Wait a second!
More handpicked essays just for you.
More handpicked essays just for you.
Maintaining confidentiality and disclosing information
Don’t take our word for it - see why 10 million students trust us with their essay needs.
Executive Summary
The Sprout Foundation (TSF) in these years become a large tier 2 charity organisation. The mission of this company is to help third-world communities sustainably improve their lives, by education, clean water and health facilities. Although the organisation grown significantly, with a AUD 117 Million fund turnover per annum, the management, technical and operational areas of TSF IT Systems and policies are unresourced and are not well maintained.
It (TSF) has not conducted in the past a Risk Assessment, the identification of threats and vulnerabilities and prioritisation of risks is nonexistent.
TSF Head Office is located in Australia. It has many local and global partners, in this case it will be many different local law and international laws that need to be followed but may come into conflict, especially privacy law
An issue for TSF, a privacy concern as they hold some data in the US ( by any of US Based partners of TSF), due to the US law (Patriot Act), they have right to access any data on any computer system, within US borders, in certain but broad situations.
(WILL add more at the end)
(Cover Sheet will be added later by pdf joins)
Record of Changes/Version History
Change/Version Number
Date of Change
Sections Changed
Description
Person Entering Change
Draft-V1
15/04/2014
N/A
First Draft
N/A
Final Version (current document)
17/04/2014
No. 6
Calculation corrections
Anthony Gagliano
1. Introduction
Risk assessment report conduct by Anthony Gagliano and Joshua Chu, in April 2014, with future Risk Assessments recommended every budget cycle of The Sprout Foundation (TSF).
Purpose
TSF is a large tier 2 charity organisation. The mission of this company is to help third-world communities sustaina...
... middle of paper ...
...
7. Conclusion
Final Prioritised list of Risks
Further Risk Assessment Opportunities
(Total the number of observations. Summarise the observations (risk and prioritise them in a list due to the final figures )
References
National Institute of Standards and Technology (NIST): Risk Management Guide for Information Technology Systems. Special Publication 800-30, 2002.
Table 3-4. Likelihood Definitions, National Institute of Standards and Technology (NIST): Risk Management Guide for Information Technology Systems. Special Publication 800-30, 2002.
Table 3-5. Magnitude of Impact Definitions, National Institute of Standards and Technology (NIST): Risk Management Guide for Information Technology Systems. Special Publication 800-30, 2002.
Appendix A
Threat List (maybe or keep in body of report)
Vulnerability List
Appendix B
Acronyms
Glossary
Throughout the risk assessment process, ideas for action were identified and documented. The documentation of these ideas led to the development of potential action item worksheets which were then selected, prioritized, and refined. Detailed risk assessment information for each hazard is included and located through this document.
Analysis of CAFOD (A Charity Organization) The charity I am going to analyse and explain is CAFOD. CAFOD was formed in 1961when the National Board of Catholic Women decided to carry out a family fast day, because the people of the Caribbean Island of Dominica had requested help for a mother and baby health care programme. A year after the family fast day the Catholic bishops of England and Wales decided to set up the “Catholic Fund for Overseas Development” or “CAFOD”. The main aim of this charity was to bring together the vast number of smaller charities and to educate Roman Catholics in England and Wales about the need for world development and also to raise money for developing countries. Even now CAFOD is still helping all around the world thanks to the support of Catholics in England and Wales.
With the increasing use of emerging technologies and the associated information security threat threshold, Ohio University has adopted the NIST 800-53 security control framework to support their regulatory compliance efforts. NIST 800-53 is being implemented to provide a comprehensive set of security controls. This control framework is responsible for instituting minimum requirements that meet approved standards and guidelines for information security systems. It provides a baseline for managing issues relating to mobile and cloud computing, insider threats, trustworthiness and resilience of their information systems. NIST defines the standards and guidelines to be adhered to meet the cyber security control that align to FISMA expectations.
The Healthy Body Wellness Center requires an Information Security Management System (ISMS), in order to implement a plan to maintain and audit the company 's information system security objectives. This necessitated outlining the scope of the ISMS plan as well as an evaluation of the risk assessment conducted by We Test Everything LLC (WTE). We Test Everything LLC was contracted by the Healthy Body Wellness Center 's (HBWC) Office of Grants Giveaway (OGG) to provide a risk assessment of the Small Hospital Grant Tracking System (SHGTS).
Security helps the organization meet its business objectives or mission by protecting its physical and financial resources, reputation, legal position, employees, and other tangible and intangible assets through the selection and application of appropriate safeguards. Businesses should establish roles and responsibilities of all personnel and staff members. However, a Chief Information Officer should be appointed to direct an organization’s day to day management of information assets. Supporting roles are performed by the service providers and include systems operations, whose personnel design and operate the computer systems. Each team member must be held accountable in ensuring all of the rules and policies are being followed, as well as, understanding their roles, responsibilities and functions. Organizations information processing systems are vulnerable to many threats that can inflict various types of damage that can result in significant losses (Harris, 2014). Losses can come from actions from trusted employees that defraud the system, outside hackers, or from careless data entry. The major threat to information protection is error and omissions that data entry personnel, users, system operators and programmers make. To better protect business information resources, organizations should conduct a risk analysis to see what
University of Idaho. (2014). Information Technology Services: Appendix 1: ITS Analysis of Strengths, Weaknesses, Opportunities and Threats. Retrieved from http://www.uidaho.edu/its/strategic-plan/appendix-i.
This project must meet the requirements of DoD security policies and standards for delivery of the technology services. The first requirement we are to discuss is Federal Information Security Management Act (FISMA) which is a United States legislation that defines a comprehensive framework to protect government information, operations and assets against natural or man-made threats. FISMA assigned the National Institute of Standards and Technology (NIST), the responsibility of defining standards and security procedures to be followed and must be complied. There are nine processes NIST outlines to be in compliance with FISMA:
However, even though DTL Power was breached, the controls that were in place prevented the threat from becoming critical. As the summary report in Figure 1 displays, our Global National Security Index was > 100 and our Security Index was 100. Additionally, our Profitability Index was 94 with a profit of $923,660 for this round. As is stated in the application model reference, any score that is 100 and greater is what is desired. However, the exception to this rule is Downtime and Disaster Damage, which requires the score to be under 100 to be acceptable.
Technological advances continue to evolve at a continually increasing rate. Despite these improving increases in technology, the utilization of theoretical frameworks in risk management or information security may be deficient due to the inadequate substantiation of the theory. Furthermore, academic research to corroborate existing theories relevant to risk management or information security is underway, but current research may not be supportive of existing theories. According to Chuy et al. (2010), the roles of theories may not be fully understood and arguably used by others in the research process. In this article, a discussion will be presented on several theories regarding information security and risk management. Additionally, the selected theories will be compared to the implied use to information security and risk. In addition, a brief analysis of each theory will be conducted regarding whether abundant research exists on the specific theory that can be used by the academic community and others. Finally, a discussion will be offered on any challenges that may arise for each theory that does not have sufficient supportive research.
So far the foundation has given over £3.5m to a series of charities in Latin America, Africa and Asia. The aim of the foundation to help people get access to the healthcare, education, micro-finance and agricultural support with the intention to help people grow themselves and their families out of poverty.
Introduction: Every year, students at the Stephen Leacock APEX program in grade 9 are given the opportunity to play a leadership role in their community. This involves an endowment project where each one of the students who are involved in the program is asked to collect information and interact with a non-profit or charitable organization. Then the students will present the organization to the class and decide which organization will be most beneficial from the $5000 the APEX program will provide. One of the organizations that caught my attention is Tropicana due to its wide variety of services for the community. The following information has been gained from interviewing key members of Tropicana Sharon and Rick.
However, risk analysis is the phase in the process of risk assessment where the highest degree of difficulty arises. The expectation that risk ought to be expressed in perceptions renders any measure of risk extensively subjective. However, in spite of the method applied, it ought to satisfy the following desirable properties. First, it should be embraced by the management, the department of information systems, and the community using it [18].
Zeleny, M (ed.) 2000, The IEBM handbook of information technology in business, Thomson Learning, London.
Identification of the risk can simply be done by doing brainstorming with the team members. As Dr. McCarville said, there is no right or wrong answers. Every input is important and can really affect the process. Other beneficial tool is Fishbone Diagram.
Palvia P., Palvia S. & E. Roche (1996) Global Information Technology and Systems Management. Ivy League Publishing