A risk assessment is a systemic process of evaluating the potential risks that may be involved in a projected activity or undertaking (Oxford, 2016). As Wal-Mart is one of the biggest company there are both pros and cons of using SAS system for data analysis. There are different risks for leasing and buying SAS system. According to Austin book, Barton have different option to select the software for their company like HiOSoft, VerxaWeb and ServoLith but they have to select only one of them (Austin, Nolan, &O’Donnell, 2009). If there is leasing option then he can choose one of them for trial period but in SAS system there is no option for leasing and subscribing. This system need to buy directly so, there might be risk of buying SAS in Wal-Mart without any trial version.
Buying Risk
SAS is one of the expensive software among other software. Once this software is installed the value is depreciated and cannot be changed. The employee to use this system should be experience and expert or need to trained properly so, after buying this system, Wal-Mart need to hire experience employee. This system need a specific hardware so, if there is any problem then maintenance charge would be the additional charge for the Wal-Mart.
 |
Potential privacy issues that SAS presents
SAS flourishes from Big Data, and with the various data streams Walmart produces on a daily basis, the focus on if this data is protected and how much of this data is allowed for public use and how much of this data is not feasible for public exposure. In 1970 data privacy became a recognized concern for issues such as medical records of financial information (SAS 2014). As a result, the Fair Information Practices (FIP) was adopted with the sole purpose to regulate data privacy. The FIP casted 5 guidelines; Openness, Disclosure, Secondary Usage, Correction and Security. It is these guidelines that foster new privacy-based regulations for big data such as the HIPAA and Sarbanes-Oxley. (SAS 2014) From 1970 to today, as much as big data privacy has evolved, there are still loopholes. In the Case of Walmart, the flow of big data does not go from a One to One relationship, Data is recorded, collected, exchanged between in a “many to many” relationship. Where SAS can take this big data, and place it into means that are easily understood, access to this condensed form of data is stringent to Walmart policies. For example, Walmart deals with both sellers and customers. At any time can a customer access certain information from a seller through Walmart’s database? How secure is Walmart now that SAS has made big data simple to quantify and understand? This is the potential privacy issues Walmart faces which in turn leads into the security issues in which exist in the supply chain at Walmart.
Potential Security Risks
Walmart, in a sense, controls their own destiny with SAS based security concerns. The vast majority of supply chain management software security concerns have been directly related to malware (intrusive software, including computer viruses, worms, trojan horses, etc... and these intrusive threats take the form of executable code, scripts, active content, and other software). Malware threats will allow the detailed information found within the SAS supply chain software product. Walmart controls their own destiny regarding SAS security threats by what information Walmart decides to input into the SAS software. There may be no need for Walmart to include information into SAS that would be worth hacking in the first place.
“Vulnerabilities in software applications and networks within the supply chain that are discovered by malicious hackers” (Mehta).
Considering the worst case scenario and a malicious hacker does find a vulnerability and gains full access to every bit of detailed information connected to Walmart’s supply chain, it would be unlikely that the hacker would gain any useful information within the system. Hackers invade software to find high reward information like individual banking account information, personal/corporate information related to finance or any detailed information useful in fraudulent activities. Walmart will most likely reap the benefits of utilizing SAS software without entering any high reward information from their customers, suppliers, supply chain partners, etc. With this lack of high reward information involved with Walmart SAS utilization, there is a very low threat level of any internal/external security risks occurring in the first place and the impact of an intrusion would be nominal at best.
Risk/Benefit Analysis
Collectively the buying, privacy and security threats do not represent serious probability of occurring or impact from even the worst of scenarios. The tangible and intangible values discussed in the previous Value Assessment page far outweigh the small risks associated with SAS supply chain software applications for Walmart. The tangible costs for SAS implementation are relatively high, but the risks discussed are so small that they should not reflect upon or add to these costs in any way.
Reference
Oxford (2016). In Oxford DictionaryOxford University Press. Retrieved from http://www.oxforddictionaries.com/us/definition/american_english/risk-assessment
Oxford (2016). In Oxford DictionaryOxford University Press. Retrieved from http://www.oxforddictionaries.com/us/definition/american_english/risk-assessment
Austin, R., Nolan, R., & O'Donnell, S. (2009). The Adventures of an IT leader. Boston, Massachusetts: Harvard Business Review Press.
Big data privacy: Four ways your data governance strategy affects security, privacy and trust. (2014). Retrieved June 25, 2016, from http://www.sas.com/en_us/insights/articles/data-management/big-data-privacy-four-ways.html
Mehta, L. (2015, June 12). Cyber Security Risk in Supply Chain Management: Part 1 - InfoSec Resources. Retrieved July 7, 2016, from http://resources.infosecinstitute.com/cyber-security-in-supply-chain-management-part-1/
No comments:
Post a Comment