Information system risk refers to the threats or anticipated problem that may cause challenges to the information system of a business leading to poor performance or complete destruction. Currently most businesses entirely rely on information systems to run their business operations which actually makes working easier (Baldwin et al, 2013). Therefore, it is important for every business organization to device ways of managing the risks that they think will affect their information systems (Jouini et al, 2014). Additionally, it is necessary to install effective and efficient security controls to manage the risks, protect the information and other business operations from unauthorized personnel. For this study, I will use the United States Office of Personnel Management as the organization of reference.
The OPM is an independent organization of the United States Government whose responsibility is to recruit civil employees, manage their health and other insurances, reward allocation and delivering as well as their retirement benefits. In addition to that, it organizes for student government sponsored scholarships, attachments/internships, summer jobs and actual job location. This therefore gives it the authority to record and document every employee’s details whether personal or private. However, considering the fact that the US is the most developed country in the world, then it means that this kind of information is obviously stored in electronic systems like computers. Therefore, this gives the systems a possibility of being faced with threats and risks. The organization however sometimes failed to protect the data that they were supposed to protect which became a very heavy blow on them, their business plans and operations.
In early 2015, the OPM was faced by a breach of security whereby the information of about 4.2 million employees including retired and current federal government officers was stolen. Later in the year after serious analysis, the organization discovered that the data of around 21.5 million employees had been taken most of whom had security clearances. This meant that the whole data in the system had been in great danger of being exposed and that is what actually happened between January and June 2015. In addition to that, the security of the building itself was unstable. Many employees were affected so much by the breach and were expected to be registered and their details to be recorded once more for documentation. For this reason, the organization decided to give duplicate ID protection for every employee even those whose data had not been stolen. This involved preparation of the ID and payment of damages to the people whose data had been breached. Therefore, this activity caused a lot of loss in terms of finances (paying the ID experts) and time wastage as well as the nosiness operations schedule and plans. This clearly shows how information system risks can cause adverse effects to a business operations.
This includes the building security and the organizations system security. The OPM needs to improve its security clearances by installing inaccessible codes or pass words, information encryptions, updating the information system frequently (maybe 4 times per year), installing of adequate logging system, installing a security monitoring software to name just but a few ways to improve security.
The organization will be able to secure, manage, control and monitor its information systems which further reduces the risk for breach by unauthorized personnel. In addition to that, it will increase and improve the levels of confidentiality, integrity and availability of the organization’s information but to the employees who are authorized to use or access it (Beznosov et al, 2007).
The procedure for installing these kind of security systems will be determined by the security and IT departments of the organization. However, the manager will be the overall decision maker for such a decision.
As for OPM, before the breach, all of the systems running in the organization had been developed, installed and maintained by one contractor. However, this should not be the case because in case of any risks or breaches then such a situation will be more affected than any other. Therefore, different systems should be installed by different contractors. This is likely going to reduce the chances pf breach because every contractor will use their own security level and type (Ahmad, 2012).
The objectives for this change is to reduce the chances and levels of security breach because every organization will be maintaining their own system rather than a group of different systems.
It will include finding a number of different contractors for different systems and hiring the best. The contactors will not only install the systems but will maintain and update it whenever needed.
The following recommendations for control mechanisms must be adhered to:
The chosen contractor be able to identify and have a clear understanding of the risk facing the organizational information system before deciding what system to install. In addition to that, they must analyze the situation to be able to choose the most effective and efficient system for the organization to use. This means that for the contractor to make the right the decision, they have to conduct frequent and continuous assessment of the organizational risk and understand the impacts it will cause to the organization’s systems and business operations (Rabai et al, 2012).
First and foremost, the contractor must read and understand the organizational policies and procedures that are directly related to the system of their choice (Jackson et al, 2010). This means that they have to know the overall objectives of the organization as well as the specific objectives of the system in question. They should be able to achieve the objectives (both) to the expected extent since both are always connected.
The contractor should respect the policies and procedures that are put in place to control the business operations. However, in case their chosen system needs the organization to change some rules for it to function effectively, then they should raise the issues for discussion by the management team (Geri? et al, 2007). They should be able to come up with new procedures that will positively affect the organization.
This involves frequent check-ups and updates of the systems to make sure that it is performing its responsibility. This is simply because control systems and activities can change at any time and so the system has to keep on updating itself as well (Alali et al, 2012).
Conclusion
In conclusion, many organizations are frequently faced by information security risks simply because they constantly and entirely rely on machines or on information technology for data recording and documentation. However, it is important for every organization to always have risk management techniques that are completely effective and efficient to be able to protect the information and recover it in case it is stolen. This management techniques may include offering security IDs to employees, installing security cameras at strategic places, data encryption, installing security control software to name just but a few methods. Therefore, each business organization is liable to risk management security installation whose job will be to protect every stored data for the organization from any unauthorized persons.
References
Jouini, M., Rabai, L.B.A. and Aissa, A.B., 2014. Classification of security threats in information systems. Procedia Computer Science, 32, pp.489-496.
Alhabeeb, M., Almuhaideb, A., Le, P.D. and Srinivasan, B., 2010, April. Information security threats classification pyramid. In Advanced Information Networking and Applications Workshops (WAINA), 2010 IEEE 24th International Conference on (pp. 208-213). IEEE.
Geri?, S. and Hutinski, Ž, 2007. Information system security threats classifications. Journal of Information and Organizational Sciences, 31(1), pp.51-61.
Baldwin, A., Beres, Y., Duggan, G.B., Mont, M.C., Johnson, H., Middup, C. and Shiu, S., 2013. Economic methods and decision making by security professionals. In Economics of Information Security and Privacy III (pp. 213-238). Springer New York.
Jouini, M., Rabai, L.B.A. and Khedri, R., 2015. A multidimensional approach towards a quantitative assessment of security threats. Procedia Computer Science, 52, pp.507-514.
Beznosov, K. and Beznosova, O., 2007. On the imbalance of the security problem space and its expected consequences. Information Management & Computer Security, 15(5), pp.420-431.
Jackson, S. and Philip, G., 2010. A techno-cultural emergence perspective on the management of techno-change. International Journal of Information Management, 30(5), pp.445-456.
Ahmad, A., 2012. Type of Security Threats and Its Prevention. Int. J. Computer Technology & Applications, ISSN, pp.2229-6093.
Rabai, L.B.A., Jouini, M., Nafati, M., Aissa, A.B. and Mili, A., 2012, June. An economic model of security threats for cloud computing systems. In Cyber Security, Cyber Warfare and Digital Forensic (CyberSec), 2012 International Conference on (pp. 100-105). IEEE.
Jouini, M., Aissa, A.B., Rabai, L.B.A. and Mili, A., 2012. Towards quantitative measures of Information Security: A Cloud Computing case study. International Journal of Cyber-Security and Digital Forensics (IJCSDF), 1(3), pp.248-262.
Alali, F.A. and Yeh, C.L., 2012. Cloud computing: Overview and risk analysis. Journal of Information Systems, 26(2), pp.13-33.
Nicolaou, C.A., Nicolaou, A.I. and Nicolaou, G.D., 2012. Auditing in the cloud: Challenges and opportunities. The CPA Journal, 82(1), p.66.
Essay Writing Service Features
Our Experience
No matter how complex your assignment is, we can find the right professional for your specific task. Contact Essay is an essay writing company that hires only the smartest minds to help you with your projects. Our expertise allows us to provide students with high-quality academic writing, editing & proofreading services.Free Features
Free revision policy
$10Free bibliography & reference
$8Free title page
$8Free formatting
$8How Our Essay Writing Service Works
First, you will need to complete an order form. It's not difficult but, in case there is anything you find not to be clear, you may always call us so that we can guide you through it. On the order form, you will need to include some basic information concerning your order: subject, topic, number of pages, etc. We also encourage our clients to upload any relevant information or sources that will help.
Complete the order formOnce we have all the information and instructions that we need, we select the most suitable writer for your assignment. While everything seems to be clear, the writer, who has complete knowledge of the subject, may need clarification from you. It is at that point that you would receive a call or email from us.
Writer’s assignmentAs soon as the writer has finished, it will be delivered both to the website and to your email address so that you will not miss it. If your deadline is close at hand, we will place a call to you to make sure that you receive the paper on time.
Completing the order and download