ASSIGNMENT 4

Assignment 4



Task 12

Task 26

Task 312

Assignment 4

Task 1

Risk at Red Balloon

There are many risk associated with the company and its structure now. The company Red balloon will have to change its system or an immediate crash of the business is expected soon in near future. One of the main problems of the company is its control system. They do not have control on their own data and they currently have no technology that can help them create control on their data. Any employee in the company can access their data regardless of the name, position, and post of that person. This kind of access is highly critical situation for the company as any employee can mishandle valuable information and incur heavy losses in near future. It is important to understand the intensity of the situation Red Balloon is at the moment. The company is acting like an open source code system in which nay new or old person can login or access and steal or misuse the data. From supply chain to delivery vans to management and order receiving, every department can be a victim of misuse of data, which will only reflect on poor management of the company's part. This current system of uncertain information going un wrong hands with in an organization has made the company stand in a very critical position.

Red Balloon needs to implement computer security systems within the company. Computer security can be defined as the preservation of confidentiality, integrity, and availability of the information systems. Depending on the environment, organization may have different threats that engage aforementioned objectives. Given a particular risk, the organization has three options: accept the risk, do something to lessen the possibility risk of occurrence or transferring risk, for example, by a insurance contract. A safeguard measure taken to decrease risk controls are called safety. Security controls are usually classified into three categories physical controls, logical or technical controls and controls administrative. For controls are effective, they must be integrated into what is called a security architecture, which must be congruent with organizational goals and priorities potential threats according to the impact they have on the organization. Therefore, an essential stage in the design of the architecture Computer security is the risk analysis stage. No matter what the process is followed, the risk analysis includes the following steps (Wagner & Yezril, 1999).

1. Define IT assets to analyze.

2. Identify threats that can compromise the security of the active.

3. Determine the probability of occurrence of threats.

4. Determine the impact of the threat, in order to establish a prioritizing them.

Ensuring information security One of the main tasks of the modern enterprises is to ensure information security. This may pose a threat to not only technical glitches, but also the inconsistency of data in different accounting systems, which occurs almost every second of the company, as well as unlimited access to information workers. In addition to this more seriously, the threat can be any force bearing catastrophic ...