ITC596 IT Risk Management For VIC Government Assignment
Questions:
2. Provide detailed explanation of the diagram and identify the areas of: high, medium, medium-low, and low risk exposure.
3. Carry out comparative analysis of the Deliberate and Accidental Threats and rank those threats in order of importance. Justify your rankings not only on the basis of the case study but also by the means of doing further research and drawing upon other relevant case studies (e.g. Security guidelines for other private and public organizations) that you can identify.
4. While drawing upon theories, tools and patterns covered in the subject as well as your own research, explain the challenges that the VIC government is going to face while deciding on whether security/risk management should be carried out internally or externally (e.g. via outsourcing).
Answers:
Information management system: Information management system mainly comprises of various types of information storage system, which generally assists in managing the entire flow of information as well as data within the VIC government. The users need to access the information system properly so that the ease of flow of information assists in developing appropriate information processing within the organization (Feng & Zheng, 2014). It is found that that both smart as well as effective management of the organization is mainly possible due to number of implications of information management system.
Code of practice: It is identified that code of practice is defined as one of the set of norm that is mainly followed by different users for the information system. It is identified that code of practice mainly complies ISO/IEC.AC/AZS 17799:2001 which is declared as one of the ACS code of ethics (Fruth & Nett, 2014). It is found that the practice of information system and its content can be utilized for different type of personal use as well as for the privacy of the individuals so that they cannot be attacked by misusing the data as well as information that are stored within the information system.
Risks and threats: It is identified that there are numerous risk factors as well as threats for implementing the information system within the organization VIC government. The security related threats as well as risks within the organization imp
lements the information system properly which helps in covering all the factors of risk will all the major component that are mainly related with the information system off the VIC government (Fenz et al., 2014). It is found that risk classification is mainly done by categorizing the various risks of the diagram. The threats are generally considered as the factor that generally can harm the information system development within the organization of Vic government. The various types of risk factor can be a risk factor that can harm the flow of information within the organization.
Accidental threats: It is identified that accidental threats are generally defined as one of the risk factor that can occur with proper motive of gain. It is found that accidental threats mainly cause harm to the entire flow of information that creates issue for the development of various types of hindrances for processing the information that are related with the VIC government (Agaku et al., 2014). The accidental threats that is related with the implementation of information system generally creates loss of information, programming related errors, technical failures as well as other transmission related errors.
Deliberate threats: The deliberate risks are generally defined as one of the risk factor that creates crucial or significant impact on the various operations of the organization. The deliberate threat mainly occurs for providing benefit either to the attackers or for harming the users (Goettelmann et al., 2014). The deliberate threat that are related with the information implementation within the VIC government mainly includes privacy of software, theft and fraud, piracy of software, denial of service as well as transmission related errors.
Internal and external threats: It is identified that apart from the accidental as well as deliberate threats, the risk as well as threats that are associated with the information system implementation within the VIC government, the risk are also divided into categories of external as well as internal risk (Lee & Chang, 2014). The factors of risk that are mainly associated with the development f information system mainly includes number of factors like information loss, transmission errors, unauthorized errors, industrial action, unauthorized software and more. The various types of external factor helps in defining various types of threats as well as risk that mainly creates impact on the external source as well as information system (Harbach et al., 2014). It is identified that this factors mainly creates impact on the operation development for harming the entire flow of operation. The various types of external factors of risk that are associated with the implementation of information system within the VIC government include website intrusion, denial of service, transmission errors and more. All this factors create very much less impact on the information system of the organization. The various types of internal risk associated with the organization include unauthorized software, piracy of software, theft and more.
Risk Exposure Area
It is identified that after proper identification of various types of risk that are associated with the information system it is analyzed that it is very much important to access the impact of risk on various organization. According to Mayer et al., (2014), risk exposure is defined as one of the quantified potential or result that generally causes damage to the organization system. After proper analysis of risk, the probability of impact on the system as well as organization helps in creating proper risk mitigation procedures or plans. For the VIC government, it is identified that the risks are mainly characterized by various exposure of areas that include medium low, low, high and medium.
|
Risk Source |
Exposure Risk Type |
High |
Medium |
Medium- Low |
Low |
|
Internal Risks |
|
|
|
|
|
|
Human Threats |
|
|
|
|
|
|
Deliberate Threats |
|
|
|
|
|
|
|
Data Theft |
o |
| ||
|
|
Unauthorized Access |
o |
| ||
|
|
Data Loss |
o |
| ||
|
Accidental Threats |
|
| |||
|
|
Data Theft |
o |
| ||
|
|
Unauthorized Access |
o |
| ||
|
|
Data Loss |
o |
| ||
|
Technological Threats |
|
| |||
|
Deliberate Threats |
|
| |||
|
|
Social Engineering |
o |
| ||
|
|
Misuse of Information |
o |
| ||
|
|
Malicious Attacks |
o |
| ||
|
Accidental Threats |
|
| |||
|
|
hardware Failure |
o |
| ||
|
|
Software failure |
o |
| ||
|
|
Network Failure |
o |
| ||
|
|
Malicious Attacks |
o |
| ||
|
External Threats |
|
| |||
|
Environmental Risk |
|
| |||
|
Accidental related threats |
|
| |||
|
|
Improper temperature condition |
o |
| ||
|
|
Failure of power |
o | |||
|
Technological related threats |
|
| |||
|
Deliberate Threats |
|
| |||
|
|
Unauthorized access |
o |
| ||
|
|
Denial of service |
o |
| ||
|
|
Eavesdropping |
o |
| ||
|
|
Eavesdropping |
o |
| ||
|
|
SQL injection |
o |
| ||
|
|
Intrusion |
o |
| ||
|
Human Threats |
|
| |||
|
Deliberate Threats |
|
| |||
|
|
Identity theft |
o |
| ||
|
|
Financial fraud |
o |
| ||
|
Accidental threats |
|
| |||
|
|
Misuse of Data |
o |
|
Analysis of the deliberate and accidental threats
Comparison between deliberate and accidental threats
Risks that are associated with the information system of VIC government are considered inevitable. The various types of security risk that are mainly associated with the VIC government include deliberate as well as accidental risk (Poolsappasit, Dewri & Ray,2012). It is identified that accidental risk within any organization can occur number of times but deliberate risk does not occur very much frequently. Additionally, the accidental risks create various types of potential impact on the VIC government organization. It is found that various types of accidental security related threats are quite difficult to monitor as well as to prevent. It is found that none of the technology or method that generally helps in preventing the accidental risk within the organization. Accidental related risk generally occurs within the system or organization due to lack of proper consciousness of the employees (Sandberg, Amin & Johansson, 2015). A survey is generally conducted within an organization and it is identified that in the past 12 months, the organization is impacted with 14.4 types of incidents per month due to data loss as well as security breach within the organization due to the negligence of staff as well as employees (Rauter et al., 2016). The spyware as well as various types of malware attacks creates data loss due to negligence of the security related threats that are generally observed within the organization. The various types of accidental related threats with different categories of errors as well as omission can generally occur within the system. It is identified that in an information system, there number of accidental related cases that can cause crashing of the errors.
It is identified that deliberate threats can be considered as the procedure of willful manipulation as well as destruction of software, hardware as well as information. The threats that are associated with various types of information security generally arises when any person harm the entire system of the organization with the motivation of creating number of risks. It is identified that various types of deliberate risk generally arises due to both type of external as well as internal sources (Sillaber & Breu, 2015). As the IT management of the organization mainly search for the deliberate risk that are quite easier to monitor as well as locate unlike various types of accidental risks.
Ranking and justification of Threats
Deliberate Risk (First ranked): Instead of the frequency of occurrence of various types of accidental risk, it is identified that deliberate risk are viewed as first arranged by significance. The deliberate risks are caused in s framework with the expectation of hurting and giving misfortune to the framework (Von & Van, 2013). The think dangers make major monetary misfortune an association. It is guaranteed that they consider hazards in a framework can possibly affect general society picture and certainty of the association (Wang et al., 2013). Unlawful liabilities and administration understanding break are the significant dangers related with the consider dangers. For instance, the DoS (Denial of Service) totally keep the approved client to get to the assets, frameworks, and system. The DoS assaults do not specifically bring about loss of information however, the unsettling influence in the administrations for a timeframe brings about a colossal money related misfortune.
Accidental risk (Ranked second): The accidental risk, regardless of being the most continuous event of security dangers are positioned second in pertinence to significance. Accidental risk generally happens because of the numbness or losses of the representatives. The accidental risk are not caused with the unimportant expectation of hurting the association, subsequently, can be decreased and constrained by giving preparing and affirmation of the representatives (Soomro & Ahmed, 2012). For instance, inside an association, the PC framework logged and kept unattained by an approved client can be utilized by an unapproved client that outcomes in information robbery and misuse of data. Aside from that, correspondence benefit disappointment in an association brought about constrained access to data and other information inside the framework.
Challenges faced by VIC government
Risk in the VIC Government is distinguished and judged upon the significance. Keeping in mind the end goal to moderate and wipe out the dangers related with the data should be gotten to and disposed of for shielding the Government from potential misfortune (Soomro, and Ahmed, 2012). The VIC government needs to choose whether to outsource or complete the dangers administration in the association. VIC is a Governmental association that arrangements with the improvement of the different lawful help to the client. With a specific end goal to do the dangers administration and relief process in-place of the VIC, the Government needs to utilize a particular IT group for recognizable proof, checking, evaluate and alleviation of the dangers from the data framework (Sawik, 2013). As a Governmental Institute, the VIC does not have the IT bolster from inner administration. Notwithstanding that, the advancement of the in-house data security organizations framework builds the money related asset for the execution of the "Hazard administration framework," consumption of equipment and dealing with the framework (Wang et al., 2014). Aside from that, the in-house advancement of the security administration essentially expands the workload among the inside representatives with correspondence to the recuperating economy. Notwithstanding that, expanding the cost weight in the association mirrors the outer and inside help for keeping up the hazard in the VIC.
Jaferian et al., (2014) illustrated that amid the in-house, issues happen when some key work force are nonappearance or left the association. Besides, the nonattendance and loss of work force in the VIC world make a disappointment of security framework and questionable occasions that have a probability of loss of data, process disappointment, and even monetary misfortune (Loske et al., 2014). In spite of the fact that because of the outsourcing the hazard administration technique at VIC, there is potential hazard that VIC Government needs to consider.
Difference between Uncertainty and risk
Poolsappasit, Dewri, and Ray, (2012) represented dangers and vulnerability concerning the firmly related ideas of web security. For characterizing the dangers in the data framework, dangers are characterized as dangers that are unmistakable in nature and can possibly capital misfortune and disability. The hazard in an association hampers the stream of method and results in the enormous loss of budgetary speculation.On the other hnad, Sawik, (2013) delineated that the dangers are seen with the figuring of the watched recurrence of event. In the data arrangement of the NSW Government, the dangers are acquired and figured in light of the probabilities of the event. In significance to that, the Denial of Service dangers in the data framework is a watched chance that causes lasting monetary misfortune
The vulnerabilities in the data framework happen with different obscure factors. Almorsy, Grundy, and Ibrahim, (2013) clarified vulnerabilities as non-qualifiable occasions that are predictable later on. The vulnerabilities in the data framework might possibly bring about the budgetary loss of the association. Wang et al., (2013) asserted that the vulnerabilities could not be anticipated in context to likelihood of event inside the framework. The irregular event of occasions with negative effect on the association or the data framework is known as vulnerabilities.
Risk Control and Mitigation
The risk mitigation and control strategies include:
Risk assessment phase: It is identified that management of various types of risk within the VIC government generally needs various types of efficient identification as well as risk management procedure that must be incorporated for minimizing the potential related risk within the information system.
Risk Control phase: After proper identification as well as assessment of potential risk, the risk that are related with the management team of the organization must develop proper plan that assists in eliminating as well as mitigating various types of risk (Ray et al., 2012). The various types o significant objective related with the control phase helps in eliminating as well as reducing the risk.
References
Agaku, I. T., Adisa, A. O., Ayo-Yusuf, O. A., & Connolly, G. N. (2014). Concern about security and privacy, and perceived control over collection and use of health information are related to withholding of health information from healthcare providers. Journal of the American Medical Informatics Association, 21(2), 374-378.
Almorsy, M., Grundy, J., & Ibrahim, A. S. (2013, May). Automated software architecture security risk analysis using formalized signatures. In Proceedings of the 2013 International Conference on Software Engineering(pp. 662-671). IEEE Press.
Feng, N., & Zheng, C. (2014). A cooperative model for IS security risk management in distributed environment. The Scientific World Journal, 2014.
Fenz, S., Heurix, J., Neubauer, T., & Pechstein, F. (2014). Current challenges in information security risk management. Information Management & Computer Security, 22(5), 410-430.
Fruth, J., & Nett, E. (2014, September). Uniform approach of risk communication in distributed IT environments combining safety and security aspects. In International Conference on Computer Safety, Reliability, and Security (pp. 289-300). Springer International Publishing.
Goettelmann, E., Dahman, K., Gateau, B., Dubois, E., & Godart, C. (2014, June). A security risk assessment model for business process deployment in the cloud. In Services Computing (SCC), 2014 IEEE International Conference on (pp. 307-314). IEEE.
Harbach, M., Hettig, M., Weber, S., & Smith, M. (2014, April). Using personal examples to improve risk communication for security & privacy decisions. In Proceedings of the SIGCHI Conference on Human Factors in Computing Systems (pp. 2647-2656). ACM.
Jaferian, P., Hawkey, K., Sotirakopoulos, A., Velez-Rojas, M., & Beznosov, K. (2014). Heuristics for evaluating IT security management tools. Human–Computer Interaction, 29(4), 311-350.
Lee, Z. J., & Chang, L. Y. (2014). Apply fuzzy decision tree to information security risk assessment. International Journal of Fuzzy Systems, 16(2), 265-269.
Mayer, N., Grandry, E., Feltus, C., & Goettelmann, E. (2015, June). Towards the ENTRI Framework: Security Risk Management enhanced by the use of Enterprise Architectures. In International Conference on Advanced Information Systems Engineering (pp. 459-469). Springer International Publishing.
Poolsappasit, N., Dewri, R., & Ray, I. (2012). Dynamic security risk management using Bayesian attack graphs. IEEE Transactions on Dependable and Secure Computing, 9(1), 61-74.
Rauter, T., Höller, A., Kajtazovic, N., & Kreiner, C. (2016). Asset-Centric Security Risk Assessment of Software Components. In 2nd International Workshop on MILS: Architecture and Assurance for Secure Systems.
Ray, P. D., Reed, C., Gray, J., Agarwal, A., & Seth, S. (2012). Improving roi on big data through formal security and efficiency risk management for interoperating ot and it systems. In Grid-Interop Forum.
Sandberg, H., Amin, S., & Johansson, K. H. (2015). Cyberphysical security in networked control systems: An introduction to the issue. IEEE Control Systems, 35(1), 20-23.
Sawik, T. (2013). Selection of optimal countermeasure portfolio in IT security planning. Decision Support Systems, 55(1), 156-164.
Sillaber, C., & Breu, R. (2015). Using Business Process Model Awareness to improve Stakeholder Participation in Information Systems Security Risk Management Processes. In Wirtschaftsinformatik (pp. 1177-1190).
Soomro, I., & Ahmed, N. (2012, September). Towards security risk-oriented misuse cases. In International Conference on Business Process Management (pp. 689-700). Springer Berlin Heidelberg.
Von Solms, R., & Van Niekerk, J. (2013). From information security to cyber security. computers & security, 38, 97-102.
Wang, L., Jajodia, S., Singhal, A., Cheng, P., & Noel, S. (2014). k-zero day safety: A network security metric for measuring the risk of unknown vulnerabilities. IEEE Transactions on Dependable and Secure Computing, 11(1), 30-44.
Wang, Y., Zheng, J., Sun, C., & Mukkamala, S. (2013, July). Quantitative security risk assessment of android permissions and applications. In IFIP Annual Conference on Data and Applications Security and Privacy (pp. 226-241). Springer Berlin Heidelberg.
Buy ITC596 IT Risk Management For VIC Government Assignment Answers Online
Talk to our expert to get the help with ITC596 IT Risk Management For VIC Government Assignment Answers to complete your assessment on time and boost your grades now
The main aim/motive of the management assignment help services is to get connect with a greater number of students, and effectively help, and support them in getting completing their assignments the students also get find this a wonderful opportunity where they could effectively learn more about their topics, as the experts also have the best team members with them in which all the members effectively support each other to get complete their diploma assignments. They complete the assessments of the students in an appropriate manner and deliver them back to the students before the due date of the assignment so that the students could timely submit this, and can score higher marks. The experts of the assignment help services at urgenthomework.com are so much skilled, capable, talented, and experienced in their field of programming homework help writing assignments, so, for this, they can effectively write the best economics assignment help services.
