The risk management is a process to identify risks within organization and to further manage the operations through putting up necessary controls in place. The further importance of risk assessment can be ascertained through fact that about 48% of the 283 companies have been victims of the computer crimes over 12 months’ period. In some other incident the internet worm affected the largest and complex network of computer in few hours.
Wolftech need to protect the information system from any type of unauthorized access, disruption, destruction, recording, inspection, disclosure, use and modification. If the confidential information of the organization is exposed to potential risks, …show more content…
Software security Wolftech uses range of software provided by third party and can have threat related with securing the data and information of network
4
4
16
The anti-virus softwares and putting up necessary controls in place so that software security can be deployed. This includes putting up firewall and secure patch update from time to time.
Managing personal devices of employee Employee uses personal devices to access official data and information and can have threat related with all forms of external risks 3 3 9 Need to ensure each personal device has separate password protected folders to manage data and all data should be shared on corporate secure line.
Managing data security and back up process The data is presently managed at one of server located at other location therefore there is risk to manage data security and back up 4 4 16 Need to ensure cloud computing and data backup is regularly taken so that data security can be effectively managed.
Further Elaborated Risk Treatment Options
Following are the options to treat the risks faced by the information system of the …show more content…
So if there would be no proper access control, which in this case study is not observed, so it would be easy for everyone to access every resource of the company. This would even allow the noon-related employees to view the most crucial data or information of the company which may be useful for the competitors. So there needs to be a proper access control mechanism which will ensure the identity of the employee, authorize and authenticate every employee to use the system to perform assigned task on the resources he/she is allowed to use (Fenz, and Ekelhart,