Question
Project for installation of a new Internet security suite-Risk Management
For this assignment, you have been assigned as the project manager for a project involving the installation of a new Internet security suite for your company.
Complete the following tasks for your project:
Provide a brief overview of your project.
Describe positive and negative risks within your project.
Discuss how each of the identified risks can affect the success or failure of the project and rank each risk in terms of
impact to the project.
Propose risk mitigation and management approaches for each identified risk.
Describe the role policy plays in the planning and performing of risk management processes.
Sample paper
Risk Management
Brief Overview of the Project
Installing an internet security suite for the company is critical during this period of increased cyber-attacks targeting businesses. A new internet security suite for the company will help in protecting the company’s computer system from spyware, viruses, malware, email and IM scams, and from hackers. This project aims at improving the information security solutions utilized by the company by ensuring the installation of a new internet security suite that can detect and deter security threats facing the company’s computer system. The new internet security suite should not affect the performance of the company’s computers. Some of the features that come with the new internet security suite include anti-virus engine, content security and parent control, application control, USB device control, and among others.
Positive and negative risks and how they affect the success or failure of the project
Possible positive impacts
- Reduced cyber attacks
A new internet security suite will reduce the possibility of successful cyber-attacks within the organization. According to Szewczyk (2012), antivirus programs and firewalls can be able to deter about 90 percent of malware.
- Early detection of attacks
The new internet security suite will help in early detection of malware attacks. This will ensure that the management acts quickly by taking the appropriate steps to stop the spread or further damage. Early detection of attacks ensures the elimination of the threat before it cause significant loss.
- Protection while surfing the internet
Installation of internet security suite will ensure that employees can surf the internet without hackers being able to access personal data such as bank account access details and credit card information.
Negative risks
-
Employees and other end-users risk
There is a significant risk posed by end-users of a particular system. Although the new internet security suite will thwart most of the cyber-attacks, its effectiveness partly depends on the behavior of the end-users. End-users should be able to understand how the internet security suite works, its importance, and how they can maximize the protection mechanism. Failure of end-users to adhere to protocol increases security threat. For instance, the new internet security suite may identify potential threats and warn the user from downloading a particular file. The user may ignore this and download a malicious file thus compromising the system. Employees may share passwords with their colleagues, which may increase security risk. This may compromise the effectiveness of the project.
-
Dynamic nature of cyber-threat
According to Szewczyk (2012), anti-virus vendors are able to protect organizations from about 90 percent of new malware. This leaves organizations at risk of about 10 percent of newly released malware. Malware developers may devise sophisticated malware that employ anti-detection techniques, hence lending the security systems vulnerable to attacks. This threat may compromise the efficacy of the project by making the internet security suite less effective in preventing attacks.
-
Targeting devices other than the company’s computer systems
The installation of the new internet security suite might not eliminate the security threat posed by cyber criminals. The internet security suite is designed purposely to protect the company’s computer system. In the recent period, however, hackers are targeting other devices that connect to the company’s computer system or that are used in some way. For instance, there have been malware attacks targeting smart phones and Asymmetric Digital Subscriber Line (ADSL) routers (Szewczyk, 2012). This may cause losses especially to customers who may lose money through illegal mobile banking transactions. Such losses may cause the management to lose faith concerning the internet security suite.
-
Failure to patch or upgrade the operating system and the internet security suite
Failure to patch the operating system and the new internet security suite may increase the security vulnerabilities. The IT department should ensure that there is regular updating of applications in order to reduce vulnerabilities. However, most organizations do not keep their applications up to date due to various complexities in updating or upgrading their systems. A good example is the recent ransomware named “WannaCry” which has affected thousands of computers running on the older versions of Windows operating system (Scott & Wingfield, 2017). In this case, free security patches were available but most organizations had not installed them, making their computer systems vulnerable to the ransomware.
Risk mitigation and management approaches
The first risk is employee and other end-users risk. The management can mitigate this risk by developing training programs for employees on cyber security (“Internet Security Threat Report (ISTR),” 2016). The training program should focus on identifying and preventing threats. The second risk concerns the dynamic nature of cyber threats. The organization can mitigate this risk by ensuring frequent updating of the new internet security suite. The organization should also update other applications including Windows operating system. The other threat involves cyber threats that target devices other than the company’s computer systems. The company can mitigate these threats by educating consumers and other third parties involved. Lastly, the organization should develop a policy to keep all applications and internet security suite updated.
Role policy plays in the planning and performing of risk management processes
Policy plays a critical role in planning and performing risk management processes. Policy provides guidance concerning the way in which the organization deals with cyber security threats. Policy provides guidelines that help in the implementation of strategies to deal with cyber security threats. Another role of policy is that it provides a mechanism under which the management can control the behavior of individuals within the organization.
References
Internet Security Threat Report (ISTR). (2016). Retrieved from https://www.symantec.com/content/dam/symantec/docs/reports/istr-21-2016-en.pdf
Scott, M., & Wingfield, N. (2017, May 13). Hacking attack has security experts scrambling to contain fallout. The New York Times.
Szewczyk, P. (2012). An australian perspective on the challenges for computer and network security for novice end-users. The Journal of Digital Forensics, Security and Law: JDFSL, 7(4), 51-72.
