MGT670-International Human Resource Studies

The risk sector which is taken into consideration in the aspect is the security of the data and the customer identify theft.

In order to analysis the risk management there are basically few processes which should be incorporated. The processes are stated below:

• Basic process: 1. Identify the risk

2. Analyze the risk
3. Plan
4. Execute
5. Control.

• Tools: PFMEA ( process failure mode effect analysis) or others
• Communication channel which would be supporting the risk management (Lolli te la., 2015.

Generally it can be stated that the risk represents the factor which is related to the occurrence and of any undesired event which directly triggers the different types of failure. The aspect of risk analysis can be stated to be used to directly find out the failure and to prevent these types of failure from occurring in the future. There are different types of fault analysis which can be include the sector of Fault tree analysis (FTA) which can be stated as a top down method which can be used for the purpose of relationship identification between different events of failure such as the customer identify theft. The extension of the FMEA can be FMECA (Failure mode, effects and critical analysis) which is achieved from the adding of the criticality of the analysis. The main advantage which can be achieved from the concept is that the purely qualitative FMEA can be converted into quantitative.

The regulatory compliance and the security control that should be adhered as are following.

• The failure identification should be done deductively
• Allow the potential failure of the process to be seen in a detailed manner.
• It should directly represent the behavior of the process
• It should directly enable the qualitative or quantitative analysis of the process which are involved into the process.
• The methods which are related to the identification of the parts of the process which are related to the risk and can extract the concept of specific failure.

The aspect of adherence to the regulatory compliance measures and the security control is essential due to the factor that no third party can indulge into any type of operation. In most of the cases it can be stated that the data of the user or the customer can be considered one of the most important assists which if accessed by any third party it can a big loss from the point of view of the customer as well as the business prospective.

Example 1: The data of the user should be kept secured so that to prevent unauthorized user from getting access to the data.

Example 2: The organization to tend to task advantage of the concept should use the basic framework which is related to the risk identification and the factors of the mitigation of the risk factors (Vahdani, Salimi & Charkhchian, 2015).

Part 2 - DFD

Figure 1: DFD Diagram

(Source: BY AUTHOR)

Part 3: Security Controls Mapping Template

References

Lolli, F., Ishizaka, A., Gamberini, R., Rimini, B., & Messori, M. (2015). FlowSort-GDSS–A novel group multi-criteria decision support system for sorting problems with application to FMEA. Expert Systems with Applications, 42(17-18), 6342-6349.

Mandal, S., & Maiti, J. (2014). Risk analysis using FMEA: Fuzzy similarity value and possibility theory based approach. Expert Systems with Applications, 41(7), 3527-3537.

Schmittner, C., Gruber, T., Puschner, P., & Schoitsch, E. (2014, September). Security application of failure mode and effect analysis (FMEA). In International Conference on Computer Safety, Reliability, and Security (pp. 310-325). Springer, Cham.

Vahdani, B., Salimi, M., & Charkhchian, M. (2015). A new FMEA method by integrating fuzzy belief structure and TOPSIS to improve risk evaluation process. The International Journal of Advanced Manufacturing Technology, 77(1-4), 357-368.