Assignment 3: Applied project Due date: Week 13 Group/individual: Individual assignment Word count: 2500 Weighting: 50% Unit learning outcomes: [ULO1], [ULO2], [ULO3] [ULO4], [ULO5], [ULO6] [ULO7]...

1 answer below »
thanks


Assignment 3: Applied project Due date: Week 13 Group/individual: Individual assignment Word count: 2500 Weighting: 50% Unit learning outcomes: [ULO1], [ULO2], [ULO3] [ULO4], [ULO5], [ULO6] [ULO7] Course Learning Outcomes: [CLO1], [CLO2], [CLO3], [CLO4], [CLO9] Graduate Attributes: GA5, GA10, GA11, GA12 Assignment Details: Students are required to select an organization that uses information systems to perform daily business operations. They have to identify some assets of the organizations and discuss how and why they are vulnerable to destruction, error, abuse, and system quality problems. The students have to describe and evaluate the risk management techniques adopted by the selected organization to ensure the reliability, confidentiality, availability, integrity and security of digital business processes. Evaluation of the risk management must include risk identification, risk assessment and risk control related to the selected organization. Identification and illustration on the types of general management controls and application controls related to the selected organization must to be analysed. The students have also to discuss audit plan and processes used by the organization and investigate the impact of human factors on security and risk management..
Answered Same DaySep 21, 2020SBM4304

Answer To: Assignment 3: Applied project Due date: Week 13 Group/individual: Individual assignment Word count:...

Perla answered on Sep 22 2020
143 Votes
Information systems – Risk Analysis
Running Header: Information systems – Risk Analysis
Title: Information systems – Risk Analysis
Student ID and Name:
Course ID and Name
University Affiliation
Date: 21/09/2018
Author’s Note:
The current report is presented as part of the requirements to complete the course work.
INTRODUCTION
Risk management in any organization or any project is mainly aimed at finding the potential problems that are responsible for detrimentally impacting the organizational functionality or m
ay cause damage to the assets of the organization as well will also work for reducing the life of the product as well will work on to impact achieving the organizational objectives as well. IT systems risk management is a critical process where in the actual vulnerability of the organizational IT systems will be evaluated. The key objective of risk analysis is obviously to have a comprehensive evaluation of the organizational risk zones and to take up appropriate actions to rectify the risk as well will work on to eliminate the possible negative or disastrous implications to the organizational functionality as well as the objectives of the organization. The following part of the discussion is focussed on to identify the assets of the organization and will work on to assess the vulnerability in terms of the destruction, erroroneous functionality, abuse of the systems as well will work to evaluate the quality problems as well. Apart from identifying the key domains of the organizations which are prone to risk, the discussion consists in identifying appropriate risk management procedures to rectify the organizational vulnerabilities. The methods of analysis, the tools selected for the analysis as well justification and appropriateness of the tools selected for analysis are some of the different aspects discussed in the current report. Further there is also discussion on the risk control measures, both the general management controls as well as the application controls and the usage of the same in the organizational context is discussed in the current report. Further there is also discussion on the audit plan (Krisanthi et al 2014) and the processes to be employed for comprehensive evaluation of the IT risk in the organization. As part of the report there is also focus made on the aspects such as impact of the human factors on the security and risk management in the organization. The organization selected is an academic organization an international university located in South East Asia (Aven 2015).
Overview of the organization:
The current organization is an Islamic university located in South East Asia. The university is into higher education. In total the organization is providing about 13 faculties in bachelors, masters and doctoral levels in total. As a whole the organization works on to provide education to students from several countries across the world. As it is an organization predominantly inspired by Islamic principles and philosophies, most of the students are from Muslim countries, as high as 40 Muslim countries are sending students to the university at present. Further there are students from other non-Muslim universities as well. As per the latest statistics a total of 20,000 students are studying in the campus from graduation to doctoral level. The university is sufficiently equipped with all sorts of information systems and technologies necessary for running the university in most efficient and effective manner. University has well developed and matured IT governance policy which is established for full scale safe functioning of the organization as well the security policy is mandated to let all stakeholders the IT resources, IT users and administrators with the aim to prevent, detect and respond to the unauthorized access, unauthorized modification of the information systems as well as the networks of the organization. Further the Information systems security policy also works on to ensure the business continuity in the organization(Kerzner et al 2017).
Risk management model for the organization:
Risk management as is essential for upkeeping the organizational performance and as is needed for the continuation of the business, there is comprehensive evaluation of the organizational security systems in terms of three different layers. The risk management model consists of following layers in its operation. The first is the risk assessment, followed by risk treatment and strategy implementation in the organization (Laudon 2016).
· Risk assessment for the given organization mainly consists of making comprehensive evaluation of the organizational functionalities interms of context establishment, business process definition, key assets identification, risk registration and subsequent valuation of the same.
· Risk treatment option will follow the actual risk assessment, during this process the actual risk treatment options will be selected as per the actual risk assessed for and finally the right option for risk treatment will be selected.
· Risk treatment plan will be based on the actual risk treatment option selected for the risk mitigation. Based on the actual risk treatment option selected the risk treatment plan will be prepared.
· Risk framework development is finally employed in the organization to implement the recognized final risk treatment plan in the given organizational set up.
IS risk assessment:
Before identifying...
SOLUTION.PDF

Answer To This Question Is Available To Download

Related Questions & Answers

More Questions »

Submit New Assignment

Copy and Paste Your Assignment Here