4-Access Risk: Unauthorized physical or logical access to the system, data .
Results: result in theft or misuse of hardware, malicious software modifications, and
theft, misuse, or destruction of data.
Causes; lack of strong user access or authentication (as user name and
passwords) use of smartphones to access, modify, and store corporate data and
open use of wireless networks for guest access to business data

5-System Reliability and Information Integrity Risk: Systematic errors or
inconsistencies in processing may produce irrelevant, incomplete, inaccurate,
and/or untimely information.
Results: In turn, the bad information produced by the system may adversely affect
the decisions that are based on the information.
Causes: software programming errors, weak edit or data verification controls,
and unauthorized changes to software (bad authorization controls)

 6-Confidentiality and Privacy Risk: Unauthorized disclosure of business
 partners’ proprietary information or individuals’ personal information.
 Result: in loss of business, lawsuits, negative press, and reputation impairment.
 Causes: for example, unimpeded access to system networks, software, and
 databases. (Bad authentication controls)

7-Fraud and Malicious Acts Risk: Theft of IT resources, intentional misuse of IT
resources, or intentional distortion or destruction of information.
Result: in financial losses and/or misstated information that decision-makers rely
upon.
Causes: disgruntled employees and hackers intent on harming the organization for
personal gain.

   The IT risks described above are not mutually exclusive. For example, an
   information system may be unavailable (availability risk) due to
   hardware/software failures (hardware/software risk). Likewise, fraud and other
   malicious acts may cause any of the other risks.

52

                                                                                             51

‫جميع الحقوق محفوظة ـ الإعتداء على حق المؤلف بالنسخ أو الطباعة يعرض فاعله للمسائلة القانونية‬