University of Phoenix Material Risky Situations Identify three types of sensitive information involved with each situation. Then, describe three ways in which each information item could be misused or harmed. For each of these, note at least one likely finding that you would include in a risk analysis report of the organization. Finally, answer the questions at the end. Situation 1 – Online Banking System Information Affected Potential Harm (Risk) Likely Finding in Risk Analysis Report Customer Transactions Unauthorized access to customer accounts
Illegal accessing of customer account by hackers or fraudsters Tampering of customer data Account access and customer data could be copied by illegal parties Stealing of customer’s information Account numbers and passwords could be stolen and access by fraudsters Accounts Information Hacking by fraudsters Customer information can be stolen or compromised Errors and omits Customer info could be mistakenly or purposely changed Permission/Unauthorized access Passwords and personal account data obtain by illegal parties could be used for malicious purposes Credit Information Tapping
Credit information used by someone else Scam Access to information that was modified with malicious intent. Hacking Access granted to customer data and details. Situation 2 – Backbone Page (organization or personal – specify which) Personal data Imitation of account information and possible identity theft User impersonates other user’s accounts by using the other person’s information. Modification of account information Accounts used by an unauthorized user. Incorrect account information User makes numerous accounts with incorrect information. Status update – Business data Negative publicity
Misleading information that could potentially irritate some customers Unauthorized access to account Information can be manipulated or damaged Messages sent to customers The wrong messages could wind up being sent to customers, thus causing legal issues Post and comments – Business info Bad publicity due to remarks of the public and uploading of pictures or video clips Negative remarks can discourage customers and cause controversy for the business. Undesirable and improper comments Unauthorized, rude, abrasive, or improper remarks on organization position. Improper or undesirable posts Unauthorized posts from private accounts.
Situation 3 – Picture Phones in the Workplace Security codes Sharing of organizational security codes Pictures of codes or codes being used can be sent to anyone. Transfer of security codes and data details. Security codes can be circulated or sent by picture phone from an insider. Codes are obtained by using zoom on camera phone User is watched using code from a distance and the code is used maliciously by a criminal at a later time. Asset information Photos taken of data on a computer screen Phone can be used to take pictures of customer data or business data on a imputer screen and used maliciously at another time.
Circulation of organization information or asset information Pictures are sent viral or sent to a person with malicious intent of an organization’s assets. Retrieving asset information from a distance Many phones with a camera have a zoom feature, the asset information can be obtained from another user’s computer from a distance and used later. Storage details Storage information access Use of information could be used to locate an organization’s stored goods, money, or products. Retrieving storage location information
Photo may be taken of an organization’s safe or storage facility Distribution of information Pictures may be sent to other people Situation 4 – E-Commerce Shopping Site Account information Loss of information Information may be deleted Mistakes Unintentional or deliberate mistakes in regards to account information. Alteration of account information Accounts hacked and information made public. Transaction details Transaction or account fraud Tapping and hacking of information for malicious purposes. Mistakes and omissions Employees create deliberate errors on information and account details.
Modification of information Hacking and tapping of account and transaction information. Product information Upload of product information and details Online products stolen and programs used maliciously Mistakes in product details and information Misleading or incorrect product information could lead to legal action by the consumer Modification of product details, prices, or discounts Unauthorized access to e-commerce to modify product information. Situation 5- Real-World Application (such as CRM, ERR, other internal or external organizational systems – pick one and specify) Information Affected
Customer benefits-CRM Alteration Unauthorized modification to customer benefits by employees or hackers. Scams run on customers using their information or data Mistakes in customer benefit detail may cause benefits to be incorrect Customer details-CRM Alteration of customer details for destructive or malicious purposes. Unauthorized access Unauthorized access granted to customer information and details. Mistakes in customer information could cause conflict in the database Transaction details or information-ERP Information gathered and modified internally or externally Errors on transactions by employees
Unauthorized access or alteration Unauthorized access granted and transaction details deleted or modified. Questions 1. What is the most effective way to identify risks like those you noted in the tables? Through the use of Scenario-based risk analysis utilizing different risk factors that could arise 2. What are some important factors when weighing the depth of a formal risk analysis? How would you balance the interruption needed for depth and the need to continue ongoing organizational activity? An in-depth formal risk evaluation should be conducted which lines up with the goals and objectives of the company.
There should be a clear outline of the protocols and procedures that will be utilized to attain these goals. 3. What should an organization’s risk management specialist do with the information once a potential risk has been identified? What information would be needed for senior management to know the danger of each risk and the proper way to handle the risk? Risk management specialist’s research and recommend tactics to minimize asset liability, including investigating potential asset loss incidents and enacting policies that comply with safety regulations and industry guidelines.
They plan and implement programs for risk management and loss prevention. Risk management specialists generally manage other risk analysts and report to upper management in their organization. 4. How would this specialist properly prioritize these risks to make sure the most important ones were mitigated first? The mitigation of risk should be prioritize based upon their potential effects it could cause the organization. As such, all the avenues for risk should be looked into; this includes the company’s financial impact, operational consequences and legal ramifications. Who is responsible for ensuring that an identified risk is addressed by the organization? What role does the analyst play? What role does senior management play? What roles do the analyst and senior management each play in addressing organizational risks? The system analyst or manager is responsible for identifying risks and making sure that they are minimized. The senior administration provides fiscal and administrative resources and helps to formalize policies to reduce risk. The senior administration and specialists collectively develop minimization methods Lana.