RMI601 - Challenges of Security/Risk Management Approach

Added on -2020-02-24

RMI601 - Challenges of Security/Risk Management Approach Assignment, Information security involves the protection of information systems against security threats. Threats are either intended or accidentally cause harm to information systems. Deliberate actions affecting security are usually aimed to attack information assets. The government has developed The Victorian Protective Data Security Framework (VPDSF)for protection of the data security that defines security standards, assurance models, security guides, and supporting resources.

| RMI601| 14 pages| 3625 words| 115 views

Trusted by 2+ million users,
1000+ happy students everyday

Showing pages 1 to 4 of 14 pages

RISK MANAGEMENTVIC[Name]
ContentsIntroduction................................................................................................................................3Comparative analysis of Threats................................................................................................4Challenges of security/risk management approach....................................................................8‘’Risk’’ and ‘’Uncertainty’’.......................................................................................................9Riskcontrol and mitigation......................................................................................................10Recommendations....................................................................................................................11Conclusion...............................................................................................................................11References................................................................................................................................132
IntroductionInformation security involves protection of information systems against security threats.Threats are either intended or accidently cause harm to information systems. Deliberateactions affecting security are usually aimed to attack information assets. However, somesecurity implications are not intended but happen accidentally because of certain humanactions or other events. This research paper would explore various types of accidental anddeliberate threats that Victorian government is likely to face. The government has developed The Victorian Protective Data Security Framework (VPDSF)for protection of the data security that defines security standards, assurance model, securityguides, and supporting resources. Objectives of the framework include identification ofinformation and determination of the owner of that information, assessment of the value ofthe information, identification and management of data risks, application of securitymeasures, creation of a security culture, and maturing of data security capabilities. Figure 1: Risk Management Framework[ CITATION Tii101 \l 16393 ]Risks can be business specific, legal, technology related or technical. In case of any type risk, a question has to be asked whether the risk can be fixed with the acquired technology and in case it cannot, appropriate steps have to be taken to enhance protection. 3
Comparative analysis of Threats Threats can either be accidental or deliberate. Accidental Threats are caused by users orsituations accidently causing risks to information systems. Some examples of accidentalthreats include:Natural disasters such as earthquake, hurricanes, tornadoes, cyclones, etc. causingdamage to infrastructure and thus, cause loss of dataTechnical failures caused by breakdown of hardwareErrors or mistakes done by humans such as loss of devices, opening of emails fromunknown sources, lowering of security level, download of unsafe files, etc. Some people may end up using social engineering by trying to trick some intoproviding confidential information. This may not be a deliberate threat to cause harmbut it does pose risk to the person whose data is revealed[ CITATION AlK15 \l 16393 ].Certain ways these accidental threats can be avoided or their impacts can be mitigatedinclude:Any changes that are made to the critical data of an organization must be monitoredand the permissions to access or modify the data should only be with specificdesignated people.For controlling access, user manuals can be developed.All the print outs that are obtained for the management must be shredded after use People with different job functions should have differential access to information. Forexample, a programmer may not be provided with an access to the storage systems.The data that is being exchanged online can be encrypted[ CITATION Sur16 \l 16393 ]IT auditors may be hired for checking if the company systems are secure such thattheir guidance can help in improving security of the company.Transaction logs of the usage can be stored to check who has used or seen whichprograms in the system[ CITATION Ros94 \l 16393 ]Deliberate Threats are those intended to cause security harm to a system and it can be invarious forms such as espionage, extortion, sabotage, data theft, and software attacks such asTrojan, virus, worm, denial of service, phishing, key logger, spyware, malware and spamware.Risk rating model is based on the likelihood of the occurrence of a risk and its impact on anorganization. The determination of rating factors that cause these risks can be broken down4

In conclusion, the current security posture of VIC upon studying its security framework that is implemented in the organization. The paper explored the ideas of unintended risks, deliberate risks, and uncertainties. It also identified various types of security risks that the company can face and identified their ranking based on the security of each of the risks. can contribute to the severity of risks such as threat agent factors like skill, motivation, opportunity, and size of the threat agent, vulnerability factors like ease of discovery or exploration, awareness of user, and intrusion detection capabilities. Some impact factors were also identified including technical impact factors like loss of confidentiality, integrity, availability or accountability, and business impact factors like financial damage, reputation damage, non-compliance, and privacy violation.

Found this document preview useful?

You are reading a preview
Upload your documents to download
or
Become a Desklib member to get accesss

Premium

$45

Q&A Library Access

Chat support

12

Document Unlocks

4

Answer Unlocks

Students who viewed this