Cmgt 442 Week 2 Essay

884 WordsFeb 22, 20134 Pages
SR-ht-001 Risk Analysis University of Phoenix CMGT/442 SR-ht-001 Risk Analysis The purpose of this document is to address possible security risks associated with the completion of SR-ht-001. This service request is in regard to the “development and installation of a benefits election system to support the tracking and reporting of employee (union and non-union) benefits” ("Smith Services Consulting", 2011). On March 22, 2004 Graham Grove (Vice President of Industrial Relations, Huffman Trucking) sent a memo to Kenneth Colbert (Director of Human Resources, Huffman Trucking) sharing benefit information for non-union represented employees so that Kenneth could use the information to “rationalize health care costs for our…show more content…
Upon realizing his error, he calls the restaurant only to find the briefcase is no longer there. Joe immediately contacts Kenneth Colbert, who must then let the employees who’s information was stolen know what has taken place. Scenario 2 Jane Doe works in the HR department and is asked to update some employee phone numbers and addresses in the new benefits tracking system. Jane is working late and decides to leave her desk and get a soda for a little energy boost, she leaves her system logged in and goes down the hall. While Jane is gone the janitor comes in and sees the information on the screen: names, social security numbers, addresses, and phone numbers. He is a little down on his luck and decides to use this information to take out some online loans in an attempt to get ahead. It is not known until months later that the breach came from Huffman trucking when multiple employees report identity theft and an investigation is started. Proposed Solutions The above scenarios, as with most information security breaches, are highly preventable when proper identity management is used along with a few other preventative and training measures. According to Microsoft identity management “is a comprehensive set of processes that enable the secure access of end users to a broad range of internal and external IT systems, control the digital identity of those
Open Document