Question

Hello, I'm working on a threat matrix for the PCI Consulting assignment. I was wondering, what are some threat events that everyday technology (hardware & software obsolescence) can cause to harm information security, what are some security controls and solutions for handling them, and how does it reduce risk?

Answer 1

There are potential risks associated with hardware and software obsolescence. Some of the key risks include:

· Reliability risks: Obsolete technological systems are more prone to crashes and may significantly increase the downtimes. The overall timelines may get affected.

· Increased costs: There are heavy maintenance costs associated with obsolete systems. This may lead to increased upgradation costs.

· Productivity risks: Productivity is negatively impacted with usage of obsolete systems. These systems hamper the productivity of resources working on these systems.

· Security risks: Most of the bug fixes and security upgrades stop with end-of-life technology and hence obsolete systems are more prone to cyberattacks.

· Legal & regulatory compliance risks: Heavy fines can be imposed by auditors in case of non-compliance to the technological upgrades. Potential risks are associated with company’s as well as client’s data.

Companies can take following steps to handle obsolete systems:

· It should develop and maintain an inventory list of all its hardware and software i.e. technology assets

· A policy should be decided by the senior management to decide the lifetime for these technology assets beyond which they should not be used

· Regular technological updates and upgrades need to be provided for its technological assets

Risk management framework needs to be developed for the technological assets. All the associated risks and their severity should be assessed. Based on the criticality of risks, upgrades can be prioritized.