Question

Regulatory requirements such as Health Insurance Portability and Accountability Act (HIPAA) and Payment Card Industry Data Security Standard require that an organization should conduct a risk analysis if a mobile device is lost or if the data on it are stolen. Discuss the following.

• How would this affect the business?
• If an employee's mobile device is lost, how would it affect the employer?

Answer 1

Many of the regulatory authorities prefer organizations to conduct risk analysis if a mobile device is lost or if the data on it is stolen to identify the potential threats and to measure their effect on the security of an organization. Most of the time it helps organizations to identify and asses the risks related to data loss and to resolve the problem. But it also affects the organization's overall performance as well.

• Risk analysis is a complex process so, that organization should assign more time and resources for risk analysis that affects the performance of an organization.
• For the development of risk analysis process organizations have to invest extra funds that affect the company business.
• It also affects the company’s ongoing business development projects, with the improper programming of the risk analysis process.

With the widespread use of mobile phones and related technologies, it is pervasive to discover data inside these devices. Most of these devices contain both personal and organizational information in the form of any applications or software that employees used for work-related purposes or personal purposes. So if the employee’s lost their devices it not only affects the user it affects the employer as well, because these devices can either be used to attack or to steal data from the organizational data systems. So every organization should conduct a risk analysis to identify the potential risk causes when an employee lost his/her device, this provides an employer to measure the risk associated with this situation and to resolve it.