Information Technology

ICT SECURITY AND RISK ASSESSMENT 

17 April 2023 10:29 AM | UPDATED 2 years ago

ICT SECURITY AND RISK ASSESSMENT :

For solution: +610482078788

+61482073403

+61482072848

ICT SECURITY AND RISK ASSESSMENT 
ICT SECURITY AND RISK ASSESSMENT 

Table of Contents

EXECUTIVE SUMMARY. 1

INTRODUCTION.. 2

RISK MANAGEMENT. 2

RISK ASSESSMENT. 3

RISK TREATMENT & CONTROLS. 4

Recommendations and Conclusion. 5

APPENDICES. 6

EXECUTIVE SUMMARY

Globex Corporation was created by the union of two significant local businesses, Riverina Precision Farming & BT as well as Sons Farming Equipment, all of which are situated in the Riverine region of New South Wales, namely in the cities of Albury, Wagga Wagga, and Griffith. With improved agricultural competitiveness, farmers are better able to proceed with daily decision-making, planning, and overall farm focus. Globex Precision Farming aids farmers from start to end of their commercial operations with the use of precision farming technologies. Farmers may increase productivity and to save operational expenses by using this technology. This approach may aid farmers in selecting the finest options for their crops. To accomplish a wide range of objectives, Globex Corporation often offers agricultural products.

  • Feeding unsatisfied market demands
  • Prompt delivery
  • Specialized guidance & technical assistance
  • Environmental sensitivity

The following choices were also chosen by the newly established Globex Corporation’s Senior Management Committee. The board of trustees has resolved to sell off all of the former firms’ workers. In order to include the BT & Sons systems into the precise farming system, the committee also agreed to unite them. The management has made the decision to create the Internet Sales Management Program (OSMS) and to automate company procedures.

The senior management of the combined company also took choices for the business’s advantages, such as

  1. Using effective ERP & CRM for company purposes; and
  2. Utilization of social media to promote OSMS

Comments and Suggestions

Stakeholders must create & specify certain rules, regulations, & management procedures that are a part of the corporate governance throughout the amalgamation process of large enterprises. Corporate governance establishes guidelines for managing & guiding the business. It often consists of a collection of rules, corporate bylaws, & regulations that balances the interests of the company’s stakeholders. Corporate governance is necessary for regulating the company’s business overall performance. Henceforth an effective corporate governance helps in binding both companies together and guide them to achieve common objectives for the betterment of the company Information Systems (IS) can be regarded as a combination of people, business processes and information technology which blended together to achieve organizational objective. Whereas, information technology (IT) can be regarded as the integration of different kinds of technological equipment for the purpose of storing, retrieving and manipulating the data. In addition, we can define information technology as the study, implementation, support and design of information system. It might include hardware, databases, networks and servers

Network\Data Security

In present context, data is regarded as one of the valuable assets to any organization. Hence, the company must give priority data security and prevent them from unauthorized access which might cause data from being tampered, disposed and destroyed. Security breach can occur in various ways like viruses, unauthorised access, inappropriate usage, system failure and so on. Globex Corporation’s OSMS hold large number of customer’s insight information like credit card information. Globex Corporation can protect these information and data leak by limiting the number of individual’s information in public domain. Other ways of securing the data are use of firewall, routers, anti-virus software, email security, anti-malware etc.

Data backup

Taking backup of data and data recovery is an integral part of any business. A data backup can be defined as the process of copying data in order to restore them in case of any data loss. Data loss can occur because of system crash, human error and other kind of unpredicted and unprepared disaster. Globex Corporation must also implement proper data backup system. Globex has to deal with wide number of data and information which are very critical and crucial and in case of hardware failure and system crash, this critical information can be lost. Hence to protect the data, Globex must keep data backup system. Data backup can be kept either by keeping an offsite server or keeping data backup in cloud server. Globex can use the below mentioned backups in order to protect the data.

Cloud Backup: Cloud backup can be regarded as one of the important backup tools. It helps in offsite data backup.

Encryption of data: When taking backup, data must be encrypted to prevent data from being snooped by intruders and hackers. 3-2- 1 strategy: This strategy can be regarded as one of the most efficient strategy for data backup. It involves three data backups being taken in two locations (one offsite or cloud and another on-premise). The backup must be taken at least once a day for maximum protection.

INTRODUCTION

The focus of this paper report is the newly established Globex Corporation, which was established by the amalgamation of two sizable companies, Riverina Precision Farming and B T & Sons Farm Machinery. Precision farming and agricultural implements, both of which are widely available in various regions, are the two primary areas of business for Globex Corporation. In a nutshell, the research largely discusses the company’s information technology and data system. Additionally, the emerging technologies that the firm utilizes are the topic of this study and are related to it. Additionally, the research offers advice to the business on the strategies for luring new clients away from rivals. Additionally, the paper makes an effort to highlight a few managerial choices as well as how those actions affect the newly created company’s operations as a whole. The impact of information system on consumer choice & brand loyalty has also been explored by Globex Corporation.

RISK MANAGEMENT

Risk management is the process of identifying, assessing, or preventing accidents to an association’s prosperity & bottom line. Lots of factors, notably financial instability, legalities, unfavorable development, strategic management errors, accidents, and natural disasters, might be to blame for these hazards. A firm may consider all potential risks with the assistance of an efficient risk management program. Risk management also looks at the relationship between risks and also the significant danger they might do to a company’s long-term objectives.

Exactly why is risk management important?

Risk management has perhaps never been as important as it is just now. The risks that modern businesses face have become more intricate as a result of the globalization’s accelerating pace. The coronavirus epidemic, a recent external risk that at first appeared to be a distribution network problem at many firms, suddenly changed into an external danger that impacted the workforce’s health and safety, company operations, their ability to interact with consumers, and their reputations. In reaction to the threats posed by the epidemic, businesses swiftly changed the way they operated. However, they already are discussing fresh issues including how or if to bring employees to the station again as well as what actions should be made to make their proper utilization more crisis-resistant. As the world continues to struggle with COVID-19, companies and their boards of supervisors are reconsidering their risk management procedures once again.

RISK ASSESSMENT

Asset Identification

A vulnerability assessment is a thorough investigation of your job to identify any components, circumstances, processes, etc. that may be detrimental, particularly to people. After hiring, you evaluate the likelihood and severity of the risk.

How are the dangers found?

In each scenario, the individual or team doing the assessment should be qualified to do so and possess in-depth knowledge of the risk or hazard being evaluated, any scenarios that may likely arise, and the relevant safety precautions. To ensure that all risks are identified:

  • Examine every facet of the project.
  • Include non-routine tasks like upkeep, repair, or cleaning.
  • Examine the near-miss, incident, and accident records.
  • Take into account those who do their work remotely, such as at leisure, on those other job sites, as drivers, teleworkers, or with customers
  • Consider how the task is done or structured.
  • Consider foreseeable exceptional circumstances 
  • Establish if a product, machine, or piece of equipment may be altered deliberately or accidentally
  • Analyzing each stage of the lifecycle.
  • Consider the public or tourist dangers.
  • Take into consideration the demographics who may be more at risk, such as new or pregnant moms, persons with impairments, or young or inexperienced employees..

Risk Evaluation

The organization must determine if it can tolerate the degree of risk that results once the hazard ratings are computed. The risk assessment step is when the organization decides how much risk it is willing to take. The organization must convert the broad statement of its risk appetite created by the RM architecture team  into a numerical number it can contrast to each risk that has been analyzed. If the governance group responds “We can live with that” after the RM process team has finished its analysis and shared its results with them, the process goes on to the verification and validation role. During this phase, the organization monitors its assets, threats, & vulnerabilities in case anything happens that requires resuming the RM process. The risk treatment step of the RM process is initiated if the governing group indicates that they are comfortable with the present level of risk.

RISK TREATMENT & CONTROLS

 Risk Treatment

The five basic strategies for treating risks for assets are:

  • Defences
  • Transference
  • Mitigation
  • Acceptance
  • Termination

We will examine these and look at when we should consider each of these options.

Terminate (avoid / eliminate)Some dangers can only be managed or kept within reasonable bounds by ceasing the activity. a degree of danger that should be minimized or eliminated if at all feasible
Treat (control / reduce)In order to control a risk to an acceptable level, a certain degree of cost-effective controls must be in place. This strategy will be used to handle the bulk of risk.
Transfer (insurance / contract)When it is decided to assign the risk to another party, either via insurance or a contract transfer such as compensating the third party to assume the risk
Tolerate ( accept / retain)The danger is deemed acceptable to the north, there is nothing that can be done to mitigate it, or the expense of taking action might be disproportionate to the possible rewards. Future monitoring and reevaluation should be conducted

Risk Management

A decision to proactively manage risks throughout the whole organization is the first step in risk management in a business. The risk management group or executive in charge of carrying out the procedure must first draw out a strategy that includes all the factors that affect the process and form a team to carry it out.

What actions should be part of a risk-management strategy?

It requires just several steps to establish a risk management strategy and follow the associated procedures. These procedures may be outlined in the five phases listed below.

1. Risk management group A risk top management or a single person in charge of the risk management procedure must first be chosen. Due to the involvement of more divisions in a larger organization, teams are often larger the bigger the corporation. Teams may expand as a result of the need that all corporate stakeholders participate in risk management, but the core risk-management team remains the glue that keeps the process together.

2. Analysis As dangers might exist everywhere in the corporation, a whole organization is being examined. All departments, organizational and business processes, as well as all stakeholders who have an influence on the risk assessment, must be fully investigated.

3. Acknowledgement of dangers As certain processes may not be immediately apparent as being vulnerable to risk impact, identifying risks may be difficult. The objective is to approach every process as risk-prone and afterwards examine what risks, if any, are likely to have an effect.

4. Risk prioritization Once all the risks have been discovered, they must be arranged in different ways based on how they will affect the firm. Naturally, risks with greater consequences are given more importance.

5. Risk monitoring A policy is only as effective as how it is carried out. Likewise, monitoring business processes, or in this example, monitoring identified business risk.

Risk Controls

Risk management is essentially the assessment and management of a company’s operations in such a way as to identify and shield it from potential risks, unneeded losses, and other potential disasters.Risk management techniques A company must select one of the following four basic methods for risk management.

  • Avoidance: putting in place precautions to lessen or eliminate the vulnerability’s uncontrolled hazards.
  • Transfer: moving the risk to other regions or to external parties.
  • Mitigation is the process of lessening the impact of potential vulnerability.
  • Acceptance: knowing the repercussions & accepting the risk without exerting control or reducing it.

Recommendations and Conclusion

Globex Corporation has to follow proper business procedure and implement efficient information system in order to achieve the targeted goal. Any issues related to information system, information technology and business processes can adversely affect the customer’s preference and their brand loyalty and hence to improve and to maintain healthy customer relationship and brand loyalty, Globex Corporation has to make improvement and enhancement in information security, network security and proper backup and recovery plan of its information system. Globex Corporation must always be prepared for the issues related to information system and information technologies and it has to develop proper disaster recovery plan.

APPENDICES

Risk DescriptionLikelihood of risk occurringResult or effect if risk occursseverity evaluation based on probable effectsOWNERACTION FOR MItigATION Take steps to lessen the danger, such as reducing the possibilityTENDER ACTION What to do if a danger occurs
Project objectives & specifications  aren’t presented in a straightforward manner.MediumHighHighProject sponsorIf a business case hasn’t been produced, create one now, & make sure the project charter’s mission is stated clearly.The Project Board should be provided with an assessment of the risk involved in a long-term enterprise.
All parties involved do not have a clear understanding of the project’s timeline.LowMediumMediumProject managerPlan a session with the development team so that everyone is aware of the strategy & remembers the task. Schedule these meetings. At weekly project progress meetings, we provide schedules to fulfill future responsibilities and ensure that everyone is on trackThe weekly construction progress meeting should cover the plan as well as a rundown of impending duties.
Lack of both the proposed project and deliverable descriptionLowHighHighProject sponsorYou may reduce the project’s scope by participating in design workshops with subject-matter experts.Keep a record of all the assumptions you’ve formed as well as the risks they bring with themselves. The scope has been constrained to not include requests for uncertain, high-risk items.
no power to influence the priorities of many employeesmediummediummediumProject’s managerThe team leaders will be informed of the project’s importance by the project sponsor. After arranging workshops, reserve materials as soon as you can and give out final booking information as soon as you can. Figure out who would be each person’s backup on the project.Notify the Product Owner of the issue & enlist a backup resource’s assistance in handling it.
Any delays are the responsibility of the consultants or contractors.mediumhighhighProject’s managerPenalties for late payments have to be included in contracts. Lead time should be taken into account and protected as much as feasible in the timetable. The transmission of the timetable as soon as feasible is essential. It’s crucial to get in touch with your suppliers often. The statement “90% finished” is a question. Ask them if they require any other help as you go along.It will be advantageous to bring the problem to the attention of the Sponsor as well as the Contracts Manager. Late sentences should be utilized to prevent ambiguity wherever possible.
estimate and/or scheduling errors due to statisticsmediumhighhighProject’s managerThis word encompasses both “transfer pricing regulations” & “schedule blunders.”. Utilize two methods of estimate and monitor expenditures and projected expenses after completion, making modifications as needed Make provision for a ten percent contingency in your budget. in your expenses and schedule. Project teams should have a way to keep tabs on daily schedules, and this should be discussed at each meeting. Errors and delays in forecasting should be notified to the Project Board right awayThe matter should be brought to the attention of the project sponsor and the project board. Submitting a change request will allow you to make changes to a budget or schedule. Make a plan for a contingency strategy
A job opportunity that has arisen suddenly and has to be accommodatedLowHighMediumTeam managerParticipate in project planning workshops if you have the opportunity. Check out some of our previous projects to see what we’ve accomplished and how much it has cost. Quantity should be checked on all plans and surveys. Before the project begins, make a note of any assumptions that were made throughout the planning process and provide them to the project manager.Create an action plan that shows the impact of changes on time, cost, and quality and provide it to your project manager.
Create an action plan that shows the impact of changes on time, cost, and quality and provide it to your project manager.MediumMediumMediumProject managerDecide on the frequency, purpose, and audience for each message in your communication plan. Stakeholders should be identified early on, and their involvement in the communication plan should be ensured. Rather of sending a three-paragraph email to engineers, make a phone call.Be sure to clear up any misunderstandings as soon as you can. Get to the bottom of any ambiguities right away, and if required, get support from the Project Sponsor.
There is a great deal of pressure to minimize task durations and/or conduct operations in parallel, which raises the likelihood of mistakes occurring throughout the process.LowHighMedium Distribute the time frame to the relevant stakeholders so that this does not recur immediately. Compassionately convey that the schedule was created with the support of experts in the subject area. Please explain the risks associated with the change. Use Dennis Lock’s quote to convey your message on social media.Prepare reports for project committees that include risk assessment and change impact analysis. Organize emergency risk management meetings with decision makers and pressure sources and clearly articulate risks and consequences.
Acts of God, such as catastrophic weather, result in the loss of resources, supplies, and premises, among other things.LowHighHighProject managerMake sure you have insurance. Notify the project team of emergency measures. When a backup system such as a generator is installed in a cost-effective manner.Ensure that the right authorities are contacted. Observe all safety and health rules at all times. Stakeholders and the Project Board need to be informed.
Stakeholder involvement causes project delays.LowHighHighProject managerIdentify stakeholders, assess their strengths and influence, and develop strategies for stakeholder involvement. The application requires the approval of the project committee. Review your strategy regularly to ensure that all stakeholders are considered. Consider taking out insuranceNotify relevant authorities and comply with internal protocols. B. For activist protests

Visit:https://auspali.info/

Also visit:https://www.notesnepal.com/archives/767

For solution: +610482078788

+61482073403

+61482072848