Wednesday, December 11, 2019
Risk Management and Security Issues
Question: Discuss about the Risk Management and Security Issues. Answer: Introduction Child Protection Board has synced in with the latest technology measures and has revised the existing payroll operations and data file exchange operations. There have been a number of security threats that are now probable to the organization with its change in the technological and operational architecture. These risks fall in a number of different categories such as technical, organizational, security and many others. The primary objective for the management and administrative units of the Child Protection Board is to develop and implement the required measures in the security infrastructure to control and prevent all of these risks. According to the operational checklist that has been presented by Morad and Dalbhanjan, there are a number of measures that the developers, experts, architects and auditors of the system may adapt. These guidelines have been considered and followed in the sections of the report (Morad Dalbhanjan, 2013). Child Protection Board - Remote Administration The newer operations and services added to the areas of data file exchange and payroll shall be allowed to be accessible by the associated stakeholders from any location. They must not be restricted to the office premises to utilize these services and the same would require some major transformations in the network architecture. The first and the foremost would be the necessity to install server for the remote administration and connect it with every work site. It would then be necessary to test the functionality of the remote server for the administration activities (Azadmanesh, 2016). There are various parameters that would be required to be taken care of, for instance, network properties such as bandwidth, traffic, jitters and likewise. There may be a number of security concerns that may emerge with the implementation of remote access and administration that must be managed well. Child Protection Board - Resource Management Human resources are the primary assets for any organization and the case is no different for the Child Protection Board. There are also various other resources associated with the organization in terms of policies, information and machines. All of these resources must be managed well in the organization and the following key points must always be considered. There must be a unique identification number assigned to the human resources along with the assets such as devices and equipment which shall be verified at every entry and exit point. It would be a single identification factor and would also allow easy tracking and monitoring of the resource (Csb, 2016). Metadata associated with the services shall also be recorded and stored in the form of logs. There are a number of assets that are further connected with the human resources in the form of devices allocated, information allowed to be accessed, workstations and many others which must also be managed and audited in a timely manner. Responsibility matrix must be devised by the management unit of the Child Protection Board such that every human resource is clear on the tasks that are required to be accomplished. Communication matrix must also be created covering the preferred mode of communication for every resource along with the contact details. Child Protection Board - SLA Management SLA is an acronym for Service Level Agreement which is a document that is agreed upon between the provider and users of the services. The service provider in this case would be the Child protection Board itself and the users will be the end customers. Also, SLA would be signed between the suppliers, vendors and Child Protection Board in which the user would be the board and providers would the suppliers and vendors. It would be required to manage and keep a track of all the SLAs present with the organization. The agreements must list out the specific responsibilities that would be fulfilled by each party involved and must maintain complete clarity. Sign offs and acceptance must also be mentioned in the agreements to avoid conflicts and disputes. Quality of Service (QoS), best practices and standards along with service pricing, enhanced return on investment abilities and discounting agreements shall also be listed (Marilly, 2016). Child Protection Board - Application Resilience, Backup and Disaster Recovery The number of risks and the likelihood of the same will increase with the change in the data file exchange and payroll services. Application resilience will provide the ability and strength to both of these services to develop resistance against such security and other risks. It would allow the services to be accessible, available and recoverable in case of occurrence of an attack. The advanced and enhanced resilience of the application would be ensured with advanced security mechanisms such as automatic scalability, dynamic IP addressing scheme, encryption and many others. Multiple availability zones will ensure that the failure in one zone does not impact the entire application and fault tolerance will be enhanced (Carlson, 2012). Disaster recovery and data backup are also essential elements that must also be considered in the security infrastructure of the Child Protection Board. Disaster recovery will ensure easy recoverability of the services in case of an attack with minimal impact. Data backup created and stored at various data repositories will keep a copy of data protected at all times. Automatic backups must therefore be ensured for maintaining the backups of the entire system (Howell, 2013). Child Protection Board - Major Opportunities Disadvantages of Existing System The system that was being followed for data file exchange and payroll services was not meeting the requirements of the users and the employees associated with the Child Protection Board. The existing system was also not fault tolerant and not available 24x7 which led to some major losses. There were also a number of new entries in the market that were far superior in terms of technology and service. Opportunities There will be a number of opportunities that will emerge with the accurate implementation of all of the areas that have been specified earlier in the report which will in turn ensure positive impact on the data file exchange and payroll services. These opportunities will be associated with enhanced employee satisfaction, increased customer satisfaction and protected architecture for utilization and implementation of the services. Child Protection Board - Risks There will be a number of risks that will come up with the change and improvements done in the areas of payroll and data file exchange operations. Security risks associated primarily with the data and information security such as loss of data, information leakages, availability attacks and breaching of the data. Technical risks such as obsolete technology or technical failures may also be associated with the operations and services. Organizational risks such as risks associated with the resources and organizational policies. There may be issues with the availability of the resources or the accurate implementation of the management and administrative policies. Quality risks such as the ones associated with quality standards and best practices. There may be violation of the quality standards which may appear as a major risk associated with the system (Berg, 2016). Notable Examples There have been a number of security risks that have taken place in the past in the field of data file exchange and payroll services. American Residuals and Talent is an organization that suffered massive data breach and information leakage in the field of payroll services. KerbsonSecurities.com is another company that has faced frauds through the medium as cyber crimes. Sage UK Payroll services are established services in this area and reported the cases of data breaches associated with the details of the staff members. Conclusion There is an innovation that is done in the field of payroll operations and data file exchange that is followed and implemented in the Child Protection Board. There are a number of areas that hold great importance and value associated with these operations such as remote access and administration, management of the service level agreements, resilience of the application, data backup and disaster recovery mechanisms. The technological advancements in these fields will open path for various opportunities in terms of enhanced customer and employee satisfaction and greater profits as well. There will also be a number of risks that will be associated with the services which can be handled and prevented by the application of enhanced security mechanisms covering basic and advanced security, better resource management policies, technical advancements and validation of quality practices. References Azadmanesh, A. (2016). A Single Interface Remote Administration Tool. [online] Available at: https://ahvaz.ist.unomaha.edu/azad/temp/sirat/rajesh-ratnala-sirat-thesis.pdf [Accessed 11 Oct. 2016]. Berg, H. (2016). Risk Management. [online] Available at: https://ww.gnedenko-forum.org/Journal/2010/022010/RTA_2_2010-09.pdf [Accessed 11 Oct. 2016]. Carlson, J. (2012). Resilience: Theory and Applications. [online] Available at: https://www.ipd.anl.gov/anlpubs/2012/02/72218.pdf [Accessed 11 Oct. 2016]. Csb, (2016). Human Resource Management. [online] Available at: https://www.csb.gov.hk/english/publication/files/e-hrmguide.pdf [Accessed 11 Oct. 2016]. Howell, M. (2013). Data Backups and Disaster Recovery Planning. [online] Available at: https://www.cs.umsl.edu/~sanjiv/classes/cs5780/projects/F03/howell.pdf [Accessed 11 Oct. 2016]. Marilly, E. (2016). Requirements for Service Level Agreement Management. [online] Available at: https://citeseerx.ist.psu.edu/viewdoc/download?doi=10.1.1.454.6303rep=rep1type=pdf [Accessed 11 Oct. 2016]. Morad, S. and Dalbhanjan, P. (2013). Operational Checklists for AWS. [online] Available at: https://media.amazonwebservices.com/AWS_Operational_Checklists.pdf [Accessed 11 Oct. 2016].
Subscribe to:
Post Comments (Atom)
No comments:
Post a Comment
Note: Only a member of this blog may post a comment.