Security Policies and Risk Identification


Security Policies and Risk Identification

Your company has decided to implement a human resource demographic portal.  Under the system envisioned, employees would be able to change various personal information items themselves, such as name, address phone, marital status, etc.  In addition, the employees would be able to change various payroll related items, such as 401k deduction percentages, the number of federal and state exemptions, as well as be able to view and print current and YTD pay information, including the current paycheck and check “stub”.  Under the current system, employees must go to the HR office to make any changes – there is no online access.

Your company already requires direct deposit for all employees, and under the new system, pay stubs would no longer be printed.  Employees would be able to do this as needed through the portal.

There are many potential risks associated with this project.

  1. Your task is to Identify as many risks as you can (4 is the minimum, but feel free to identify more risks if you so desire).
  2. Determine the relative likelihood of each risk occurring (low, medium high)
  3. Propose at least one strategy for addressing each risk
  4. Describe the strategy in terms of the 4 risk responses (Avoidance, Transference, Mitigation, or Acceptance).

Remember that sometimes, risks are acceptable and can be taken, so long they are identified and a strategy to address the risk is presented.  For example, driving a car is a risky venture, but to address that risk we have driver’s education (mitigation), manufacturing safety standards (mitigation), insurance (transference), and staying at home (avoidance). Driving an older, unsafe vehicle by an unlicensed and uninsured motorist could be considered Acceptance. Get  Best Assignment Writing Service with HelpHub .

× How can I help you?