SUBJECT: INFORMATION SYSTEM MANAGEMENT

https://docs.google.com/document/d/1DaVWmRhNx_Ju8bEmpCOpHWrIkns5qPXD/edit?usp=sharing&ouid=114585111656768905611&rtpof=true&sd=true

MIDTERM PAPER in Information System Management (AIS 7) Direction: In your term paper choose one company and provide all the requirements needed (A-G) as shown below. A. Information about the Company Research that company. Learn about their CORE COMPETENCIES (Vision and Mission). What are they good at? What do they do? Do they have / who are there: Customers? Competitors? Suppliers? Peers? Fans? Enemies? B. Identify Risk Make a non-exhaustive list of as many potential risks to the company as you can. What could go wrong that could negatively impact that organization? Consider events in as many categories as you can. A few examples (tied to PESTLE - how convenient!): Political (political climate undergoes some change) impacting the industry - can't work / buy / sell products in or from some country critical to your business success) Economic (a pandemic virus fundamentally changes the way the world interacts, negatively impacting the ability for your business to function Social (change in climate drives customers to stop using your product service) . . Technological (hackers - ransomware - data breach - etc) Legal (legislation prohibits the sale / distribution of the company's product somewhere) Environmental (Tornado / Tsunami / earthquake / hurricane / other impact to your business) C. Organize/Categorize Risk Organize and categorize these risks into as many groups and categories as you need to be able to logically and intelligently evaluate them. Some examples: PROBABLE or IMPROBABLE (mean likely to happen) CORE or NON-CORE (if it's core function of the company) . IMPACT to the organization (High, Moderate and Low) etc. (may add if you wanted)D. Weighted Risk ASSIGN VALUES to the risks Then CALCULATE Quantifiable risks for those that you can. These should be REAL risks that are organized as probable, likely to occur, that will have impact on the organization, etc. E. How to Control/Mitigate Risk For each of the risks, determine whether or not a control could be used to help mitigate the risk. Consider controls in ALL areas (Administrative, technical, physical, directive, preventative, deterrent, corrective, forensic/recovery) and select appropriate controls to limit or mitigate the risk(s). F. Organize Risk the DELIVERABLE - create conclusion, why you selected the company (and why you chose them). What did you learn from creating the Risk Management plan. G. References (List of materials use to complete the quiz)