The paper "GoLoyalty Risk Analysis" is an outstanding example of a business case study. This report gives an evaluation GoLoyalty company which is experiencing risk issues. In the report, there is a clear analysis of the facilities held by GoLoyalty and their respective classification. Using the risk priority matrix, the risks affecting GoLoyalty have been evaluated and arranged in the order of precedence. The risks have to be reclassified again using the cost-benefit analysis model from the highest to the lowest. Recommendations on the alternative control measures have also been analyzed in the report.
Research on this paper covers a broad range of sources to ensure a comprehensive and transparent report. Background This paper is geared to highlighting the risks associated with operations of GoLoyalty as well as recommendations on the best way forward to reduce the effects of the risks. This paper discusses contingency problem in GoLoyalty as well as other information system risks identified in the analysis. Information security threats will be listed down with their corresponding recommendations identified and noted. The facilities in GoLoyalty have reviewed to identify possible risk associated with them.
The paper conducts an investigation on the various roles played by various departments in GoLoyalty. Risk analysis on them will also be done to establish the risk associated with various positions in the organization. Recommendations on the best practice regarding the employees of the organization will be presented for execution and implementation. Asset Classification & Valuation: Stock Methodology The qualitative research methodology is the most appropriate approach towards establishing the various risks exposed to GoLoyalty. In a high magnitude, the choice of the research methodology is essential in determining the right information for use in decision-making.
This is because each research methodology implies different skills and perspectives as illustrated by Myers, (1997 PP. 7). There is significant uncertainty in the future of this company as threats of collapsing are eminent. Engagement of GoLoyalty staff through direct questions (interviews) was another suitable approach. Any evidence-based approach is also suitable for this kind of research with a combination of two or more methods making the research stronger as discussed by Benbasat, Goldstein & Mead (1987 pp. 374, 381) as being vital in data collection.
The case study gave highlights the main points of concern about GoLoyalty. The risk analysis is mainly based on the following approaches: Observing GoLoyalty’ s operations especially with its clients The feedback was given by customers who use GoLoyalty’ s services Evaluating related articles and reports Categorization of assets The Categorization of assets is based on observation of the operations of GoLoyalty Company. The structure of management, as well as the policies and procedures of the firm, are of fundamental importance for this exercise. Component Asset Information/details Employees Administrative staff Operational staff Personal details, security level, special skills, and contacts Non-employees(client) Administrative staff Users Customers of the clients Name, contacts, ID, address of the customer, customer points on the card, customer type Processes and procedures IT-based procedures Security, storage, location of the database.
Location of reference, back-up Software OS Application Codes Model/Program number Computers and accessories Devices and accessories Name tag, Components on the network Internet Intranet IP address Computers Server Security Storage Back-up Table 1: Categorization of assets Valuation of assets Impact Asset Integrity High Medium Low IT processes and procedures Operating systems Storage Application Internet components Computers (sever) Back-up Administrative staff Operational staff Client Card users Other staff Availability High Medium Low Internet Intranet Operating systems Computers and other devices processing Other staff Client Card user strangers Confidentiality High Medium Low Card user details/information Security Card user Administrative staff Operational staff Client Other staff Table 2: ISO 270001 2009 Score of assets General Asset Specific Asset Asset Score Employees Administrative staff Operational staff 18 18 Non-employees Client Cardholder 26 30 Procedures IT procedures 30 Information Processing Storage 25 30 Software Application Operation/usage Security 24 25 30 Devices and computers Security Storage Availability 30 30 30 Table3: Asset valuation The valuation is based on importance with 30 suggesting the most valuable asset in the group.
This implies the security of information and storage bear the highest score indicating their significance in the organization and this report.
Alberts, C.J. and Dorofee, A., 2002. Managing information security risks: the OCTAVE approach. Addison-Wesley Longman Publishing Co., Inc.
Benbasat, I, Goldstein, DK & Mead, M 1987, 'The case research strategy in studies of information systems', Mis Quarterly, vol. 11, no. 3
Bhadauria, R, Chaki, R, Chaki, N & Sanyal, S 2014, 'SECURITY ISSUES IN CLOUD COMPUTING', Acta Technica Corviniensis - Bulletin of Engineering, vol. 7, no. 4, pp. 159-77.
Boardman, A.E., Greenberg, D.H., Vining, A.R. and Weimer, D.L., 2006. Cost-benefit analysis: concepts and practice.
Whitman, M & Mattord, H 2011, Principles of Information Security, 4th edn, Cengage Learning.
Myers, M.D., 1997. Qualitative research in information systems. Management Information Systems Quarterly, 21(2), pp.241-242.
Plate, E.J., 2002. Flood risk and flood management. Journal of Hydrology, 267(1), pp.2-11.