Category Archives: Business

Project for installation of a new Internet security suite-Risk Management


Project for installation of a new Internet security suite-Risk Management

For this assignment, you have been assigned as the project manager for a project involving the installation of a new Internet security suite for your company.

Complete the following tasks for your project:

Provide a brief overview of your project.

Describe positive and negative risks within your project.

Discuss how each of the identified risks can affect the success or failure of the project and rank each risk in terms of

impact to the project.

Propose risk mitigation and management approaches for each identified risk.

Describe the role policy plays in the planning and performing of risk management processes.

Sample paper

Risk Management

Brief Overview of the Project

Installing an internet security suite for the company is critical during this period of increased cyber-attacks targeting businesses. A new internet security suite for the company will help in protecting the company’s computer system from spyware, viruses, malware, email and IM scams, and from hackers. This project aims at improving the information security solutions utilized by the company by ensuring the installation of a new internet security suite that can detect and deter security threats facing the company’s computer system. The new internet security suite should not affect the performance of the company’s computers. Some of the features that come with the new internet security suite include anti-virus engine, content security and parent control, application control, USB device control, and among others.

Positive and negative risks and how they affect the success or failure of the project

Possible positive impacts

  • Reduced cyber attacks

A new internet security suite will reduce the possibility of successful cyber-attacks within the organization. According to Szewczyk (2012), antivirus programs and firewalls can be able to deter about 90 percent of malware.

  • Early detection of attacks

The new internet security suite will help in early detection of malware attacks. This will ensure that the management acts quickly by taking the appropriate steps to stop the spread or further damage. Early detection of attacks ensures the elimination of the threat before it cause significant loss.

  • Protection while surfing the internet

Installation of internet security suite will ensure that employees can surf the internet without hackers being able to access personal data such as bank account access details and credit card information.


Negative risks

  • Employees and other end-users risk

There is a significant risk posed by end-users of a particular system. Although the new internet security suite will thwart most of the cyber-attacks, its effectiveness partly depends on the behavior of the end-users. End-users should be able to understand how the internet security suite works, its importance, and how they can maximize the protection mechanism. Failure of end-users to adhere to protocol increases security threat. For instance, the new internet security suite may identify potential threats and warn the user from downloading a particular file. The user may ignore this and download a malicious file thus compromising the system. Employees may share passwords with their colleagues, which may increase security risk. This may compromise the effectiveness of the project.

  • Dynamic nature of cyber-threat

According to Szewczyk (2012), anti-virus vendors are able to protect organizations from about 90 percent of new malware. This leaves organizations at risk of about 10 percent of newly released malware. Malware developers may devise sophisticated malware that employ anti-detection techniques, hence lending the security systems vulnerable to attacks. This threat may compromise the efficacy of the project by making the internet security suite less effective in preventing attacks.

  • Targeting devices other than the company’s computer systems

The installation of the new internet security suite might not eliminate the security threat posed by cyber criminals. The internet security suite is designed purposely to protect the company’s computer system. In the recent period, however, hackers are targeting other devices that connect to the company’s computer system or that are used in some way. For instance, there have been malware attacks targeting smart phones and Asymmetric Digital Subscriber Line (ADSL) routers (Szewczyk, 2012). This may cause losses especially to customers who may lose money through illegal mobile banking transactions. Such losses may cause the management to lose faith concerning the internet security suite.

  • Failure to patch or upgrade the operating system and the internet security suite

Failure to patch the operating system and the new internet security suite may increase the security vulnerabilities. The IT department should ensure that there is regular updating of applications in order to reduce vulnerabilities. However, most organizations do not keep their applications up to date due to various complexities in updating or upgrading their systems. A good example is the recent ransomware named “WannaCry” which has affected thousands of computers running on the older versions of Windows operating system (Scott & Wingfield, 2017). In this case, free security patches were available but most organizations had not installed them, making their computer systems vulnerable to the ransomware.

Risk mitigation and management approaches

The first risk is employee and other end-users risk. The management can mitigate this risk by developing training programs for employees on cyber security (“Internet Security Threat Report (ISTR),” 2016). The training program should focus on identifying and preventing threats. The second risk concerns the dynamic nature of cyber threats. The organization can mitigate this risk by ensuring frequent updating of the new internet security suite. The organization should also update other applications including Windows operating system. The other threat involves cyber threats that target devices other than the company’s computer systems. The company can mitigate these threats by educating consumers and other third parties involved. Lastly, the organization should develop a policy to keep all applications and internet security suite updated.

Role policy plays in the planning and performing of risk management processes

Policy plays a critical role in planning and performing risk management processes. Policy provides guidance concerning the way in which the organization deals with cyber security threats. Policy provides guidelines that help in the implementation of strategies to deal with cyber security threats. Another role of policy is that it provides a mechanism under which the management can control the behavior of individuals within the organization.


Internet Security Threat Report (ISTR). (2016). Retrieved from   

Scott, M., & Wingfield, N. (2017, May 13). Hacking attack has security experts scrambling to     contain fallout. The New York Times.

Szewczyk, P. (2012). An australian perspective on the challenges for computer and network         security for novice end-users. The Journal of Digital Forensics, Security and Law:       JDFSL, 7(4), 51-72.

Cyber Security    


Identify cyber security risk components that may exist within your real or fictional company.

Develop and describe a cyber security risk mitigation strategy for a real or fictional company.

Describe the challenges and benefits of implementing a cyber security risk mitigation strategy for a real or fictional


Sample paper

Cyber Security

Cyber security remains a major threat to the operations of organizations worldwide. With the increased reliance on modern technologies by business organizations, there has been a tremendous rise in cyber security risks. Today’s organizational leaders are more concerned about cyber security risks than any other period in history. The dynamic nature of cyber security risks in terms of size and complexity makes it difficult for cybersecurity experts to develop a single solution for the cyber security risks. Organizations have established different methods or mechanisms of averting cyber security risks or ensuring they do not cause major harm. The financial industry is one of the most affected by the cyber security threat. This paper examines cyber security risk issues facing PAC Inc., a fictitious multinational company that offers financial services.

Cyber Security Risk Components

One of the cyber security risk components facing PAC Inc. and other organizations is the reliance on legacy systems (Cuomo & Lawsky, 2014). Although PAC Inc. updates its systems regularly, it may not entirely escape the application of legacy systems that come through acquisition. Legacy systems obtained through acquisitions pose significant risks due to the security vulnerabilities that come with them. The organization may take a long time before updating the legacy systems that have higher security vulnerabilities. Another cyber security risk is susceptibility to breach through the third-party vendor ecosystems. Most financial service companies including PAC Inc. rely on third-party vendors for delivery of certain services such as email services, cloud storage services, web-hosting services, and cloud storage services (Cuomo & Lawsky, 2014). The security vulnerabilities facing the third-party vendors increase cyber security risks at PAC Inc. It is difficult for organizations to replace their third-party vendors even if it is found their network security is weak due to the complexities involved in changing users.

Another cyber security risk component facing PAC Inc. is cyber threats. There are new forms of cyber-attacks that have hit the financial sector. Common cyber-attacks include Distributed Denial of Service (DDoS) attacks, ATM cash out, and Corporate Account Take Over (CATO) (“Conference of State Bank Supervisors (CSBS),” 2015). DDoS attacks are the most common. As the name suggests, these attacks involves directing excessive traffic to a company’s website in such a way that it interferes with normal service delivery. DDoS attacks may affect the reputation of the organization by denying customers access to essential services they need. CATO is a form of attack where cyber criminals impersonate the company and conduct transactions using customers’ accounts. Cyber-criminals gain access to corporate login credentials using malicious software, which they then use to transfer funds (“CSBS”, 2015). This form of crime targets online banking. ATM cash outs involve cyber criminals taking control of the web-based ATM control panels using malicious software. This may cause huge losses.

Cyber Security Risk Mitigation Strategy

Organizations are currently likely to experience cyber-security threats than any other period in history. A good mitigation strategy is developing an incidence response plan that outlines the critical steps that an organization can take in case of a cyberattack (Lebanidze, 2011). The incident response plan also identifies the critical steps that the organization should take in anticipation of a cyberattack. An incident response plan should include documentation of procedures, training, and rehearsal targeting the team involved in mitigating an incidence or breach of security. An incidence response plan comprises of various plans that the organization should draw. The first is the contingency plan that addresses issues concerning continuity of operations in case an unplanned outage affects the organization.

An incident response plan should include a disaster recovery plan. The disaster recovery plan outlines the steps to take in case of a major disruption to business. This plan may include system backups and off-site storage. System backup is vital for ensuring that there is no loss of data in case of a hacking incident. The incident response plan should also address the following.

  • Ways of addressing potential losses
  • Criteria for engaging digital forensic experts
  • Budget for the plans
  • The effectiveness of the incident response strategy
  • Communication to stakeholders concerning the issue

The incident response plan includes detailed plans, clearly defined roles, training of IT staff, and proper management oversight to ensure that the plans are in place. An effective incident response plan can help PAC Inc. to identify and contain attacks early before they cause significant damage.

Benefits and challenges of implementing a cyber-security mitigation strategy

There are various benefits in implementing a cyber-security mitigation strategy such as the response plan described above. One of the benefits of a mitigation strategy is the early identification of potential threats (Lebanidze, 2011). This means that attacks can be easily contained before they spread beyond uncontrollable levels. The cyber-security mitigation strategy can help in managing various stakeholders in the event a security lapse occurs. The incident response plan identifies plans on communication to stakeholders including customers if an incident occurs. An incident response plan can ensure the continuity of operations in case an attack occurs. On the other hand, one challenge of implementing a cyber-security mitigation strategy is the high cost. Mitigation strategies are costly and hence organizations try to weight the costs Vis a Vis the benefits. Another challenge in cyber-security mitigation lies in the dynamic nature of cyberspace. Every day, new and sophisticated attacks are emerging, which may invalidate any mitigation strategy in place.

To conclude, cyber security continues to be a major challenge facing modern organizations and including PAC Inc. Cyber security leads to losses or damage to reputation of companies involved. There is no foolproof method of preventing cyber-attacks. As such, modern organizations should develop incident response plans that can help them deal with potential cyber-attacks.


Conference of State Bank Supervisors (CSBS). (2015). A resource guide for bank executives.      Retrieved from source%20Guide%20FINAL.pdf

Cuomo, A. M., & Lawsky, B. M. (2014). Report on cyber security in the banking sector. New      York State Department of Financial Services. Retrieved from   

Lebanidze, E. (2011). Guide to developing a cyber security and risk mitigation plan. Retrieved    from           21.pdf


Risk Management Strategies

Risk Management Strategies


You have been asked to present information to your company’s board of directors regarding each of the following items:

business continuity plan (BCP),

disaster recovery plan (DRP),

business impact analysis (BIA), and

operational risk management strategy (ORM).

Create a written report consisting of at least three pages in which you describe the purposes and benefits of each one, the

challenges involved in creating each one, and how each one fits into a risk management strategy. Also, assemble and

present a policy for planning and performing each of the processes above.

Sample paper

Risk Management Strategies

Business Continuity Plan (BCP)

A BCP helps in establishing business continuity plans and processes that entail how the organization assesses risks, conducts risk mitigation practices, and how it can resume critical functions when faced by disasters or disruptions in operations (Eccleston, 2008). The main purpose of the BCP is to identify ways in which the business can resume critical business functions following a disaster. The BCP provides numerous benefits to the organization. One of the key benefits is that it provides business continuity even in the face of disasters that significantly affect operations. A BCP helps in building customer confidence. When other organizations fail to deliver in face of disasters, a business with a BCP can continue providing essential services. Another benefit tied to this is its role in creating a competitive advantage (Eccleston, 2008). This is because customers may prefer the firm’s products to others. BCP reduces the risk of financial loss. Another benefit is that developing a BCP enables the business to meet legal and statutory obligations. It is also a way of complying with the international business continuity standards.

There are a number of challenges involved in developing a BCP. The first challenge is high costs in developing the plan. Implementation of a BCP plan requires installation and maintenance of equipment, hardware, software, and allocation of human resource, which is costly (Stewart, Chapple, & Gibson, 2015). The second challenge is that the BCP process is complex to develop, implement, and maintain. This is because it involves making complex plans about mitigating potential disasters. The third challenge is the tendency of the management to make incorrect assumptions in the development of the plans. This may erode its effectiveness. Lastly, the senior management may fail to allocate enough time in the development of the BCP due to demands for other things in the organization (Stewart, Chapple, & Gibson, 2015). The BCP fits is a way of risk management. Risk management, just like the BCP, is involved in assessing the impacts of possible risks, developing mitigation plans, and settling on possible plans of actions if the risk occurs.

Policy for Planning and Performing the BCP

The following is a policy for planning and performing of the BCP

  1. Initiation – This involves establishing a team responsible for business continuity planning. At this level, one highlights the milestones, develops the executive report, and outlines the master schedule.
  2. Organizational impact analysis – this involves examining the potential impacts of system failure or disasters on the core business operations.
  • Contingency planning – This stage involves identifying contingency plans. In addition, the specific triggers are established. Presence of these triggers marks the implementation of the contingency plans.
  1. Testing – This involves ensuring that the business continuity plan is workable (Stewart, Chapple, & Gibson, 2015).

Disaster Recovery Plan (DRP)

A Disaster Recovery Plan (DRP) is similar to a BCP. While BCP ensures the continuity of all critical business functions, DRP ensures the restoration of damaged IT systems in the business through assessments, repair, and other activities. DRP is more of an effort to recover the business’ IT systems as well as applications (Gregory, 2010). There are several benefits in DRP. The key benefit is that it ensures the possibility of a business surviving a disaster. DRP reduces risk through threat analysis as well as through implementation of mitigation procedures. DRP improves reliability and availability of IT systems and business processes, meaning production can go on uninterrupted even in the face of disasters. DRP contributes to organizational maturity, since the organization can cater to its customers even during disasters. Lastly, DRP enables the organization to gain marketplace advantages through enhancing reliability.

Challenges are present in implementing a DRP. The first challenge involves high costs of implementing a DRP. This is because a business has to set aside money for backup IT systems and applications. The second challenge involves having a wrong or inadequate DRP. The plan is wrong if it is too complicated or too simple to handle the organization’s demands. The third challenge involves relying on wrong technologies such as outdated technologies. Another challenge is failure to test the DRP to ensure it is working. This may come because of a reactive IT department that fails to anticipate problems (Gregory, 2010). The DRP fits into a risk management strategy because it involves assessing the impacts of possible risks, developing mitigation plans, and settling on possible plans of actions if the risk occurs.

Policy for Planning and Performing the DRP

The DRP includes critical application assessment, back-up and recovery procedures, implementation procedures, test procedures, and the plan maintenance. The following are the steps involved in planning.

  1. Data collection
  2. Plan development
  • Testing of the plan
  1. Monitoring and maintenance processes.

Business Impact Analysis (BIA)

A Business Impact Analysis (BIA) helps in the examination of risks, threats, and exposures facing a business (Wallace & Webber, 2011). A BIA is a form of risk analysis, but includes calculations. A BIA provides an overview of critical business functions within an organization. A BIA has a number of benefits to the business. First, a BIA helps in quantifying costs associated with the loss of a particular vital function. It line with this, it helps in assessing intangible costs associated with a vital function. BIA helps organizations to establish the most vital functions that they ought to safeguard. Organizations can use a BIA to prioritize the application of scarce resources to multiple business functions (Wallace & Webber, 2011). BIA can help in establishing the vital records and the possible impacts in case of a loss. BIA can help in identification of major business losses such as loss of market share, customer loss, and others. Lastly, it can help in matching resources and business functions.

There are a number of challenges in a BIA. One of the challenges relates to cost implications of the plan. Since the analysis touches on departments, some departmental heads may be adamant to share sensitive information to the project manager. This influences the quality of the BIA. Another challenge is data overload. It might be difficult for the analyst to handle too much unstructured data. A business should perform a BIA prior to implementing risk management strategies. A BIA helps to identify areas in businesses that are most crucial. As such, risk management strategies can focus on the identified areas.

Planning and Performing

  1. Gathering information
  2. Analyzing the collected information
  • Documentation of findings
  1. Presentation of the findings to the leadership for decisive action (Heng, 2002).

Operational Risk Management Strategy (ORM)

Operational risk is the risk of loss emanating from failed business processes (internal processes), failed systems, external events, and people risks (Lather & Gakhar, 2011). This includes legal risks as well. The purpose of Operational Risk Management (ORM) is to identify and implement mitigating measures against operational risks. Some of the specific risks include high cost of energy, high employee turnover, legal risks, high cost of waste, and others. The benefits of ORM include identification of risks factors (internal and external); evaluation of risk drivers; implementation of internal controls to mitigate operational risks; aid in developing budgets for operational risk; and in strengthening of decision support system (Lather & Gakhar, 2011).

There are several challenges in implementing ORM. ORM results in high costs of compliance due to its complexity. There challenges in implementing the right risk management systems to support the needs of the organization. Another challenge is accessing the relevant information required in risk analysis. Another challenge is lack of management support to implement ORM. Operational risk management is a form of risk management strategy (Lather & Gakhar, 2011).

Policy for Planning and Performing

The policy for planning and performing include the following.

  1. Identification of risk
  2. Implementation of core risk management process
  • Capital evaluation
  1. Assessing risk appetite.


Eccleston, C. H. (2008). NEPA and environmental planning: tools, techniques, and approaches   for practitioners. New York, NY: CRC Press.

Gregory, P. (2010). Cissp guide to security essentials. Boston, MA: Course Technology. Boston,             MA: Course Technology.

Heng, G. M. (2002). Conducting Your Impact Analysis for Business Continuity Planning.            Retrieved from            +(BIA)+challenges+in+implementation&source=gbs_navlinks_s

Lather, A. S., & Gakhar, D. (2011). Contemporary issues in corporate finance. New Delhi:          Excel Books.

Stewart, J. M., Chapple, M., & Gibson, D. (2015). CISSP: Certified information systems security             professional study guide. Hoboken, NJ: Sybex, a Wiley Brand.

Wallace, M., & Webber, L. (2011). The disaster recovery handbook: A step-by-step plan to          ensure business continuity and protect vital operations, facilities, and assets. New York: AMACOM.

Measuring Risk-Risk management


Measuring Risk

Organizations must be able to manage risk, but in order to do so, companies must be able to measure it. The terminology used to measure risks include risk, tolerance, and sensitivity as well as assessment, measure, and perceptions. prepare an essay of at least two pages outlining how risk measures have developed and evolved over time. Your essay should also outline qualitative and quantitative measures of risk and discuss how cultures, structures, and process impact the risk management process.

Sample paper

Risk management

When investors and companies decide to invest in any business, they usually take a great risk and a leap of faith in the unstable market.  Therefore, any investment is always associated with a form of risk. A hazard is the likelihood or the probability of harm, damage, obligation, misfortune or negative event brought on by both inside and outside elements in organizations.  Due to the increased number of risks associated with investments in recent times, investors are increasing creating and implementing safety measures to reduce the impact of the negative impact that may hit their businesses (Jordão & Sousa, 2010). As a result, risk management focuses on forecasting and projecting financial liabilities and losses together with identifying the best procedures to make sure these losses are minimized, or their impacts are minimized. Management policies, procedures, and practices are implemented to analyze, communicate and treat these threats.

With the evolution of risk in recent years where they are becoming complex, risks managers have also developed evolved and high standard risks measures to match the risks.  Some of the widely used risk measures in this era are qualitative and quantitative risk measures.  Qualitative risk measure focuses on identifying and communicating the profitability of a risk event occurring and the projected impact the threat will have a business. According to risk managers, all risks have both positive and negative impacts, and it is upon the management to identify and communicate the level of both impacts on the business in the case they occur. There are different techniques used to conduct qualitative risk assessment such as interviews, brainstorming, and risk rating scales and well as analysis of past data to identify a pattern on how risks occur (Valsamakis, Vivian, & Du, 2010,). On the other hand, quantitative risk measure help in assigning a forecasted value or costs to a risk that has already been identified.  Therefore, project managers can use this technique to numerically analyze the impact on overall investment of the established risks. However, for this technique to yield the best results, the risk manager must prioritize the threats and assign numerical values to these liabilities.

Organization cultures, which are frameworks and subsystems of shared assumptions and values governing the behavior of employees in an organization, have a significant influence on the risk management process adopted by a particular organization. Organization culture influences the conviction and corporate state of mind in an organization to persuade them to take the necessary well-informed risk decisions out of their own will but not because they are forced to take. Therefore, an effective risk management culture pays little emphases on the level of compliance compared to the willingness of the people to make the right decision.  On the other hand, and the organization framework of a company which holds a firm together.  Therefore, the organizational rules and policies put forth by the structure of an organization that outlines the roles and responsibilities of different organs can either promote or hinder risk assessment and management processes (Hopkin, 2017,). Each organ and department should be given independent and clearly defined power and roles to assist in identification of threats in their departments.  The top management should then design and create risk treatment procedures and processes to help in avoid and minimizing these threats.  Therefore, the organization structure should be flexible enough to allow changes in the designed processes and procedures of identifying and treating threats by urgency, need, and magnitude.


Hopkin, P. (2017). Fundamentals of risk management: Understanding, evaluating and implementing effective risk management.

Jordão, B., & Sousa, E. (2010). Risk management. New York: Nova Science Publishers.

Valsamakis, A. C., Vivian, R. W., & Du, T. G. (2010). Risk management. Sandton: Heinemann.

Identifying the key components of information systems management


Identifying the key components of information systems management-Research Paper

Identifying the key components of information systems management discussed throughout this course.Provide a description of an organization you are familiar with (possibly a company you have worked for in the past or are currently working for) and describe briefly what services they contribute. Then, select three out of the six questions below,and provide detailed answers, supporting those answers by referencing any sources used. Be sure to use examples from your research to strengthen your argument as needed.

 What personal knowledge management tools does this organization utilize?

What steps has this organization taken in securing their information and knowledge?

What has this organization done to gain and sustain an advantage over their competitors

 Describe in detail how this organization manages the components of its IT infrastructure.

 In what ways does the organization demonstrate successful collaboration?

Identify at least two types of hardware and two types of software used by this organization.

Sample paper

Information systems management

With recent advancement in technology, most companies have heavily invested in digital machines that help to improve their efficiency and effectiveness. Upon realizing that this is a golden opportunity, G-10 holdings a digital company that focuses on offering internet services quickly invested in the market to tap the ever growing internet market. At G-10 holdings, our items and administrations, our kin and our way to deal with business are held to the most elevated guidelines so we can unite the world by providing internet services to connect every individual (Laudon & Laudon, 2017). The organization is guided by straightforward rationality, solid qualities and high moral models that inform the daily company operations. The company offers WI-FI services, internet connection and TV packages where users subscribe to these services for a small fee, and they get to enjoy full time and unlimited services.

Question 1

Knowledge management largely focuses on availing the right knowledge to the right people so that they can make the best out of it. Therefore, knowledge management is very important in an organization considering that it enables the management and the workforce of the organization to learn, retrieve and use its knowledge assets whenever they are needed. Over time, different knowledge management tools have been used different and by a different organization to improve their performance.  Some of the tools used in G-10 holdings include:

  1. Data warehousing – in recent times, investors have found it necessary to store data in data warehouses. Data warehousing in a new system in the market used for reporting and information analysis and it is one of the primary components of business intelligence. Through data warehousing, an investor is in a position to design and implement a data warehouse of his choice depending on the needs and requirements of his business (Awad & Ghaziri, 2010).
  2. Data mining – this is a procedure utilized by investors and businesses to try to develop usable knowledge and data from data warehousing. However, data mining does not begin with procreated assumptions about the information, and its techniques are far much better for heterogeneous databases and data sets.

Question 2

Technology and new processes in the market have increased competition for the existing and potential market to a whole new level.  Therefore, firms are striving and struggling to gain and maintain competitive advantages in the market. To maintain their position in the highly competitive digital market, G-10 makes sure that:

  1. It exercises cost leadership – cost leadership focuses on production and sale of high-quality products and services to customers at relatively lower prices than their competitors. This technique allows the company to earn little above average profits which in turn are invested in improving the quality of the company serves (Šarić, 2012).
  2. Focusing – focus enables the company to put all their efforts and dominate a niche market. The company concentrates on a limited part of the market which is the provision of internet services to the customers thus allowing the company to understand dynamic and unique needs of this market.

Question 3

Hardware is a permanent and invariable factor of production used by organizations to produce goods and services while software is a collection of commands and instructions that enable a user to interact with computers (Awad & Ghaziri, 2010).  Some of the hardware used by the company includes:

  1. Central processing unit (CPU) – it is widely described as the brains of a computer that helps in calculations of various problems by a user. It is small, thin silicon waterproof circuit in a computer.
  2. Mouse – it is an input device used to point and select items when working with computers.

On the pother hand, types of software used by the company include:

  1. System software – they include all programs that help in managing the computer itself (Šarić, 2012).
  2. Application software – they include end user programs that assist a computer user in using the computer system with ease.


Awad, E. M., & Ghaziri, H. M. (2010). Knowledge management. North Garden, V.A: International Technology Group Ltd.

Laudon, K. C., & Laudon, J. P. (2017). Essentials of management information systems.

Šarić, S. (2012). Competitive advantages through clusters: An empirical study with evidence from China. Wiesbaden: Springer Gabler.

Explore how organizations use business process management (BPM)


Business Process Management

In this writing assignment, you will explore how organizations use business process management (BPM). Write a onepage  paper explaining how organizations use business process management (BPM)

Sample paper

Business Process Management

The art of making organizations process more efficient and effective is increasing becoming important to companies, and more and more entities are finding ways to increase their performances. As a result, most if not all organization have turned their attention to business process management that encompasses field operations management activities that help to improve the overall performance of an organization through management and optimization of an organization’s business processes (Weske, 2012).

An organization needs to make sure that all their operations are effectively managed and monitored to ensure that they are moving in the right direction. Thus, the utilization of business process management (BPM) in an organization helps to combine modeling, automation, execution, control, measurement and optimization of resources which are equally distributed in the entity. Therefore, BPM assigns resources to carry out specific work that is crucial to the operations of the company. Additionally, BPM helps to monitor and oversee the execution of work processes to make sure they are carried out at the right time, right manner and at the right place. Most of the company operations need financial support from the management which might end up in the wrong hands and get misused. Therefore, BPM makes sure that these funds fall into the rights hands and are used to complete the intended tasks and responsibilities (International Conference on Business Process Management, 2011). Moreover, through the utilization of BPM, an organization can detect a mistake in their operation before it is too late and create and implement a corrective action which ensures that the negative effects of the mistake are not intensively felt in the organization or company customers.

BPM is very important in an organization considering that it helps in designing, modeling, monitoring, execution and optimization of company processes to guarantee effective and efficient business processes.


International Conference on Business Process Management. (2011). Business process management: Proceedings. Berlin [Allemagne: Springer.

Weske, M. (2012). Business process management. Heidelberg: Springer.


Porter’s competitive strategy For Southwest Airlines

Risk Management


Risk Assessment

The purpose of this assignment is for you to initiate a risk assessment of a business of your own choosing. Use the provided Word template to complete the assignment. Once you have completed the template, please upload it into the assignment area within Blackboard. Please be sure to properly cite and reference any outside resources that you may use,Please explain, in a paper of at least 500 words, how you determined whether each risk was low, medium, or high impact, and include a more detailed plan for improvement.

Sample paper

Risk Management

Risk Description Risk Type Risk Impact Potential Action for Improvement
Failure to attract top talent  Human resource risk High  Provide benefits and good remuneration
Fluctuation in currency exchange rates  Marketing risk  Low  Currency hedging
Economic recession  Financial Low  Downsizing
High debt whose maturity is in the near future  Financial  High  Efficient administrative system
Changes in legislative or regulatory environment  Legal  Medium  Regulatory risk management program
 Data loss through hacking  Process risk  High Ensuring the information systems and related software are up-to-date
 Damage to physical property  Process risk  High  Improve the security network
 High staff turnover  Human resource  Medium  Improve working conditions


Failure to attract top talent is in the category of human resource risk. Failure to attract top talent is a high impact risk. The determination of risk impact examines the possible consequences of the risk occurring in the organization. Failure to attract or retain top talents can negatively affect the business’ competitiveness. This because businesses rely on the talent of their employees to develop innovative products that meet customer needs. Businesses can overcome this challenge by offering attractive benefit packages and remuneration to employees. This can reduce poaching of top talent by other businesses. Another risk is fluctuation in currency exchange rates since the business is international (Aubert, 2012). The risk impact is low. The impact of risk was determined through a qualitative assessment. In qualitative assessment, the risk manager looks at the probability of occurrence and the possible impacts. Although the probability of currency fluctuation is high, it might not have a significantly high impact especially in the long-run. Action for improvement involves currency hedging, which acts like some kind of an insurance against the impacts of currency fluctuations.

Another risk is economic recession, whose impact is low. Determining the risk of economic recession involves examining the probability of occurrence and possible impacts. Incidences of economic recession are infrequent, meaning the risk is less likely to occur. Furthermore, businesses can be able to take measures to cushion themselves from the impacts. Potential action for improvement is downsizing the scale of operations. For instance, the business may reduce benefits or lay-off some employees. High debt is a financial risk with high impact (Aubert, 2012). In determining the risk of high debt, it is important to analyze the risk to business if the maturity date is reached. One possible consequence is receivership, which indicates that the risk of bad debts is high. It is also important to consider the impact on the business reputation. Bad debts damage the reputation of the business. A business can avoid bad debts by ensuring there is an efficient administrative system. This can help examining the cash flow estimates to determine if the business can be able to pay its creditors.

Changes in the legislative and regulatory environment present a medium risk to the business. This risk is medium because it has a low probability of occurring. Furthermore, the regulatory risk can only affect a business only in circumstances where it is unable to respond appropriately to the new regulations or laws. A plan for improvement entails implementing a regulatory risk management program that can help in scanning, assessment, and monitoring of risks. Data loss through hacking or cybercrime presents a high risk to the business. This is a high impact risk since there is a high probability of occurrence and the potential for loss is high. Cyberattacks can lead to damage to the reputation and customer confidence. The potential action for improvement is the use of up-to-date information systems. Legacy systems have a higher chance of experiencing cyberattacks.

Another high impact risk is damage to physical property, which is under process risk (Aubert, 2012). Modern commercial buildings are equipped with expensive machinery and other technologies, which may be difficult for the business to replace. Damage to physical property is high risk because of the high loss that can arise in the event that the risk occurs. The risk of damage is also high, which may result from fire, burglary or theft, natural disasters, and other reasons. A potential action is improving the security around business premises through hiring guards and installing CCTV. High staff turnover presents a medium risk to the business. The costs of replacing staff may be relatively higher. However, the management can be able to take action to prevent high staff turnover, which makes it a medium risk. A potential action is to improving the working conditions.


Aubert, N. (2012). A world of danger. Retrieved from

Porter’s competitive strategy For Southwest Airlines


In this case study, you will research an organization and determine how their business strategy differentiates them from ther organizations in the same industry using Porter’s four competitive strategies model

Write a one- to two-page (250-500-word) paper to include the following:

A brief explanation of Porter’s four competitive strategies.

A brief explanation of how competitive strategy determines value chain structure.

Identify and discuss the competitive strategy that the organization you researched utilizes in order to differentiate them from other organizations in the same industry.

Sample paper

Porter’s competitive strategy For Southwest Airlines

The first Porter’s competitive strategy is cost leadership. This involves attaining the lowest per unit cost of production among rivals in the industry (Porter, 2008). Although the returns may be low, they could still be higher comparing to those of rivals. The second strategy is differentiation, which means developing unique products to those of competitors. The third strategy is focus or niche strategy. This involves concentrating on particular markets or groups of consumers, and understanding their specific needs (Porter, 2008). The last strategy is differentiation focus. This strategy involves the firm establishing differentiation with the target segment. A competitive strategy determines the value chain structure by enhancing the integration of activities in the value chain. The value chain is a network consisting of value-creating activities. The competitive strategies helps in ensuring there is interconnectedness among various firm activities such as production, marketing, research and development, and others.

The organization in focus is Southwest Airlines, a regional carrier with its headquarters in Dallas, Texas. Southwest Airlines employs a cost leadership competitive strategy in its operations. Southwest Airlines prides itself as a low-cost carrier, suitable for families and tourists going to various destinations in the United States (“Southwest,” 2017). Southwest Airlines operates on a no-frills policy in order to keep costs low. The airline does not give passengers meals. However, the airline provides passengers with snacks in flights longer than two hours. Southwest has the lowest turnaround time, which is on average 10 minutes (“Southwest,” 2017). This is meant to keep planes on air and reduce operational costs. The cost leadership strategy has been effective for southwest Airlines, which has achieved a remarkable streak of profitability since its inception.


Porter, M. E. (2008). Competitive strategy: techniques for analyzing industries and competitors. Simon and Schuster.

Southwest. (2017). About Southwest. Retried from         southwest/


What are the benefits an organization can receive from the adoption of a risk management program?


What is risk management?

What are the benefits an organization can receive from the adoption of a risk management program?

Describe the risk management process. What roles do security and capacity play within the risk management process?

What is the purpose of a risk management methodology?

Describe the various risk management methodologies used for risk assessment.

Sample paper

Risk management

What is risk management?

For any businesses to succeed in the market, they have to take the leap of faith and invest in their area of interest. All investments have to overcome risks for them to realize volumes of revenue and satisfy the needs of their customer.  A risk is often described as a threat that can affect the revenue and the return of the investment which in turn leads to loss. Risks are often divided into different categories such as basic risk, capital risk, and delivery risk.  However, to reduce the impact of the risk, investment companies have to deduce a way to manage these risks (Jordão & Sousa, 2010,). Risk management encompasses the identification, assessment, and control of liabilities and threats to a company’s capital and revenue. These liabilities could be triggered by a wide range of sources that includes financial liability and legal liability.

What are the benefits an organization can receive from the adoption of a risk management program?

As the risks and threats to business are increasing every single day, businesses are finding it necessary to implement some formal risk management system. Some of the benefits that are likely to accrue to a business that has adopted a risk management system include:

  1. Creation of a more risk-focused culture for a firm
  2. Efficient use of resources
  3. Effective coordination of regulatory and compliance matters
  4. Improved focus and perspective on risk
  5. Standard risk reporting
  6. It enables the management of a company to have a more consistent view of an approach to risk.

Describe the risk management process. What roles do security and capacity play within the risk management process?

Most of the risk management processes follow the same basic procedure and process to curb the negative impacts that may impact the business. The first step in the risk management process is the identification of the risk. Risk identification starts with uncovering, recognizing and describing the risks. The second step involves the analysis of the risk already identified to determine the likelihood of the risk occurring. The next step involves the ranking or prioritization of all the risks identified in the order of their urgency and magnitude (Valsamakis, Vivian, & Du, 2010). The fourth step involves the treating of the risk by creating a plan on how to modify these threats to make them acceptable. The final step involves the monitoring and reviewing of the risk to determine whether the risk management adopted by the management is effective. The security and capacity of information in a company ensure that the management has the necessary information, data, and statistics before they can adopt a risk management strategy.

What is the purpose of a risk management methodology?

The primary purpose of risk management methodology is to identify the best technique and method that can be implemented to identify and treat a risk to respectable levels.  Through different risk management methodologies such as risk acceptance and risk avoidance, a company has a chance to reduce the adverse effects of the risk.

Describe the various risk management methodologies used for risk assessment.

There are four major methodologies used to manage risks. These methods include:

Risk acceptance – risk acceptance does not reduce the adverse effects of a threat to a company. It is widely used when the cost of other risk management methods are too high or too expensive for a company.

Risk avoidance – involves the implementation of an action that completely avoids any exposure the identified risks. As a result, the company may talk an alternative just to avoid liability.

Risk limitation – this strategy limits the exposure f a firm to the risk through alternative action. It often combines risk acceptance and risk avoidance to decide on the best action to be taken (Saunders & Cornett, 2017).

Risk transfer – this strategy involves handing over the risk from one party to another especially a third party that is willing to accept the risk.


Jordão, B., & Sousa, E. (2010). Risk management. New York: Nova Science Publishers.

Saunders, A., & Cornett, M. M. (2017). Financial institutions management: A risk management approach. Dubuque: McGraw-Hill Education.

Valsamakis, A. C., Vivian, R. W., & Du, T. G. (2010). Risk management. Sandton: Heinemann.

Managerial decision making


National Security Agency (NSA) contractor. Here is the reference citation for the article:

Securing our liberty. (2013). Commonweal, 140(12), 5.

After reading the article, draft a two-page response by discussing the U.S. government’s decision to acquire phone and

internet data without disclosing its intentions to citizens. For this assignment, consider the NSA as an organization (i.e.,

business) and Snowden as a manager. How have the decisions of this event impacted the fairness of the U.S.

government, its citizens, and Snowden? How did ethics, perhaps, influence Snowden’s decision to leak information? In

this event, what is the greater good and also the consequences/sacrifices of that greater good? Based on the details of

this event, what can we learn about making important decisions as a leader and manager?

This event was covered by several news and media organizations, so there should be plenty of articles in the library.

Conduct a bit more research in the online library related to this event involving Edward Snowden and the U.S.

government—see what else you can discover about the event to determine an appropriate punishment, if any, for

Snowden’s conduct. Include at least one additional source from the library in your response.

The purpose of this assignment is for you to think critically about managers (and other leaders) making important

decisions, and the process managers use to make important decisions. Consider how important it is to collect all of the

facts before making an important decision, such as those involving fairness and ethics.

Sample paper

Managerial decision making

Due to the act of Snowden, the US government has identified ways and techniques of getting hold of any source of information that can prevent terrorist attacks both internal and external. By monitoring information through screening of texts, emails, and phone calls, the United States government has been able to keep its citizens safe from any attacks. The later indicates that the government is concerned about its people, the Americans and that it is ready to do anything to keep them safe. Mr. Snowden, as the manager, can be said to excel in his position considering that he is tasked with gathering relevant information that can help security agents to sabotage any terrorist attacks on the Americans (Securing Our Liberty., 2013). Moreover, it is correct to say that the general public has been disappointed by the breach of privacy by the government; it is fair to say that now they can lead their lives without the fear of being attacked by terrorists. The information obtains through the use of complex algorithms for collecting the information and tracks the calls, emails or text messages has been effectively used to reduce the vulnerability of the Americans from terrorist.

Ethics involved in Snowden’s decision

Being a former employee of one of the largest security agency in the world, Snowden had sworn to keep the secrets of his office, position, and country from the public and enemies. His position in the organization led him to obtain classified information about US surveillance something that he was supposed to keep as a secret.  Disclosing this information to Washington post and Britain’s Guardian may be considered heroic by some while others take him as a traitor and have jeopardized the lives of thousands and thousands of American citizens. Disclosing the information to the public was not the right action by Snowden since the classified information was collected to curb terrorist activities and keep amerce safe. The government may have used the wrongs means to obtain the all important information, but that does not justify Snowden’s unethical and immoral actions. Therefore, by disclosing the classified information, Snowden breached the privacy of Americans, betrayed their trust, the government, NSA and his country. Greater good and its consequences

Given the fact that the government and NSA intended to use the information and data collected to sabotage any terrorist attack and keep American safe, it is correct to say that the breach of privacy was for the greater good of the country.  Moreover, Americans will become careful with their conversations through phone calls, emails, and text messages. Furthermore, they will be aware that the government is concerned about their security and all the techniques employed to fight terrorism (Securing Our Liberty., 2013). On the other side, the US government will become vulnerable to terrorist attacks as part of the consequences considering that the terrorists are now aware of the techniques used to uncover their plans. Moreover, there are chances that the current investigations will be jeopardized putting members of a citizen in grave danger.

Importance of facts on making decisions

To avoid any controversy, it is important to identify the issues that can take place. A fair practice shall be to conduct a research report and analysis for the collection of data and review the processes, policies, and practices that have been applied to the subordinate employees (Securing Our Liberty., 2013). To make the decision fair and ethical, it is important to explore the organizational culture from a logical perspective to know every detail about the processes taken up for a certain incident. Therefore, Snowden should be punished as per deterred the Public Disclosure of Covert Actions Act 2012 and the National Security Agency should sentence him to a lifetime imprisonment.


Securing our liberty. (2013). Commonweal, 140(12), 5.


Managing change and transition