logo

Risk Management VIC Contents Introduction

14 Pages3625 Words201 Views
   

St. John's University

   

Risk Management & Insurance (RMI601)

   

Added on  2020-02-24

About This Document

RMI601 - Challenges of Security/Risk Management Approach Assignment, Information security involves the protection of information systems against security threats. Threats are either intended or accidentally cause harm to information systems. Deliberate actions affecting security are usually aimed to attack information assets. The government has developed The Victorian Protective Data Security Framework (VPDSF)for protection of the data security that defines security standards, assurance models, security guides, and supporting resources.

Risk Management VIC Contents Introduction

   

St. John's University

   

Risk Management & Insurance (RMI601)

   Added on 2020-02-24

ShareRelated Documents
RISK MANAGEMENTVIC[Name]
Risk Management VIC Contents Introduction_1
ContentsIntroduction................................................................................................................................3Comparative analysis of Threats................................................................................................4Challenges of security/risk management approach....................................................................8‘’Risk’’ and ‘’Uncertainty’’.......................................................................................................9Riskcontrol and mitigation......................................................................................................10Recommendations....................................................................................................................11Conclusion...............................................................................................................................11References................................................................................................................................132
Risk Management VIC Contents Introduction_2
IntroductionInformation security involves protection of information systems against security threats.Threats are either intended or accidently cause harm to information systems. Deliberateactions affecting security are usually aimed to attack information assets. However, somesecurity implications are not intended but happen accidentally because of certain humanactions or other events. This research paper would explore various types of accidental anddeliberate threats that Victorian government is likely to face. The government has developed The Victorian Protective Data Security Framework (VPDSF)for protection of the data security that defines security standards, assurance model, securityguides, and supporting resources. Objectives of the framework include identification ofinformation and determination of the owner of that information, assessment of the value ofthe information, identification and management of data risks, application of securitymeasures, creation of a security culture, and maturing of data security capabilities. Figure 1: Risk Management Framework[ CITATION Tii101 \l 16393 ]Risks can be business specific, legal, technology related or technical. In case of any type risk, a question has to be asked whether the risk can be fixed with the acquired technology and in case it cannot, appropriate steps have to be taken to enhance protection. 3
Risk Management VIC Contents Introduction_3
Comparative analysis of Threats Threats can either be accidental or deliberate. Accidental Threats are caused by users orsituations accidently causing risks to information systems. Some examples of accidentalthreats include:Natural disasters such as earthquake, hurricanes, tornadoes, cyclones, etc. causingdamage to infrastructure and thus, cause loss of dataTechnical failures caused by breakdown of hardwareErrors or mistakes done by humans such as loss of devices, opening of emails fromunknown sources, lowering of security level, download of unsafe files, etc. Some people may end up using social engineering by trying to trick some intoproviding confidential information. This may not be a deliberate threat to cause harmbut it does pose risk to the person whose data is revealed[ CITATION AlK15 \l 16393 ].Certain ways these accidental threats can be avoided or their impacts can be mitigatedinclude:Any changes that are made to the critical data of an organization must be monitoredand the permissions to access or modify the data should only be with specificdesignated people.For controlling access, user manuals can be developed.All the print outs that are obtained for the management must be shredded after use People with different job functions should have differential access to information. Forexample, a programmer may not be provided with an access to the storage systems.The data that is being exchanged online can be encrypted[ CITATION Sur16 \l 16393 ]IT auditors may be hired for checking if the company systems are secure such thattheir guidance can help in improving security of the company.Transaction logs of the usage can be stored to check who has used or seen whichprograms in the system[ CITATION Ros94 \l 16393 ]Deliberate Threats are those intended to cause security harm to a system and it can be invarious forms such as espionage, extortion, sabotage, data theft, and software attacks such asTrojan, virus, worm, denial of service, phishing, key logger, spyware, malware and spamware.Risk rating model is based on the likelihood of the occurrence of a risk and its impact on anorganization. The determination of rating factors that cause these risks can be broken down4
Risk Management VIC Contents Introduction_4

End of preview

Want to access all the pages? Upload your documents or become a member.

Related Documents
Case Of VIC (Victorian) Government | Research
|15
|4238
|46

(solved) IT Risk Management PDF
|15
|3652
|47

Information Security Risk Management
|14
|3276
|39

ITC596 - VIC Government - Security Risks and Concerns
|12
|3080
|34

EDUC 448 - Victorian Protective Data Security Framework
|11
|2816
|230

IT Risk Management Security System
|17
|3744
|61