University of Phoenix
SR-ht-001 Risk Analysis
The purpose of this document is to address possible security risks associated with the completion of SR-ht-001. This service request is in regard to the “development and installation of a benefits election system to support the tracking and reporting of employee (union and non-union) benefits” ("Smith Services Consulting", 2011). On March 22, 2004 Graham Grove (Vice President of Industrial Relations, Huffman Trucking) sent a memo to Kenneth Colbert (Director of Human Resources, Huffman Trucking) sharing benefit information for non-union represented employees so that Kenneth could use the information to “rationalize health care costs for our Union-represented employees” (see the whole memo here) (Huffman Trucking Human Resources 2013). Possible Risks
The new program outlines benefits effecting employee healthcare in relation to health and dental coverage. As with most medical files and book keeping, a certain level of PII (personal identifiable information) is used. If this information is stored within the network in and attempt to support the tracking and reporting of employee benefits, as was requested in SR-ht-001, the HR (human resources) and IT (information technology) departments must consider the possibility of potential risk of this information being stolen or misused. The following paragraphs will address scenarios in which such risks can actually happen. Once these scenarios are discussed, preventative recommendations are given.
An Joe Schmo is assigned as a new union steward. The HR department has agreed to provide the union stewards with access to certain employee information in order to allow the union the opportunity to properly represent the employees and contact them when needed. Joe decides to print out union employee PII to take home so that he can make a new union represented employee contact list because the union president wants to...