Running Head: INFORMITON SYSTEM RISK & SECURITY

0
0

INFORMATION SYSTEM RISK & SECURITY

INFORMATION SYSTEM RISK & SECURITY
1

Table of Contents
Introduction......................................................................................................................................2

Value creating activities and strategic context................................................................................2

Key roles and responsibilities of developments..............................................................................3

Audit and analysis............................................................................................................................4

Risks................................................................................................................................................4

Likelihood and impact analysis.......................................................................................................5

Physical risk.................................................................................................................................5

Electronic risks.............................................................................................................................5

Technical risk...............................................................................................................................5

Infrastructure risks.......................................................................................................................6

Human risks.................................................................................................................................6

Phishing risks...............................................................................................................................6

Evaluation........................................................................................................................................6

Preventive measures.....................................................................................................................6

Internal audit................................................................................................................................6

Right implications........................................................................................................................6

Training........................................................................................................................................7

Limited access..............................................................................................................................7

Protection to remote workers.......................................................................................................7

Conclusion.......................................................................................................................................7

References........................................................................................................................................8
INFORMATION SYSTEM RISK & SECURITY
2
INFORMATION SYSTEM RISK & SECURITY
3

Introduction
This analysis will focus on the evaluation of case study. The case study will belong to the Young
Acorn Foundation. This organization is facing the many challenges at internal level and external
level within the increasing competitive atmosphere. This is important to manage the risk level of
it and securing the information and IT assess which enable to remain strategic differentiator to
rivals. IT system management has accepted the advice as I am working as the external auditor
and propose to undertake the information security, audit about the risk assessment regarding the
non for profit organization. This was tabled to Board of Director and with good level of
deliberation; CFO has authorized the sufficient budget in relation to improve the posture of
information system risk and information security management. I have been assigned as the
information systems security auditor to Acorn in relation to carry the extensive information risk
assessment of non-profits information management practices as well as information assets. I will
provide the auditor report with many detail discussion about the many components.

Value creating activities and strategic context

One of the important value creating activities and strategic context in relation to The Young
Acorn Foundation (ACORN) includes promotion of sustainable society in which all children
gains the important changes to ensure the fair go in their life and grow as the young adult with
adequate skills as well as dignity in relation to enrich them and community. Value creating
activities refers to development of community within the marginalized areas of developing
nations (Al-Mamary, et al., 2014). Strategic context of Acorn refers to develop, arrange, monitor,
and monitor the activities of community development in many nations. Community development
activities includes child education and sponsorship in which many arrangements are ensured with
the local school which enable children of community to study while educational cost including
cost of associated study regarding the books, breakfast, uniforms, and many other things are
being subsidized through ACORN.

Programmes of Acorn include regular level of encouragements to local level communities in

relation to perform altogether within the cooperative model and produce particular products. This
is focused to improving the community power of bargaining with control of quality over the
INFORMATION SYSTEM RISK & SECURITY
4

other products. Development of better ways is important import practices of partners and donors
of Acorn to enable the under-privilege communities to create the effective living ways relied on
the culture, ideas, etc. This has persuaded aggressively strategy of web-marketing in relation to
expand target market. Many appeals have been launched by its website. Profile of Acorn within
the social media has improved to provide and ensure at cost service. There is effective level of
communication between partners and Acorn within the relation of community development
program to include the procedure and activities which regularly coordinate the selling as well as
buying of community development program sponsored products which produced through the
local level communities.

Key roles and responsibilities of developments

There is the important ongoing conversation between partners of Acorn and it covering not only
important procedure pertinent to aid distribution like buying of materials, logistic, and
maintenance but within the case of CDP includes the procedure and actions which coordinate the
purchasing and selling of CDP sponsored products created through the local level communities.
Role of partners is not limited to the initial level negotiation about the terms as well as situations
of relations and coordinate and facilitate the necessary transaction between communities of CDP
and all partners. Overall partners are liable to report at periodic level about the CDP products
sale (Arif, et al., 2020). Employees of Acorn within the host nation is needed to divulge at
regular level all informations to host nation authority which may be looked as not appropriate
within the Australian law like privacy law. Employees of Acorn at general level are provided
with huge level of autonomy in relation to comply the exception to appropriate government
agencies of host nation which supports in management of information and assessment of risk.

In particular cases it the important responsibility of employees to ensure the communication and
consultation with headquarter within the nation like Australia is needed because of the delicate
circumstance nature. Officers of Acorn are operating within the different nations are required to
remain equip with the set devices of mobile communication. Employees are needed to report to
local office at periodical level to ensure and provide the updated on communities, group, CDA,
group, and themselves. This is the responsibility of multiple software vendors to provide the free
service to the organization. CEO is aware regarding the SEED-ONE challenges and management
INFORMATION SYSTEM RISK & SECURITY
5

on the insistence of Chief Executive Officer has commissioned manager to present the
possibility of replacing SEED-ONE with other corporate system remain more suitable regarding
the organizational growth with necessary pertain to management of information and risk
assessment.

Audit and analysis

There is high importance of careful audit and analysis of case evidence in relation to undertake
the inventory as well as identify the information asset which involves Acorn most significant
physical or logical information resources, information of value and information systems which
should be accounted for within the sharing approach to risk management. Organization like
Acorn gains necessarily donations from the many individuals by multiple means. Use of sharing
approach will remain more effective to regularly send out volunteers in relation to talk to
householders, public members within the public places, schools, and many more to solicit
donations of cash from the public. Sharing approach will support the every donor to use the
phone and speak to representative of Acorn to pledge as well as donate money through utilizing
the credit card. Sharing through web initiative will support Acorn to ensure the capability to
allow web-based transaction and work with the plan to support micro-donation by website of
social networking. This will be important liability to comply with PCIDSS in relation to continue
the processing information of credit card (Nowduri, 2011).

Sharing will remain important to gain the necessary amount of fund and utilize the fund in
relation to buy the service from provider like SaaS People & Culture Management System.
Workday’s Human Capital Management will remain the important solution for contract
organization. Acorn management is aware regarding the data significant and believes in good
strategy of data backup. Sharing approach will support to ensure the excellent service and
reliable service to resource whole corporate data and information and provide the cost efficient
resolutions to backup and restoration of corporate data.

Risks
There are many kinds of threats as well as vulnerability which create the greatest level of risk to
the most significant information assets like information and information systems of Acorn. These
INFORMATION SYSTEM RISK & SECURITY
6

all lead to contribute too many concerns of individuals that will influence the decision level.
General threat and vulnerabilities can be hardware and software failure like data corruption
(Järveläinen, 2013). There can be challenge due to design of malicious software which leads to
disrupt organizational operations. This can be challenge of viruses as computer code can copy it
and spread from one device to other often lead to disrupting the operations of Acorn.

Unsolicited emails which look to harm users into revealing many personal details. Incorrect
processing, careless disposal of data, and accidental opening about the infected email
attachments can lead to influence the practice of Acorn with high level of risk in management of
operations and functions. Denial of services in relation to Acorn can take place as online attacks
leads to prevent access of website for authorized users. Breaches in information system of Acorn
can occur due to physical break-ins and online intrusion. Challenge of employees’ dishonesty as
the main threat can occur due to data theft and mismanagement of sensitive information like data
of users, management, employees, and many others.

Likelihood and impact analysis

Physical risk
Physical risk in relation to Acorn can result in risk of physical access and damage to IT resources
like servers. It could involve the high level of damage from the unauthorized access in relation to
confidential data through anyone in Acorn.

Electronic risks
Electronic risks in relation to Acorn refers to present the compromise about the organization
information as hacker can gain access at unnecessarily to the website and IT system which could
lead to influence the organization and organization could fall victim to the fraudulent email. All
these are the commonly of the negative nature (Deng, and Chi, 2012).

Technical risk
Technical risks could result in software bugs, computer bugs, and complete failure in relation to
the component of computer. Technological risks can remain catastrophic if Acorn cannot retrieve
the data on the failed hard drive with no back up in relation to copy is available.
INFORMATION SYSTEM RISK & SECURITY
7

Infrastructure risks
Risks of infrastructure can result in duet to loss of necessary and appropriate internet connection
which can lead to interrupt the organization. This could result in for Acorn to miss the important
amount of donation.

Human risks
Human risks will be main challenge for the organization like Acorn’s. This can result in
important data accidently. It can lead in unnecessary failure to follow the procedures of security
appropriately (Léger, et al., 2011).

Phishing risks
Information technology risks can take place in relation to Acorn due to phishing attacks. This can
occur due to sending fraudulent conversations which takes place from the many resources
(Kendall, and Kendall, 2011). It can lead to steal the sensitive details of the organization like
information of login and many others.

Evaluation
This will be important for Acorn to evaluate and prioritize the risks to manage. Following
practices will remain effective for Acorn in relation to evaluate and prioritize risks.

Preventive measures
Preventive measures will remain important in relation to identify the warning signs (Vieru, and
Rivard, 2014). This will remain important to assign the particular responsibility to resolve the
challenge for the organization like Acorn.

Internal audit
Focus on internal audit will support Acorn to understand the level of potential threats to it. This
will enable to monitor the unwanted exposure and take the important action against the electronic
risks.
INFORMATION SYSTEM RISK & SECURITY
8

Right implications
It will remain important for Acorn to work with the identification of important implications
which will support to ensure the right level of communication as per the analysis of scenarios
necessarily and resolve the technical risk.

Training
There will be high importance for Acorn to ensure the right practices within the place for
employees, management, and others. Training will support to ensure the right disaster recovery
plan and mitigate the any infrastructure risk (Holzinger, Treitler, and Slany, 2012).

Limited access
Limited level of access to the sensitive system will support the Acorn to eliminate the level of
human risks. This will enable the Acorn to ensure the level of limited liability with application of
quality assurance program.

Protection to remote workers

Acorn should focus to provide the necessary level of protection to every remote worker which
will remain effective through encryption to remote employee and link them to server over the
VPN of organization which will prevent access to any phishing website or email.

Conclusion
In the limelight of the discussion it can be concluded it is important for the organization like
Acorn to perform with the right information security risk assessment. This discussion has
involved the detail discussion with clear and concise evaluation of Acorn values creating actions
and strategic context in relation to propose the target risk appetite as well as risk tolerate level for
it. It has involved the explanation about the key roles and responsibility of people and
departments and Acorn as they pertain to assessment of risk and management of information.
Report has involved the explanation about the careful audit and analysis of case evidence,
undertook the inventory with identification of information assets which involves Acorn most
significant, physical and logical information resources, information of value and information
system which should be accounted for within the approach to management of risk. This has
involved the explanation about the analysis of threats and vulnerability which create the highest
INFORMATION SYSTEM RISK & SECURITY
9

level of risk to Acorn important information assets. It has presented the discussion about the
likelihood and impact analysis of six risks. In the end it has involved the evaluation and
prioritization about the six significant risks for organization like Acorn in relation to their
management.

References
Al-Mamary, Y.H., Shamsuddin, A. and Aziati, N., 2014. The role of different types of
information systems in business organizations: A review. International Journal of
Research, 1(7), pp.333-339.

Arif, D., Yucha, N., Setiawan, S., Oktarina, D. and Martah, V., 2020. Applications of Goods
Mutation Control Form in Accounting Information System: A Case Study in Sumber Indah
Perkasa Manufacturing, Indonesia. Journal of Asian Finance, Economics and Business, 7(8),
pp.419-424.

Deng, X. and Chi, L., 2012. Understanding postadoptive behaviors in information systems use:
A longitudinal analysis of system use problems in the business intelligence context. Journal of
Management Information Systems, 29(3), pp.291-326.

Holzinger, A., Treitler, P. and Slany, W., 2012, August. Making apps useable on multiple
different mobile platforms: On interoperability for business application development on
smartphones. In International Conference on Availability, Reliability, and Security (pp. 176-
189). Springer, Berlin, Heidelberg.

Järveläinen, J., 2013. IT incidents and business impacts: Validating a framework for continuity
management in information systems. International journal of information management, 33(3),
pp.583-590.

Kendall, K.E. and Kendall, J.E., 2011. Systems analysis and design (Vol. 2013). Upper Saddle
River, NJ: Pearson Prentice Hall.

Léger, P.M., Charland, P., Feldstein, H.D., Robert, J., Babin, G. and Lyle, D., 2011. Business
simulation training in information technology education: guidelines for new approaches in IT
training. Journal of Information Technology Education: Research, 10(1), pp.39-53.
INFORMATION SYSTEM RISK & SECURITY
10

Nowduri, S., 2011. Management information systems and business decision making: review,
analysis, and recommendations. Journal of Management and Marketing Research, 7, p.1.

Vieru, D. and Rivard, S., 2014. Organizational identity challenges in a post-merger context: A
case study of an information system implementation project. International Journal of
Information Management, 34(3), pp.381-386.