4.[15marks] Let’s do some risk analysis on Trent\'s information assets.Trent sto

Question

4.[15marks] Let’s do some risk analysis on Trent's information assets.Trent stores many types of about students and three of these are: identification information (name, address, SIN, telephone numbers etc.), IT information (username, password, email services, etc.), and financial information (tuition, student loans, banking information,etc.)

a.[3marks] For EACH of the three types of information describe who would want to illegally access this type of information and why?

b.[3marks] Consider what the impact would be for EACH of the three types of information mentioned above if the information was improperly accessed or damaged. Is the impact Catastrophic (expose school to serious lawsuits, loss of reputation, and/or information cannot be recreated), Serious (some exposure to lawsuits, loss of reputation and/or information is expensive to recreate), or No Big Deal (small chance of lawsuits, information can easily be recreated). Be sure to justify your choice for each type of information.

c.[3 marks] Now consider what the likelihood is that EACH type of information could be accessed or damaged: not likely, moderately likely, very likely. Justify why you think the information fits in that category.

d.[6 marks] Now let’s look at how we can manage the risk. Basic techniques are: avoiding the risk, modifying the risk (impact and/or likelihood), transferring the risk to others, and accepting the risk. What techniques would you use for EACH of the types of information and how would you implement it?

Explanation / Answer

General Instructions:

(A) Risk assessment on Trent's information assets such as:

(B) Impact on information in case of information lost or damaged:

(C) If information is accessed or lost then what can be happened in each case:

Identification information

IT information

Financial information

Not likely

Very Likely

Very Likely

Identification Information: If student name, address etc. lost then such type of information can be easily retrieved. Thus, it comes under not likely category.

IT information: If student username, password can be lost or accessed by other person then he can interrupt his information and damage the records. Thus, it leads to very likely.

Financial information: If student tuition records lost then its moderate likely whereas his bank details lost or accessed can lead to very likely or his loan history also comes under very likely.

(D) Avoiding the Risk: Risk can be avoided based on the student’s information. For example, there is the risk of bank details if shared by or accessed by unauthorized person can leads to a problem. It is not possible that in each case, risk can be avoided.

Accept the Risk: Accepting the risk leads to accepting this type of problem that to logged in to the system there would be such type of procedure that unauthorized person is unable to use the information. As well as he is unable to alter the information.

Transferring the Risk: Transferring the risk means to transfer the risk from first or second party to third party. In case, if information is accessed by unauthorized person, then third party has to pay for that. That party has to deal with this. For example, To take a policy, in case of any damage that policy helps you financially.

Modify Risk: Modify risk leads to modification or updation of the software. To make the student username or password not likely, he has to update the password again and again or after some time. And the information of the student need to update to avoid the risk.

Identification information

IT information

Financial information

Not likely

Very Likely

Very Likely

Related Questions

Navigate

• Browse (All)
• Browse 4
• Subjects

Integrity-first tutoring: explanations and feedback only — we do not complete graded work. Learn more.