annotated-Risk%20Management%20Plan.docx
pdf
keyboard_arrow_up
School
Liberty University *
*We aren’t endorsed by this school
Course
714
Subject
Information Systems
Date
Dec 6, 2023
Type
Pages
14
Uploaded by JusticeFreedomGorilla2111
RISK MANAGEMENT PLAN
1
Risk Management Plan for Excel Modular Scaffold & Leasing
Kimberly M. Thomas
BMAL 714:B03, Liberty University
Author Note
Kimberly M. Thomas
I have no known conflict of interest to disclose.
Correspondence concerning this article should be address to Kimberly M. Thomas.
Email: kthomas225@liberty.edu
RISK MANAGEMENT PLAN
2
Abstract
Excel Modular Scaffold & Leasing is an industrial construction firm was founded in 1992. To streamline data transmission to its multiple satellite sites Excel is seeking to transition from an email-based paper system to a paperless digital system for employee records, employee change requests, and employee personnel files. With the help of Excel’s Information Technology (IT) team, several internal and external risks have been identified. These risks will be evaluated in the paper below to ensure the new digital based system has the necessary capabilities to keep this data safe and secure. Risk mitigation suggestions will be made to ensure Excel does not experience corruption of data, incompatibility with other software and programs, protection against cyber attacks or malware and spyware, and how to handle employee access to these systems and files. Additionally, Excel seeks to operate in the most ethical way possible, so a Christian worldview will be examined.
Keywords: risk management, digital file system, information technology
RISK MANAGEMENT PLAN
3
Risk Management Plan: Excel Modular Scaffold & Leasing
Research indicates many organizations are making the environmentally friendly transition from being paper based to digital based office systems (Jones et al., 2019). This transition boosts the organization’s corporate social responsibility factor making them more desirable and more efficient (Jones et al., 2019). These changes not only play a role in the organization’s reputation in their market by showing reduced waste, but also assist the organization in cost saving efforts that reduce the need for overhead such as storage and staff (Jones et al., 2019). These transitions do not happen naturally. Shaver (2019) explains the start to a transition from physical paperwork to digital file systems begins with having the right technology. Any changes an organization undergoes must be evaluated for risks so mitigation of these risks can be discussed and implemented. Excel’s plan to transition to a digital system requires confidentiality of information to be secure, therefore the information technology (IT) department has been enlisted to assist with the identification of potential risks. The internal risks associated with this transition are the possibility data could be corrupted and then unavailable, software and technology combability issues, ensuring the proper chain of evidence is maintained, and restricting access to this confidential information. The external risks identified are the threat of cyberattacks or the possibility of infection of the network through malware or spyware. Company Overview
Excel Modular Scaffold & Leasing Cooperation has been in business since 1992. Excel specializes in scaffold construction, maintenance, and support at multiple refineries across the United States. Due to the popularity of their patented material, Excel currently has contracts at 35 refineries. The organization started small, with one singular jobsite and less than 40 employees. Over the last three decades Excel has employed more than 30,000 employees. Each
Your preview ends here
Eager to read complete document? Join bartleby learn and gain access to the full version
- Access to all documents
- Unlimited textbook solutions
- 24/7 expert homework help
RISK MANAGEMENT PLAN
4
of these employees has a personnel file housed at the Human Resources Office in Baton Rouge, Louisiana. It is estimated that Excel spends roughly $50,000 per year maintaining these files. This maintenance includes fees for storage as well as the full-time position of filing any paperwork processed by the Human Resources department. With Excel already implementing lean manufacturing techniques in their construction, the Human Resources department has requested to transition to a digital filing system. Research indicates the implementation of such technology can increase overall organizational productivity and efficiency (Milan et al., 2021).
Identification of Risks
The first step in developing a risk management plan is the identification and analyzation of any circumstances or situations that could threaten the day-to-day operations of the organization (Nawaz et al., 2019). Narwaz et al. (2019) suggests organizations consider any risks associated with time, quality and efficiency, and costs. For the purposes of this transition, Excel has considered not only the external risks associated with storing digital copies of personnel files, but also the internal risks. The internal risks include data corruption, compatibility with other technology, maintaining an appropriate chain of evidence, and restricting access to these files. The external risks identified are the threat of cyberattacks and the damage of internal servers due to malware and spyware. Internal
Data corruption. The most important aspect of maintaining digital files is ensuring the data collected is safe and secure and can be retrieved at any time from anywhere. Israel et al. (2021) explains data corruption is the process in which a digital file is unexpectedly changed during the process of the file being stored on the server, during the process of the file being transferred to
RISK MANAGEMENT PLAN
5
another user, or during the viewing or processing of the file. They go on to say any information stored electronically could experience degradation or total failure. This risk would inhibit the filed from being accessed by any user, or from being opened, viewed, or modified (Israel et al., 2021). Compatibility with other programs.
Ouederni (2021) explains compatibility between two or more programs or two or more types of software ensures the programs or software can communicate without derogation of the information being communicated. The risk associated with compatibility for Excel is all documents stored on the network servers will need to be viewed in their original format. The risk is if a file is saved in a format that is not accessible to another program or cannot be opened by the storage software the document could be corrupted or lost. Additionally, Excel needs to consider the size of files and the storage necessary to ensure all documents are stored and can be retrieved in a resolution that is clear and easy to read. Chain of evidence.
All documents Excel’s Human Resources handles are personal and confidential in nature. As such, the transition to a digital filing system needs to meet all regulatory laws for the collection and storage of personnel and medical files. To protect the integrity of these documents, Excel’s IT department must ensure the saved digital document is identical in every way to the original document. The software used to scan, upload, store, and maintain these files must not only comply, but also be user friendly and support efficiency (Shah et al., 2017). If these documents are requested by a legal entity Excel must be able to confirm the digital copy is a true and correct version of the original and was made during the normal course of business. Access restrictions.
Due to the confidential nature of the files the Human Resources department deals with Excel must limit the number of users that have access to this data. The greater number of users with access to confidential information the more likely it is the
RISK MANAGEMENT PLAN
6
information be used in an inappropriate manner. This risk can have costly financial repercussions for Excel if these files are accessed by an unauthorized user or are used for an unintended purpose (Rasouli & Valmohammadi, 2019). Rasouli and Valmohammadi (2019) point out these financial costs could result from lawsuits from current and former employees should their personal information not be secure. External
External risks are risks to the organization that stem from any person or entity outside the organization. While these risks are identified, analyzed, and mitigated in the same manner as internal risks their risk assessment value is often higher than internal risks due to the unknown qualities they possess (Hanggraeni et al., 2019). With the help of the IT department, Excel has identified the external risks of threat of server integrity through the infection of malware and spyware and the possibility of cyber-attacks. These risks were identified through market research of the experiences of other such organizations who have transitioned from a traditional paper filing system to a digital filing system. Cyber-attacks.
A cyber attack is defined by Derbyshire et al. (2021) as any instance when a criminal or computer hacker seeks to gain access to an organization’s secure computer network for the purpose of taking data, documents, and files of a confidential nature and using the information gathered for nefarious purposes. The researchers go on to explain cyber attacks can be categorized in two different ways: from the view of the individual or the group performing the attack and from the view of the skillset necessary to perform such a crime. This risk is real and valid to Excel as the documents stored in the digital file system are personal and confidential containing social security numbers, addresses, and other personal information that could result in identity theft or like crimes against Excel employees.
Your preview ends here
Eager to read complete document? Join bartleby learn and gain access to the full version
- Access to all documents
- Unlimited textbook solutions
- 24/7 expert homework help
RISK MANAGEMENT PLAN
7
Malware and Spyware.
Malware and spyware are usually intentional, but may not be considered a cyberattack against the victim. Any time one user sends a file to another user, be it internally to the organization or externally, there is the thread of a computer virus, or malware infecting the organization’s servers (Mobile Threats, 2019). These computer viruses can cause irreparable damage to an organization’s computer and network systems (Mobile Threats, 2019). Malware and spyware are specifically designed to infiltrate the operating system of the victim and collect valuable and confidential information from the network, often without anyone at the organization’s knowledge (Mobile Threats, 2019). If any employee opens an infected email or file these viruses can gather confidential information about Excel’s employees and can be devastating to those affected and the organization.
Mitigation of Risks
The second step in building a risk mitigation plan is to determine the probability of these risks occurring. Risks can be valued from high probability of occurrence to low probability of occurrence. Additionally, risks can be assigned a value to represent the significance of damage the risk would impose (Rybnicek et al., 2020). The risk mitigation plan seeks to outline the risks most likely to occur as well as those that would be catastrophic in nature (Rybnicek et al., 2020). Once these risks have been identified and analyzed the risk management plan can include any processes, internal procedures, and additional employee training to mitigate the occurrence of these risks happening as well as the significance of impact should any of these risks occur (Rybnicek et al., 2020). While it is not possible for an organization to avoid all risks, Rybnicek et al. (2020) explains risks can be prevented from escalating into problems if the organization has a plan in place with detailed actions that must be followed should any of these risks occur.
Internal
RISK MANAGEMENT PLAN
8
Data corruption.
With data corruption being the most concerning risk for the transition from a paper file system to a digital file system, Excel’s IT department has elected to store the uploaded documents in more than one location. This decision is supported by research that states multiple storage locations for data decreases the risk of the information being changed, destroyed, or made inaccessible (Oliveria et al., 2021). Excel’s digital system is designed to perform a system backup every 24 hours. This decision ensures if there is an issue or problem in the submittal process it is identified as soon as possible and there is always a backup file for all the data that has been successfully collected up to a specific point.
Compatibility with other programs.
Excel’s plan to reduce or eliminate issues as related to compatibility with other programs is to save all documents uploaded to the digital system in a portable document format (PDF). The PDF is a file type created by Adobe and is known to be compatible with multiple operating systems and nearly all software programs (Pradhan et al., 2022). The benefit of saving files in this format is these files can be viewed, but not changed, by anyone regardless of their system hardware, operating system, or software (Pradhan et al., 2022). Using the PDF format for their documents ensures Excel’s digital file system can be used by any user anywhere regardless of equipment. These documents will not experience issues being stored or viewed throughout the lifecycle of the employee’s file (Pradhan et al., 2022). Chain of evidence.
One of the most important aspects of a digital file system is the chain of evidence is protected. Excel needs to be able to prove, should it be necessary for legal purposes, that all documents in the digital file system are true and correct and the documents have not experienced any degradation of quality and have not been tampered with or changed (Olivera et al., 2021). To ensure the security of the chain of evidence Excel’s IT team has created
RISK MANAGEMENT PLAN
9
a tracking system which identifies which user opens a document and records the date and time the document was accessed. Additionally, this system will record if any changes were made to the document and what those changes are. This allows Excel to identify and remove any activity that appears fraudulent in nature. This process also reminds Excel employees to operate with integrity as they are aware every action performed within the digital system is tracked and recorded. Additionally, this tracking system also assists Excel’s IT team with discovering software or hardware incompatibilities before those issues cause a system or network failure. Access restrictions.
To protect the confidential information uploaded to employee files daily, Excel’s IT department assigns each system user a set of permissions. These permissions allow the user to access, change, and upload to specific areas of the system and restricts access to areas the user does not need access to. These digital identities are yest another security measure to keep the documents stored safe and confidential (Rasouli & Valmohammadi, 2019). These security measures assign each user a user name and password to access the system as well as additional authentication should the user try to access confidential information. The permissions associated with each user can be changed in an instant, so if an employee elects to resign from the organization their access to confidential information can be removed immediately. Excel’s IT department has also implemented a safeguard system which scours the network for suspicious activity or failed log in attempts to ensure individuals who shouldn’t have access to information are denied.
External
Cyber-attacks.
Preventing cyber attacks begins with Excel’s IT department ensuring not only the network, but also each individual device is secure. To prevent Excel’s employee’s confidential information from falling into the wrong hands the data collected is then encrypted
Your preview ends here
Eager to read complete document? Join bartleby learn and gain access to the full version
- Access to all documents
- Unlimited textbook solutions
- 24/7 expert homework help
RISK MANAGEMENT PLAN
10
and stored on Excel’s network servers in multiple locations. Excel’s IT department has installed firewalls and specific antivirus software on each device owned by the organization. This safety tactic limits the amount of traffic the network receives and ensures the network remains secure (Sarker et al., 2020). All network traffic is monitored by Excel’s IT department and suspicious activity, such as multiple failed log in attempts in a specific time period, are noted and addressed.
Malware and Spyware.
As previously mentioned, Excel’s IT department performs a full system backup every evening. These backups can serve as the ground floor for a full system reboot if malware or spyware infiltrates the organization’s system (Ghazali, 2021). In addition to these nightly backups, Excel’s IT department has developed specialized employee training which covers the issues related to data security. This training explains the functionality of malware and spyware, where these viruses come from, what they can do to an organization’s network, and how these viruses continue to spread. Excel feels confident each employee, after receiving this specialized training, will have a better understanding of malware and spyware and be cognizant of how to avoid these viruses. Integration of Biblical Principles
Risks cannot be avoided. Risk management is the process of reviewing an organization’s current processes and procedures and considering the multiple ways those processes and procedures could fail and providing insight on how to handle these failures to protect the organization from collapse. Believers and followers of Jesus look to scripture on how to handle the ups and downs of daily life. These same concepts can be translated into business. One such example of preparation for the unknown is found in Luke 14:28-33. In this scripture Jesus is asking the people “For which of you, desiring to build a tower, does not first sit down and count the cost, whether he has enough to complete it?” (
English Standard Version)
. This scripture
RISK MANAGEMENT PLAN
11
reminds believers God honors those who prepare for the expected and the unexpected alike. Additionally, Proverbs 22:3 reminds the faithful to “foresee danger and take precautions” (
English Standard Version
). The value of risk management through the Christian worldview is clear. Scripture encourages believers to plan and count the costs of a project, so to honor Colossians 3:23 Christian business owners should engage in risk management practices so everything they do is done as if unto the Lord. Conclusion
Excel has seen rapid growth during their thirty years in the construction industry. To remain relevant in their market, and bring a competitive advantage, Excel feels the transition from a paper-based communication system to a digital based system is necessary. The costs and inefficiency of maintaining paper files has been more evident over the last several years. After evaluating the risks associated with digital personnel files, Excel feels confident in their ability to keep this confidential information safe and secure. The success of Excel and the future of the organization depends on the ability of the managers and decision makers implementing safeguards against the risks identified with this transition.
RISK MANAGEMENT PLAN
12
References
Cai, C. & Chen, C. (2021). Optimization of human resource file information decision support
system based on cloud computing. Hindawi Complexity, 2021. 1-12. doi:
10.1155/2021/8919625
Derbyshire, R., Green, B., & Hutchinson, D. (2021). “Talking a different language”:
Anticipating adversary attack cost for cyber risk assessment. Computers & Security,
103
(2021). doi: 10.1016/j.case.2020.102163
Ghazali, A.F. (2021). A survey of malware risk detection techniques in cloud. Turkish Journal of
Computer and Mathematics Education, 12
(3), 868-876. doi: 10.17762/turcomat.v2i3.797
Hanggaeni, D., Slusarczyk, B., Sulung, L., Subroto, A. (2019). The impact of internal, external
and enterprise risk management on the performance of micro, small and medium
enterprises. Sustainability, 11
(7). doi: 10.3390/sul11072172
Israel, M.J., Graves, M., Amer, A. (2021). On trusting a cyber librarian: How rethinking
underlying data storage infrastructure can mitigate risks of automation. EAI Endorsed
Transactions on Creative Technologies, 8
(29). Doi: 10.4108/eai.1-12-2021.172359
Jones, C., Holland, M., Hellard, B. (2019). What is the paperless office? IT Pro
. Retrieved from
https://go.openathens.net/redirector/liberty.edu?url=https://www-proquestcom.
ezproxy.liberty.edu/magazines/what-is-paperless-office/docview/2277744682/se-2
Milan, J., Lyalkov, S., Burke, A., Millam, A., & Van Stel, A. (2021). ‘Digital divide’ among
European entrepreneurs: Which types benefit most from ICT implementation? Journal of
Business Research, 215
(2021), 533-547. doi: 10/1016/j.busres.2019.10.034
Mobile threats: 10 app categories at risk of malicious malware. (2019). Database and Network
Journal, 49
(6).
Your preview ends here
Eager to read complete document? Join bartleby learn and gain access to the full version
- Access to all documents
- Unlimited textbook solutions
- 24/7 expert homework help
RISK MANAGEMENT PLAN
13
Nawaz, A., Waqar, A., Shah, S.A.R., Sajid, M., & Khalid, M.I. (2019). An innovative framework
for risk management in construction projects in developing countries: Evidence from Pakistan. Risks, 7
(24), 1-10. doi: 10.3390/risks7010024
Oliveira, J., Axevedo, A., Ferreira, J., Gomes, S., & Lopes, J. (2021). An insight on B2B firms in
the age of digitalization and paperless process. Sustainability, 13
(21), p. 1-22. doi:
10.3390/su132111565
Ouederni, M. (2021). Compatibility checking for asynchronously communicating software.
Science of Computer Programming, 205
(2021). Doi: 10.1016/j.scio.2020.102569
Pradhan, D., Rajput, T., Rajkumar, A.J., Lazar, J., Jain, R., Morariu, V., & Manjunatha, V.
(2022). Development and evaluation of a tool for assisting content creators in making
PDF files more accessible. ACM Transactions on Accessible Computing, 15
(1), 1-52. doi:
10.1145/3507661
Rasouli, H. & Valmohammadi, C. (2019). Proposing a conceptual framework for customer
identity and access management. Global Knowledge, Memory and Communication, 69
(1/2), 94-116. doi: 10.1108/GKMC-02-2019-0014
Rybnicek, R., Plakolm, J., & Baumgartner, L. (2020). Risks in public-private partnerships: A
systematic literature review of risk factors, their impact and risk mitigation. Public
Performance & Management Review, 43
(5), 1174-1208. doi:
10.1080/15309576.2020.1741406
Sarker, I.H., Kayes, A.S.M., Badsha, S., Alqahatani, H., Watters, P., & Ng, A. (2020).
Cybersecurity data science: An overview from machine learning perspective. Journal of
Big Data, 7
(41).
Shah, M.S.M.B., Saleem, S. & Zulqarnain, R. (2017). Protecting digital evidence integrity and
RISK MANAGEMENT PLAN
14
preserving chain of custody. Journal of Digital Forensics, Security and Law, 12
(2). doi:
10.15394/jdfsl.2017.1478
Shaver, L. (2019). The paperless office: Bringing residents, staff, suppliers on board. Units,
43
(7), 27.