Information Risk Management Paper

Introduction

Businesses have now realized that the security of their information could make or break their organization. For this particular paper, the discussion will be limited to the security threats and risk factors associated with baby products production

Vulnerabilities of the system

Potential of external and internal threats

Information systems have become highly complicated. Consequently, there is a need to establish a comprehensive approach to deal with external threats. One of the most common yet dangerous external threats is the issue of hacking. Since the company places considerable information about its clients and itself in its information system, then chances are unauthorized persons may gain access to these pieces of information. (Borodzicz, 2005)

External threats may occur in the form of domestic or foreign competitors to the baby products company who may be interested in finding out trade secrets that would enable them to get ahead of the baby products company. In other circumstances, information brokers who operate on a freelance level may do this kind of thing in order to benefit financially from the endeavor. In other circumstances, it may be that there are hackers who engage in unauthorized entry of computer system for fun. In certain incidences, this may be out of malice from persons with some psychological problems. Common thieves may also break into the company's information systems to as to steal laptops or computers and sell them for profit.

External threats require a lot of attention owing to the fact that the internet brings with it a lot of opportunities for hacking. In this regard, the internet was created in such a manner that it did not consider the issue of security. There are intricate networks that are connected and there are numerous ways in which these systems can be interjected. Matters are also made worse by the fact that intruders can remain anonymous while doing some of the things that are related to information systems. It should also be noted that due to automation of systems, it is now possible for hackers to get into the baby products system without possessing serious knowledge about it. Consequently, care should be taken by this company to guard against unauthorized entry because it provides hackers with low cost and low risk activities that have the potential to provide high gains to the affected person. The Baby products company should therefore watch out for this type of risk. (Gorrod, 2004)

While internal threats receive little if any attention, research has shown that their occurrence has the potential to create greater losses to companies owing to the position of the offenders. Consequently, the same thing can happen to this particular company. Internal threats to security may emanate from disgruntled employees who may want to get back to leaders of the organization. In other circumstances, employees may simply be dishonest and may be interested in advancing their financial or career positions through unscrupulous means. It should be noted that this kind of security threat to information systems may be done through authorized access. The baby products company is in danger of dealing with any of the following forms of internal attacks

• Financial fraud
• Sabotage of networks
• Denial of service to clients
• Theft of proprietary data and information

Insider threats in this regard may be seen through any of the following routes and they may include the compartmented unauthorized entry of computer systems. In other scenarios, this could be seen through the process of surfing in classified libraries. The latter may apply to the baby products company through the browsing supplier related websites. Additionally, it may apply to processing and storing classified information on systems that have not yet been approved by the authorities.

Natural or unintended events that can jeopardize the system

There are a number of occurrences that can ruin the information system for the baby products company. The first could lie in the type of software being used by the company. In this regard, a problem may arise out of the design of the software being used. This usually means that the system is not protected from vulnerabilities associated with the system and this may prove to be difficult for the company.  Such a scenario may be an intended consequence of choosing an operating system that is low on security. Because the use of high proof security software could prove to cause slow progress within the company, then it would be advisable for one to consider another mechanism for handling this scenario.

It should also be noted that there are certain circumstances in which the coding information can be messed up. For instance, in the case that a language such as C++  or C is being used, then the baby products company could experience integer overflow, buffer overflows, code injection among other issues. (Gasser, 2005)

In certain circumstances, system malfunctions can occur at any one time. This usually means that the main server within the company may malfunction and chances of these occurrences are quite unpredictable. Besides this, there may be instances in which hackers may choose to enter into the computer system of the baby product companies especially when there are flaws within the system's encryption system.

Levels of security that are appropriate to secure the information system while allowing maximum amount of uninterrupted work flow

The company under consideration is one in which production continues on a twenty four hour basis. Consequently, the use of certain extreme security measures may slow down work. The company should begin by implementing some of the basis forms of risk management for information systems. First of all, passwords should be  protected because passwords allow users the ability to either change, destroy or merely use the company's information. Consequently, the company under consideration must do any of the following; it could attempt to protect the accounts of the administrator and the people using it so that no one can engage in unauthorized entry by using rare passwords. This system should also be backed up by frequent changes to the passwords. Employees should also be prevented from sharing passwords or information about it with one another.

The next step in implementing security within this company is through the use of proper software. Software can be vulnerable to attack when there are no mechanisms for installing new versions. In certain circumstances, this can occur automatically. However, in cases where this is not the cases, then the software vendors of that respective company need to be checked from time to time to ensure that they adhere to those operations. (Scheier, 2006)

Antivirus software is another way in which threats can be minimized and this could be done through the installation, operation and update of the antivirus. In relation to the latter approach is the minimized use of the root or the administrator account which could lead to vulnerability to all the systems.

Lastly, the company should also look for ways in which it can minimize phishing through user education. Employees should know that no reputable company would require the passage of confidential information such as security numbers though email and this signifies phishing.

Conclusion

Given the circumstances under which the latter company is operating under. Installation of certain stringent safety measures may disrupt workflows. Consequently, in order to deal with some of the risk factors, then the company should instate basic safety measures such as the use of and update of good software, password protection, installation of good antivirus and protecting the company against phishing.

References

Borodzicz, E. (2005): Crisis, Risk and Security Management, Wiley Publishers

Gorrod, M. (2004): Risk Management Systems; Palgrave Publishers

Scheier, B. (2006): Digital security in a networked world; Pocket Books

Gasser, M. (2005): Building a secure computer system; Cambridge University Press