BSBIMN501A QUEENSLAND INTERNATIONAL BUSINESS ACADEMY 2.5 Manage contingencies such as system failure or technical difficulties by accessing technical specialist help as required. Contingencies are any incidents, usually adverse, that may occur at some time in the future. We can make plans or provisions for contingencies so that, in the case of an emergency or technical difficulty, there is the least possible disruption to business activities, functions and processes. The objective of careful contingency planning is to protect organisations from being caught unawares with a time-consuming or costly problem-instead they are prepared with an appropriate response. Contingencies, by nature, cannot always be foreseen, but there are ways to identify potential risks. Identifying risks requires thinking up all the likely scenarios for things that can go wrong with an information or knowledge management system. Once we have identified the potential risks, we must then analyse, treat and monitor them. This process involves: identifying potential risks and how they could happen ascertaining the likelihood and severity of the risks comparing one risk to other potential risks and giving it a priority making plans to either tolerate, treat or eliminate the risk. Think of and activity that you have undertaken in your everyday life (planning a trip taking out a loan) What risks were involved in the activity? Did you have a contingency plan in place for those risks? Can you apply the previous process to your contingencies? Describe how you prepared for the potential risks or if you didn’t prepare contingencies, how could you have? Any information or knowledge management system comes with a number of technical risks because even the best computer programmers cannot foresee every possible state a system can enter. Many incidents are caused by 'bugs' in the system, but often it is human error that causes system failure or difficulties. Consequently, no matter how much a system has been thoroughly and carefully tested, there is no guarantee that it will run problem-free in the future. Most hardware malfunctions occur with computer hard disks. Dust particles get caught between spinning disks, magnetic coating on disk surfaces becomes worn, or disks become misaligned due to them being dropped or jerked-these are all common causes of hard disk failure. Power failures can also cause faults in the electrical circuitry as can overheating due to cooling fans that are no longer functioning. Some software functions are built into chips in the hardware, which means that softwarerelated hardware problems can affect the system's hardware components Software malfunctions occur when there are bugs in the computer program's coding. The bugs can cause the computer software to produce erroneous or unexpected results, or they may trigger the program to operate in an unintentional manner. Some bugs are more critical to the software's function than others, and often a system will go 'live' even though it still contains known bugs. This occurs for a number of reasons: the bug is considered non-critical and it is not worth delaying implementation repairing the bug would create more problems than there are already the expense incurred in repairing the bug would not be justified an updated version or a patch will be released in the near future to repair the bug. It is good to keep in mind that what appears to be a software malfunction can sometimes be an error in human operations. In these cases, the problem lies in correct user training. When we talk about corrupt data, we refer to data that cannot be read or used by the software program that originally created it. The most common causes for data to be corrupted are hard disk failures, power failures, and computer viruses. A number of contingency measures can, and should always be put in place to prevent the causes of corrupt data; such as uninterrupted power sources, robust and concealed cabling, a clean, dust-free environment and virus protection software. Regular and multiple backups will minimise the adverse impact in the event of data being corrupted. The security risks associated with information or knowledge management systems can include fraudulent transactions, data theft, unauthorised program modifications and vandalism; to viruses, Trojan horses, worms and logic bombs. Security risks involve crimes committed by people who exist either internally or externally to organisations. Their motivations may be to make money, access confidential information or, in the case of many 'hackers', Simply to cause havoc for the fun of an intellectual challenge Clearly, there is no room for complacency when it comes to security risks. Contingency plans to reduce the risk of expensive computer crimes should have top priority in all organisations. Plans should incorporate strict use of passwords and continual monitoring with virus protection software. Data encryption is also a valuable strategy against data theft-it makes data meaningless to anyone who doesn't know the special decoding process necessary to convert the data back into a readable form Operating a computer may seem like a harmless activity in terms of personal safety, but there have been incidents whereby complex computer systems have caused injury and even death. Systems developed for military defence, transport and healthcare also have the potential to cause tragic harm to humans. Fortunately, most business-related information or knowledge management systems don't carry such catastrophic risks to humans. However, it is nevertheless worth going through the process of analysing safety risks such as the impact that electrical faults, natural disasters and even ergonomics may have on the health and safety of system users. Define the following security risks. You may need to search the internet if you are unfamiliar with any of the terms. Virus Worm Trojan horse Logic bomb Trapdoor A computer virus attaches itself to a program or file enabling it to spread from one computer to another, leaving infections as it travels. Like a human virus, a computer virus can range in severity: some may cause only mildly annoying effects while others can damage your hardware, software or files. Almost all viruses are attached to an executable file, which means the virus may exist on your computer but it actually cannot infect your computer unless you run or open the malicious program. It is important to note that a virus cannot be spread without a human action, (such as running an infected program) to keep it going. Because a virus is spread by human action people will unknowingly continue the spread of a computer virus by sharing infecting files or sending emails with viruses as attachments in the email. A worm is similar to a virus by design and is considered to be a sub-class of a virus. Worms spread from computer to computer, but unlike a virus, it has the capability to travel without any human action. A worm takes advantage of file or information transport features on your system, which is what allows it to travel unaided. The biggest danger with a worm is its capability to replicate itself on your system, so rather than your computer sending out a single worm, it could send out hundreds or thousands of copies of itself, creating a huge devastating effect. One example would be for a worm to send a copy of itself to everyone listed in your email address book. Then, the worm replicates and sends itself out to everyone listed in each of the receiver's address book, and the manifest continues on down the line. Due to the copying nature of a worm and its capability to travel across networks the end result in most cases is that the worm consumes too much system memory (or network bandwidth), causing Web servers , network servers and individual computers to stop responding. In recent worm attacks such as the much-talked-about Blaster Worm, the worm has been designed to tunnel into your system and allow malicious users to control your computer remotely. A Trojan Horse is full of as much trickery as the mythological Trojan Horse it was named after. The Trojan Horse, at first glance will appear to be useful software but will actually do damage once installed or run on your computer. Those on the receiving end of a Trojan Horse are usually tricked into opening them because they appear to be receiving legitimate software or files from a legitimate source. When a Trojan is activated on your computer, the results can vary. Some Trojans are designed to be more annoying than malicious (like changing your desktop, adding silly active desktop icons) or they can cause serious damage by deleting files and destroying information on your system. Trojans are also known to create a backdoor on your computer that gives malicious users access to your system, possibly allowing confidential or personal information to be compromised. Unlike viruses and worms, Trojans do not reproduce by infecting other files nor do they self-replicate. In a computer program, a logic bomb is programming code, inserted surreptitiously or intentionally, that is designed to execute (or "explode") under circumstances such as the lapse of a certain amount of time or the failure of a program user to respond to a program command. It is in effect a delayed-action computer virus or Trojan horse. A logic bomb, when "exploded," may be designed to display or print a false message, delete or corrupt data, or have other undesirable effects. Trap doors, also referred to as backdoors, are bits of code embedded in programs by the programmer(s) to quickly gain access at a later time, often during the testing or debugging phase. If an unscrupulous programmer purposely leaves this code in or simply forgets to remove it, a potential security hole is introduced. Hackers often plant a backdoor on previously compromised systems to gain later access. Trap doors can be almost impossible to remove in a reliable manner. Often, reformatting the system is the only sure way Technical specialists are workers who are either internal or external to the organisation and who have been given the responsibility of dealing with issues that arise with the information or knowledge management system. Having specialists available with the right technical skills is integral to contingency planning. A team of technical specialists should be able to answer the following questions: Are the risks interrelated? Who is affected by the risk? Who will ensure the risks are managed? How an organisation puts its team of technical specialists together will differ from one organisation to another, depending on its needs, size and type of business. A list of different kinds of technical specialists is provided below to give an overview of who may be available to consult should the need arise A chief information officer (CIO) is head of all aspects of information technology within the organisation. In most cases, the CIO plays a central role in analysing and modifying business processes, developing knowledge sources, reshaping technological infrastructures, and identifying strategic business directions. CIOs possess a good balance of business acumen, project management skills and knowledge of information technology. Sometimes software is bought 'off-the-shelf' and, at other times, it is custom-built by specialists who exist either internally or externally to the organisation. More often than not, complex information or knowledge management systems are tailored for the organisation using a combination of both off-the-shelf and custom-built software When you encounter software-related technical difficulties, you might need to consult with the software programmers who have written the program's coding. This group of workers design, write and test the system's programs and database. They will also write technical documentation related to the software program Systems managers take care of hardware installations and configurations. They are also responsible for making sure that users operate the system correctly. Technical writers are responsible for writing the user documentation and training guides for the system. Database administrators are in charge of how items are entered into the database. They monitor its performance and data quality. Information technology support personnel provide assistance to workers who operate the information or knowledge management system. The information technology user support team may encompass database administrators, systems managers, systems programmers and technical writers. User support specialists can also be found at the organisation's help desk Computer systems can have an in-built design that minimises the operational impact of system failures. This type of design is referred to as faulttolerance, fail-safe design or graceful degradation. It allows the system, in the event of failure or malfunction, to continue its operations with decreased quality or capacity. Usually, the amount of decrease in operational quality is in proportion to the degree of failure in the system Fault tolerant systems either correct a problem at the time it occurs and 'roll forward' from there, or they 'roll back' to a state when the system was functioning properly to detect the problem and then correct it. Both roll-forward and roll-back mechanisms can be built into the same system to deal with different types of errors. In groups, each member shares a positive experience that they have had when accessing technical assistance. Next share an incident when things didn't work out so well. What made that experience negative? From a business perspective, what went wrong and why?