Organization
The organization that we have chosen for this assignment is Legoom Valley Solution & Consultancy. This organization specializes in assisting and coaching students who are interested in the vast IT field. It was founded in 2019 and is located at Jalan Reko, 43000 Kajang, Selangor.
Description of problem analysis of organization name
We have found that the organization does not have its own IT department but instead applies to outsourcing, in which they hire an IT provider to manage their information such as databases and recovery. This may lead to less control over the organization’s information.
Description of Approach used to assess the risks.
To assess the project risk, we used qualitative and quantitative risk analysis in order to measure the risk exposure. This type of risk analysis prioritizes the identified project risks using a pre-defined rating scale, and by using the formula Risk = Likelihood X Impact.
Top 15 risks identified
Outsourcing: The organization did not have its own IT department which may lead to several outsourcing problems such as hidden fees, misaligned software, and less control.
Server crashes or slowing down: The organization stores its data on the provider’s server. The server has a risk of crashing or slowing down if the provider also provides its services to other organizations.
Risk of virus attack: The organization rarely uses antivirus systems which may lead to the virus attack.
Asset lost: The organization’s assets are students, clients, and project records.
Third-party attack: When there is an attack on the provider server, the organization may harm it.
Risk of a rogue employee: The current student or employee might use the organization’s data or information for personal gain.
Privacy lost: Students and clients may access and obtain any information from the company due to no limitation set by the company.
Important information at risk: Due to third-party access, companies’ information is at risk when data is exposed to another person.
The target of hackers: Any companies that do not use antivirus software are at high risk of getting hacked.
No access to data: The company does not store any physical data. In the case of internet issues, the company will not be able to access any data.
Possibility of cyber attack
Breach in the system: In the cybersecurity field, a breach is when an unauthorized party is in the process of data theft.
Crisis management
Lack of IT policies on security and operation: There are no policies to guide employees on how to deal with security issues and the employer does not pay attention to computer security.
Lack of IT security employee training and awareness: Are of the opinion that training is only for large companies, expensive, and time-consuming.