Identify three types of sensitive information involved with each situation. Then, describe three ways in which each information item could be misused or harmed. For each of these, note at least one likely finding that you would include in a risk analysis report of the organization. Finally, answer the questions at the end.
|
Situation 1 – Online Banking System |
||
|
Information Affected |
Potential Harm (Risk) |
Likely Finding in Risk Analysis Report |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
Situation 2 – Facebook Page (organization or personal – specify which) |
||
|
Information Affected |
Potential Harm (Risk) |
Likely Finding in Risk Analysis Report |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
Situation 3 – Picture Phones in the Workplace |
||
|
Information Affected |
Potential Harm (Risk) |
Likely Finding in Risk Analysis Report |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
Situation 4 – E-Commerce Shopping Site |
||
|
Information Affected |
Potential Harm (Risk) |
Likely Finding in Risk Analysis Report |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
Situation 5 – Real-World Application (such as CRM, ERP, other internal or external organizational systems – pick one and specify) |
||
|
Information Affected |
Potential Harm (Risk) |
Likely Finding in Risk Analysis Report |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
Questions
-
What is the most effective way to identify risks like those you noted in the tables?
-
What are some important factors when weighing the depth of a formal risk analysis? How would you balance the interruption needed for depth and the need to continue ongoing organizational activity?
-
What should an organization’s risk management specialist do with the information once a potential risk has been identified? What information would be needed for senior management to know the danger of each risk and the proper way to handle the risk?
-
How would this specialist properly prioritize these risks to make sure the most important ones were mitigated first?
-
Who is responsible for ensuring that an identified risk is addressed by the organization? What role does the analyst play? What role does senior management play? What roles do the analyst and senior management each play in addressing organizational risks?
0 comments