SP003 RISK MANAGEMENT AND BUSINESS INFORMATION. Essay

Information System
Author’s Name
Institutional Affiliation
Information System
Introduction
In recent decades, innovation has become a focal sorting out the rule that courts, scholars, activists, the media, and policymakers have grasped while thinking about how the law ought to react to new technologies. As per such accentuation, varieties of legislative measures, for example, the intellectual property, data privacy of customers, telecom-technologies, and inclining rate of competition have commanded the talk on legal incentives in cultivating innovation. To be sure, another field of scholarship alluded to as "development law" has risen as a theoretical build to bring together these divergent fields of law (Traum, 2016).
Data protection is a critical aspect for the customers that hold businesses responsible. Information is the foundation of e-business. The Internet enables businesses to utilize information all the more viably, by permitting customers, suppliers, employees, and partners to gain admittance to the business data holding pertinence to the individual jobs. Ostensibly, customers can utilize the web to put orders, which can be fulfilled even more rapidly, and with less error. Providers can be locked in as requests are placed, reducing or eliminating the need for inventory, and employees can acquire timely data about business operations (Anonymous, 2013). The objective of this paper is to assess risks experienced by two organizations, PEPSICO and Wal-Mart with deployed information systems pursued by mitigation approaches.
Part I – Risk Management Analysis and Evaluation
PEPSICO – Transaction Processing System (TPS)
Risk Identification
Security. The Transaction Processing Systems (TPS) are getting increasingly accessible for businesses as the commercial commodities are for the customers. In any case, the ways to deal with the issues related to utilizing TPS in staggered secure conditions are still in the examination organized. Data theft is a major security risk in the deployment of TPS in PEPSICO. Since TPS is natured as enterprise-scale and cross-functional in the business processes of PEPSICO, internal attacks are among the top threats, mostly on the grounds that it is unbelievably easy for individuals who as of now approach sensitive data to abuse it (Carver, n.d.). Untrained or uninformed employees additionally represent a security risk, for example, easily detectable passwords for sensitive accounts or unattended devices without the presence of a responsible figure in the vicinity.
Because of cross-functional nature, errors like sending a critical document to an unrelated person can demonstrate to be adverse to data theft risks for PEPSICO. PEPSICO tends to integrate TPS-extracted data and results on cloud applications. The cloud applications can be convenient from multiple points of view since it permits PEPSICO to access information from anyplace frequently on multiple devices. In any case, this convenience additionally opens up the attack surface of the information systems to attackers, strengthening the security risks (Gartner, 2013). Arguably, the security risk of TPS deployed by PEPSICO is huge and possesses critical potential in damaging the market position of the company. Necessarily for PEPSICO, preventing data breach and strengthening security measures around the data are unavoidable considerations while executing business operations with direct stakeholders routinely.
Legal. As anyone might expect, the development of data breach law has influenced the security considerations of PEPSICO with a speedy implication of technological innovation. There are two critical legitimate perspectives encompassing information breaks. To start with, the legal obligations of a PEPSICO owed towards its customers in regards to data security and notifications of a breach. Second, the legal remedies customers get if their private information is compromised as the aftereffect of a data breach (Loop, 2013). Tragically, PEPSICO customers come up short on the information that the producer possesses. In this manner, consumers cannot act knowledgeable while purchasing a product. The due care position perceives the irregularity and susceptibility of a customer by putting legal obligations on PEPSICO.
For international businesses like PEPSICO, going along on a global scale with laws and regulatory developments is a difficult errand. Every country has its own, regularly unique, laws and regulations. Laws, for example, the EU Data Protection Directive and Sectorial Laws like MIFID, and HIPAA in the US, each force specific security-related requirements. To date, there have been scarce legislations that explicitly focus on the inexorably noticeable issue of cybersecurity, other than the laws pioneered by some US States which expect organizations to educate the applicable regulator regarding a data breach, and comparable breach notice prerequisites under the EU E-Privacy Directive (Loop, 2013). Precisely, legal obligations on the deployment of TPS exist heavily for PEPSICO for avoiding penalisations and ethical ignorance.
Ethical. Ethics refers to making a good or bad move that individuals need for consideration while making critical decisions. Ethics in management information system monitors to protect and safeguard people and society by utilizing information systems capably. Organisations, for the most part, have articulated code of ethics or code of conduct guidelines that hold each employee to follow and practice strictly (Mingers & Walsham, 2010). In context to PEPSICO and TPS deployment, breach of privacy is a major ethical risk involved in the deployment of information systems. Data innovation has made it simple for users to access any data or information at some random time. With the increased development of consumer centrism networks and bookmarking destinations, the consumers are losing the credibility of their participation with digital media campaigns and purchasing activities subsequently.
Seemingly, TPS is a decentralized system of PEPSICO, which is accessed by employees and suppliers from cloud applications in order to manage the routine exchange of businesses. The decentralized technology makes an alternate arrangement of issues than the straightforward misuse of a single technological profile and information. Today, unauthorized access to electronic data, Also referred as "Value-based Information, incorporates Hackers Breaking into Systems or Networks, Third Parties gaining access to individual data on lost computers, smartphones or related technological gadgets used in an organisation and failing drastically in disposal safely (Mingers & Walsham, 2010). Consequently, PEPSICO remains at critical risk of being accused of ethical irresponsibility due to privacy breach or ignorance in TPS.
Financial. PEPSICO is experiencing a challenge while ensuring General Data Protection Regulation (GDPR) compliance internally and there is a fundamentally more prominent test to get assurance that their complete supply chain is GDPR Compliant. The GDPR sets a unique benchmark for protecting consumer rights with respect to the provided information; however, organizations will be tested as they set up frameworks and procedures to look after compliance. The GDPR interprets that the company must give a "sensible" degree of data protection to prevent personal data from potential breach, however, a true definition of sensible is provided by GDPR. The GDPR governing body receives significant leeway about evaluating fines for information ruptures and resistance (Martucci & Oldvader, 2010). For PEPSICO, it is important to comply with the GDPR provisions in order to avoid the financial risks, such as penalisations and related adversities that could influence the brand position in the market, while providing competitors with an opportunity.
In PEPSICO, internal groups of employees are the data processors, having a responsibility to process personal data records and keep track of any redistributing firm that plays out essential roles in such exercises. GDPR tends to hold data processors directly accountable for potential breaches or evident activities that result in non-compliance. It is conceivable that the company and data management stakeholders, for example, a cloud service provider will be responsible for fines and penalties based on the sensitivity of the breach (Nicoll & Owens, 2013). Subsequently, PEPSICO needs to make constant improvements in terms of monitoring and adherence of GDPR compliance for avoiding financial losses, protect the brand image, and retain the customer base collectively.
Approaches to Risk Mitigation and Management
Managers in PEPSICO recognize security risks in TPS, the deployed cross-functional and enterprise-level information system in the company, as essential consideration while mitigating risks. At PEPSICO Global, the board and executive members in c-suite are highly interested in knowing the efficacy of information system security considered by the management. Hence, the first approach to mitigating security risk is employee training. A keen and aware talent base of an organisation would ensure that the company is protected from breach of data privacy, an ethical violation, and non-compliance of GDPR provisions, a legal breach. Training employees at regular intervals would allow PEPSICO to ensure the prevention of data theft and misuse of customer information by suppliers. Hence, employee training is the primary approach to prevent penalisations and related adversities in the information system.
On the contrary, the investment in TPS and related software firewalls is another consideration. Arguably, employee training is a necessarily required aspect for PEPSICO in mitigating identified risks. However, employees and suppliers are a direct human orientation, which is an ultimate stop to breach of infor...