Cmgt442: Information Systems Risk Management

In: Computers and Technology

Submitted By raye3
Words 280
Pages 2
Huffman is attempting to sort out complexities associated with the Benefit Elections systembeing requested. The purpose of the following documentation will address security requirements andrisk associated within the project plan of the Benefits Election System. Complexities, time consumption,and untimely errors can be curtailed with a proper plan, Positive ROI analysis, and maintaining supportof key stakeholders.Foundational ideologies Diem a necessary review of current documentation pertaining toocurrent systems and architecture within Huffman. Understanding is necessary within this review, asstakeholder perspective needs to be maintained throughout the projected project. Unclear system orsecurity requirements will need to be addressed and resolved prior to the analysis phase.The benefit election system needs to be designed and tested from an environmental point of which it will be deployed. Security requirements will need to be addressed within such documentationas:

1. Operational environment specifications
2. Diagrams specifying trust, and risk boundaries. Pertaining dataflow diagrams
3. Resource specifications, with outlined capabilities
4. Comparison of resource specifications to users of resources , being implemented withinthe set requirements.
5. Possible points of security breach by cyber attacker, with possible cyber attacker profile
6. Scenario cases of misuseThe individual with whom the project manager assigns these tasks will need to produce oranalyze these requirements for validity during the development process.

Validly of theserequirements will double-check security content for inconsistent types, invalid assumptions, andtechnical inaccuracies. Special attention should view the cyber attacker profile as manyenterprises and organizations do not become attentive enough to insider risks.Many requirements are not referred through security…...

Similar Documents

Management Information System

...of the Currency Administrator of National Banks Management Information Systems Comptroller’s Handbook May 1995 Management M Management Information Systems Introduction Background Risks Associated with MIS Assessing Vulnerability to MIS Risk Achieving Sound MIS MIS Reviews Examination Objectives Examination Procedures Internal Control Questionnaire Purpose MIS Policies or Practices MIS Development User Training and Instructions Communication Audit Conclusion Verification Procedures Table of Contents 1 1 3 4 5 6 9 10 17 17 17 18 19 20 20 21 22 Comptroller's Handbook i Management Information Systems Management Information Systems Background Introduction A management information system (MIS) is a system or process that provides the information necessary to manage an organization effectively. MIS and the information it generates are generally considered essential components of prudent and reasonable business decisions. The importance of maintaining a consistent approach to the development, use, and review of MIS systems within the institution must be an ongoing concern of both bank management and OCC examiners. MIS should have a clearly defined framework of guidelines, policies or practices, standards, and procedures for the organization. These should be followed throughout the institution in the development, maintenance, and use of all MIS. MIS is viewed and used at many levels by management. It should be supportive of the institution's......

Words: 5493 - Pages: 22

Management Information Systems

...delivery time of systems by ________ percent. a. 30 b. 40 c. 50 d. 60 2. The major variables in project management are a. scope, time, cost, and performance. b. scope, time, cost, quality, and risk. c. time, cost, quality, performance, and risk. d. time, cost, scope, and performance. 3. The ________ reviews and approves plans for systems in all divisions. a. project management group b. project team c. IS steering committee d. corporate strategic planning committee 4. A road map indicating the direction of systems development, the rationale, the current systems, new developments to consider, the management strategy, the implementation plan, and the budget is called a(n) a. project plan. b. portfolio analysis. c. information systems plan. d. enterprise analysis. 5. The central method used in a portfolio analysis is to a. inventory all of the organization`s information systems projects and assets. b. perform a weighted comparison of the criteria used to evaluate a system. c. survey a large sample of managers on their objectives, decision-making process, and uses and needs for data and information. d. interview a small number of top managers to identify their goals and criteria for achieving success. 6. In using a portfolio analysis to determine which IT projects to pursue, you would a. select the most low-risk projects from the inventory. b. limit work to those projects with great rewards. c. select only low-risk,......

Words: 1176 - Pages: 5

Project Management for Information Systems

...Project Management for Information Systems Project Management for Information Systems Abstract Information systems (IS) projects are vulnerable to resource cutbacks and the increasing complexity of systems and advances in information technology make finding the right personnel difficult and the associated development costs high. Good project management is essential for success. Some alignment methodologies include IBM's business systems planning (BSP), Robert Holland's strategic systems planning, James Martin's (1989) information engineering and method/1 from Anderson Consulting. Critical success factors (Rockart, 1979) methodology focuses on identifying key information needs of senior executives and building information systems around those key needs. Williams, (1997) identified four steps to system planning. Earl (1989) proposed five alternate strategy frameworks which project managers should consider when deciding how the system will enhance the business function. Standard business......

Words: 3679 - Pages: 15

Essay on Management Information System

...A report on: Management Information Systems TABLE OF CONTENTS Executive summary .................................................................................. 3 Introduction ..............................................................................................4 Discussion: How MIS impacts people issues within Hotel chain..................5 Disadvantages of MIS...............................................................................11 Conclusions..............................................................................................15 Recommendations...................................................................................13 Appendix 1..............................................................................................16 Appendix 2..............................................................................................17 References..............................................................................................18 EXECUTIVE SUMMARY This report examines what is a management information system (MIS). It describes the importance of MIS and how this impacts decision making within an organisation. The introduction sets out what is MIS and how it is generally employed in the smooth running of an organisation. The discussion section of this report examines the advantages and disadvantages associated with MIS issues and how management understanding of MIS is important in assisting......

Words: 4032 - Pages: 17

Managing Risk in Information Systems

...klzxcvbnmqwertyuiopasdfghjklzxcvbnmqwertyuiopasdfghjklzxcvbnm PCI DDS OBJECTIVES NECESSARY CHANGES 10/5/2013 ELEANOR GARDNER | Assignment Requirements: Implementation of best practices when facing U.S. compliance laws. Scenario: YieldMore Company’s senior management has recently decided to accept credit card payments from YieldMore’s customers. This decision makes meeting PCI DSS objectives and requirements a necessary consideration in order to validate compliance for enforcement organizations. First of all, what is PCI DSS? This acronym stands for Payment Card Industry Data Security Standard (PCI DDS). The mission of PCI DDS is to develop, maintain, enhance, and disseminate security standards for payment card data protection. The implementation of the company accepting credit card payments must be well thought out, so the company may provide a secure framework for this service to operate in. By the company not minimizing risk , and providing continual check mechanisms and new service could become a potential nightmare. Nightmares put companies out of business. Merchants and payment card processors must apply the information security best practices to ensure the least possible risk to clients. There are 12 points of requirements for businesses that store, process, or transmit payment card data. For our purposes under PCI, we are going to look at 3 components that apply which are assess, remediate, and report. When you assess, you are taking an......

Words: 640 - Pages: 3

Managing Risk in Information System

...1. What is the Principle of Least Privilege?
 
 In information security, computer science, and other fields, the principle of least privilege requires that in a particular abstraction layer of a computing environment, every module must be able to access only the information and resources that are necessary for its legitimate purpose.
 2. What does DACL stand for and what does it mean?
 
 DACL stands for Discretionary Access Control List. Discretionary access control lists (DACLs, but often shortened to ACLs) form the primary means by which authorization is determined. An ACL is conceptually a list of pairs, although they are significantly richer than that.
 3. Why would you add permissions to a group instead of the individual?
 
 To grant hierarchical access to teams or groups such as company departments or development teams.
 4. Why would you allow shared access to groups instead of to everyone?
 
 Allowing shared access to groups rather than to everyone limits access to only those added to that group. This helps keep the information secured to only those who need access.
 5. List at least 3 different types of access control permissions you can enable for a file.
 
 read, write, execute
 6. Which access control permissions allow you to delete files and/or folders?
 
 modify and full control
 7. What is the lowest level permission needed in order to view the contents of a folder?
 
 read
 8. If you don't remember the syntax when using iCalcs.exe what command do you type in to......

Words: 278 - Pages: 2

Formulating Information Systems Risk Management Strategies Through Cultural Theory

...emeraldinsight.com/0968-5227.htm IMCS 14,3 Formulating information systems risk management strategies through cultural theory Aggeliki Tsohou, Maria Karyda and Spyros Kokolakis Department of Information and Communication Systems Engineering, University of the Aegean, Samos, Greece 198 Evangelos Kiountouzis Department of Informatics, Athens University of Economics and Business, Athens, Greece Abstract Purpose – The purpose of this paper is to examine the potential of cultural theory as a tool for identifying patterns in the stakeholders’ perception of risk and its effect on information system (IS) risk management. Design/methodology/approach – Risk management involves a number of human activities which are based on the way the various stakeholders perceive risk associated with IS assets. Cultural theory claims that risk perception within social groups and structures is predictable according to group and individual worldviews; therefore this paper examines the implications of cultural theory on IS risk management as a means for security experts to manage stakeholders perceptions. Findings – A basic theoretical element of cultural theory is the grid/group typology, where four cultural groups with differentiating worldviews are identified. This paper presents how these worldviews affect the process of IS risk management and suggests key issues to be considered in developing strategies of risk management according to the different perceptions cultural groups have.......

Words: 9716 - Pages: 39

Information Systems Risk Management

...University Of Phoenix CMGT/441 - INFORMATION SYSTEMS RISK MANAGEMENT Week-4 assignment Wonyie V. Zarwee November 29, 2010 While it lessens the burden on organizations, reducing and shifting the cost and risk of its IT operation, security and management issues to an external service provider or vendor, outsourcing any portions of an organization's Information System has significant risks that can sometimes become detrimental to the outsourced organization. According to the Commission on Government Outsourcing, "when outsourcing an organization exposes itself to significant risks in terms of security, accuracy, and completeness of information (Holroyd City Council, 2008)". Comprised in the rest of this document is an exclusive examination of four different outsourcing activities and the associated risks that an organization needs to be aware of. Let me begin with the use of an external service provider for data storage for an organization. This situation is mostly attributed to midsized and few large business with less capital to develop and operate a databases of their own. They may neither have the finance to purchase and operate a database adequately nor the additional funding to hire a skilled IT team to manage a database in-house. In an attempt to effectively and securely manage their data at a lower and affordable budget, many of these organizations choose to outsource their data storage. Even though outsourcing of their database helps an organization to...

Words: 1125 - Pages: 5

Management Information System

...State University of New York Management Information Systems Module 3 Building and Managing Information Systems Assignment #9: Case Study: The U.S. Census Bureau Field Data Collection Project: Don’t Count on it Exclusive Summary: In April of 2006, the census Bureau awarded the Field Data Collection Automation (FDCA) contract to the Harris Corporation for $ 595.7 Million - a five year effort intended to automate and integrate major field operation for the 2010decennial. The U.S. Census Bureau Field Data Collection Automation (FDCA) program provided advanced, automated systems that streamlined the Decennial Census field operations. Harris Corporation served as the systems integrator, as well as providing overall program management for the FDCA program, as it delivered the following systems and services for the 2010 Decennial Census: * Mobile Computing—Applications and custom mobile computing hardware that enables data collection, GPS address verification, and administrative applications * Office Computing—Large, nationwide, reliable office and back office infrastructure deployment; geographically prioritized workforce management and operational status; automated decision workflow and dissemination * Security—Applications, procedures, and protocols necessary to secure confidential Census data * Telecommunications—Wireless connectivity to all Census offices and enumerators in the field * Support Services—Procuring, deploying, and maintaining......

Words: 1381 - Pages: 6

Management Information System and Management

...and use of computer-based information systems that help businesses achieve their goals and objectives. Development:  Information systems are built for business professionals (you) to use.  You need to take an active role in specifying system requirements and in managing development projects to ensure that the system meets your needs and the organization’s needs. Use:  You need to learn how to use to accomplish your goals.  You have responsibilities for protecting security of system and data.  You have responsibilities for backing up data.  You will help in recover systems and data. • What is a System? Definition: A system is a group of components that interact to acheive some purpose (human body/ car)  System Thinking: look to all the components and try to find the best solution.  One-Dimension Thinking: not all the components are taken into consideration; we end up taking the wrong decision.  Example: Morocco, government has decided to make the legislation about the traffic tougher. But we still have many accidents. It was not the best decisions. They should have had adopted a system thinking by increasing the policemen salaries, improving infrastructures, making sure that people who get their driving license deserve it, basing the fines on the income of the drivers like they did in Finland. • What is IS? Definition: an assembly of hardware, software, data, procedures, and people that interact to produce information. 5 components framework:......

Words: 4270 - Pages: 18

Managing Risk in Information System

... JONES AND BARTLETT LEARNING JONES & BARTLETT LEARNING INFORMATION SYSTEMS SECURITY & ASSURANCE SERIES Managing Risk in Information Systems DARRIL GIBSON 91872_TPCP_Gibson.indd 1 7/23/10 2:19 PM World Headquarters Jones & Bartlett Learning 40 Tall Pine Drive Sudbury, MA 01776 978-443-5000 info@jblearning.com www.jblearning.com Jones & Bartlett Learning Canada 6339 Ormindale Way Mississauga, Ontario L5V 1J2 Canada Jones & Bartlett Learning International Barb House, Barb Mews London W6 7PA United Kingdom Jones & Bartlett Learning books and products are available through most bookstores and online booksellers. To contact Jones & Bartlett Learning directly, call 800-832-0034, fax 978-443-8000, or visit our website, www.jblearning.com. Substantial discounts on bulk quantities of Jones & Bartlett Learning publications are available to corporations, professional associations, and other qualified organizations. For details and specific discount information, contact the special sales department at Jones & Bartlett Learning via the above contact information or send an email to specialsales@jblearning.com. Copyright © 2011 by Jones & Bartlett Learning, LLC All rights reserved. No part of the material protected by this copyright may be reproduced or utilized in any form, electronic or mechanical, including photocopying, recording, or by any information storage and retrieval system, without written permission from the copyright......

Words: 182687 - Pages: 731

The Implications of Risk Management Information Systems for the Organization of Financial Firms

...Implications of Risk Management Information Systems for the Organization of Financial Firms Michael S. Gibson* Federal Reserve Board Abstract Financial dealer firms have invested heavily in recent years to develop information systems for risk measurement. I take it as given that technological progress is likely to continue at a rapid pace, making it less expensive for financial firms to assemble risk information. I look beyond questions of risk measurement methodology to investigate the implications of risk management information systems. By examining several theoretical models of the firm in the presence of asymmetric information, I explore how a financial firm’s capital budgeting, incentive compensation, capital structure, and risk management activities are likely to change as it becomes less costly to assemble risk information. I also explore the likely effects of the falling cost of assembling risk information on a financial firm’s organizational structure. Two common themes emerge: centralization within the firm and increased disclosure of risk information outside the firm are both likely to increase. 1 Introduction Financial dealer firms have invested heavily in recent years to develop information systems for risk measurement and management.1 These systems gather data on a firm’s risk positions and compute statistical measurements, such as Value-atRisk, to assess the magnitude of the risks faced by the firm. Increasingly, the uses of these......

Words: 4467 - Pages: 18

Management Information System

...Chapter 3 Q1. How does organizational strategy determine information systems structure?` Ultimately, competitive strategy determines the structure, features, and functions of every information system. * Porter’s Five Forces Model of Industry Structure * Bargaining power of customers * Threat of substitutions * Bargaining power of suppliers * Threat of new entrants * Rivalry Q2. What five forces determine industry structure? * The intensity of each of the five forces determines the characteristics of the industry, how profitable it is, and how sustainable that profitability will be. * Organizations examine five forces and determine how they intend to respond to them. That examination leads to competitive strategy. Q3. How does analysis of industry structure determine competitive strategy? * Porter’s Four Competitive Strategies | Cost | Differentiation | Industry-wide | Lowest cost across the industry | BetterProduct/serviceacross theindustry | Focus | Lowest costwithin anindustry segment | Betterproduct/servicewithin anindustry segment | To be effective, the organization’s goals, objectives, culture, and activities must be consistent with the organization’s strategy. Q4. How does competitive strategy determine value chain structure? * Value: The amount of money that a customer is willing to pay for a resource, product, or service. * Margin: The difference between the value that an activity generates and the......

Words: 7172 - Pages: 29

Management Information System

...http://www.scribd.com/doc/39376533/The-Performance-Appraisal-System-of-Rahimafrooz Letter of Transmittal Mrs. Kamrun Ahmed Course Coordinator Management Information System Department of Business Administration Southeast University. Subject: Submission of Transmittal Dear Mrs. Kamrun Ahmed With a great respect, we are informing you that we have prepared a project report on “The Information System use in a Superstore”. For the project completion, we have selected the superstore “Agora”.We feel great pleasure for submitting this report to you, which will definitely help us to complete the MBA. During the preparation of this report, we have experienced a lot that will greatly help us in our further studies and carrier life. It has enlightened our practical knowledge about the information system use in the practical world of business, the strategies they follow to maintain the problem in the superstore although the experience we got from here will help us to contribute these techniques in our practical life. We tried our level best to develop a good report. We would like to thank you for giving us such an opportunity to do this report on this topic. Thank you Sincerely yours Name Student ID. Md. Hafizullah 2011110004011 Sayeed 20111100040 Rukhsana Akter Rumi ......

Words: 4222 - Pages: 17

Risk Management System

...ADAPTIVE RISK MANAGEMENT SYSTEM (ARMS) FOR CRITICAL INFRASTRUCTURE PROTECTION Mihaela Ulieru and Paul Worthington Emergent Information Systems Laboratory The University of Calgary Ulieru@ucalgary.ca http://www.enel.ucalgary.ca/People/Ulieru/ Abstract The purpose of this work is to develop an adaptive risk management framework capable to prevent, identify and respond in critical time to threats. Our focus is on protecting critical infrastructure (e.g. public utilities) which vitally depends on network and information security. As solution we propose a holonic Cybersecurity system that unfolds into an emergency response management infrastructure capable to react in due time to unknown and new kinds of attacks/threats. The system can adapt to its changing environment through its self-organizing capability. Mimicking the way immunity works in biological organisms the system can dynamically adapt to embrace new risk situations and can dynamically create and learn new risk models as it encounters new risk situations. Keywords. Risk management, holonic, self-organization, multi-agent systems. 1. Rationale During the emergency response to the September 11, 2001 attack on the World Trade Centre, emergency response commanders on the scene were unable to communicate to ‘911’ Public Service Access Points (PSAP) that people should evacuate the building. As a result, PSAP operators complied with New York City’s standard operating procedure for hi-rise fires and......

Words: 8296 - Pages: 34