Analysis Of Jacket X 's Payroll Processing System

1343 WordsJul 8, 20166 Pages
Payroll Process: During an initial review of data for Jacket-X from last year, several potential threats and vulnerabilities were identified. Specifically, the payroll business process was highlighted as containing threats and vulnerabilities requiring immediate attention from management in order to prevent a data breach. Recall threats and vulnerabilities, although often utilized together in discussing cybersecurity risks, are two separate concepts. To review, a threat is defined as an undesirable event that can cause harm”. It is also important to note that threats can be internal or external to an organization (Valacich). Alternately, a vulnerability is defined as a “weakness in an organization’s systems or security policies that…show more content…
This would allow supervisors to create a bogus employee, place them on the payroll master file, edit their hours, and supply their own banking information for direct deposit purposes. As this would initially cause a relatively small loss to Jacket-X, it may not be noticed for a while. In order to mitigate this vulnerability, supervisors should only have access to their own employees and any changes should create an audit trail. Also, for independent contractors, the payroll specialists have permission to alter payroll details during validation. Although these permissions allow for more productivity time by creating less personnel in the validation chain, it is counterproductive as it creates a vulnerability wherein the validator is not independent and free to edit contractors’ time and attendance. Additionally, this vulnerability can be exploited during the paycheck generation process wherein falsified checks can be created for the bogus contractors. In order to overcome this vulnerability, Jacket-X should separate the payroll specialists and validators in order to create a more secure validation process. Additionally, there is a major flaw with the direct deposit system in that it does not communicate with the paycheck generation process. This can cause paper checks to be issued to those employees who already receive direct deposit. Linking these two
Open Document