IntroductionThe term legacy system has distinct meanings to different individuals. For many people, it describes mainframe software programs or archaic dumb terminals from the 1970s and 1980s (Weber, 2006). For other individuals, it might infer the client/server applications of the 1990s or the web applications of the late 1990s (Weber, 2006). The main point is that each of these distinct architectures presents different risks that must be thoroughly understood and appropriately managed (Weber, 2006). The purpose of this research is to evaluate security risks with legacy systems. Research has found that despite the information technology (IT) industry's efforts to promote the operating systems (O/S) model used, a substantial number of people choose to continue using outdated O/S to many of their most important software applications. (Agnello, 2008). Topics covered in this assignment include an assessment of legacy information systems at the New York State Office of Mental Health, the security risks posed by legacy systems and the lack of skilled workers for modernization projects, as well as a defense of which is why legacy systems are not a problem.Risk AnalysisEngagement research has revealed that legacy programs endure because of the risks and expenses of changing them (Lamb, 2008). Legacy replacement strategies can fail, damaging not only the reliability of the IT unit, but also management's livelihoods (Lamb, 2008). The effort and expense required to test the system and the possibility of a colossal end-user retraining program can be enormous (Lamb, 2008). Funds for upgrades are difficult to acquire because IT budgets are split between maintaining the status quo and providing modern functionality (Lamb, 2008). ...... middle of paper ...... leveraging legacy applications may seem advantageous, but it isn't. A single breach can result in the destruction of a company's profits and reputation. For many legacy products, many vendors decide to no longer patch or keep up to date on known vulnerabilities. This can present high risks for companies that continue to use them. It's not always necessary to delete or replace legacy applications. Transformation is a feasible option if current applications are of good quality and reasonably fit business needs (Good, 2002). Organizations will need to weigh the benefits of maintaining a legacy operating system against the security concerns and cost of protecting it by means other than patches (Lamb, 2008). Supporting a legacy operating system in an enterprise is as much about risk management as it is about managing traditional IT services (Lamb, 2008).