Risk Factors in the Sprout Foundation Case Essay

Exclusively available on IvyPanda Available only on IvyPanda

The company in question is now facing quite a serious issue, as it needs to switch to a more efficient information system. The major threat source is the fact that the existing system is quite outdated and it cannot include all the necessary operations. The system was developed in 1990 and it cannot process the abundance of information available now. More so, the system is also vulnerable to various security violations due to the appearance of various viruses and programs that are distributed online. This leads to such major threat event as security violations. It has been acknowledged that information security is “both organizational and technological” issue that has to be solved for a company to remain competitive (Alberts & Dorofee 2003, p. 32). Contemporary systems are much more efficient and reliable. The predisposing conditions are the system’s flaws, the company’s operations in different countries, and the fact that employees use personal devices (that are often vulnerable to cyber-attacks).

We will write a custom essay on your topic a custom Essay on Risk Factors in the Sprout Foundation Case
808 writers online

These factors increase the risk of security violations. The adverse impact will be the disclosure of confidential information, which can have a detrimental effect on the company’s reputation. The loss of data can also be a significant problem. The organizational risk for the company is the damage to its reputation. People will stop trusting the charity and they will donate to other non-profits. This risk should be addressed and a new information system should be utilized. The company’s management should acknowledge the need to identify major risk factors and develop a proper plan to address them (Jordan & Silcock 2006). In this case, it can be enough to use a new system and to provide corporate devices to employees. Of course, the company should consider addressing professionals who can develop an efficient and safe IS rather than rely on start-ups. Additional funds will be necessary (to pay for services and acquire devices for employees) but this is crucial for the proper development of the company.

The NIST SP 800-30 Risk Model can be an effective tool employed for identifying risks. I have read several sources on risk management. Thus, Knight (2010) provides a list of actions that have to be undertaken. The steps suggested are quite detailed but they are somewhat ambiguous and the author does not provide sufficient information on identifying risks. Woody and Alberts (2007) pay more attention to the identification of risks and threats but they fail to provide an efficient framework.

The NIST SP 800-30 Risk Model can be seen as this efficient framework for detecting risks and identifying possible outcomes. For me, it was easy to apply the model to the case study. The case study provides quite detailed information on the matter but it could be challenging to identify risks and especially the outcomes for the company. However, the model provides a set of milestones to pay attention to. I followed the steps and it was easy to identify the threats and understand organizational risks. When working on a report concerning IS/IT, it is important to employ the model, as it will help to explain why the change is important. I believe that the model could help the company’s managers to develop a detailed plan for managing the existing risks. More so, it could help them to make the top management understand that the company needs a new information system, which would respond to the challenges of the non-profit operating in the 21st century.

Reference List

Alberts, C & Dorofee, A 2003, Managing information security risks, Addison Wesley, Boston, MA.

Jordan, E & Silcock, L 2006, Beating IT risks, John Wiley & Sons Australia Ltd., Chichester, UK.

Knight, KW 2010, ‘AS/NZS ISO 31000:2009 – the new standard for managing risk’, Keeping Good Companies, pp. 68-69.

1 hour!
The minimum time our certified writers need to deliver a 100% original paper

Woody, C & Alberts, C 2007, , Web.

Print
Need an custom research paper on Risk Factors in the Sprout Foundation Case written from scratch by a professional specifically for you?
808 writers online
Cite This paper
Select a referencing style:

Reference

IvyPanda. (2021, January 27). Risk Factors in the Sprout Foundation Case. https://ivypanda.com/essays/risk-factors-in-the-sprout-foundation-case/

Work Cited

"Risk Factors in the Sprout Foundation Case." IvyPanda, 27 Jan. 2021, ivypanda.com/essays/risk-factors-in-the-sprout-foundation-case/.

References

IvyPanda. (2021) 'Risk Factors in the Sprout Foundation Case'. 27 January.

References

IvyPanda. 2021. "Risk Factors in the Sprout Foundation Case." January 27, 2021. https://ivypanda.com/essays/risk-factors-in-the-sprout-foundation-case/.

1. IvyPanda. "Risk Factors in the Sprout Foundation Case." January 27, 2021. https://ivypanda.com/essays/risk-factors-in-the-sprout-foundation-case/.


Bibliography


IvyPanda. "Risk Factors in the Sprout Foundation Case." January 27, 2021. https://ivypanda.com/essays/risk-factors-in-the-sprout-foundation-case/.

Powered by CiteTotal, bibliography maker
If you are the copyright owner of this paper and no longer wish to have your work published on IvyPanda. Request the removal
More related papers
Cite
Print
1 / 1