logo

Assignment On ICT Risks & Security Concerns

13 Pages3436 Words93 Views
   

Added on  2020-02-24

Assignment On ICT Risks & Security Concerns

   Added on 2020-02-24

ShareRelated Documents
Running head: IT Risk Management 1IT Risk ManagementName Date
Assignment On ICT Risks & Security Concerns_1
IT Risk Management 2ContentsIllustration of VIC Government Security Risks...........................................................................................3ICT risks and security concerns for the VIC public sector data...................................................................4Classification of Risks.................................................................................................................................5Comparative Analysis of Deliberate and Accidental Threats......................................................................7Challenges the VIC government will face in deciding whether ICT security should be handled internally or outsource.................................................................................................................................................9Risk and Uncertainty.................................................................................................................................11Different approaches VIC government can use for risk control.................................................................11References.................................................................................................................................................13
Assignment On ICT Risks & Security Concerns_2
IT Risk Management 3Illustration of VIC Government Security Risks Figure 1
Assignment On ICT Risks & Security Concerns_3
IT Risk Management 4ICT risks and security concerns for the VIC public sector dataBased on figure I above, there are two main categories of threats to the VIC government public sector data, based on the Victoria Protective Data Security Framework; internal threats and external threats. The internal threats are further subdivided into employee risks/ threats, where the employees are the cause of security risks. Employee risks can further be subdivided into intentional/ malicious threats and unintentional threats. The intentional threats/ risks include malicious theft of information for monetary gain or just malice where a staff member intentionally steals and shares sensitive information with malicious third parties. This may also be achieved by staff leaving backdoors for attackers to access the VIC public sector information without authorized access, such as by not implementing strong security policies in access points such as on routes and external access. Unauthorized access to information or editing information deliberately, such as overwriting or deletion of public sector data is another form of intentional security risks. Unintended internal risks from staff/ employees include accidental deletion, overwriting, or editing of information, or failure to save edited information, causing malware infection by using external storage devices that are infected, or exposing the VIC public sector data by exposing access credentials. Inability to follow set ICT security policies either due to ignorance or lack of such policies is also another unintended internal risk. Another source of internal risks includes organizational culture that is due to several factors of omission and commission. These include poor security policies such as failure to use strong passwords, not updating/ patching software regularly, and inability to constantly review and update security policies and threats, and noncompliance. Other factors/ causes for risks due to organizational culture include hiring ICT staff that do not meet the standards (are unqualified) and using external vendors without vetting. Cultural issues also include lack of clear policies such as restricting access to specific information, failure to encrypt information, poor setup for data bases and backups, and inability to undertake sensitization initiatives on ICT risks to educate users/ employees. Because there is increased use of the internet, there are other external risks that include cyber-attacks, loss of data due to disasters, and risks of data loss/ theft due to external service providers, such as cloud service providers or software/ device providers and vendors whose products fail, or have
Assignment On ICT Risks & Security Concerns_4

End of preview

Want to access all the pages? Upload your documents or become a member.

Related Documents
(solved) IT Risk Management PDF
|15
|3652
|47

ITC596 - VIC Government - Security Risks and Concerns
|12
|3080
|34

System Engineering for Managers
|8
|2090
|53

Detailed Explanation of Risk Exposure Area 5 4. Analysis of Deliberate and Accidental Threats in Victoria Government
|15
|2687
|458

VIC System Risks and Security Issues
|14
|3060
|107

Risk Assessment for Information Technology, Human Resource, and Network Infrastructure
|3
|840
|79