Brainscape's Knowledge GenomeTM

Browse over 1 million classes created by top students, professors, publishers, and experts.


See full index

Information Systems > Lec 6 > Flashcards

Lec 6 Flashcards

1
Q

What is IT RISK?

A

Risk = probability * impact

Two conceptualisation:
1) risk as a probable negative impact
2) risk as both negative and positive impact
Downside risk: probable negative outcome
Upside risk: probable positive outcome
IT RISK:
The potential for an unplanned event involving information technology to threaten an enterprise objective

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
2
Q

It risk from business perspective (4)

A

Availability; keeping systems and their business processes running and recovering from interruptions

Access: ensuring appropriate access to data and systems so that the right people have access they need and had people not, sensitive info is not misused

Accuracy: providing correct timely and complete info that meets managers, staff, suppliers etc requirements
Agility : to make necessary business changes with appropriate cost and speed

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
3
Q

It risk management: 3 core disciplines

A

Reduce IT complexity - procedures and policies that provide an enterprise level view of all IT risks

It allows small managers to identify and obtain resources for risk, and allows senior managers with a clear view of the major risks facing the firm

Creates risk aware culture -

Reduces uncertainty for revealing risks (risk aware behaviour)
Risks less likely to be buried or rejected

Create risk governance processes - identify and manage risks

Foundation improves risk management by removing unknown complexities

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
4
Q

Customer contact strategy: disclosure strategy

A

Disclosure to all public when it’s in a favour able position for business

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
5
Q

Risk escalator strategy

A

Companies are like people walking up a down escalator, you have to keep moving to stay in place. One speed switch for all escalators. If your are a better clover you increase spread ( makes hard for competitors)

Non incumbents take risk, have to speed up the escalator (they get sloppy, stumble, and slide back)

More sharing and transfer of data - between our system and with partners - causes more accidents

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
6
Q

Managing risks

A 
Downside risk ( is cost if happens) 
Cost of protection

Low cost of protection and tolerable downside risk = lowest priority

Low cost of protection and intolerable downside risk = mitigate asap

High cost of protection and tolerable downside risk = bear the risk

High cost of protection and intolerable downside risk = capitalise costs of risk mitigation

The high and intolerable is the hardest to make decisions

High cost and tolerable for that managers should understand that sometimes things won’t work (hacker incident may happen)
Not that IT has gotten something wrong
Just what we’ve decided to live with some risk

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
7
Q

Options for security and availability policy

A
  1. Everything is at least a certain amount safe
  2. Category level: we have different levels of safety
    Everything in the same level is equally safe
    Anyone with sufficient access rights can get access to the data in that category
    Under or over protection
    Some monitoring but more trusting
  3. Service and data level: for each service / data item we have a unique security level
    No under or over protection
    More oh
    Slow as we can longer give people access to a category and trust them to behave
    We monitor access to important data
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
8
Q

Crisis response strategies in data breach

A

Defensive
Accommodative strategy
Moderation strategy
Image renewal strategy

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
9
Q

Crisis response strategies in data breach - DEFENSIVE STRATEGY

A

Defensive strategy:
Strategy components: denial = seeking to frame that no breach crisis exists (E.g. no example Not used by the firms)
Strategy components: excuse = seeking to minimise the organisations responsibility for the breach (claiming that the breach occurred due to third party negligence)

Evoke suspicion and perceptions of dishonesty unless the firm is completely not responsible for the crisis (e.g. a natural disaster or terror attack)

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
10
Q

Crisis response strategies in data breach - ACCOMODATIVE STRATEGY

A

Strategy components: apology= explicitly apologising for the occcurance of the breach (e.g. explicitly stating that the organisation apologised for the breach)

Strategy components: remedial actions= taking steps to repair and control the damage (r.g. Offering free credit monitoring services, offering financial compensations)

It can include suspicions that:
The breach is severe and there may be looming legal and financial liabilities

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
11
Q

Crisis response strategies in data breach - MODERATION STRATEGY

A

Strategy components: ingratiation= seeking to make the stakeholders like the organisation (e.g. stating that the firm has a strong history of data privacy, stating that the firm has a strong history of valuing the relationship with the stakeholders and the trust the stakeholders have in the firm)

Justification= seeking to minimise the perceived damage associated with the breach (stating that the firm does not believe that the lost data have been or will be misused, strong that the lost data were encrypted and password protected, stating that the breach is an isolated act)

More acceptable as:
Neither denying responsibilities (like defensive strategy)
Nor inducing suspicion of severity and legal liabilities
Justification: firm has knowledge on the nature and severity of the breach

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
12
Q

Crisis response strategies in data breach - IMAGE RENEWAL STRATEGY

A

Correction commitment = reassuring stakeholders that the organisation will take whatever steps are necessary to avoid similar breach incidents in the future (e.g. claiming bag the firm has implemented security measures to prevent a recurrence of such an attack)

Stakeholder commitment = reassuring stakeholders that the firm is committed to providing the best services and or products in spite of the breach incidents (e.g claiming that the firm is committed to assisting the stakeholder, claiming that the firm is committed to protecting stakeholder data)

Value commitment = reassuring stakeholders that the firm is committed to its core values( e.g. claiming that the firm takes security of customer data extremely seriously, claiming that the firm values the stakeholders privacy, claiming that safeguarding the privacy of a stakeholder data is a top priority

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
13
Q

Effect of crisis strategies in stock price change

A

All 4 for highly repeatable firms has no significant influence

There is a negative but non significant influence for lowly reputable firms in defensive and accomodative strategies

And a positive influence in lowly reputable firms in moderation and image renewal strategies

Highly reputable firms have demonstrated many capabilities over the years. Investors discount one negative as bad things happen to all

How well did you know this?
1
Not at all
2
3
4
5
Perfectly

Information Systems (10 decks)

Brainscape helps you reach your goals faster, through stronger study habits.
© 2024 Bold Learning Solutions. Terms and Conditions