It Risk Analysis Case Study Essay Example
It Risk Analysis Case Study Essay Example

It Risk Analysis Case Study Essay Example

Available Only on StudyHippo
Topics:
  • Pages: 13 (3479 words)
  • Published: March 21, 2017
  • Type: Article
View Entire Sample
Text preview

In contemporary business, Information Technology is of utmost significance. The majority of businesses are now linked through high-speed broadband networks and high-definition screens, making superfast computers essential for users.

The failure of IT can result in significant losses for businesses, even in a matter of minutes. For instance, if the London stock exchange experiences an IT failure, it could lead to a loss of thousands of pounds per second. Therefore, every potential risk, regardless of its magnitude, poses a threat.

Just like a small cut on the hand can turn gangrenous if left untreated for long, IT systems can also deteriorate and fail if not properly analyzed and managed. Many businesses perceive IT as a risky investment due to stiff competition and a rapidly evolving market. Despite being a crucial element in the service industry for the past 40 years, there has been a lack of effort in documenting I

...

T system failures and the reasons behind them. Consequently, repeated mistakes are made without any significant lessons learned.

Logging failures is essential because despite advancement in IT, 60% of projects still fail. Inadequate analysis and assessment of risks lead to late detection and eventual failure. Risk management enables strategic analysis and management of investment to avoid failure.

Risks to the Organisation and its IS/IT:

The following list presents the identified risks categorized by type. The first category is physical risks, which include fire, smoke/fumes, explosion/impact, temperature/humidity, flood, and electricity. The second category concerns poor management issues such as poor communication, unsuitable management, and accessibility denial of access. The third category is related to software risks such as compatibility and use of third party software and active software threats like

View entire sample
Join StudyHippo to see entire essay

viruses, worms, logic bombs, trojan horses, spammers, auto-rooters, mobile code, and terrorist attacks. Finally, human interaction risks include loss of key staff, terrorist attack, usurpation, and malicious actions. Each list falls into one of the four overarching categories: disclosure, modification, destruction, or denied access. The destruction category includes fire, smoke/fumes, explosion/impact, temperature/humidity, flood, virus, worm, logic bomb, trojan horse, and terrorist attack.

There are various risks that have been identified, including modification accessibility, virus, worm, logic bomb, trojan horse, auto-rooter. These risks could lead to disclosure accessibility or a terrorist attack. Additionally, there is potential for malicious action, usurpation, denied access, loss of key staff, denial of access and spammer attacks.

One specific risk that has been identified is the possibility of a fire being caused by gas canisters at the entrance of the building. If such an event occurred it could result in significant damage to both equipment and building structure which IT systems would likely not survive.

There are dedicated areas within the building for machines and vehicles, each equipped with two PCs. Placing a computer near heat or vehicle fumes can lead to permanent damage and slower performance or complete malfunction. To ensure longer lifespan of the PCs, it is advisable to relocate them to a more suitable location or provide better environmental protection.

Concerns have been raised regarding the potential explosion of gas canisters, which could result in harm to the building and its surroundings. The extent of damage would depend on the intensity of the blast. Repairing such destruction would be unfeasible, necessitating complete replacement instead. Moreover, this incident could also negatively impact both customers and staff who utilize or work at this site

psychologically.

Computers require an optimal temperature and humidity for best performance and longevity. A stable environment is also necessary for prolonged lifespan. High temperature and humidity levels can negatively impact computer performance and life span in the affected area. Floods pose a risk of electrical equipment shorting, potentially damaging it. The building and everything around it can suffer damage in the event of a flood.

Replacing IT equipment is the likely outcome of water reaching it. A consistent electricity supply is required for IT equipment to function properly. The risk of electricity outages exists due to several factors, including power plants and issues within the building. These outages could harm computer components, and prolonged outages could harm the company. Poor management can result in system issues and staff mismanagement.

Ensuring effective management within a company is crucial to maintaining a smooth flow of work and positive relationships. Poor management can lead to risky situations. It is important to prioritize top-notch management systems to prevent unauthorized access to important system files. Additionally, maintaining clean and stable management is essential in ensuring that staff fulfill their responsibilities. Accessibility poses two potential risks: lack of access and unauthorized access. It is critical that individuals who require access to specific files are granted it, while also preventing unauthorized access. If administration staff cannot obtain access to their own systems, this indicates a problem.

To prevent unauthorised access and its potential impact, it is important to maintain good relationships with current staff and prevent attacks before any damage is done. Unauthorised access can take different forms and result in various consequences, ranging from information disclosure to data corruption. To maintain efficient system operation, it

is recommended to use software of the same type within a company instead of using different software on different PCs. This ensures compatibility among PCs and enables the company to use temporary setups on other PCs in the event of system loss, rather than having to halt work altogether.

Keeping commonly used software up to date is important to mitigate the danger of vulnerabilities being exploited by malicious individuals. Additionally, it's possible that staff members may not be knowledgeable about third party software, increasing the importance of maintaining well known programs. Malicious software such as viruses, worms, logic bombs, Trojan horses, and spammers can infiltrate systems through multiple avenues such as email or storage media.

Various ways exist through which this software type can affect your system. Usually, their aim is to hinder the system's workflow, rather than to achieve any benefit from the attack. This makes it easier to detect them since the attacker doesn't aspire to get any specific information from the system. Any member of the company with computer access can potentially misuse it, which provides outside intruders with access to internal system information. Malicious software can infiltrate the company from any staff member. The company has the following staff members:

- Managing Director

- 2x Design Engineers

- 3x Mechanical Engineers

- 1x Electronic Engineer

- 1x IT Support Engineer

- 2x Administrators

The most concerning loss of personnel involves the bold members. If such a scenario were to occur, losing one design engineer would cause disruption. Nonetheless, there would still be one designer left with knowledge of the current design process.

The company's reliance on 1 electronics engineer and 1 IT support

engineer makes them vulnerable to negligence of IT equipment in the event that either is suddenly lost. The Administration holds the most power over the company network, posing a potential threat if they engage in malicious actions. As members with admin privileges can easily damage the network by uploading viruses, time bombs, key loggers, and other types of harmful software that can be activated at a specific time, any staff member with access to a computer may potentially misuse it.

This is a potential avenue for outside intruders to access internal information by exploiting staff misuse of computers. Any staff member with computer access has the potential to misuse it, allowing outside intruders entry to internal system information. The introduction of malicious software into the organization can occur through any staff member's misuse of computers.

To prevent the occurrence of malwares, which are major internet threats to organizations, actions need to be taken. These malwares, categorized as computer viruses, computer worms, Trojan horses, Logic bombs, Spywares, Adware, Spam and Popup, pose a high risk to FC Racing's computers. They can cause sluggishness in computer performance and take control of browsers to track browsing history. They can also affect the restarting on the computers.

Automatic restarts of FC Racing's computer system could result in the loss of essential data. Defective doors and alarms constitute security provisions that could impact the destruction of assets and facilities. The loss of these provisions would affect the company's IT system and cause product production to slow down. If criminals obtain critical information, including customer details and confidential worker-related data, they could share it with rival companies.

Electronic failure can have devastating consequences for

an organization. Power cuts, web server failure, hardware or PC system breakdown can result in a complete failure of IT and communication within the entire organization. The loss of data due to an IT crash, caused by any of these failures, could be catastrophic, leading to a slowdown of productivity until it is restored. Power cuts can affect server operations, resulting in the loss of information and economic difficulties. Server failure and hard disk breakdowns could result in the loss of important information. A PC system failure would cause a complete loss of vital computing services and communication within the organization.

The organization must ensure the safety and security of its employees within the workplace, including natural disasters or accidents at work, as it poses a medium risk factor to health and safety. The provision of a safe and healthy working environment with proper education and training on health and safety for employees is an organizational responsibility. Additionally, the implementation of safety regulations and the provision of assembly points in case of emergencies is necessary. To guide everyone to a safe place during an emergency, premises should have multiple emergency exits with green lights illuminated, as well as warning sirens.

If an organisation can, it is recommended to conduct frequent practice drills on the premises to ensure everyone is adequately trained and that all emergency exits and alarms are functioning properly. The importance of health and safety cannot be overstated in any workplace. Unfortunately, our organization neglects to implement any of these measures. We are aware of this since there are no signs of fire exits within the premises and no designated assembly points for individuals

to gather during an emergency. Furthermore, the entrance is enclosed by flammable gas tanks, which poses a significant risk of a catastrophic event.

An organization may encounter different dangers, including the possibility of a gas tank explosion or software and application updates. A gas tank explosion could result in prolonged operational shutdowns that might obstruct ongoing business activities. Likewise, while software and application updates can enhance performance and security, there is also some risk involved. The upgraded version of the software or application may not work as intended when compared to earlier versions.

If outdated files are used with modern software or applications, it can result in a delay of 4-8 hours. This delay may have a significant impact on the system and could potentially lead to losing valuable customers. Additionally, if an organization uses updated software or applications that cannot be accessed by clients who use older versions of the same software or application, it could result in dissatisfaction and possible loss of business. https://www-304.

According to the source, businesses face a high risk of malfunction, which can lead to their closure. This is due to the loss of essential facilities like IT infrastructures, networks, hard disks, updated software versions and gas tank explosions.
The source supports this information.

IT facilities encompass a variety of functions such as printing, email, audio and video equipment, software, and telephone systems. Should an organization lose its IT infrastructure, the consequences can be severe, resulting in service delays lasting from two to twelve hours. Network failure is particularly devastating since it cripples all business operations conducted through the internet. Customer loss is a likely outcome and resolution can take upwards of a

day. Furthermore, hard disk failure means losing valuable information on customers and products that may lead to temporary service unavailability. Correcting this issue can also take a day as it involves changing the hard disk and uploading all the necessary data.

The recurrence of the mentioned events within a brief time frame can lead to decreased income or even bankruptcy, making data classification (authentication) vital when using the internet for sales and product trade. All web server applications must be identified, and data should be classified. This process determines access rights for available resources, which are typically limited to select employees. It is critical that authorized personnel responsible for granting access rights and levels are properly identified. In case of any security breaches related to data, the authorized person must promptly report it to the organization.

Not implementing these measures can lead to the loss of data and information within the organization, making it harder to connect with customers and potentially losing them. Visit http://www.kpmg.ca/en/services/advisory/forensic/documents/FRM for further details.

Low risk factor Fraud (9) within the organisation pertains to the misappropriation of significant data, like lists of buyers or purchasers. For more information on what constitutes frauds within the organisation, please refer to this PDF document.

There is a possible security danger for the company, as disenchanted employees could steal from it. This kind of behavior may cause substantial harm to the organization, affecting its reputation, financial stability and causing it to shut down (GoogleDocs, 2008). The risk of security is discussed in articles found on ttp://cerncourier. com/cws/article/cnl/31988 and http://www.theregister.co.

It is crucial to manage and evaluate risks when starting a business venture in order to improve the chances

of success. The definition of risk includes the possibility or danger of commercial loss, making it an essential component that should not be neglected. Failing to effectively handle risk can result in severe consequences.

The significance of Information Technology for businesses has grown considerably in achieving success. FS Racing recognizes this reality and acknowledges that their IT system failing could have negative effects on their business. As a result, appropriate risk management and assessment must also be implemented for IT projects.

To gain further knowledge about managing risks, please visit http://www.drj.com/new2dr/w3_030.htm.

Despite the necessity of implementing new ICT in businesses to improve services for customers and employees, it is a risky undertaking due to the constantly evolving IT environment. While certain technologies may quickly become outdated after installation, taking risks is crucial. Nevertheless, each IT risk presents potential threats to an enterprise, even if considered "low risk". Proper planning and tuning are necessary for companies to mitigate these risks, acknowledging that information is their most valuable asset. Neglecting this responsibility can lead to direct and indirect consequences for enterprises like FS Racing.

It is essential to acknowledge that each team member bears an equal responsibility for the success of the company and its information resources. While certain risks can be anticipated, such as a key team member departing or hardware malfunctioning, they remain challenging to foresee. To achieve victory, it is critical to implement safeguards against these potential threats. Furthermore, ensuring that every user has a valid password when accessing a computer is crucial.

It is recommended to use a mix of numbers, letters, and special characters for stronger password security in order to prevent unauthorized access. Restricting user

access to specific resources is crucial in system security, which is why FS Racing utilizes role-based access control. Encryption of data is essential for enterprise security because valuable information must be protected in today's business world. This also applies to FS Racing as they may need to share sensitive design details with the racing teams they support.

Regular backups and data archiving are essential for minimizing the risk of data loss, as well as recording and maintaining the latest changes to the database. Archiving enables us to restore the database with minimal data loss if a system failure occurs. External storage, such as CDs or USB flash drives, can be used but should not be allowed on company premises to prevent data leakage. Additionally, physical threats should be countered.

FS Racing faces significant dangers from both fire and water. The process of manufacturing automobile parts requires the use of high temperatures and involves soldering and casting metals, making fire a significant threat. To combat this risk, FS Racing can install fire extinguishers, fire blankets, water, and sand. Additionally, as a single-story building, FS Racing is at risk for flood/water leakage which can disrupt their daily operations. To prevent damage from water logging, FS Racing should keep all important documents, ICT equipment, designs, and machinery elevated.

FS Racing is exposed to various risks that can be physical or non-physical. The company's gas cylinders outside the premises are not protected, which could lead to an explosion hazard. There is also a possibility of data leaks, corruption and both active or passive attacks. Furthermore, malware poses a threat as it has the capability to disrupt computer functions and replicate itself.

To safeguard

against the detrimental effects of malicious software like viruses, Trojan horses, and worms, it is advised to utilize firewalls, anti-virus programs, and anti-spyware scanners. Given FS Racing's dependence on internet connectivity for its daily activities, it is imperative to implement a firewall.

Hardware and software firewalls prevent the exchange of unnecessary data between internet users' computers and the internet, while anti-virus programs detect and stop harmful software like viruses from affecting computers.

To protect against viruses and worms, it is recommended that companies implement basic measures such as installing current anti-virus software on each computer, regularly updating their operating systems with the latest patches provided by the vendor, and using reliable and up-to-date anti-spyware software. For more information, please refer to http://support.microsoft.

Having Spyware Scanners is crucial for all computers since they check for Spywares that can infiltrate through infected cookies on a website's server. The scanner alerts users to either keep or discard the cookie from that particular site. For additional details, please visit http://www.tech-faq.com/kb/129972.

Protect your computer: Visit com/protect-computer.html for information on countering electronic failures. Power cuts can be fatal without a backup plan in place. FS Racing should consider acquiring a battery-run generator to provide essential services during power outages. These generators charge themselves when plugged into electrical sockets. Web server failure is a huge loss to any enterprise if not dealt with professionally. Malware and hackers are pervasive on the web, making web servers the biggest threat to businesses today. It is a priority to monitor web servers and detect any ill-doing before the business comes crashing down.

In order to prevent hackers from attacking our computers, it is vital to ensure that operating systems and

anti-malware software are properly installed and updated. Checking hardware resources on a regular basis can help avoid work delays caused by system or hardware failures. To minimize data loss in the event of a hard drive failure, it is recommended to have mirrored backups of designs. Prioritizing the health and safety of employees should also be a top priority for any business, as preventative measures should be taken to avoid harm from minor illnesses to major accidents.

Enterprises must ensure that all employees are medically fit and undergo regular health checkups to address potential threats. To further mitigate risk, FS Racing should collaborate with an insurance company to provide customised plans for staff members, with a portion of their salaries going towards premium payments. When implementing software application changes, it is crucial to monitor hardware and existing software for compatibility issues and conduct testing beforehand. Another potential risk is fraud, which can be prevented by denying former employees access to IT equipment and closing their company email accounts upon departure.

It is crucial to closely and regularly monitor employee computers to prevent any misconduct. In light of the numerous drawbacks and lack of safety in the given scenario, it is recommended that measures be taken to safeguard the business and its priorities. One issue is the absence of entrance signs on the premises, which not only reflects poorly on the customers but also impacts the business negatively.

In order to enhance safety, it is necessary to install a sign indicating the entrance at the reception area. Moreover, the absence of fire exits could pose a risk and potentially result in fatal consequences in case of an emergency. It

is crucial to clearly designate fire exits at marked locations within the premises, as depicted above.

Due to potential damage from high temperatures in the Machine Areas, Development and Testing Workshop, and Vehicle Workshop, computers and laptops may be at risk, causing delays and service disruptions. To address this issue, we propose building small cabins in these areas fitted with proper air conditioning to protect valuable equipment. Although this will require financial investment from the organization, it is necessary to ensure the safety of the computers. These cabins can be located in the rooms shown in the image above.

Get an explanation on any task
Get unstuck with the help of our AI assistant in seconds
New