GLOBAL FINANCE, INC. (GFI) IT RISK ASSESSMENT PAPER

When it comes to the risk assessment of Global Finance, Inc. there were identified vulnerabilities that were occurring in the locations of Technical Security, Management, and Operational. Vulnerabilities at the company are looked at as being weaknesses that could possibly be oppressed by a group of threats or just threats in general. Basically, all of these vulnerabilities are able to be alleviated by safeguards that are recommended. These safeguards are security features and certain controls that, when included or added in the information technology environment, alleviate the risk that is connected with the operation to what are the manageable levels. However, a complete conversation of the vulnerabilities and suggested safeguards are discovered in this report. If the safeguards suggested in this risk assessment are not applied, the outcome could be alteration or damage of data, disclosure of sensitive information, or denial of service to the users who are requiring the information on a recurrent foundation.

Risk Assessment Purpose

The goal of this risk assessment is to assess the competence of the Global Finance, Inc. network and security. This risk assessment will give a structured qualitative assessment of the environment that is considered to be an operational environment. The assessment jobs are to be able to addresses sensitivity, threats, risks, vulnerabilities and also the safeguards. The assessment approves cost-effective safeguards to alleviate threats and associated practical weaknesses.

Risk Assessment Scope

The option of this risk assessment measured the system's utilization of controls and resources (planned or implemented) to get rid of and/or handle vulnerabilities usable by threats external and internal to the Global Finance, Inc. system. This Risk Assessment Report will be able to evaluate the privacy (defense from unauthorized expose of system and statistics information), honesty (defense from inappropriate modification of material), and availability which means losing access to the system. Recommended security safeguards will permit management to make decisions in regards to security-connected creativities.

Threats, vulnerabilities, and risks

For Global Finance, Inc. To reach their mission and then to be able to upkeep their standing in the marketplace, three areas must be covered in this report, confidentiality, integrity, and availability. Any vulnerability threat any of these areas must be kept in consideration and create a control or safeguard to protect these areas from these vulnerabilities.

Loss of Administrative Power: Whether you authorize an agreement to have another business achieve the function of a whole department or sole mission, you are turning the control and management control of that works over to another business.

Hidden Costs: they will need to authorize a contract with the company that is being outsourced that will cover the particulars of the service that they will be delivering. Anything that is not covered in the agreement will be the foundation for you to pay charges that are additional.

Threat to Confidentiality and Security: The life-blood of any business is the material that keeps it going on. If there is payroll or any other information that is confidential that will be transmitted to the outsourcing company, there is a risk that the confidentiality may be compromised.

Quality Problems: The outsourcing business will be motivated by proceeds. Ever since the agreement will fix the price, the only way for them to raise profit will be to reduce expenses. On condition that they meet the conditions of the agreement, you will pay. Furthermore, you will lose the aptitude to quickly reply to alterations in the business environment. The contract will be very specific and you will pay extra for changes.

Tied to the Financial Well-Being of Another Company: Ever since you will be turning over part of the procedures of your business to another corporation, you will now be secured to the monetary well-being of that corporation. It would not be the first time that a company that is outsourcing would could go bankrupt.

Another risk is the development in business Global which has been taken place in the last many years. For the reason of this occurring, there was a lot more manpower needed, if the CEO essential to half of the Information Technology department, this will more than likely produce a huge over load on the Information Technology department which in the end may cause them to lose some business. Remote admission worker complaining of the network dormancy, this postponement as a huge effect on their work and production.

It is clear that the Global Finance, Inc. is lacks a lot of information security guidelines that assist workers to act in proper ways in case of disaster or threat....

They just have two forms of policies made by the executive supervision, privacy policy, and acceptable use policy. The information security policy is the guys that staff members the DO'S and the DON't'S, what they SHOULD do, what they HAVE to do, and what their EVERYDAY JOBS are. A procedure states what needs to be done. Actions are what define how to instrument the strategy. There are numerous sub-information security policies that are able to assist in securing the organization system such as physical security policy, data classification policy, control and audit policies, network and telephone administration policies, business steadiness plans, password policy, tragedy recover policies, cyber event reply policy, etc.
The deficiency of these policies can cause the organization go up under threat which already took place by social engineering was hacking on the computer system. Integrity is one of the regions that have some influence on the security of the company. Integrity can be what regulates by utilizing methods of auditing and monitoring the tools. Global Finance is not able to generate an auditing policy in order to make sure that their data integrity is good for the reason that the lack of standards needed to audit against it. Utilizing one layer security is considered to be a risk, since penetrating this layer will permit hacker to get their hands on the company information system. For instance, utilizing magnetic cards to admission very sensitive parts are a risk in case of embezzled or damage of these cards.

This will have an effect on the confidentiality of the company by permitting illegal person to enter these areas, and company obtainability that will not permit persons to just walk into these rooms. The same situation with remote access approval, contingent on the password by itself is considered to be a risk; we can't settle that the right person utilizing the PIN to make his remote access to our system, what if unauthorized individual has the password and use it to access our network? Especially, if the company does not have any password rules. Also, Humans are an advantage for the company, and controls must be in place in order to protect human from getting rid of any law suits that could destroy the company. The fire protection system could hurt the employee working in that room because it is heavily sealed and people could fir sure get locked in the room. Shutting down the company system without any notice could cause so many different issues could affect reputation of the company, because of employee not saving their work in good way, and affect system availability that will affect salespersons to get access to the system.

Safeguards and controls

Security is usually defined as the freedom from danger or as the ailment of safety. Computer security, precisely, is the protection of data in a system that against illegal disclosure, alteration, protection or destruction and of the computer system itself against use that is considered to be unauthorized, modification, or refutation of service. For the reason that certain computer security controls prevent productivity, security is naturally a negotiation which security practitioners, system users, and system work in order to attain an acceptable balance among productivity and security. Controls for providing information security can be technical, physical, or organizational.

Physical security is the utilization of locks, badges, security guards, alarms, and similar procedures to control access to computers, related equipment (including utilities), and the processing facility itself. In addition, measures are required for protecting computers, related equipment, and their contents from espionage, theft, and destruction or damage by accident, fire, or natural disaster (earthquakes and floods).

Technical security includes the utilization of safeguards combined into computer operations or applications software, hardware, communications software, and hardware and devices that are related. Technical switches are sometimes recognized as the logical controls. Personnel or administrative, or, security contains management constraints, operational measures, accountability measures, and supplemental administrative controls recognized to offer a suitable level of protection for calculating resources. Furthermore, administrative controls consist of procedures recognized to safeguard that all personnel who have access to computing resources have the necessary authorizations and appropriate security authorizations.

By means of utilizing all three controls it will bring layers of protection, which will in the end, increase security and then making the whole entire process much easier to control. For instance, to make access security better to the data center, rather than using the swap cards that has events of stolen and lost. Company can utilize pass code as technical control, and then be able to come up with a…