Lets do some risk analysis on Trent's information assets. Trent stores many types of information and three
Question:
Let’s do some risk analysis on Trent's information assets. Trent stores many types of information and three of these are: Faculty information (username, password, department, etc.), Finance (student loan information, tuition payments, etc.) and Non- academic staff information (names, addresses, employment history, etc. of everyone who works at Trent that is not directly involved in teaching or marking).
a. For EACH of the three types of information, describe who would want to illegally access this type of information and why?
b. Consider what the impact would be for EACH of the three types of information mentioned above if the information was improperly accessed or damaged. Is the impact Catastrophic (expose school to serious lawsuits, loss of reputation, and/or information cannot be recreated), Serious (some exposure to lawsuits, loss of reputation and/or information is expensive to recreate), or No Big Deal (small chance of lawsuits, information can easily be recreated). Be sure to justify your choice for each type of information.
c. Now consider what the likelihood is that EACH type of information could be accessed or damaged: not likely, moderately likely, or very likely. Justify why you think the information fits in that category.
d. Now let’s look at how we can manage the risk. Basic techniques are: avoiding the risk, modifying the risk (impact and/or likelihood), transferring the risk to others, and accepting the risk. What techniques would you use for EACH of the types of information and how would you implement it?
Statistics The Exploration & Analysis of Data
ISBN: 978-1133164135
7th edition
Authors: Roxy Peck, Jay L. Devore