Information Systems and Technology Paper



Information Systems and Technology Paper

Introduction

The advent of computer and information systems has surely brought about a number of risks as well as vulnerabilities. Some of the times, these vulnerabilities become severe threat to individuals as well as the corporate world. Making the corporate intranet safe is quite an uphill task and requires timely identification of several risks along with the vulnerabilities and threats associated with them.

These threats also pose great danger to the economic environment of the company which includes a number of uncertainties (Tohidi, 2011). The only way to deal with the threat is to enhance the security countermeasures and deploy effective strategies of data security risk management. Hence, the management of directly or indirectly means the creation of risk analysis in every feature of business.

Discussion

Most of today's security risks are due to some of the curious hackers testing their dexterity for seeking financial gains. However, most of the organizations' security programs rely solely on the managing risk and quite less on fortress-building. Thus, the protection of economically enforced threats has surely enhanced the outlook for the problem definition and risk mitigation techniques. However, prior knowledge of the vulnerabilities together with risks should have to be analyzed and tackled accordingly.

Risk Management

The risk associated with the unsecured or sometimes even with the protected network infrastructure deals with the incorporation of techniques and ways for reducing the risks. The risks are present in numerous forms. The most common form of risks is solved by successfully deploying a safe and sound strategy for reducing and sometimes completely eliminating the risk.

The information risk gives rise to the business risk and hence the critical factors related to the management are used as risk mitigation measure (Chen, & Crampton, 2012). The strategy suggested by a number of data analysts has mentioned the means of controlling the access using Incentive-based Access Control (IBAC) which has the potential to tackle the insider's malicious threats. Also, it helps the organization to manage the behaviors of risky access together with prevention of inadvertent insider's risk.

Incentive Based Access Control

A company or an organization consists of a number of workers and employees, who execute daily missions; project based work, and completes the tasks. All the workers and employees are or can be the subject of an access control decision. They can be or cannot be an insider. The Incentive Based Access Control Model is designed in such a manner that it is used to mitigate and lessen the threats related to the insider.

There are three goals for the deployment of risk strategy using IBAC. The first one includes the use of access flexibility so as to respond towards the unforeseeable situations by the provision of bypass controls. The second action comprise a system for identification as well as management of organizational risk associated with the potentially malicious risks from the insiders. The last one includes the consistent incentive of users for adoption of risk-mitigation efforts for the reduction of organizational risk if ...