Question

* what are some negative consequences of IT security?

* what are the 4 ways to respond to risk give example? *

give example of information that an employee should not reveal?

Answer 1

Negative Consequences of IT security
- It will result in loss of productivity for an IT firm if the system in under attack by bypassing the IT security.
- Sensitive data might be comprimised which can hamper the growth of the firm.
- Network connection would become slow and will hamper routine activities.
- Emails of the employees can be compromised and can be spammed for another virus attack.
- The reputation of the firm is under the scanner and will surely go down in case of failure of security standards.


4 ways to respond to risk
- Avoid -> It means that we need to prepare in advance for the probable risk we might encounter. We should try to expose the system by inhouse experts and fix the system there itself to avoid any threat by external agents.
Example -> Firms hire ethical hackers to find loop holes with in their systems and patch them before any outsider invaded those loop holes

- Reduce -> If we cannot avoid, we must try to reduce the risk. It should have minimal impact and should be in tolerable limits.
Example -> There are airbags in cars to reduce the risk. They do not gurantee that accident will not happen but if it does, the impact should be minimal.

- Transfer -> Another way we can handle a risk is that we can transfer it. If we cannot avoid and redcue we transfer it to some other agent/firm.
Example -> We buy vehicle insurance policy. In case of any mishap, the insurance policy is responsible to incur the losses of all the damages.

- Accept -> If we cannot do any of the three above, we need to accept the fact that something might happen and it will be an extempore when that happens. It is used where probability of the risk is very low.
Example -> Most small scale companies would not prepare for situation like a Pandemic like Covid-19. Because its probability is less. They have to accept that fact and make strategy from thereon.




example of information that an employee should not reveal
- Internal Project Information.
- Company's upcoming projects which are not yet official.
- Busniness logic for the projects they are working.
- Pricing model of the company unless its an official meeting.


Kindly upvote if this helped.