Cmgt 442 Week 2

894 words 4 pages
SR-ht-001 Risk Analysis
University of Phoenix

SR-ht-001 Risk Analysis The purpose of this document is to address possible security risks associated with the completion of SR-ht-001. This service request is in regard to the “development and installation of a benefits election system to support the tracking and reporting of employee (union and non-union) benefits” ("Smith Services Consulting", 2011). On March 22, 2004 Graham Grove (Vice President of Industrial Relations, Huffman Trucking) sent a memo to Kenneth Colbert (Director of Human Resources, Huffman Trucking) sharing benefit information for non-union represented employees so that Kenneth could use the information to “rationalize health care costs for our
…show more content…

While the union should be allowed to have access to contact information of union members and potential union members, they don’t need any additional information. Also, there is no reason for them or any other employee to take this type of information home on paper copy because of the potential of this information being lost and/or stolen.
Scenario 2 This scenario is printable with simple education processes and specific policies put in place. If employees understand the risk of level computers or other network devices logged in while away from their desks, they may be less likely to do this. Also, if an employee understands that failure to comply with company policy regarding log in and out procedures can lead to dismissal, they are likely to avoid such activity.

Conclusion A benefit elections system, as with any other system on the network, has to be protected and properly managed. It is key to have employee training and proper identity management procedures. The IT department must ensure that employees only have access to necessary information and not to PII that is not specific to their job or position. It is up to senior management to ensure proper training is conducted and they all employees understand how to properly handle any use of PII even in something as simple as a benefits elections system.

Strength Access Control. (2013). Retrieved from