Professional Documents
Culture Documents
Risk November 2020 Exam Suggested Solution
Risk November 2020 Exam Suggested Solution
(c)
1. Manufacturing self-driving cars face strong competition from large companies, such as
Google and other motor manufacturers
2. Completely outside their field of expertise, as it is an IT issue, not a car manufacturing issue
3. Additional new financing brings cash flow and interest rate risk
4. Decrease in R&D in other areas – may fall behind there
5. The new team may find it difficult working together as they are all new
6. Staff from across the world may have cultural differences
7. Promoting someone from outside the company to run this initiative may lead to
demotivation
8. Augmented reality may lead to distractions
9. LSB does not have access to the necessary data to test the vehicles.
10. Collecting personal information opens up the company to new data risks
11. Opting out, instead of opting in, is risky, as it is probably illegal to do it that way
12. Data integrity risk – relevance of information harvested from vehicles
13. Reputational risk if tech fails (If only stated it can lead to crashes without specifying
reputational risk – only 1 mark awarded)
(d)
MAX 5
1. Proper testing of all vehicles and parts (1)
2. Sourcing of quality parts (1)
3. Tone at the top (obfuscating facts, hiding problems) (1)
4. CEO and CFO acting in self interest (1)
5. Reporting structures / lack information – Board and Risk committee (1)
6. Testing of autopilot software with human test drivers (1)
(e)
MAX 5 (award mark for any creative solutions – not more than one per risk)
1. Negative publicity if it comes out / Too many people involved in company to keep
quiet (1) confidentiality agreements (1)
2. Not all vehicles might be serviced timeously (1)
3. Not all owners might service their vehicles with LBS workshops (1)
4. Trace and contact / offer free services (1)
5. Legal liability should accident occur (1)
6. Reconsider need for vehicle recall (1)
(f)
(g)
1. Hacking risk
2. Due to VPN use, unable to see what data was transmitted
3. Malware risks due to torrent site
a. Viruses/Worms/Trojans
b. Ransomware
c. Spyware/Key loggers
Not: Phishing
Controls
1. Firewall
2. Regular password changes
3. Prevent VPN
4. Limit software installation to independent IT department
5. Scan network to detect outside activities
6. Review logs of computer use to find anomalies such as VPN use
7. Antivirus / Antimalware / Antispyware software
8. Patch management
9. Encrypt data
10. Disciplinary action against unauthorised use of network
11. White hack hackers/ penetration testing
Backups
Policies and training – this clearly did not work in any case