Risk Management via Digital Dashboards in Statistics Data Centers

Introduction

The term “Business without a Risk” does not exist (D’Souza & Valverde 2015), with rapid growth in technology and as businesses rely on Internet and it is almost impossible to achieve total security, there will always be a breaches and vulnerabilities that threaten business and cause damages. Risk management is mandatory element in every organization where decision makers attempt to find hidden threats and vulnerabilities to protect their systems. Monitoring risk level is a common trend at every organization to implement risk management (Nijburg & Valverde, 2011) as early detection of threats would help security staff and risk analysts to implement appropriate measures that can discover vulnerabilities in the systems (Wolden, Valverde & Talla, 2015). Early detection of risk enhances the chance of successful counteractions (Almadhoob & Valverde, 2014). A data center is a complex facility with several computer systems, telecom equipment and storage systems. The data centers have been successfully implemented in commercial sectors. The data centers for statistics purposes has been growing rapidly in the financial market and health care (Khan & Valverde, 2013). Dashboards for risk visualization have been suggested in the past, Eppler and Aeschimann (2009) suggested a dashboard for risk communications but did not address the issue of risk factors calculations, other authors have suggested dashboard for enterprise risk management but not specifically for the use of calculation of risk factors in data centers (Scarlat, Chirita & Bradea, 2012).The research focuses on conceptual understanding of information technology assets, how assets can be classified and presented in a risk database, primary focusing on designing and building a successful Information Security Management System (ISMS) module that can help statistics data for early detection of business risk. The following steps illustrate the scope of the research work:

• 1.

  Categorize assets into tangible assets (hardware, software) and intangible (data, services and company image);

• 2.

  Classify assets (assign access to applications and documents to various levels of management);

• 3.

  Group assets in types as (hardware, software, data, files, services, hard documents, etc.);

• 4.

  Identify organization’s main services and related business processes;

• 5.

  Build a relationship between assets and business and store information in a relational database;

• 6.

  Identify threats, vulnerabilities and possible impacts through risk assessments, history records, and literature;

• 7.

  Create an automated risk assessment plan (RAP) that allows the easy retrieval of risk information;

• 8.

  A business continuity plan based on assets, RAP and a risk mitigation plan;

• 9.

  ITIL based asset management database (CMDB) for enhancing and maintaining Information security in statistics data centers.

The research focuses on understanding the risk nature surroundings IT assets, the conceptual understanding of assets, how assets can be classified and categorized and how to be presented in a risk database. This paper presents a well-designed and integrated database for risk management data using a dashboard interface in real-time risk that makes it easy for risk managers to reach an understanding of the level of threats to be able to apply the right controls to mitigate them.