This website uses cookies to ensure you have the best experience. Learn more

How To Establish A Risk Management Process For An Information System?

1658 words - 7 pages

According to O’Brien and Marakas (2005), a system is defined as “a set of interrelated components, with a clearly defined boundary, working together to achieve a common set of objectives”. Physical, biological, technological, and socioeconomic systems are illustrations of systems that can be discovered in the physical and biological sciences, in technological disciplines, and in human society.

Hence, the information systems (IS) can be “any organized combination of people, hardware, software, communications networks, and data resources that stores and retrieves, transforms, and disseminates information in an organization” ( O’Brien & Marakas, 2005) . In others words, the term information ...view middle of the document...

According to Loch et al (1992), threats denote "a broad range of forces capable of producing adverse consequences" (p. 174). In the context of information systems, a threat creates risk by making a probability that a force will act adversely on the system. Moreover, the threat can be considered from diverse perspectives: internal/external, human/non-human, intended/ unintended, and so on (Loch et al., 1992).

As mentioned in their report, Berson, Kemmerer and Lampson (1999) stated that information systems and networks can be subject to four generic vulnerabilities: unauthorized access to data, clandestine alteration of data, identity fraud, and denial of service.
Firstly, the unauthorized access to data consist of the surreptitiously obtainment of sensitive data or information that could be used against the interests of the organization. Furthermore, the imperceptibility of an unauthorized access to data could engender more damage due to the impossibility to take countermeasures. Secondly, the clandestine alteration of data could be termed as shifting data clandestinely in order to disrupt the execution of a plan. For example, an alteration of market information could significantly lead the organization to a wrong decision about a product manufacturing. Thirdly, the identity fraud is defined as an illicitly posing as an authentic user which can allow an intruder to issue false information, make unauthorized commitments, or alter the organization database to his advantage. Finally, the denial of service (DoS) denotes a denying or delaying access to information or services, especially for time-critical tasks. For example, attacks that resulted in the unavailability of selling information could delay planning for production.
According to Kevin and Chris (2001) as cited in (Azrina & Othman, n.d.), denial of services attacks are classified in three categories:
 Destructive attacks which annihilate the function of the device, such as erasing or altering configuration information or interrupting the power supply.
 Resource consumption attacks which vitiate the device ability to function, such as establishing several connections to the same device simultaneously.
 Bandwidth consumption attacks which outstrip the bandwidth capacity of the network support. Hence, small-bandwidth networks, becoming target, may be affected by simultaneous bandwidth consumption.
 Distributed denial of services (DDoS) is a junction of DoS attacks performed from innumerable sources in order to hinder the operation of the target device. As consequence, DDoS cannot be prevented with merely filtering the source Internet Protocol (IP) addresses since it is instigated from multitude points.

To overcome the vulnerability of the information systems and maintain them in well-functioning conditions, experts must guarantee preliminary security requirements such as date confidentiality, date integrity, system availability, and system configuration.
Actually, the...

Find Another Essay On How to Establish a Risk Management Process for an Information System?

An Evaluation of Information Security and Risk Management Theories

2183 words - 9 pages extensively renowned risk management frameworks currently employed. Supported Research Due to the extensively broad nature of information security and risk management, it would be a major feat for any theory to address the full scope of IT risks. The development of a theory is an innovative practice as it simultaneously institutes ideas, hypotheses and suggestions (Hong et al., 2003). The authors asserted, “There are two paths to theory

4. An analysis on how the information system can help the organization to gain competitive advantage

736 words - 3 pages information systems to customize and personalize their products and it has given them a very large competitive advantage in the area of personal computers (PCs) and laptops market. For example, Dell has allows their customers to customize their laptops such as the laptops size (14” or 15.6”), laptops body colour (red, white, black), or the laptops software such as laptops system (Window7 or 8), core processor system (i3 or i5). Dell allows their

The Requirements for Developing and Managing a Comprehensive Management Information System

4238 words - 17 pages The Requirements for Developing and Managing a Comprehensive Management Information System The aim of this assignment is to see the requirements for developing and managing a comprehensive Management Information system for an organisation. In today's business environment it is getting harder and harder for organisation’s to not only survive but to compete against other organisation’s. Information technology plays a big part in helping

Information System in an Integrated Multidisciplinary Health Care Team: A Strategy for improving Patient care

1021 words - 5 pages . The aim of this research is to understand the benefits of an Integrated Multidisciplinary care team based on patient-centred information technology systems. Inorder to achieve this aim, the following objectives will have to be attained.  To analyse the impact of an integrated care plan round on a patient- centred IT system.  To examine the extent to which better co-ordination of care delivery can be achieved.  To suggest a comprehensive

An Integrated System Theory of Information Security Management

678 words - 3 pages it for organization. To recognize it, establishment and auditing must be done to the information and it can be consider as under control performance. 2.5 Management system theory The aim for management system theory emphasizes is to protect the information assets. Organization also should know how to protect their information in critical condition with proper learning. 2.6 Contingency theory Contingency theory is the combination between many

Executive Information System to Run a Business

1217 words - 5 pages information, early identification of company performance, detail examination of critical success factor, better understanding, time management, increased communication capacity and quality. Features of Executive Information System Examples. 1) Project Portfolio Dashboard. Organize a dashboard for one project or a complete project portfolio. 2) The name of the software system DaSystem. Suppose, CIO of an organization needs to envision the how

Task management: Information System

6721 words - 27 pages 1986).Information Systems have to do many different things; perform calculations, edit and store data, produce reports, support business process, enforce rules, etc.The following plan identifies possible IS requirement for Sports-Qits:Goal:Information resource for management, staff, vendors and customers; with the potential to evolve into a full-fledged 'on-line' business systemApproach:Develop business scenarios, derive system specifications and

how information system support business processes in an organization

7620 words - 30 pages theories.Economic ImpactsIt's sometimes cheaper to hire a computer than to hire a person. We may not like the idea that machines can replace human beings, but when you think about it, they have been doing this for thousands of years.(Paperless Communication) To better illustrate this concept, let's take a look at how a company can find it cheaper to use an information system to develop and disseminate a Human Resources policy regarding dress codes for employees

Sainbury's management information system

5388 words - 22 pages relationship is the most obvious relationship, there are also other relationships take place in Sainsbury's, which include:Function relationshipsA function relationship is established when a person is appointed as a specialist to carry out a specific function in an organisation, and take responsibility for that function. Sainsbury's specialists are responsible to the higher management (e.g. Directors) and relieve a line manager of that responsibility

Management Information System Case Study for "Dirt Bikes USA"

4771 words - 19 pages demand and provide 24 hours online customer service2. ITBIZ· Decide when and what to produce, store, and move· Reduce inventory, transportation, and warehousing costsDirt Bikes can choose LANSA as its supplier for supply chain management software that will offer the quickest way for a major developer to implemented the online order and parts information system. This system can reduce 30% of unproductive labor and turn that into

How to Establish Your Own Nation

1974 words - 8 pages from the Montevideo Convention (International, not inter-American) containing the necessary obligations one must fulfill if they want to establish their own nation-state. This source was very helpful since it was an offical and straight from the source. How to Start Your Own Country: A Primer." Mother Jones. 28 Apr. 2014 . How to Start Your Own Country: A Primer

Similar Essays

Designing An Information System For Football Management

2768 words - 11 pages . Currently there is one bus company responsible for transporting players to and from games and this may be subject to change but there will always only be one company providing the service. System Expectations The Football management system is a system that primarily will allow users (managers of teams) to remotely update the system with new fixtures and that will then allow the system to relay this information to all parents of the relevant

How To Acheive Effective Information System Project Management

1438 words - 6 pages scope is processed concisely is to adopt a change control system.IntroductionHorine (2005:139) suggests that 'scope changes are generally responsible for 80% or more of project changes'. Managing scope change is a critical element to the success of an Information System project as such changes have the potential to impact to the cost, schedule and the ability to meet the acceptance criteria of the stakeholder.The key to successful scope management

Management Of Information System For Libraries

1838 words - 7 pages Britain. The libraries have a modern ambience, service and facilities, supplemented by courteous staff. From accessing the World Wide Web to aiding the development of children with multimedia, there are a range of services set to the highest professional standards. For this reason these libraries have always been regarded as more than just an ordinary lending library.More than providing books and information, the British Council Library in India has

The Risk Management Process Essay

1973 words - 8 pages identify project risks, whereby a project team or group attempts to generate ideas of possible risk to a project and then devise solutions for a specific identified project risk. Hilson (2003) indicated that opportunities are ignored in this process, however since he wrote this book in 2003 and based on the latest Project Management Body of Knowledge Book (2008) with regards to risk identification we see opportunity and treats are identified. Risks are