Identifying Potential Risk, Response, and Recovery Assignment

Identifying Potential Risk, Response, and Recovery - Assignment Example They are subject to a multiple number of insecurities that could prove to be very disastrous for the business to which the system belongs should it succumb to a threat. Businesses that rely on information systems have an obligation to maintain and keep it secure. As the Information Security Engineer for a videogame development company, it is compulsory that I adopt a vigilant approach to uphold my company’s information security (Godbole, 2009). Attacks, threats and vulnerabilities to the organization Hacking The organization is vulnerable to hacking. Hacking is a criminal act whereby unauthorized people with massive computer knowledge decide to illegally access the personal information on another’s information system, mostly to use for malicious acts that will harm the system’s owner. As identified, the organization’s system is not secure enough to protect itself from hackers. Should this threat not be handled the organization is at a risk of losing its mo st valuable information to anyone who does not have the business’ best interests at heart. Such information in the wrong hands could lead to the downfall of the organization without fail. Obsolescence The organization’s information system is outdated. This is a threat that needs to be addressed. In a business as competitive as the videogames one cannot afford to have information systems that are out-of-date. ... This means that the systems fail to work somehow due to various reasons. I have made an observation that once the systems crash all the information that was contained in it is lost and the organization has to commence from scratch. It does not have to happen this way at all. This is a problem that must be dealt with so as to save time. If all activities in an organization will be stopped just because one system crashed then the business will lag behind (Godbole, 2009). Poor maintenance by staff The organization’s staff are not using the information systems a required. This could be out of ignorance or simply negligence. I recently observed one staff member pour water on a computer’s keyboard. This is an outrageous show of poor maintenance. The systems need to be taken care of on the outside in order to protect the information they carry inside. Lack of maintenance could lead to a double tragedy, that is, irreparable damage to the computer systems and in turn loss of the data they hold. Theft There has been theft of information systems in the recent past o the organization. This is an attack that cannot be allowed to stand as it should be hazardous to the life of the firm. The organization should find out the source behind these threats and tackle it with immediate effect (Godbole, 2009). Strategies and controls to deal with the risks 1) Hacking Hacking can be dealt with using the strategy of risk avoidance. This means ensuring that it doesn’t occur at all. For this strategy to be enforced the organization needs to apply new methods of securing the information systems further. For instance, by creating stronger passwords for files. This will make it harder for a hacker to access whatever is