There have been many ssues and speculations on what and how the incident has brought about. In conclusion to part four of this assignment, a few recommendation have been made in order to address the data breached, one of the first recommendation was to perform a series of investigation and analysis about the risks, creating a plan to cover the risks from the incident to become much larger threads. As following the line of thinking from the other three prior assignments, there are several risks that have been identified in regards to the Hayton Electronics security breach incident.
The top risks identified were communication incident, lack of infrastructure to keep up with companys fast growth, need to educate employees in the event of another similar problem happen again, the restructure the IT security so customer information are more protected, and the political risks as the electronics company is risking law suits against the company if the customers are to find out about the stole data. Furthermore, the company is working closely with the FBI and secret service who have advised them to not communicate the breach to any of their ustomers (McNulty, 2007).
These major issues need to be alleviated in order to ensure that it does not happen again causing issues to arise once again destroying even more the fragile image of Flayton Company causing them to losing both customers, investors, and their business integrity from another security breach. Analysis of Impact on Events on Project The events that had taken place within two months after the reconciliation project had begun are two of the top threats just mentioned; realization of the top opportunity which was predicted in the management plan and risk egister.
Unfortunately the projects allotted risk budget has been exhausted beyond the predicted limits and the risk management schedule has been cut by two months. The scenario put forth is one of tremendous hazards, which would baffle project managers and the team of crisis management working on the Flayton Electronic Security Breach resolution plan. According to the risk registry previously created the following are the highest or top two risks that were identified: ID Category Risk Description Probability Impact Risk Score Technical Scope Definition
Vague Scope allows scope creep throughout the project . 70 . 80 . 56 2 Management Project Management Project management processes are not established fully . 60 . 48 For these identified risks and threats, the follow actions were recognized to alleviate the issues that were arising to cause the risk to emerge in the first place: Risk Action Scope items not clear cause of the breach and how to tackle the issue. Alleviate the problem by discovering the causes and create a plan to follow through.
Project Management All stakeholders should have a meeting to communicate the issues Of the ecurity breach & devise crisis management plan to tackle the risks of the breach, most importantly, a communication plan needs to be established that communicates the crisis to customers and stakeholders in a way to hold on to business integrity. The nature of each of the above listed risks is critical to the success of the project. When the project scope is clearly defined the foundations for developing the project plan are established.
The project scope is basically a definition of the intended end results or the main mission of the project (Gray & Larson, 2008). Having a definitive scope is essential to the overall success of the project because it is the root or the defined purpose of the project. Without a scope the team would be struggl ing about the project with no concrete purpose. It is the scope the interlocks all the various elements of the project’s plan. However, this was not properly achieved leading to the down of all the projects and resulting the predicted risks arising to once again come to the surface and smoother the project into none existence.
The scope creep was an issue that has been present since the start of the crisis management lan as the majority of Flayton’s top management has never experienced such a technical issue before in their careers. With the scope undefined the project is bound to once again fall back on the same road that it had started. Also the Project management threats that are also issues which have risen since there is not proper process of communication set up between all the stakeholders and there is also lacking of knowledge on how to properly deal with the situation in part of the top management (Hilson & Simon, 2007).
However, the company has realized the opportunity to bring up to speed he IT infrastructure that it is lacking in. This opportunity has led the company to understand where it was lacking in the PCI standards which have been updated and improved. The information of its customers and business has been more protected with the new IT infrastructure that has been introduced which has increased the integrity of the business as a whole.
The installation of the new IT infrastructure can be the reason that the budget for the project was exhausted. However, the exhaustion of the budget has led to a favorable outcome which will minimize future risk or threat Of security breach. Mitigation Activities It is now imperative to pursue mitigation activities between the stakeholders of the company, especially the investors. This has been mandated by the Sarbanes- Oxley Act of 2002 which makes audits more ethical to protect the investor.
Therefore, the company and its top management will have to call a meeting that communicates the crisis that Flayton had experienced as well as the crisis management plan that was devised and the installation of the IT infrastructure of the company that will secure its databases and customer information. The management should also discuss that aggressive growth was achieved in such a short amount of time that there was not enough time or effort put into adequately building up its IT infrastructure. These were the main factors that had caused a risk in scope definition and a greater potential in scope creep.
With the input of investors, the top management may able to minimize the quantum of the top two threats that have been realized. If there is a continuous lack of communication, then the crisis management project can result in a rift between the investors and the management of the ompany which may lead to disputes, contractual issues, and law suits. Therefore, without having to bring the process through a court procedure, the stakeholders involved can have a negotiation in order to reach an understanding to resolve the point of differences that are arising in the overall project.
This activity will also allow the interaction of stakeholders and their project managers to come together to discuss the scope of the project, thus providing a clearly definition to follow on. Budget & Schedule Changes Overall, with the events taking place in which the budget is exhausted and he risk management schedule is cut back by two months, there needs to be changes made to these in order to make sure that the top threats or risks are properly handled in order to eliminate them completely.
Analyzing the events, it does not seem necessary that the budget be changed by increasing it, however, in order to carry about the risk management plan, a certain amount of budget will be required to tackle the identified risks.. It is possible that the mitigation of the risks be completed within in the allotted time period even if it has been cut down two months (Heldman, 2005). With proper organization the outlined tactics for solving the risk can be completed. There will be no need of budget for the crisis management team, as they will be paid the amount in terms of their salary.
Furthermore, there is a schedule factor of the investigation that is taking place by the FBI and Secret Service which will impact the management of the security breach. Continuous collaboration with these parties can lead to an increase in schedule changes. However, the top management should resolve to minimize the risk on their own schedule y first trying to resolve if customers of Flayton’s should be informed about the breach of security. Reviewed Risk Registry ID Vague Scope minimized . 11 . 10 . 3 Project management processes are established fully . 15 . 12 Conclusion Once the risks that have been identified as the top risks are mitigated and resolved they automatically lose their potential as a risk become very low to none. The communication issue has been resolved with by involving the investors of the situation after the top opportunity was realized which showed investors that the company is capable of handling crisis situations nd making up for what they lack (Melton & Iles-Smith 2008).