Tutor Quora

SBM4304 IS Security And Risk Management

Academic Anxiety?

Get an original paper within hours and nail the task

156 experts online

Free Samples

SBM4304 IS Security And Risk Management

.cms-body-content table{width:100%!important;} #subhidecontent{ position: relative;
overflow-x: auto;
width: 100%;}

SBM4304 IS Security And Risk Management

0 Download10 Pages / 2,391 Words

Course Code: SBM4304
University: Asia Pacific International College

MyAssignmentHelp.com is not sponsored or endorsed by this college or university

Country: Australia


Task Specifications
Students should select an organisation. The organization must provide IS services to the staff and customers. The students have to write a report to answer the followings related to the selected organization:

Briefly illustrate the services the organization provided and how the use of information system supports the organization business operations. 
Any organization use General Management Controls (GMCs) to manage its risks. This control forms the foundations of internal control system and help provide efficient defense against threats. Outline and discuss the GMC of the selected organization.
Application Controls (ACs) for IS are specific type of control used by organizations to control computerize applications such as payroll systems, online learning systems and other business-related applications. Discuss the different types of ACs. 
Compare general management controls and application controls for IS.
Describe and evaluate the risk management techniques adopted by the selected organization required to ensure the reliability, confidentiality, availability, integrity and security of digital business processes. Your evaluation of the risk management must include risk identification, risk assessment and risk control related to the selected organization.
Auditing is the process of reviewing of systems use to determine if misuse has occurred at any bussing process of the organization. Critique the importance of auditing IS and safeguarding data quality for the selected organization. Illustrate the audit plan and process used by the organization.

You may need to make some assumptions with the required justifications.


Information system control involves implementing security parameters to an information system. Technological innovation has come up with many benefits but important to note is that, without implementing required security controls, information system can be detrimental to an organization (Kumar, Prasad & Samikannu, 2018). The main aim of the report would be to evaluate various information system controls that DXC.technology Company implements in order to make its service delivery to both staff and customers effective. The objective of the report would be to; analyze various security controls that DXC.technology implements to make service delivery secure, analyze how organizational application controls differs from management security controls. At an instance, all security control parameters are meant to make sure DXC.technology service delivery to both customers and staff are available when required and reliable to offer stable services. Additionally, security controls should provide required data integrity to all users, provide measures that offer data privacy mechanisms as well as provide both service provider and customers required security to organizational data (Wang et al., 2017). Despite security controls provided by the company, auditing would be addressed as a one of the mechanism an organization can use to enforce data integrity. Auditing can be used to evaluate data control parameters put in place by the organization in order to help subject organization come up with desired information control parameters.
DXC.technology services
This is an organization that offer services such as data analysis to other companies as well as application services. Many organization require data analysis in order to determine possible causes of security lapses. Additionally, organization may require security evaluation of applications that supports business operations in the company (Wang et al., 2017). DXC.technology has invested heavily on data analytics and application evaluation because many of the organizations lacks capability to employ required internal expertise. To facilitate advanced data and business application analysis, DXC.technology has developed and implemented security parameters that can be used to analyze required business operations. Besides data analysis, organization offers system security to other firms. The security services offered by the company has made it a giant security service provider across the globe. Other organizations outsource security advice as well as experts from DXC.technology. With current wave of system security lapses, organization have been going for information system security control implementation with help of DXC.technology. Its system security implementation has been incorporated into cloud computing when its customers decide to offer cloud services (Greene & Master, 2018). Finally, organization servers as consultant hub. Many organizations have been outsourcing services such as cloud based operations, data analysis and security applications.
General management controls (GMCs)
These are Information System policies that stipulates clearly general operations of many applications. These policies are only meant to facilitate effective operations of any information system. Its application in the business operations range from mainframes, all end-user environments and servers (Simpson, 2018). DXC.technology offer general controls in areas such as network operations and data centers. Since DXC offers hosting and cloud services as well as advice to customers on data centers, the general controls are quite dynamic in order to support various clients. Similarly, general system controls are used in cases of system security accessibility from within the organization and the cloud. Cloud hosting has become norm of the business due to its nature of availability and flexibility (Evers et al., 2017). To make system available to all target users, general controls are set without exposing system to vulnerabilities. Moreover, in modern technology, organizations operational data has become very important asset which determines the future of business operations. Irrespective of nature of data hosting, adequate security to the data is required to limit and control unauthorized access. In cases of internal data hosting and network privileges, proper authorization of data, program files and network segments is very important because it provides required security. It is important to note that without proper organizational policies, it is very difficult to categorize and enforce information system security in an organization ((Jianhong & Hua, 2010). DXC.technology has clearly defined rules on the roles performed by various system users such as programmers, system administrators and general application users. Lastly, general controls are quite important as DXC.technology advocates for frequent review in order to align business operation with current security parameters.
Application Controls (ACs)
These are controls that are specific to individual software applications and interrelated transactions. With application controls, organization places trust of authorization to one of the employees’ in order to be able to carry out some transactions. To enforce system level controls, it is important that application has required security functionalities (Greene & Master, 2018). Application level controls in DXC.technology are mainly classified into; input controls which are used to control the nature of data entered into the system by general users. Input controls are mainly used to enforce data integrity as privacy. Next, processing controls are used by organization to determine the output that is received by specific system users. Various system users should get different output from the system and this should be guided by the privileges assigned to each user. Finally, output controls are used to determine the accuracy of the results from the system. All these types of controls are put in place during system development. Organizations puts more emphasis on application controls because they are used to generate revenue to the organization. All authorization made to the application should be made by appropriate level of management in the organization (Wang et al., 2017). Besides security system access controls available to enforce data integrity, even the team with special application access should be reviewed frequently to avoid system being compromise by trusted employees. In order to make system functionality more secure and transparent, application level controls are very important and should be enforced and be reviewed regularly. It is possible to deduce that, application level controls are mainly used to control operation of businesses and affects business operations greatly.
General Management Controls Vs Application Controls
General management controls are procedures are made to apply to all types of information system. They can affect organization either internally or externally. Since they are applicable to all systems, it is important to make sure each general controls are not open for system manipulation (Kumar, Prasad & Samikannu, 2018). General controls are mainly meant to enforce system security from outside the organization, the processing power of the system which is controlled by assigning specific number of sessions to system. In cases number of sessions exceeds maximum set number, no more sessions are created by the system. Contrary, application controls are procedures that can be perceived to be more on internal operations of the company. They are specifically meant for individual application depending on required functionality (Ehatisham-ul-Haq et al., 2018). Each application should be developed uniquely to meet specific business operations. Application controls are grouped into three categories in order to be able to manage their operations.
Risk management techniques
DXC.technology has adopted various methodologies to be able to manage and mitigate risks to its operations and customers as well. System reliability is an important aspect that organization such DXc.technology cannot underscore due to nature of services it offers. To minimize system unreliability, DXC.technology has adopted replication strategy (Frey, 2018). Replication of the syetm makes it available for use any time. They are running standby power backs ups in their data centers as well as stable internet connection. Under replication, DXC has two data centers running same version of data and located in different locations. Despite running on their servers, they have implemented cloud servers to make sure their services are available all the time. Besides replication, DXC.technology has implemented server virtualization which minimizes service disruption when one server breaks down unexpectedly (Austin, 2018). On confidentiality, it is apparent that every organization strives hard to make its operation confidential in order to avoid competition. To make its operation free from intrusion, the company has formulated strict rules that governs the nature of operation in every business section. Since DXC offers wide array of services, few samples such as cloud hosting and system security would be handled. To make its operation more robust, organization formulated an evaluation department which determines the nature of service (Subramanian & Jeyaraj, 2018). Sensitive services should be hosted internally unless stipulated otherwise by the client. Despite client’s option, they advise their client before opting for the chosen decision. All possible threats should be analyzed to determine likelihood and threshold of attack if it occurs. According to Waz, Sobh & Eldin (2017), system security evaluation has to be done to make analyze the impact of data in cases of unauthorized access.    
Data integrity is used to make sure data is consistent and can be used for sound decision making with minimal errors if any. To make sure data is consistent, organization enforces measures such as data validation on entry (Jianhong & Hua, 2010). They implement and advice customers to make sure their system validation is correctly done both at interface level and database level. This is used to make sure every piece of data is correct and meets all given requirements. Further, system security is a fundamental concept that must be implemented at all cost. To mitigate system risks, DXC.technology has developed a security framework that defines clear process of low and higher level system risks (Austin, 2018). These policies are to be enforced by all organizational employees as well as clients. These measures include; using organizational computers only for business purpose, online communication to be restricted to workplace emails only and data access to be made by only authorized employees.
Risk identification is one of the challenging information system and security measure. Since DXC.technology is an IT edge company, it has developed and outsourced advanced tools for use in service delivery (Alali & Yeh, 2012). In terms of organizational network penetration, network configuration has to be done in such a way that, all new devices must undergo several tests and authentication before connecting to organizational network. Similarly, all incoming signals are diverted to specific servers before accessing required data. Risk assessment is done in terms of severity and it depends on financial implication to the firm. Risk assessment has to be done by system security expert in presence of higher level management (Nather, 2018). Once risks have been identified and relevant assessment done, its control methodology should be followed carefully. Risk control has to be done through use of the appropriate tools, experts and policies.
Importance of auditing IS and safeguarding data quality
Information system audit is very crucial part of business operation because it tries to evaluate if organizational IT systems are secure and available mitigation strategy in case of any risk (Mohammed, Far & Naugler, 2014). Information system audit are sued by the top level management to evaluate security measure that an organization should implement to be more secure and at the same phase with technological advancements. Next, information System audit as to be done to determine system compliance with organizational objectives. This makes sure organization does not implement systems measures that does not comply with international standards (Wiley, 2017). Finally, it is used to evaluate whether employees and other system users have been enforcing system operational requirements.   
Conclusion and recommendations
DXC.technology is a service organization that offers IT solutions to its clients. Its services range from data analysis, cloud hosting, system security implementation and advice to its customers. Information system controls can either be general or application controls depending on its level of application by specific organization. General controls are generally applied to all systems while application controls are specific to individual application. Additionally, risk management techniques are available to help organization secure its operation. They include replicating services, having standby power source alternatives and implementing security measures that guarantees security of the data and availability of services offered by the DXC.technology. Finally, system audit is of great importance because it acts as complementary tool that ensures data integrity is maintained. It is highly recommended that, firms and IT service companies be careful when rolling out new IT strategies in business operations.
Alali, F. A., & Yeh, C. L. (2012). Cloud computing: Overview and risk analysis. Journal of Information Systems, 26(2), 13-33.
Austin, G. (2018). Corporate Cybersecurity. In Cybersecurity in China (pp. 65-79). Springer, Cham.
Austin, G. (2018). Governmental Cybersecurity. In Cybersecurity in China (pp. 95-116). Springer, Cham.
Ehatisham-ul-Haq, M., Azam, M. A., Naeem, U., Amin, Y., & Loo, J. (2018). Continuous authentication of smartphone users based on activity pattern recognition using passive mobile sensing. Journal of Network and Computer Applications, 109, 24-35.
Evers, K., Oram, R., El-Tawab, S., Heydari, M. H., & Park, B. B. (2017). Security measurement on a cloud-based cyber-physical system used for Intelligent Transportation. In Vehicular Electronics and Safety (ICVES), 2017 IEEE International Conference on (pp. 97-102). IEEE.
Frey, S. (2018). How to Eliminate the Prevailing Ignorance and Complacency Around Cybersecurity. In Cybersecurity Best Practices (pp. 1-10). Springer Vieweg, Wiesbaden.
Greene, M., & Master, Z. (2018). Ethical Issues of Using CRISPR Technologies for Research on Military Enhancement. Journal of bioethical inquiry, 1-9.
Jianhong, Z., & Hua, C. (2010). Secuirty storage in the Cloud Computing: A RSA-based assumption data integrity check without original data. In Educational and Information Technology (ICEIT), 2010 International Conference on (Vol. 2, pp. V2-143). IEEE.
Kumar, V. S., Prasad, J., & Samikannu, R. (2018). A critical review of cyber security and cyber terrorism–threats to critical infrastructure in the energy sector. International Journal of Critical Infrastructures, 14(2), 101-119.
Mohammed, E. A., Far, B. H., & Naugler, C. (2014). Applications of the MapReduce programming framework to clinical big data analysis: current landscape and future trends. BioData mining, 7(1), 22.
Nather, S. (2018). Improving Information Security Through Risk Management and Enterprise Architecture Integration. In ICCWS 2018 13th International Conference on Cyber Warfare and Security (p. 420). Academic Conferences and publishing limited.
Simpson, J. (2018). Emergency Services Systems Reliance on Wireless Telecommunications and the Potential for a Cyberattack (Doctoral dissertation, Utica College).
Subramanian, N., & Jeyaraj, A. (2018). Recent security challenges in cloud computing. Computers & Electrical Engineering, 71, 28-42.
Wang, Y., Jia, X., Jin, Q., & Ma, J. (2017). Mobile crowdsourcing: framework, challenges, and solutions. Concurrency and Computation: Practice and experience, 29(3), e3789.
Waz, I. R., Sobh, M. A., & Bahaa-Eldin, A. M. (2017). Internet of Things (IoT) security platforms. In Computer Engineering and Systems (ICCES), 2017 12th International Conference on (pp. 500-507). IEEE.
Wiley, (2017). Wiley ciaexcel exam review 2018: internal audit knowledge elements. s.l.: john wiley.    

Free Membership to World’s Largest Sample Bank

To View this & another 50000+ free samples. Please put
your valid email id.


Yes, alert me for offers and important updates


Download Sample Now

Earn back the money you have spent on the downloaded sample by uploading a unique assignment/study material/research material you have. After we assess the authenticity of the uploaded content, you will get 100% money back in your wallet within 7 days.

UploadUnique Document

DocumentUnder Evaluation

Get Moneyinto Your Wallet

Total 10 pages


*The content must not be available online or in our existing Database to qualify as

Cite This Work
To export a reference to this article please select a referencing stye below:


My Assignment Help. (2020). IS Security And Risk Management. Retrieved from https://myassignmenthelp.com/free-samples/sbm4304-is-security-and-risk-management/a-case-study-on-dxc-technology-services.html.

“IS Security And Risk Management.” My Assignment Help, 2020, https://myassignmenthelp.com/free-samples/sbm4304-is-security-and-risk-management/a-case-study-on-dxc-technology-services.html.

My Assignment Help (2020) IS Security And Risk Management [Online]. Available from: https://myassignmenthelp.com/free-samples/sbm4304-is-security-and-risk-management/a-case-study-on-dxc-technology-services.html[Accessed 18 December 2021].

My Assignment Help. ‘IS Security And Risk Management’ (My Assignment Help, 2020) accessed 18 December 2021.

My Assignment Help. IS Security And Risk Management [Internet]. My Assignment Help. 2020 [cited 18 December 2021]. Available from: https://myassignmenthelp.com/free-samples/sbm4304-is-security-and-risk-management/a-case-study-on-dxc-technology-services.html.

.close{position: absolute;right: 5px;z-index: 999;opacity: 1;color: #ff8b00;}


Thank you for your interest
The respective sample has been mail to your register email id


$20 Credited
successfully in your wallet.
* $5 to be used on order value more than $50. Valid for
only 1

Account created successfully!
We have sent login details on your registered email.



Want to buy assignments online?. Myassignmenthelp is the right choice for getting top quality assignments on time and ridding you of the fear of failed grades. You get affordable papers from our best paper writing service. All the works are according to instructions and properly edited and proofread several times to ensure freedom from any kind of conceptual or language error. The works are delivered by the agreed upon time , at any cost. So be it homework/coursework help, research papers help, help with term papers, dissertation help, thesis help, you get it all at one place and that too of a superior quality. Join us Now.

Latest Management Samples

div#loaddata .card img {max-width: 100%;

MPM755 Building Success In Commerce
Download :
0 | Pages :

Course Code: MPM755
University: Deakin University

MyAssignmentHelp.com is not sponsored or endorsed by this college or university

Country: Australia

The process of developing a successful business entity requires a multidimensional analysis of several factors that relate to the internal and external environment in commerce. The areas covered in this current unit are essential in transforming the business perspective regarding the key commerce factors such as ethics, technology, culture, entrepreneurship, leadership, culture, and globalization (Nzelibe, 1996; Barza, 2…

SNM660 Evidence Based Practice
Download :
0 | Pages :

Course Code: SNM660
University: The University Of Sheffield

MyAssignmentHelp.com is not sponsored or endorsed by this college or university

Country: United Kingdom

Critical reflection on the objective, design, methodology and outcome of the research undertaken Assessment-I
Smoking and tobacco addiction is one of the few among the most basic general restorative issues, particularly to developed nations such as the UK. It has been represented that among all risk segments smoking is the fourth driving purpose behind infections and other several ailments like asthma, breathing and problems in the l…
Australia Maidstone Management Business management with marketing University of New South Wales Masters in Business Administration 

BSBHRM513 Manage Workforce Planning
Download :
0 | Pages :

Course Code: BSBHRM513
University: Tafe NSW

MyAssignmentHelp.com is not sponsored or endorsed by this college or university

Country: Australia

Task 1
1.0 Data on staff turnover and demographics
That includes the staffing information of JKL industries for the fiscal year of 2014-15, it can be said that the company is having problems related to employee turnover. For the role of Senior Manager in Sydney, the organization needs 4 managers; however, one manager is exiting. It will make one empty position which might hurt the decision making process. On the other hand, In Brisba…

MKT2031 Issues In Small Business And Entrepreneurship
Download :
0 | Pages :

Course Code: MKT2031
University: University Of Northampton

MyAssignmentHelp.com is not sponsored or endorsed by this college or university

Country: United Kingdom

Entrepreneurial ventures
Entrepreneurship is the capacity and willingness to develop, manage, and put in order operations of any business venture with an intention to make profits despite the risks that may be involved in such venture. Small and large businesses have a vital role to play in the overall performance of the economy. It is, therefore, necessary to consider the difference between entrepreneurial ventures, individual, and c…
Turkey Istanbul Management University of Employee Masters in Business Administration 

MN506 System Management
Download :
0 | Pages :

Course Code: MN506
University: Melbourne Institute Of Technology

MyAssignmentHelp.com is not sponsored or endorsed by this college or university

Country: Australia

An operating system (OS) is defined as a system software that is installed in the systems for the management of the hardware along with the other software resources. Every computer system and mobile device requires an operating system for functioning and execution of operations. There is a great use of mobile devices such as tablets and Smartphones that has increased. One of the widely used and implemented operating syste…
Australia Cheltenham Computer Science Litigation and Dispute Management University of New South Wales Information Technology 


Need an essay written specifically to meet your requirements?

Choose skilled experts on your subject and get an original paper within your deadline

156 experts online

Your time is important. Let us write you an essay from scratch

Tips and Tricks from our Blog

11174 Introduction To Management

Free Samples 11174 Introduction To Management .cms-body-content table{width:100%!important;} #subhidecontent{ position: relative; overflow-x: auto; width: 100%;} 11174 Introduction

Read More »