Information Technology Products and Their Risks

Information Technology (IT) is the study, design, development, implementation, support or management of computer-based information systems—particularly software applications and computer hardware. IT functions are considered as subsets of information and communications technology.

Products provided by Information Technology business functions and their risks:

Analytics and Monitoring

Analytics and monitoring software include both qualitative web usage data (what is being used/ searched for) and quantitative data (how many times).

Risks:

• Disruption of business continuity, including a deprivation of critical business insights.
• Misuse of company assets, including injection of malicious links or other code within the website.

Application Management

Application management software is used by organizations to ensure that IT is used efficiently.

Risks:

• Data exposure; including sensitive information about company resources.
• Disruption of business continuity.

Artificial Intelligence

Intelligence exhibited by machines to perform tasks that normally require human intelligence. These tasks may be for visual perception, speech recognition, decision-making, and translation between languages.

Back-Up and Recovery

Backup and recovery systems software help organizations store their data in case of data loss or corruption.

Risks:

• Data exposure, including sensitive company information.
• Disruption of business continuity, including loss in revenue.

CDN (Content Delivery Network)

A content delivery network optimizes delivery and performance of a company’s website, product, and services by copying and moving the data for these products and services geographically closer to regions of high demand.

Risks:

• Disruption of business continuity, including extended loading times, possible service downtime, and loss in revenue.
• Vulnerability or exposure to malware that affects web assets and services.

Database

Database management service providers manage access to databases, performance and reliability.

Risks:

• Data exposure, including database and content information.
• Disruption of business continuity, including loss in revenue.

Disaster Recovery

Disaster recovery services focus on restoring critical applications in case of data loss or corruption.

Risks:

• Data exposure, including access to copies of an organization’s data.
• Disruption of business continuity, including loss in revenue.

DNS (Domain Name System)

Domain Name System providers manage domain name resolution to one or more company domain names for selected IP addresses and other websites, products, and services owned by individual organizations.

Risks:

• Disruption of business continuity, including service downtime and unavailable content.
• Misuse of company assets, including injection of malicious links or other code within the website.

Enterprise Mobility Management

Mobility management services provide security and control for employee mobile devices in an organization.

Risks:

• Disruption of business continuity.
• Vulnerability or exposure to malware, which affects employee devices.

Hardware

This category is for hardware services and technology that do not fall into any other categories.

Risks:

• Disruption of business continuity depending on the importance of the service or hardware in question, which could affect the availability of service; including loss of customer confidence and loss in revenue.
• Vulnerability or exposure to malware, which affects systems.

Hosting

Hosting services can contain customer databases, website and web application files, and other code to make company services available to the Internet.

Risks:

• Data exposure, including information on intellectual property.
• Disruption of business continuity, including loss in revenue.
• Misuse of company assets.

IT Governance

Information technology governance software helps organizations track IT department performance and helps ensure regulatory compliance.

Risks:

• Data exposure; including information on department inventory, information on the inner workings and operation procedures of an organization, and weaknesses, such as compliance in development.
• Disruption of business continuity, including loss of insight into performance.

IT Management

Information technology management software helps organizations manage employees' IT-related needs using ticketing or call systems.

Risks:

• Data exposure; including device information and information on the inner workings and operation procedures of an organization.
• Disruption of business continuity, including loss of insight into management processes and loss of customer confidence.

IT Operations

Information technology operations software helps organizations proactively identify IT problems in advance.

Risks:

• Data exposure, including information on the inner workings and operation procedures of an organization.
• Disruption of business continuity, including, loss of insight into IT operation processes.

Mainframe

Mainframe management services help improve server performance, stability, and may provide backup solutions.

Risks:

• Data exposure; including database information and information on the inner workings and operation procedures of an organization.
• Disruption of business continuity, including loss in revenue.

Middleware

Middleware management software helps organizations with software data gathering, analysis, and reporting.

Risks:

• Data exposure, including report information and software version information.
• Disruption of business continuity, including loss of software analytics.

Networking

This category is for networking software and applications that do not fall into other categories.

Risks:

• Data exposure, including network traffic.
• Disruption of business continuity depending on the importance of the service.
• Misuse of company assets; including the injection of malicious links or data into network traffic.

Network Management

Network management software helps organizations optimize network and application performance.

Risks:

• Disruption of business continuity, including loss of performance insights.
• Misuse of company assets; including redirection of core services and misleading networks to connect to servers with malicious software.

Operating Systems and Languages

Operating systems and languages encompasses desktop, mobile, and embedded environments such as Linux, Mac OS, Windows, Unix, and others, on top of which end-user software runs, and computer languages used for development, such as ASP.NET, Apple iOS SDK.

Risks:

• Data exposure, including sensitive data depending on the responsibilities of the system.
• Disruption of business continuity, including loss of customer confidence.
• Misuse of company assets; including the injection of malicious links and potentially unwanted software into important systems.

Remote Server Solutions

Remote server solutions software is used to connect and administer to organization servers and systems hosted off-site.

Risks:

• Disruption of business continuity; including loss of customer confidence and loss in revenue.
• Misuse of company assets; including injection of malicious software and theft of an organization’s data.

Security Services

A Certificate Authority is responsible for the authenticity of TLS/SSL certificates used by companies to establish encrypted communications. A valid certificate, signed by a known Certificate Authority, is used to establish trust when encryption is used between clients and servers.

Risks:

• Disruption of business continuity; including prevention of renewals, prevention of security certificate upgrades, loss of certain security verification services that rely on provider uptime.
• Misuse of company assets; including the distribution of malware to customers, intercept legitimate communications (MITM attack), and obtain sensitive data.

Server Technologies

Server technologies include some pre-configured software and hardware packages provided by companies.

Risks:

• Disruption of business continuity depending on how heavily an organization relies on the service, including loss in revenue.
• Misuse of company assets; including injection of malicious content, theft of data, and hijacking of other services.

Software Configuration Management

A service that enables software developers to track and control software changes. This includes revision control and establishing baselines.

Risks: We are evaluating the impact of a disruption or compromise in this set of services.

Storage

Storage management software is used to manage software products that store data on servers or other devices.

Risks:

• Disruption of business continuity, including loss of data and data backup capabilities.
• Misuse of company assets; including downloading of data backups, erasing data backups, and the injection of malicious software.

Telephony

Associated with the electronic transmission of voice, fax, or other information between distant parties using systems historically associated with the telephone, a handheld device containing both a speaker or transmitter and a receiver.

Risks: We are evaluating the impact of a disruption or compromise in this set of services.

Virtualization Hosting

Virtualization hosting is used to create virtual hardware platforms (spread across one or many physical systems) on which virtualization software runs.

Risks:

• Disruption of business continuity depending on how heavily an organization relies on these services; including loss of customer confidence and loss in revenue.
• Misuse of company assets; including a takeover of critical systems, the injection of malicious links into a company’s web platform, and the injection of malicious software into company systems.

Virtualization Software

Virtualization software is used by a single computer to to create and run one or more virtual environments.

Risks:

• Disruption of business continuity, including loss of performance insights.
• Misuse of company assets; including a takeover of critical systems, the injection of malicious links into a company’s web platform, and the injection of malicious software into company systems.

Web Application

Other web applications used in business operations that do not fall into existing categories.

• Disruption of business continuity depending on the capabilities of the software, including loss of business insights.
• Misuse of company assets depending on how embedded or exploitable a web application’s technology is; including the injection of malicious links into a company’s web platform and the injection of malicious software into company systems.