The Information Technology Department Risk Assessment
By: David • Essay • 533 Words • April 7, 2010 • 1,104 Views
The Information Technology Department Risk Assessment
The Information Technology Department (ITD) was asked to assess current information technology systems, outline potential security risks and provide likely solutions to maintain JMZ Adventure Ecotours’ (JMZ) organizational integrity and to promote healthy information exchange company wide. Technology that is available today can help to support JMZ’s business practices and promote future growth in protection of current assets through the assessment of existing system vulnerabilities. The JMZ ITD currently maintains all voice and data systems and is involved in purchasing and implementing new software and hardware. These systems include phone and voicemail systems, Web site hosting and e-mail servers, desktop computers, laptops, network hardwiring, routers, wireless networking, printers, copy machines and stored data. Since the addition of several new Web sites in recent months, system security and risk management has become a greater priority than previously warranted. This outline of security risks and proposed controls aim to assist with ensuring the accuracy, reliability and safety of JMZ’s intellectual and physical property.
The IT Department has summarized the probability of occurrence and expected annual loss for nine areas of exposure. Once addressed, each area of exposure may become less threatening to the organization and therefore assist with providing higher quality systems and services to the JMZ staff and customers. As you can see on the attached charts, malware attacks have been identified as having the largest impact on system integrity and is forecasted to occur at 40 percent with an annual loss at about $22,000. Privacy loss (10 percent probability), embezzlement (10 percent) and data loss (20 percent) follow. User error (150 percent) and threats from hackers (90 percent) appear to be more threatening due to the higher probability of occurrence, however expected annual loss for both total less than malware attacks alone. Lastly, Physical property theft (10 percent) and the occurrence of a natural disaster (2 percent) are listed as exposures with