As it has been discussed in the text and the lecture, risk is a constant in all projects. As the newly appointed project manager for the deployment of a new biometric system across four locations (four major metropolitan areas and 12,000+ employees), the board has several questions for you as you begin.
What role does management have in leveraging the skillsets required to deploy the system?
- Coming into this deployment, what is one of the top foreseeable risks to this new system, and how likely is it to occur?
- What preparations should be made to respond to extreme events?
- What sort of risk should the company be willing to accept? Define risk tolerances for use in managing this particular deployment.
- What role does management have in leveraging the skillsets required to deploy the system?
- Are there any organizational blind spots that need immediate attention?
Given your understanding of risk and risk management, utilize your knowledge and skill to answer these questions. Use research and citations to back up your assertions.
A substantive initial post answers the question presented completely and/or asks a thoughtful question pertaining to the topic. Substantive peer responses ask a thoughtful question pertaining to the topic and/or answer a question (in detail) posted by another student or the instructor.
Post: up to 200 words
Reply to two posts below. (up to 50 words)
One of the top risks a biometric system has, that it can be hacked. A famous example for that is a German hacker, who reconstructed the then minister’s of defense fingerprint from pictures. Biometric features that are used for these systems are usually prominent: everyone is able to see our face, we leave fingerprints on whatever we touch, and as demonstrated in the example, features can be recreated from pictures.
The likeliness of such an event depends on what the biometric system is used for. If it’s used for parking throughout the four locations, some people might hack it just for fun, but if its used to protect more sensitive data, then there’d be a higher chance of getting hacked.
To prepare for such events, the project team should include cyber security experts and if the system is used for sensitive data, they should rely on safety measures like two factor authentication, time based one time passwords and the like. The amount of team members that possess knowledge of the security setup should be limited to a minimum.
As a response to extreme events, the company should make plans on how to notify their users and prepare a list of things for themselves and a list of things users may do to limit damage.
The risk tolerance here should be relatively low, since this project is handling people’s biometric data. Financial risks can be taken here, maybe be using new technologies (while keeping the low risk tolerance for user data in mind.
Management can assign new roles to employees or send them to seminars to gain certain skills needed to deploy the system, improving their knowledge base and reducing the need for external consultants.
As for organizational blind spots, the company should keep an eye on espionage (external and internal) and ensure good security for the entire company’s network (website access for employees, password policies, allowing thumb drives that aren’t approved by the IT department and so on…)
As the newly appointed project manager for deploying the new biometric system across four locations, the risk must be identified for and correctly managed. Risk management is essential because companies cannot define their future objectives (CareersinAudit.com, 2013). Therefore, implementing a plan to identify, manage risks is crucial. Ransomware attacks are one of these risks that could block access to computer systems by encrypting them until a victim pays a ransom fee to the attacker (2021). The ransomware attack would pose many issues as users using the new biometric system might lose access to specific locations and cannot access particular sites. Therefore, the proper preparation must take place to avoid this situation. All computer systems that house the new biometric system should have good anti-virus software. All the latest patches and updates installed and their networks secured by setting up appropriate firewalls. It is worth noting that not all risks are manageable, and therefore, it is essential that the company be willing to accept these risks. The biometrics utilizing fingerprint recognition has a 0.01% false acceptance rate and is just one example of a risk that the company should be willing to accept. Management is responsible for leveraging the existing skill set of the company project manager and IT specialist to ensure that risks are appropriately identified, categorized, and managed through the creation of a risk matrix and appropriate logging. It would also be essential to train all managers on how to use the new biometric system. Although the organization will be implementing the biometric system, there are some potential blind spots to consider. One example of this would be what happens in the event of a power failure at all four locations? It might be worth investing in backup systems to ensure the biometric systems keeps running during these events. Lastly, as the project manager, I feel that it is crucial to conclude that these risks should be identified and managed continuously.