Credit card numbers

• Financial account numbers

• Driver’s license numbers

• Passport and visa numbers

Data leakage or unintentional sharing of private data as a result of inappropriately classified data

Fraud and misuse of data or theft due to unclear or improper access to customer and suppliers’ resources

Social engineering attacks and phishing

Loss of reputation or legal Implications due to inappropriate e-mail handling and inappropriate utilization of utilities such as messengers or Skype

*

Inappropriate data access due to improperly defined or applied authentication and authorization causing

Virus infection and misuse of the system as a result of non-limited administrative access to physical infrastructure

Data theft from non-limited access to BYOD devices by employees

Unapproved access and data misuse due to weak user passwords in system and applications

Data leakage or unintentional sharing of private data as a result of inappropriately classified data

Fraud and misuse of data or theft due to unclear or improper access to customer and suppliers’ resources

Social engineering attacks and phishing

Loss of reputation or legal Implications due to inappropriate e-mail handling and inappropriate utilization of utilities such as messengers or Skype

*

Inappropriate data access due to improperly defined or applied authentication and authorization causing

Virus infection and misuse of the system as a result of non-limited administrative access to physical infrastructure

Data theft from non-limited access to BYOD devices by employees

Unapproved access and data misuse due to weak user passwords in system and applications

Data leakage or unintentional sharing of private data as a result of inappropriately classified data

Fraud and misuse of data or theft due to unclear or improper access to customer and suppliers’ resources

Social engineering attacks and phishing

Loss of reputation or legal Implications due to inappropriate e-mail handling and inappropriate utilization of utilities such as messengers or Skype

*

Risks Mitigation

The installation of reliable antivirus software which acts as the final line of defense from unwanted attacks. The antivirus program detects and removes virus and malware as well as filter possibly malicious downloads or emails.

All employees must utilize complex passwords in each of the computers and Web-based applications that require key for access. Complex passwords make it hard for hackers to crack them.

Installation of encryption software that protects data related to credit cards and bank accounts. Strong encryption algorithms transform readable data into unreadable codes that make altering of information difficult to accomplish. Even when data is lost it becomes obsolete without the keys used to encrypt the data.

Provision of guidelines through employee training on dos and don’ts of utilizing systems and Internet. For example, on how to handle suspicious emails. A security policy provides guidelines on putting limited access to critical data, taking of regular back-ups and the securing of Wi-Fi Networks that are highly vulnerable to attacks.

The security policy to addresses the responsibilities, rights and duties of employees

Calculate the price
Make an order in advance and get the best price
Pages (550 words)
$0.00
*Price with a welcome 15% discount applied.
Pro tip: If you want to save more money and pay the lowest price, you need to set a more extended deadline.
We know how difficult it is to be a student these days. That's why our prices are one of the most affordable on the market, and there are no hidden fees.

Instead, we offer bonuses, discounts, and free services to make your experience outstanding.
How it works
Receive a 100% original paper that will pass Turnitin from a top essay writing service
step 1
Upload your instructions
Fill out the order form and provide paper details. You can even attach screenshots or add additional instructions later. If something is not clear or missing, the writer will contact you for clarification.
Pro service tips
How to get the most out of your experience with Homework Writing Services
One writer throughout the entire course
If you like the writer, you can hire them again. Just copy & paste their ID on the order form ("Preferred Writer's ID" field). This way, your vocabulary will be uniform, and the writer will be aware of your needs.
The same paper from different writers
You can order essay or any other work from two different writers to choose the best one or give another version to a friend. This can be done through the add-on "Same paper from another writer."
Copy of sources used by the writer
Our college essay writers work with ScienceDirect and other databases. They can send you articles or materials used in PDF or through screenshots. Just tick the "Copy of sources" field on the order form.
Testimonials
See why 20k+ students have chosen us as their sole writing assistance provider
Check out the latest reviews and opinions submitted by real customers worldwide and make an informed decision.
Business
Great Content!
Customer 463469, October 20th, 2022
Nursing
great paper
Customer 454007, June 23rd, 2020
Marketing
I'm beyond grateful for this paper to be completed on time. I recently had a major surgery on my chest and sternum and was in so much pain and didn't want to fail from one paper. The work is awesome!!!! Very knowledgeable and informative, just excellent.
Customer 454165, March 17th, 2020
History
Outstanding clarity.
Customer 456665, April 21st, 2022
Natural Sciences
Good discussion and instruction abidance.
Customer 458115, April 7th, 2022
CRITICAL READING AND WRITING
Excellent response.
Customer 460653, April 15th, 2022
Military
good job
Customer 456821, October 24th, 2022
Business and administrative studies
Good work.
Customer 459947, June 4th, 2022
English 101
Creative!
Customer 460641, April 13th, 2022
Medicine
Very thorough and well written. Exceeded time frame slightly, but overall satisfied with the result.
Customer 454007, February 8th, 2020
Business and administrative studies
It met expectations. Thanks!
Customer 463143, September 7th, 2022
Construction Management
Impressive
Customer 463153, July 14th, 2022
11,595
Customer reviews in total
96%
Current satisfaction rate
3 pages
Average paper length
37%
Customers referred by a friend
OUR GIFT TO YOU
15% OFF your first order
Use a coupon FIRST15 and enjoy expert help with any task at the most affordable price.
Claim my 15% OFF Order in Chat