ITEC 6610 Walden University Strategy Development Essay In the Project from the previous Week, you identified a gap related to identity and access managemen

ITEC 6610 Walden University Strategy Development Essay In the Project from the previous Week, you identified a gap related to identity and access management. Identity and access management is an important area in your organization where the “current state” falls well below the “desired state.” If the problem is not addressed, it may cause security concerns by allowing unauthorized entities access to the organizational network. It may also result in denying access to authorized users.

To prepare for the Project in this Week, refer to “The Process” in section 11.1 of the Brotby text.

Write a 4- to 6-page paper presenting a strategy for achieving the desired state for identity and access management at your organization. Using the examples in the textbook as a guide, address each of the 10 steps involved in the strategy development process with respect to this particular scenario.

Address the following points in your response:

Briefly describe the “Current State” (from your analysis in the previous Week of the Project).
Clearly explain and justify the “Desired State” from CMM level 4 that you feel your organization needs to achieve in order to better protect data or meet compliance objectives.
Explain why you consider this particular area important from the perspective of achieving security and business objectives.
Develop three control monitoring and metrics to evaluate the efficacy of your strategy.
Describe the high-level team you need; involve your security team, subject matter experts, and other stakeholders to develop and formulate a plan to close this gap. Running head: RISK ASSESSMENT BUSINESS PROJECT
Risk Assessment Business Project
Jamil Saad
Walden University
1
RISK ASSESSMENT BUSINESS PROJECT
Business Risk Outline
Part One:
1. Business idea
2. Akilimall
3. Online platform
4. Retailer, linking consumers and sellers of various goods
5. Headquarters located in Nairobi, Kenya
6. Operates in all countries of Eastern Africa
Part Two
Business risk
Paragraph 1,2
1. Introduction; definition of risk assessment
2. The importance of risk assessment
Paragraph 3
1. Steps for risk assessment
2. How to practice it in Akilimall
Paragraph 4
1. Gap assessment
2. Definition
Paragraph 5, 6, 7, 8
2
RISK ASSESSMENT BUSINESS PROJECT
1. The threat related to access and authorization
2. Two case scenarios
3. Stakeholders affected
4. Solutions
5. The degree of threat
Paragraph 9
Conclusion
3
RISK ASSESSMENT BUSINESS PROJECT
4
Risk Assessment Business Project
Project Introduction
The organization I work for is called Akilimall, with its headquarters located at Nairobi,
the heart of East Africa’s economy. The business is an online retailer shop, creating a platform
that links sellers and buyers. It allows for the purchase, transport, and delivery of packages to a
location that best suits a client. It has been in operation for the last eight years, growing with
every coming year. Presently, it is ranked second in terms of preference and quality of service
delivery, courtesy of its well-thought-of management, and a strong organizational structure,
making it flexible and adaptive to consumer’s changing tastes and preferences.
The shop, Akilimall, is a form of online commerce, where all the stock by its suppliers
gets posted on a website. A potential consumer then uses the organization’s interface to link up
with the seller, book and item, pay, and have it delivered at a place and time agreed mutually by
both. It virtually mimics the services offered at a physical brick-and-mortar shopping center. The
items sold there are gotten directly from the manufacturers and licensed suppliers, ensuring that
their authenticity is maintained. The organization sells a wide variety of items, ranging from
foodstuff to electronics, to beauty products, to everything a customer can desire. Therefore, we
have gotten into contracts with several suppliers, and to name just a few, are Samsung, Phillips,
LG, among others. The prices are also the fairest within the market, ensuring that we maintain
our massive market dominance.
The organizational structure is well-considered, where managers are chosen based on
their expertise and experience. All departments within the organization; the delivery, the sales,
and marketing department, the finance corner should work in harmony. The communication
channels employed are timely and transparent and allow for input and feedback to get to the
RISK ASSESSMENT BUSINESS PROJECT
5
relevant departments. Also, the gender rule gets observed, with a supportive human resource
department, to look into the maintenance of a civic working environment.
Within the eight years of operation, the outlet stores have grown and spread across
various cities and towns in Africa. There are at least two stores in every country within East
Africa, namely Kisumu, Nairobi, and Mombasa in Kenya, DaresSaalam in Tanzania, and
Kampala in Uganda. Plans are underway to expand the outlet stores to Rwanda and Burundi, as
well as Ethiopia, whose political environment and the population purchasing power is
auspicious.
Risk Assessment
Risk assessment should be a priority in any organization. It refers to the assessment of
any potential risks or points of weakness that make an organization vulnerable (Fiksel, 2015).
Risk assessment, when well looked into, will then enable any company to identify potential weak
points and identify risks the organization may be prone to. After that, the severity and
adverseness that each risk, if it occurs, would bring and efforts are put into either avoiding it
entirely or cushioning the impact that they come with.
Risk assessment needs to be thorough and exhaustive, as the very fate of the organization
may be dependent on it (van der Vegt, Essens, Wahlström & George, 2015). To successfully
assess the risks of an organization, one needs to focus on every stakeholder independently, as the
compromise of one department or partner creates a ripple effect that may cripple the business. In
Akilimall, the stakeholders are the consumers, the sellers, delivery companies, and employees
within the organization. Together, the efforts of these multifaceted stakeholders build or destroy
what the organization stands for. Also, being an online organization, the very foundation that the
transactions run through online platforms may be at risk of hacking. Also, the channels of
RISK ASSESSMENT BUSINESS PROJECT
6
payment, in particular, wireless money transfers, calls for collaboration with banks and other
organizations that offer similar services.
Risk assessment is a strategic approach with a well laid out formulae or approach that is
more often than not, successful. The first step would be to identify a potential hazard and, from
there, identify with the category or categories that are prone to harm. With that exhausted, the
next approach is to evaluate the damages the risk may bring with it and then tailor precautions to
mitigate it or cushion the effects. The solution may also be, in extreme cases, find a strategy for
the organization to recuperate if the damage is unavoidable. From there, the final step is to note
down findings and al that has been decided and review them for updates or corrections if needed.
Gap assessments, though different from risk assessment, work to reinforce the efforts and
actualize plans set. A gap identifies the differences between what currently exists and what
should. To further elaborate on this, the gap assessment seeks to find if the organization has
enough resources within reach to achieve the state of safety, or where there are no risks involved.
In layman’s, it highlights the degree of lack that the organization needs to satisfy in such a way
that the gap between the current state and the desired state is bridged. The two, risk assessment
and gap assessment, are virtually intertwined and cannot do without the other.
In modern business environments, many breaches have been as a result of poor access
control brought about by high degrees of incompetence amongst managers (Lortie, 2020).
Several scenarios depict a threat related to access and authorization within Akilimall. Poor access
and authorization management affect security risk and business management.
One such scenario is hacking by malevolent hackers after finding a weakness in the
technical IT department within the organization. In doing so, they, therefore, get access to
information about the business, and based on what they can access, the business is at risk of
RISK ASSESSMENT BUSINESS PROJECT
7
exposure. One, critical and confidential information of the customers is exposed to people who
may have ulterior motives. They may use this against them, blackmailing their customers at will.
Also, the hackers may alter the information, switching orders, and wreaking havoc in every
alteration they make. It confuses the day-to-day running activities within the organization. More
so, information about the managers and other employees may be at risk. Payments may be
compromised, with the breaching of transactions, and the hacking of the organization’s system
poses very many threats.
The risk created within the first scenario may have affected all stakeholders of Akilimall
directly. Therefore, the best solution is to create a website or an IT platform that is secure enough
and would detect malware as soon as hacking begins. With this, necessary changes can be made
to protect information within the organization. Management should, therefore, invest in quality
hardware and software programs, as their value increases with the cost. Though expensive, the
long-term advantages that come with it are worth it. By the management investing in quality
software that is practically impossible to hack into, all the information handled within the
organization is secure. Also, the risk managers must liaise with other related companies whose
activities are webbed to those of Akilimall. Employees need to get well educated on the role they
play in ensuring consumer security as well.
Another risk is too much access control. It may present itself through two prime
stakeholders, mainly the consumer or user, and the employees. In any online enterprise, the user
needs to be exposed to just enough. Too much information may create a loophole for users who
have harmful intentions of installing malware into the system. The online interface setup does
not allow for physical interactions between the client and a seller, and therefore, the credibility or
intentions of any transaction are almost left to assumption. Therefore, before any transactions get
RISK ASSESSMENT BUSINESS PROJECT
8
completed, the user needs to give limited but necessary information where they have virtually no
access to the information of the organization.
Also, the sharing of the details of a users’ account between different employees needs get
checked. In the occurrence of errant behavior, it is almost impossible to track it down to the
responsible employee. Also, the user gets exposed to too many departments across the
organization that he or she would otherwise not have known. Management directly plays a role
by ensuring that there is a separation of duties to all employees and that a client gets served by
just one employee satisfactorily. All users need to have set up an account to identify any
potential threats by hackers that may not have created an account recognizable by the system.
Also, with every shuffle in routine and responsibilities, the accessibility given any employee
should change accordingly. Employees may also willingly hack into the system. Therefore, every
once in a while, passwords need to get changed and distributed only to trustworthy members of
the organization.
Conclusively, online retail stores face significant threats. The fact that all users interact
virtually makes it prone to hacking, and managers, therefore, need to exhaust on all risks and
invest in reducing gaps. Policies made in Akilimall are solely subject to the decisions that the
people in authority make and must, therefore, try to mitigate and reduce risks whatsoever.
Collaborating with external influence such as insurance companies and employing security firms
to reinforce what the organization has may also help in assessing risks (Martin, Kay, Tate &
Karen, 2020). Also, the use of qualified personnel within every department goes a long way in
reducing the occurrence of risks as they are informed of their responsibilities and are
knowledgeable enough to act professionally.
RISK ASSESSMENT BUSINESS PROJECT
References
Fiksel, J. (2015). From Risk to Resilience. Resilient by Design, 19-34. doi: 10.5822/978-161091-588-5_2
Lortie, C. (2020). Manage risk. Retrieved 18 July 2020, from
https://www.infoentrepreneurs.org/en/guides/manage-risk/
Martin, Kay, P., Tate, & Karen. (2020). Team-Based Risk Assessment | PMI. Retrieved 18 July
2020, from https://www.pmi.org/learning/library/team-based-risk-assessment-3270
van der Vegt, G., Essens, P., Wahlström, M., & George, G. (2015). Managing Risk and
Resilience. Academy of Management Journal, 58(4), 971-980. doi:
10.5465/amj.2015.4004
9

Purchase answer to see full
attachment