Sunday, February 23, 2020

Information System Risk Management Essay Example | Topics and Well Written Essays - 1750 words

Information System Risk Management - Essay Example This is because success of the ERPs depends on many factors which include technological (Hardware and software), efficient design of processes, and utilization of human recourses. The human resources are the users of the new ERP solution. It is with this in mind that organizations should take risk management strategy that would identify and also control any ERP implementation risks. An organization at risk is exposed to potential threats. Risk management comprises of risk assessment, risk mitigation evaluation and assessment. Risk assessment is used to determine extent of the potential. Some tangible impacts of the success of a threat are thins like loss of revenue and the cost of repairing a system that has been affected (Stoneburner, 2008). Security Threats-ERP threats are real therefore it is important not only to identify the threats but also know the vulnerabilities of the system and look for ways of preventing these threats from breaching the security of the ERP system. The threats may be grouped into the types which include the following:- 3.0 Natural Threats-These are threats that are not caused by human beings. They include quakes, floods, tornadoes, hurricanes, temperature extremes, and many others. Intentional Threats-The best examples of intentional threats are computer crimes or purposeful damage of property or even information. Unintentional Threats-These threats may include unauthorized or even accidental modification of the system. The best way is to study the vulnerability of the system is to identify the threats and then examine the system under those threats. 4.0 Vulnerability of the system One has to think about business transactions that can lead to losses from the information system based abuse, fraud and errors. This may lead to losses occurring when users use the system in a manner that they are not supposed to. It may either be intentional or not. Also there may be threats from intrusion and attacks from outsiders. People may steal or come across authorization credentials and try to enter the system without the knowledge of the authorities and thus jeopardize the integrity of the information contained in the system database. In addition there may also be systems abuse and fraud from the insiders. Authorized users can attempt and indeed succeed in entering into modules that they are not supposed to enter. Centralization of everything in the organization can become a performance bottleneck and also increase the ease with which people can sabotage the entire operations of the organization. One only needs to ensure that the ERP is not w orking and the organization will be on its knees unable to operate. 5.0 External Security Threats Weak Passwords- By use of dictionary attacks, intruders can guess correctly the passwords that are used in the ERP system and hence cause a malicious damage to the system or even get access to otherwise confidential data of the organization thereby compromising the integrity of the organization data. To eliminate this kind of threat, the organization should provide complex passwords and combine

No comments:

Post a Comment

Note: Only a member of this blog may post a comment.