The case shows that the firm faces multiple risks of customers’ integrity and financial data files on its system. This results from the files’ corruption due to the import of a worm or virus onto the company’s network. Consequently, there is a need to have specific risk controls which could aid reduce the risks. Some of the most suitable risk controls for this particular challenge include identifying and authenticating the risk, having a maintenance program, and awareness and training programs on running and maintaining the system.
The first risk key control is identification and authentication of the risk. Identification entails identifying a user, a system, or a threat, which could be training in the system. On the other hand, authentication involves proving that an application or a user is genuinely that person which the application is claiming to be (Kim & Lee, 2017). This risk control will be very in this case since it will help identify the type of risk and look for measures to ensure that it is not a threat. This will also help determine the appropriate person who can access the system and protect the system from external threats that it currently is facing. Authentication helps control the cases of information where the more complex it becomes, the more the need to authenticate it to solve some of these problems (Kim & Lee, 2017). Combining the correct authentication processes greatly helps secure the company’s critical information and improves experiences for all the users involved.
Maintenance is another crucial risk control that can help ensure that attacks on the company’s system are tackled accordingly. It involves updating all the relevant components of the system (Vargas & Salmeron, 2012). This also entails ensuring that the anti-virus software and other related applications are in place to ensure that the system is protected against harmful attacks. Having a maintenance program for the system, assists in reducing any likely project failure rates. After identifying and monitoring the risks, the maintenance will also help enhance the system’s success rate.
Figure 1 Most suitable Risk Controls
Awareness and training, is a final risk control that can help the company in this situation. By training the employees at the company, they will have the capabilities in key security areas, which help control the type of risks faced by the company’s system. It will help all the key stakeholders at the firm understand and have an in-depth knowledge of what type of risk areas are likely to face the firm, currently and in the future, and know-how (Ki-Aries, 2017). Awareness and training is a risk control measure that ensures that the stakeholders (more so the employees) are committed to working, have job satisfaction, and ensure that they are conversant with all possible risks likely to affect the firm’s system.
The types of risks the organization faces require control measures to ensure that the magnitude of the risk is reduced. First, the most critical risk control is identifying and authenticating the risk to ensure that the company is conversant with the type of risk they are dealing with. Undertaking a maintenance program will ensure that all the software is updated and effective enough to deal with any threat. Finally, an awareness and training program will ensure that all the stakeholders are conversant with the system and any software, which will ultimately help them easily detect any potential threat.
Ki-Aries, D. &. (2017). Persona-centred information security awareness. computers & security. 70, 663-674.
Kim, H., & Lee, E. A. (2017). Authentication and Authorization for the Internet of Things. IT Professional, . 19(5), 27-33.
Vargas, C. L., & Salmeron, J. L. (2012). Monitoring Software Maintenance Project Risks. 5:363–368.