This essay has been submitted by a student. This is not an example of the work written by professional essay writers.
Uncategorized

IT Security

Admin 04 Jul 2020

Pssst… we can write an original essay just for you.

Any subject. Any type of essay. We’ll even meet a 3-hour deadline.

GET YOUR PRICE

writers online

IT Security

Question 1

In information technology, the risk is considered as the probability of a given threat to exploit the vulnerabilities of an asset and thereby create some form of harm to the organization owning or using the assets.  The IT risk is therefore taken as the combination of the probability of occurrence of a threat and the measure of its consequence.  The risk could be categorized in different formats, including unauthorized disclosure of information, accidental modification or destruction of data, unintentional errors and/ or omissions, disruptions in IT by natural disasters or man-made negligence, and the failure for the IT personnel to exercise diligence in the operation of the IT system.

There are several concepts that the IT manager must be aware of regarding IT risk. These include: i) The different types of threats, ii) the risk landscape- or the IT environments that are potentially vulnerable to risks, ii) risk identification methodology iii) risk management process, iv)  risk management policies,v) response and recovery strategies to IT risks, vi) the impact of risk on business continuity, vii) The nature of risk- perceived or actual hazards, viii) The concept of threats, ix) information security and x) information security personnel.

Question 2

The information security for this company has adequate measures to ensure the integrity of the organization’s operations. Other than security software such as firewalls and VPN, there is extensive use of passwords and usernames to ensure that access to restricted spaces or equipment is limited to authorized personnel only.  However, the policies governing the use of these passwords and usernames are too rigid and restrict the ability of the staff to use them effectively. As a consequence, there are cases of inconsistencies in upholding optimum security for the company’s information system.  These challenges arise due to the pressure on employees when using the passwords and the usernames.

As a recommendation, the organization should develop consistent rules across the entire IT system. A greater focus should be on forbidding the adoption of the same password on multiple systems. Also, the IT systems should provide explicit rules for passwords on the page, the window, or the screen where the passwords are changed or managed. The pressure at the call center in using knowledge-based systems is caused by inconsistent rules.  The IT security manager created a series of his own rules for password length, the complexity of the password, and the frequency of changing the password.  Take, for instance, the case of a nine-digit password created by the IT manager. Generally, the company recommends a password of at least 16 to 20 digits. But with the manager’s new rule, it became difficult for the call-center personnel to manually synchronize their passwords. These 9-digit passwords were then given to each of the call-center representatives. These passwords were similar, but not identical, and this placed the call-center employees at risk of confusing them.  When the items to be recalled ae closely similar yet not identical, the probability of recalling the wrong password is highly increased.

Secondly, the organization should provide password management tools. These are specific tools for storing and protecting passwords through digital encryption. This would ease the burden of relying on individual employee efforts at managing passwords such as cramming. In turn, the employees would not be forced to adopt coping strategies such as the noting down of passwords. The second source of pressure on the call center employees is a large number of logins. These employees are responsible for remembering as many as 30 job-related usernames and passwords. This increases the cognitive pressure on operating the security system. The cognitive pressure forces the call-center representatives to adopt coping strategies, most of which include noting the passwords down—writing the passwords down places the security at risk of breaches. Unless intervention is made, then the effort to enhance security creates loopholes for the breach of the very system it attempts to secure.

Third, the employees should be taken through substantial training for every newly installed system or equipment on how they should maintain the password for that system.  There should also be periodic security training on how to improve employee competence in the area of security management. The IT system’s safety policies contradict the company’s ability to create value for the business.  Customer experience is the cornerstone of retaining customers and attracting more, and hence increasing the profitability of the company.  However, the security policy that necessitates every employee to increase the customer call time by up to 5 minutes when summoning the IT manager for the forgotten passwords does not attract positive customer perception of the service they receive. Forgetting or confusing passwords may be a rare occurrence, but in case it happens, it limits the workforce’s ability to use the IT system to provide callers with a great experience both productively and safely.  Overall, the company may be operating at minimal cost, but the conflict between IT security and business value has reduced the quality of the service being provided to enhance the customer experience.

Question 3

Risk management covers a wide range of presses from the identification of the risk, the assessment of the risk, response to and mitigation of the risk, and the control of the risk. The risk management tools should, therefore, fall into one or more of these categories.

The following list comprises the most appropriate risk management tools for the manager.

  1. SWOT analysis.

The SWOT analysis provides the strength, weaknesses, opportunities, and threats that are closely tied to the operations at the call center. The strengths help identify the capacity of the call center to contain its operational risks, the weaknesses identify the unavoidable risks that stem from the nature of the operations at the call center, the opportunities are the potential alternatives to mitigating these risks, and the threats are the external circumstances that warrant close attention if the operations at the center are to remain risk-free.

  1. Risk register

Through this tool, the IT manager can document a list of the identified risks, the solved risks, those which are under close monitoring, anticipated risks, and the appropriate measures that can be taken to mitigate these risks.

  1. The probability and Impact Matrix

This tool can be used by the manager to prioritize the risks. There is no need for the manager to waste time and resources on minor risks.

Question 4

The design of the call center workspace is of paramount importance in ensuring that the reps have a healthier and happier work life.  There is a need that the new workspace provides a vibrant environment comprising of inviting break rooms, safe storage for personal items, sufficient lighting, and aesthetically pleasant furnishing.  Some of the areas considered in the ergonomic design of the workspace include lighting, monitor position, chair, the keyboard tray, adjustable height work tables, plants, acoustics, floor systems, and the layout of the center.

Regarding lighting, the new center is indirect and sufficiently offers the workers an adjustable task light to minimize eyestrain. The new design places the representatives’ workstations around the exterior, thereby maximizing the light exposure, while the administrative station is centrally placed. Also, there are walkways to enable the representatives’ movement to the break rooms and other areas.

There are high-quality monitor arms to ensure that the computer screens are correctly positioned.  The monitors were also placed at 30 inches from the face to minimize eye strain.

The company has invested in proper ergonomic seating material. The chairs currently being used are adjustable such that the feet become flat on the floor. These chairs can also adjust to a wide range of postures to cater for any unusual needs of the employees. It is necessary that the employees vary their posture to avoid muscle strains, keep alert, and remain focused for a long time.

The area surrounding the call center can be dotted with plants to minimize aggression and other manifestations of anger.  There are reports from studies that suggest that employees with a view of nature are less likely to get frustrated. Instead, these employees tend to be more focused because the scenic views boost memories and focus. This design feature is missing at the new call center. It could mean that the employees are missing in a natural way to boost their memory and focus.

Regarding acoustics, the noise level around the new call center is efficiently managed.  There are sound absorption fillers on the walls, sound blocking screens between the workstations, and a sound masking plastered on the ceilings.  There is minimal artwork on the walls, with more glass and plastic covers all around. The carpets on the floor are also good sound absorbers.

Most reports from the call center cited that there were times of the day when the temperature grew uncomfortable. The degree of discomfort ranged from extreme cold in the early hours of the day, and moderately high temperatures at the peak of the day. Temperature ranks among the top factors that influence job performance, implying that the company must consider adjusting the call center design to allow for better employee comfort. Measures to ensure that the heat and air conditioning systems are optimally functional are not apparent. The experts should, therefore, watch for cold spots and hot spots, as well as workstations that are situated directly under the blowing air.

The new raised floor designs accommodate easy movement of equipment, cabling, airflow, and other installations. Overall, the layout of the workspaces is properly designed to aid in productivity while ensuring that the space at the center is sufficiently conserved.  The zigzag design in which the sides of the cubicles stick out in triangular shapes leaves more space for the workers to move freely. There are high walls separating the workers, and this provides privacy while also minimizing conversations.  The typical design gives 140 square feet per call center rep.

Question 5

In sum, IT risks references the combination of the probability of a threatening event to occur, and the impact of its occurrence.  Hazardous events or dangerous situations are considered as risks only if their occurrence applies to zones where the human, economic, and environmental stakes are vulnerable.  The vulnerability of an information security system is defined by the respective security measures put in place to safeguard it. These could be in the form of software, passwords, and usernames.  Passwords and usernames are dependent on the efficiency of the human factor in managing them.  Most IT security systems utilize facilities, equipment, and strategies to enhance security. But, if the human comfort and expertise in handling these facilities, equipment, or strategies are not appropriate, then the guarded system remains inherently vulnerable.

 

 

  Remember! This is just a sample.

Save time and get your custom paper from our expert writers

 Get started in just 3 minutes
 Sit back relax and leave the writing to us
 Sources and citations are provided
 100% Plagiarism free
GET CUSTOM ESSAY
Copyright © 2019
error: Content is protected !!
×
Hi, my name is Jenn 👋

In case you can’t find a sample example, our professional writers are ready to help you with writing your own paper. All you need to do is fill out a short form and submit an order

Check Out the Form
Need Help?
Dont be shy to ask