Term Paper on "Risk Assessment Document"

Term Paper 15 pages (5965 words) Sources: 1+

[EXCERPT] . . . .

Risk Assessment

In the past thirty years there has been a sharp increase about the potential dangerous impacts, which from inadequate information security. But the scale of the problem has increased faster than the commitment to fight it. In addition, the emphasis on hackers and viruses by the publishers of information has distorted the debate and diverted the awareness of senior management from the more basic need of information security. There seems to be a requirement for a greater concentration on technical solutions, and well publicized attacks on problems of internal information security. There is clearly a fundamental necessity to view information security for an organization-wide business, management and technology issue. Demands for effective security management come from perceived risk assessment, and that involves looking at all aspects of losses that have come from lack of security.

This involves serious study of past history of the organization and checking back on it to determine where instances of losses to the organization have arisen from lack of security of information about the organization. Organizational security officers are generally responsible for ensuring the security of information assets and systems. They have to make sure that technological systems are implemented and operated in a manner, to reduce the business risk to organizational information. In certain cases, the information systems are operated in a manner that the losses to the organizational assets occur in spite of their best efforts as there are some leakages which are taking place from the system itself. In that case, a serious view should be taken of the matter, and if needed, the systems themselves should be changed so that no such leakages occur in future.

The Nature of Information

The company that is being discussed here is that of software company which has a large amount of trained personnel in different areas, and many of them has consulting experience along with that of extensive project management skills. Today trained IT personnel are difficult to get and in such situations, it is often easier to take staff away from another company than develop and train staff. Development and training takes time apart from being expensive. The changes bolster the acquirers with strong presence in important U.S. metropolitan business markets and also provide the acquiring company with capabilities in some key segments like "e-commerce implementation, knowledge and content management and Web-enabled application development services." (COMSYS Expands Portfolio of Internet Expertise with Acquisition of Automated Concepts, Inc. Chicago Division) The company concerned is Technology Concepts Inc.-- TCI. This is a privately held company with offices in Chicago, New York and New Jersey. (COMSYS Expands Portfolio of Internet Expertise with Acquisition of Automated Concepts, Inc. Chicago Division)

The company provides information technology consulting, and systems integration services. In addition, they are experts in providing services for client/server and Internet-based systems. It has an important focus in the technology services industry. The special areas of the company are IT project management, e-commerce, and web enabled application development and knowledge and content management. Comsys has taken over the Chicago division and that is a company headquartered in Houston, TX and former part of Metamor Worldwide. Comsys is one of the country's important providers of IT project support and project services which are of specialized nature as it has highly skilled consultants. (COMSYS Expands Portfolio of Internet Expertise with Acquisition of Automated Concepts, Inc. Chicago Division)

Though TCI has other offices in New York and New Jersey, those offices were not informed about the changes that took place in Chicago. The move helped Comsys in its operations in the key U.S. metropolitan business market of Chicago and increased its operational capabilities in e-commerce implementation, knowledge and content management and Web enabled application devices. The acquisition will build a platform of growth for Comsys in both the project services and outsourced additional staffing areas within the area of greater Chicago. TCI's Chicago division, as the organization used to be known will shift to Comsys Chicago office, and TCI existence in Chicago will be lost. This will result in the loss of the results of efforts that have been put in over many years. In terms of size, Comsys is a much larger company with a presence of more than thirty years and a leader in staffing of IT projects, irrespective of size. It also handles comprehensive turnkey projects. Comsys has a staff or more than 4,000 consultants and associates which are concentrated in over thirty offices in United States. The organization has many major clients and of them 129 are within the top 500 industrial corporations listed by Fortune. (COMSYS Expands Portfolio of Internet Expertise with Acquisition of Automated Concepts, Inc. Chicago Division)

Another organization called Tier Technologies has announced an agreement to attain and secure some assets and liabilities of TCI. The organization taking over is a leading provider of training services to top companies within the Fortune 500. In this case TCI will be given an initial payment of $1.5 million in cash. If the acquiring company is able to reach certain targets, then TCI is likely to get a further payment in the form of shares of the acquiring company with a value of $1.5 million. The acquired group has a good reputation countrywide and is a leader in providing curriculum inclusive of client and server technologies, Internet and mainframe development. The number of individuals in the group is around 30 and according to reports, the group had achieved a turnover of about $5 million during the last financial year (Tier Technologies, Inc. Announces Agreement to Acquire Certain Assets of Automated Concepts, Inc.)

The group has also publicly stated that they expected to be strengthened in their performance with the new acquisition. The main reasons for the strength are ascribed to being financial strength and technical platform. However the statements about future progress should not be viewed seriously as the transaction may finally be not completed as the deal is subject to a number of contingent factors. Even the non-completion of the process need not be informed to the general public as there is no such liability that has been taken in the statement. (Tier Technologies, Inc. Announces Agreement to Acquire Certain Assets of Automated Concepts, Inc.) Thus it is clear that in one case some activities within the organization have taken place with the full support and desire of the management, whereas in the other case, it has taken place without the knowledge of the management. There must be certain leakage of information within the organization or outside to permit this to happen.

Critical Information Characteristics

It is much quite easy to make a case for development of comprehensive security documentation, that to actually produce the document or the system. In many of the cases advice comes in the form that "I would not start from here." The information security management standards however provide an infrastructure for the purpose of information security management. At the outset the question comes as to what is being described here as security documentation. Most of the systems are being designed in order to assist operators and developers in their major tasks. Security documentation is not being targeted to that of a normal system of operation, but rather at the circumstances in which the system would tend to leak information to individuals who should not receive the information. Hence secure systems have the necessity to provide an agreed security model for the system. In other words an organization's security model has to match with the local parameters of a generally accepted form of information security model. (Network Management Security)

Given the magnitude, complexity and volatility of the modern information systems, some form of database representation need to be selected upon. Such a database is required to be supported by means of software tools and GUIs in order to facilitate the risk analysis, investigation, updating, development, and security reporting. In this case, external software would not be required; as the organization is really efficient or competent enough to develop its own requirements for the purpose or at least try to supervise over such development. In this case, regarding all of the places that network configuration information was being compromised and is likely to have been the information which is held in storage. Once that was being collected, it was possible for the individual concerned to have knowledge about where important information is stored and to get access to them. In most of the general cases, network devices themselves are being reasonably secure and are unlikely to give up the information easily to all of the individuals on the network. Generally network device management solution is a persistent storage location and it is quite likely that the designer would tend to forgot to secure it or decided that it was not being required. The simplest solution over here is to use file security in order to stop access to it.

Of course, it is possible to make use of the Operating System's file security features in order to prevent… READ MORE

How to Reference "Risk Assessment Document" Term Paper in a Bibliography

Related Term Papers:

Risk Assessment Report Assessment

Risk Assessment Report of the Center for Disease Control (CDC)

Risk Assessment Report

This is a Risk Assessment Report formulated for the staff of the IT department of the Centers… read more

Assessment 9 pages (2612 words) Sources: 12 Topic: Management / Organizations

---

Risk Management Tools Term Paper

Risk Management Tools

The IT environment is probably the most complex and rapidly developing field in the modern day society and it presents individuals and groups with numerous opportunities and… read more

Term Paper 4 pages (1118 words) Sources: 4 Topic: Computers / IT / Internet

---

Information Technology (IT) Risk Assessment Term Paper

Ford Motor Company Risk Assessment

Given the highly confidential nature of the content management, pricing, product, service, and distribution data delivered to Ford Motor Company locations and the applications for… read more

Term Paper 2 pages (883 words) Sources: 1+ Topic: Business / Corporations / E-commerce

---

Juvenile Risk Assessment Assessment

Juvenile Justice

A comparison of the results obtained for each individual from the two different assessments.

Colleen M.: Washington State Juvenile Court Assessment

Criminal and Social History

Colleen M's criminal… read more

Assessment 4 pages (1215 words) Sources: 3 Topic: Crime / Police / Criminal Justice

---

Manage Project Risk Assessment Essay

Building construction industry is one of the key industries that motivate the Australian economy. Apart from generating employment opportunities for nearly one million people in Australia, the building construction industry… read more

Essay 7 pages (2255 words) Sources: 5 Topic: Management / Organizations

---

View 100+ more related papers  >>