StudentShare
Contact Us
Sign In / Sign Up for FREE
Search
Go to advanced search...
Free

The Analysis of the Information Communication Technology - Assignment Example

Cite this document
Summary
The paper "The Analysis of the Information Communication Technology" tells that information communication technology gives industry players a competitive edge over their rivals. Through IT, governments, organizations, and businesses can provide better services to the general populace…
Download full paper File format: .doc, available for editing
GRAB THE BEST PAPER98.6% of users find it useful
The Analysis of the Information Communication Technology
Read Text Preview

Extract of sample "The Analysis of the Information Communication Technology"

IMPACT OF THREATS AND VULNERABILITIES TO INFORMATION TECHNOLOGY SYSTEMS In many countries, information technology is big driver of the economy. Information communication technology gives industry players a competitive edge over their rivals. Through IT, governments, organizations, and businesses can provide better services to the general populace. These advantages facilitate greater productivity for businesses and the nation at large. That said it is vital to recognize that information communication systems are subject to serious vulnerabilities and threats that can have adverse effects on business, government or organizational operations. Some of the many risks that are associated with information technology include, budgetary risk, program management risk, inventory risk, supply chain risk, investment risk, safety risk, legal liability risk, and security risk just to name a few. This paper will do a risk assessment of on a business scenario on citizen wellness proposed to a health care company. The paper will identify three threats and vulnerabilities that affect a citizen wellness program. Further, it will detail these threats and vulnerability extensively and how they apply to the business. Finally, the paper will specify countermeasures that the business can use to negate these threats and vulnerability. Specifically the paper will review the above through the following guidelines: NIST 800-30: Risk Management Guide for Information Technology Systems, NIST 800-53: Recommended Security Controls for Federal Information Systems and Organizations, NIST 800-39: Managing Risk from Information Systems: An Organizational Perspective and NIST 800-64: Security Considerations in the System Development Life Cycle. The background of the business scenario is as follows. A health care company would like to do a review on ACMEs security program, including its procedures, and security policies. The main aim for this review is to make sure that ACME Co. can provide an individualized citizen wellness programs to the health care company’s subscribers and that these customers can be authenticate whenever they desire to access the program. ACME Co. specializes in Web sites hosting both for public and private entities. An Information Technology manager of ACME Co. is assigned to work with the health care companys ISSO the idea being to create a detailed list of business needs for security for the health care company. The Chief Information Officer at ACME Co. also directs the IT manager to evaluate the existing ACME Co. enterprise architecture documents with the aim of identifying any additional security requirements for the health care company CW program, data center and any associated loopholes. The IT manager should also make certain that only authorized personnel at ACME Co. are able to gain access to the hardware or software hosting of the citizen wellness program because other customer applications are also located in the same data center. Based on the figures provided by the ISSO, the health care company, and the review of the ACME enterprise architecture, the IT manager comes up with a detailed list. First, the IT manager identifies all the users of the CW program ensuring their authenticity/validity and further provides an application that verifies users and their level of system access. Next, the IT manager identifies a method of accessing the CW program i.e. through a website browser. Further the IT manager secures the users information by identifying that the data that consist of personally identifiable information should be protected. Other things that the IT manager details in his list include the hiring of a qualified information security officer, installing security cameras at strategic entry points at the data center and lastly securing all traffic originating from the user and the application by providing a subscriber portal that requires user login and a unique password. Based on the above proposal, key loopholes, threats, and vulnerabilities are evident. How these threat and vulnerabilities affect the business and how to countermeasure them is the basis of this paper. Risk assessment in information and communication technology by definition is the progression of identifying, estimating, and prioritizing information technology security risks. To assess risk requires an in depth analysis of threats and vulnerabilities on information so as to determine the degree to which circumstances and events could negatively impact the operation of an organization and how likely such circumstances and/or events could occur. Risk assessment is one of the five core pillars in the risk management and is fundamental in determining threats, loopholes, and vulnerabilities in a business’s IT system. A threat in information technology is any event or circumstance that has the potential to negatively affect the business’s or organization’s operations, assets, individuals, other organizations, or the Nation through unauthorized destruction, access, disclosure, denial or modification of information. Typically, threats originate from threat sources. From this definition, four key threats face the above business scenario. The first one is hostile physical and/or cyber attacks. It is possible to attack the health care system CW program through cyber attacks such as introduction of malware to the system or physically attacking and destroying the data center. The second threat originates from human errors and omissions. It is possible for the information security officers to omit data or key in erroneous information to the system since humans are to error. The third is threat could originate from structural failures of the business information technology resources such as hardware, software and environmental controls whose job is to make sure the system works effectively. The fourth source of threat could originate from natural and/ or man-made disasters and accidents. It is a very hard to negate calamities such as those caused by nature and often the organization’s control over such events is zero. Vulnerability in information and communication technology can be defined as a weakness in system’s security procedures, information systems, internal controls, and implementation that can be exploited by a source of threat. Most system vulnerabilities are associated with either security controls that have not been applied or those that have been applied, but still have inherent weakness. In the business scenario described above, a key vulnerability exists in user login and unique password domain on the user’s portal. Though this may seem secure, adding inscription or a pin functionality could make the system even more secure from threat sources. Risk is typically a function of the likelihood or probability of a threat event manifesting itself and potential negative impact the event or occurrence has on the business or organization. This analogy accommodates many types of negative impacts at all tiers in the event of a risk event ever occurring. The threats identified that could have negative impact on the health care business can be classified as high, medium, or low depending on their impact to the business. Damage to the image or reputation of the health care business and/or financial loss is classified as tier 1. Inability of the business or organization to successfully implement its mandate or a specific mission or process is classified at tier 2. The expending of resources in responding to a threat incident in a business’s information system is considered as tier 3. An attack to the health care system Citizen Welfare program through the introduction of malware to the system could cause either a tier 1, 2 or 3 damage. The impact on the business would be medium. Omission of data or erroneously keying in information to the system by information security officers could have high, medium, or low effect to the business depending on the type of data in question. Structural failures of hardware at ACME could have serious ramification to the health care business. Again, the level of impact could be high, low, or medium depending on the hardware. For example, if the main server were to be physically destroyed, the impact could be high. On the other hand, if a backup power supply were to be destroyed, the impact would be low. Natural calamities often have high impact on a business. If the business were to survive an earthquake, the impact would be classified as high more so if the earthquake were major. A countermeasure that the business could use to negate the impact in the event that a threat events manifest itself are diverse and many. One of the most fundamental ways to deal with risk is to accept it, transfer it, or avoid it. A business may accept risk knowing that it could benefit from it by maybe helping it built stronger defenses and providing a learning experience. Most business would accept a threat event if the impact is low yet the business harnesses a lot of learning experience from the occurrence. The business could also transfer the risk. For example, ACME Co. could by a policy to cover them from natural disasters such as earthquakes. Bibliography Bidgoli, H. (2006). Handbook of Information Security Volume 3. Hoboken: John Wiley & Sons. Blank M.R, Gallagher. P. D, National Institute of Standards and Technology. (2012) Security Considerations in the System Development Life Cycle NIST 800-64 Fahlsing. J, Gulick.J, Kissel. R, Scholl. M, Stine.K, Rossman. H, National Institute of Standards and Technology.(2008) Risk Management Guide for Information Technology Systems NIST 800-64: Kale, K. V., Dr. Babasaheb Ambedkar Marathwada University, Institute of Electrical and Electronics Engineers, ACVIT, & IEEE International Conference on Advances in Computer Vision and Information Technology. (2008). Advances in computer vision and information technology: [IEEE International Conference on Advances in Computer Vision and Information Technology (ACVIT-07), Aurangabad, November 28th - 30th, 2007]. New Delhi [u.a.: I. K. Internat. Publ. House. Locke. G, Gallagher. P. D, National Institute of Standards and Technology. (2011) Managing Risk Information security risk An Organizational Perspective NIST 800-39 National Institute of Standards and Technology. (2012) Security and privacy Controls for Federal Information Systems and Organizations NIST 800-53 Read More
Cite this document
  • APA
  • MLA
  • CHICAGO
(“Risk Assessment Assignment Example | Topics and Well Written Essays - 1250 words”, n.d.)
Risk Assessment Assignment Example | Topics and Well Written Essays - 1250 words. Retrieved from https://studentshare.org/information-technology/1627178-risk-assessment
(Risk Assessment Assignment Example | Topics and Well Written Essays - 1250 Words)
Risk Assessment Assignment Example | Topics and Well Written Essays - 1250 Words. https://studentshare.org/information-technology/1627178-risk-assessment.
“Risk Assessment Assignment Example | Topics and Well Written Essays - 1250 Words”, n.d. https://studentshare.org/information-technology/1627178-risk-assessment.
  • Cited: 0 times

CHECK THESE SAMPLES OF The Analysis of the Information Communication Technology

Communication Technology in Business

Currently, nurses and physicians rely on documentation for patient dosing, charted analysis of patient care and symptoms, and also inter-office memos describing new health care policies.... technology in communication has changed the way businesses communicate with each other.... Written communication methods are outdated and often involve considerable bureaucracy to ensure that written files are delivered timely and accurately....
10 Pages (2500 words) Research Paper

Information and Communications Technology

The paper "Information and Communications technology" suggests that ICT has been integrated into our society and can be seen in all places.... s technology continuously grows and evolves, teachers must keep themselves up to date with these changes.... It is a technology created for preschooler with a fun design and tough built prepared for rough handling of its owner.... Sweden alone, the government targeted to be the world's leading IT nation and ensured that all citizens have access to information....
13 Pages (3250 words) Essay

Information and Communications Technology in Diplomacy

This paper ''Information and Communications technology in Diplomacy'' discusses that foreign ministries around the world are still struggling to engage the benefits of information technology in their management of external affairs.... Hence, they lag behind the academicians and business leaders, who are able to use technology to their best interests.... While this is true for many developed countries, which possess cutting edge technology; political leaders and policy makers in relatively smaller countries, like Austria, Latvia have utilized the application of information technology perfectly well....
8 Pages (2000 words) Literature review

Impact of Information and Communication Technology in Academic Libraries, over the Last 25 Years

The paper "Impact of Information and Communication Technology in Academic Libraries, over the Last 25 Years" presents an analysis of the ICT technology emergence and implementation to the public and privates libraries, how ICT is offering enhanced management of libraries services, and knowledge.... Implementation of information and communication technology can be seen all around us.... ICT (information and communications technology - or technologies) is a collection or combination of two terms, one is information, and while the other is communication technology....
12 Pages (3000 words) Essay

Choice of IS and Information Technology Management as My Concentration

The paper "Choice of IS and Information technology Management as My Concentration" highlights that non-technical skills such as organization, interpersonal and communication skills are not covered by the course.... Information technology Management equips one with relevant knowledge for the development of creative and effective solutions of IT-based on an absolute understanding of business opportunities and challenges.... y career objective is Information technology Manager....
6 Pages (1500 words) Essay

Integrated Marketing Communication and Information Technology

This paper provides the analysis of the role Internet plays in the IMC followed with an overview of key online marketing tools/instruments.... As the paper is focused on a particular case study of Samsung Galaxy Note, it provides analysis of this brand activity, followed by a discussion and critical evaluation of Samsung's marketing activity with a focus made on online activity.... This research will begin with the statement that with the development of Internet technology consumer's behavior, lifestyle and expectations have changed dramatically, thus making marketers and other professionals adjust to these changes....
12 Pages (3000 words) Research Paper

Social Analysis for EMS

It helped me to know the various inside functions of enterprises so that I can easily solve the communication problems of the business organization.... communication problems in businesses remain unresolved, as they are hard to define and even to understand the problem.... The article reading has detailed explanations of how communication problems bring difficulties inside many firms.... information Politic ... he 'information Politic' by Davenport & Prusak, is a reading material, which helped to gain a deeper understanding of the EMS case....
6 Pages (1500 words) Assignment

Computerized Information Technology

This report "Computerized Information technology" discusses the world that has become more of a global village and more and more dependant on computerized Information technology as indicated by the significant role it is nowadays playing.... The Internet on the other hand has proved to be an important shareholder in this era of Information technology transformations.... Computerized Information technology is no doubt a driving power towards the globalization process....
7 Pages (1750 words) Report
sponsored ads
We use cookies to create the best experience for you. Keep on browsing if you are OK with that, or find out how to manage cookies.
Contact Us