Chapter 11
Group: Anju, Ashok, Justin, Joe and Christina
 Suppose your college or organization is considering a new
project that would involve developing an information
system that would allow all employees and
students/customers to access and maintain their own
human resources-related information, such as address,
marital status, tax information, and so on.
 Identify positive and negative risks and strategies for
addressing each risk.
 Negative Risk:
Environmental threats such as a bursting pipe can quickly
flood a computer room and cause damage to an organization’s
IT assets and resources.
 Solution:
Protect IT assets from fire damage (e.g., requirements and
procedures for the use of fire extinguishers, tarpaulins, dry
sprinkler systems, halon fire suppression system)
Provide emergency power source (e.g., requirements for
uninterruptible power supplies, on-site power generators)
 Positive Risk:
Any sort of information is easily available on a single click via
the various forms and built in software applications.
 Negative Risk:
Not all stakeholders might be interested in managing their
information. So, the new system might loose some potential
data.
 Positive Risk:
Users will feel more secure because they themselves can
update their private information.
 Negative Risk:
When a person is allowed to provide their information, it is not
necessary they will provide there real information.
 Solution:
Some sort of authentication procedure should be implemented.
 Positive Risk:
Most of the information are always updated.
 Negative Risks:
One negative risk would be in people posing as others in order to
obtain or alter their information, either in specific cases or on a much
wider scale.
 Solution:
One method of tackling such a risk would be in establishing a method
of authentication that can ensure people are who they say they are.
 Positive Risk:
One positive risk would be that information would be the most
accurate and up to date with people having control over it, yet this
can be a problem if many individuals either choose or forget to
maintain this information.
 Solution:
As a solution, the company can notify people in a rigorous effort to
keep their information current and up to date along with why it is
important to do so.
 Negative Risks:
All data for each individual in the organization would be kept in one
central location and, if maliciously accessed, could destroy internal
processes and hinder work flow.
 Solution:
Create several security barriers and properly encrypt data. Create
secure platform for users to access and add data.
 Positive Risk:
All data would be kept in one location and easily accessible by the
HR staff. Data would also be more updated and allow HR staff to
concentrate on other areas of operation.
THANK YOU