Deakin University: Information Security Risk Assessment Report
VerifiedAdded on 2022/09/05
|6
|1427
|16
Report
AI Summary
This report provides an in-depth analysis of information security risk assessment, focusing on the causes of data breaches, business requirements, and mitigation strategies. The report identifies malicious attacks, human errors, and system faults as the primary sources of data breaches, highlighti...
INFORMATION SECURITY RISK ASSESSMENT 1
INFORMATION SECURITY RISK ASSESSMENT
Student Name
Institution
Facilitator
Course
Date
INFORMATION SECURITY RISK ASSESSMENT
Student Name
Institution
Facilitator
Course
Date
Secure Best Marks with AI Grader
Need help grading? Try our AI Grader for instant feedback on your assignments.
INFORMATION SECURITY RISK ASSESSMENT 2
Executive Summary
Most organizations don’t consider the importance of securing their security systems until they
are breached, resulting in heavy losses and many unanswered questions. In most cases, security
breaches occur as a result of the failure of employees to adhere to organization policy. While
some organizations claim that security risk assessment is paranoid, preventive measures have
proved to save them countless resources and heartache in the long run. Thorough security risk
assessment is the most important thing that must be put in place to improve the system’s security
as it ensures that the security systems of an organization can adequately protect it against
potential threats (Cherdantseva et al, 2016, p.23). According to the government reports on data
breaches, there are three sources of data breaches that have been identified. The main one has
been identified as the malicious or criminal attacks followed by human errors and then the
system faults. Among the three data breaches, six personal information sources have been
identified as the main targets of the breaches. The first target has been identified as the contact
information followed by financial details and the identity information. Health, TFN and any
other sensitive information have also been considered among the main targets of data breaches.
Security Risk Assessment
According to the reports, data breaches have been identified as the main cybersecurity risk.
Basically, data breaches in these reports are the security incidents in which organization data/
information is accessed by unauthorized people either internally or externally. It has been
attributed to three main sources; malicious attacks, human errors and system faults. Malicious
attacks are the attacks that are done intentionally by a third party with an aim of compromising
Executive Summary
Most organizations don’t consider the importance of securing their security systems until they
are breached, resulting in heavy losses and many unanswered questions. In most cases, security
breaches occur as a result of the failure of employees to adhere to organization policy. While
some organizations claim that security risk assessment is paranoid, preventive measures have
proved to save them countless resources and heartache in the long run. Thorough security risk
assessment is the most important thing that must be put in place to improve the system’s security
as it ensures that the security systems of an organization can adequately protect it against
potential threats (Cherdantseva et al, 2016, p.23). According to the government reports on data
breaches, there are three sources of data breaches that have been identified. The main one has
been identified as the malicious or criminal attacks followed by human errors and then the
system faults. Among the three data breaches, six personal information sources have been
identified as the main targets of the breaches. The first target has been identified as the contact
information followed by financial details and the identity information. Health, TFN and any
other sensitive information have also been considered among the main targets of data breaches.
Security Risk Assessment
According to the reports, data breaches have been identified as the main cybersecurity risk.
Basically, data breaches in these reports are the security incidents in which organization data/
information is accessed by unauthorized people either internally or externally. It has been
attributed to three main sources; malicious attacks, human errors and system faults. Malicious
attacks are the attacks that are done intentionally by a third party with an aim of compromising
INFORMATION SECURITY RISK ASSESSMENT 3
or gaining unauthorized access to an organization system while human errors are the errors
committed by the organization employees which leads to data breaches. The last source, system
faults are the weaknesses in the organization systems which leads to data breaches. The data
breach has been linked with some negative impacts on businesses and consumers. For instance,
some reports have considered their cost to be capable of damaging lives and organization
reputation that can take time to repair (Das et al, 2019, p.970). Cybercrime has been considered a
profitable industry for the attackers which have been growing. It has been attributed to the
motivation of hackers who seek to obtain identifiable information which can enable them to steal
money, sell over the dark web or compromise identities. There are a number of ways through
which human errors lead to data breaches. The main one has been identified as the inadvertent
disclosures which entail sending documents that contain personal information to incorrect
recipients. In regard to system faults, lack of robust security measures in organization systems
such as the lack of encryption when sharing information and weak authentication have been
linked with security faults (Wu, et al, 2016, p.153). In consideration of malicious attacks, a
number of approaches through which data breach is achieved have been identified in the reports.
Among the main ones include; hacking, phishing, malware, ransomware, brute force attacks,
stolen credentials and others.
Business Requirements Analysis
Based on the causes of data breach identified in the reports, business organizations must put
some measures in place in order to minimize data breaches. The initial step towards this
achievement would entail drafting an information security policy for the business organization to
act as the guideline. Information security policy would ensure that the organization technology
or gaining unauthorized access to an organization system while human errors are the errors
committed by the organization employees which leads to data breaches. The last source, system
faults are the weaknesses in the organization systems which leads to data breaches. The data
breach has been linked with some negative impacts on businesses and consumers. For instance,
some reports have considered their cost to be capable of damaging lives and organization
reputation that can take time to repair (Das et al, 2019, p.970). Cybercrime has been considered a
profitable industry for the attackers which have been growing. It has been attributed to the
motivation of hackers who seek to obtain identifiable information which can enable them to steal
money, sell over the dark web or compromise identities. There are a number of ways through
which human errors lead to data breaches. The main one has been identified as the inadvertent
disclosures which entail sending documents that contain personal information to incorrect
recipients. In regard to system faults, lack of robust security measures in organization systems
such as the lack of encryption when sharing information and weak authentication have been
linked with security faults (Wu, et al, 2016, p.153). In consideration of malicious attacks, a
number of approaches through which data breach is achieved have been identified in the reports.
Among the main ones include; hacking, phishing, malware, ransomware, brute force attacks,
stolen credentials and others.
Business Requirements Analysis
Based on the causes of data breach identified in the reports, business organizations must put
some measures in place in order to minimize data breaches. The initial step towards this
achievement would entail drafting an information security policy for the business organization to
act as the guideline. Information security policy would ensure that the organization technology
INFORMATION SECURITY RISK ASSESSMENT 4
users within the domain of the organization and its networks comply with the rules and the
guidelines related to the organization's information which is stored digitally at any point in its
large network. In the policy, security vulnerabilities would be identified and safeguards are
chosen. Each subsection of the policy would address specific risks and define the steps to be
taken to mitigate it (de Gusmão et al, 2016, p.30). Where necessary, how employees would be
trained to be become better equipped in dealing with the risk would also be explained. For
instance, a common security threat like phishing would be explained and employees instructed
on how to contact if they suspect any phishing scam. Human errors would be minimized through
training and educating staff members and other organization employees about the security
measures to avoid data breaches (Wangen, Hallstensen and Snekkenes, 2018, p.690). This would
be done after the security policy audits are completed in order to enforce them. Staff training and
education on organization data security measurers enlighten employees on the newly created
policies because they cannot voluntarily comply with unfamiliar policies. Under this category,
employees must be trained on how to control the end-user access and privileges relating to the
common policies, the use of various unique passwords, how to detect and report suspicious data
security concerns on their systems and how to handle, dispose and retrieve data they receive
from external sources. Lastly, system faults would be mitigated through regular vulnerability
testing on the organization systems. This would make it possible for the organization to identify
any flaws or vulnerabilities on its systems which could be exploited to cause data breaches.
Summary
According to the government reports analyzed above, the three causes of data breaches that have
been identified are malicious attacks, human errors and system faults. Malicious attacks that
users within the domain of the organization and its networks comply with the rules and the
guidelines related to the organization's information which is stored digitally at any point in its
large network. In the policy, security vulnerabilities would be identified and safeguards are
chosen. Each subsection of the policy would address specific risks and define the steps to be
taken to mitigate it (de Gusmão et al, 2016, p.30). Where necessary, how employees would be
trained to be become better equipped in dealing with the risk would also be explained. For
instance, a common security threat like phishing would be explained and employees instructed
on how to contact if they suspect any phishing scam. Human errors would be minimized through
training and educating staff members and other organization employees about the security
measures to avoid data breaches (Wangen, Hallstensen and Snekkenes, 2018, p.690). This would
be done after the security policy audits are completed in order to enforce them. Staff training and
education on organization data security measurers enlighten employees on the newly created
policies because they cannot voluntarily comply with unfamiliar policies. Under this category,
employees must be trained on how to control the end-user access and privileges relating to the
common policies, the use of various unique passwords, how to detect and report suspicious data
security concerns on their systems and how to handle, dispose and retrieve data they receive
from external sources. Lastly, system faults would be mitigated through regular vulnerability
testing on the organization systems. This would make it possible for the organization to identify
any flaws or vulnerabilities on its systems which could be exploited to cause data breaches.
Summary
According to the government reports analyzed above, the three causes of data breaches that have
been identified are malicious attacks, human errors and system faults. Malicious attacks that
Secure Best Marks with AI Grader
Need help grading? Try our AI Grader for instant feedback on your assignments.
INFORMATION SECURITY RISK ASSESSMENT 5
entail processes such as ransomware, malware, hacking and phishing mainly target contact and
identity information of the victims which can be used to compromise their bank accounts and
other financial institutions. Financial details have also been identified as another main target of
malicious attacks. On the other hand, human errors have been termed as the staff faults which
exposes the organization data into unauthorized hands. Some of the human errors which have
been identified in the reports are the sharing of passwords and logins with third parties while
system faults have been identified as the weaknesses in the organization systems which expose
them to the risk of being compromised. In order to minimize the risks of a data breach, the paper
has identified three business requirements that would minimize the chances of the data breach.
The first requirement has been identified as the implementation of a security policy that would
guide the organization staff on how to identify and respond to data breaches to minimize
damages. The second requirement is the staff training and education which would ensure that
organization employees understand what a data breach is and how it could be avoided.
References
Cherdantseva, Y., Burnap, P., Blyth, A., Eden, P., Jones, K., Soulsby, H. and Stoddart, K., 2016.
A review of cyber security risk assessment methods for SCADA systems. Computers &
security, 56, pp.1-27.
Das, S., Mukhopadhyay, A., Saha, D. and Sadhukhan, S., 2019. A Markov-Based model for
information security risk assessment in healthcare MANETs. Information Systems
Frontiers, 21(5), pp.959-977.
entail processes such as ransomware, malware, hacking and phishing mainly target contact and
identity information of the victims which can be used to compromise their bank accounts and
other financial institutions. Financial details have also been identified as another main target of
malicious attacks. On the other hand, human errors have been termed as the staff faults which
exposes the organization data into unauthorized hands. Some of the human errors which have
been identified in the reports are the sharing of passwords and logins with third parties while
system faults have been identified as the weaknesses in the organization systems which expose
them to the risk of being compromised. In order to minimize the risks of a data breach, the paper
has identified three business requirements that would minimize the chances of the data breach.
The first requirement has been identified as the implementation of a security policy that would
guide the organization staff on how to identify and respond to data breaches to minimize
damages. The second requirement is the staff training and education which would ensure that
organization employees understand what a data breach is and how it could be avoided.
References
Cherdantseva, Y., Burnap, P., Blyth, A., Eden, P., Jones, K., Soulsby, H. and Stoddart, K., 2016.
A review of cyber security risk assessment methods for SCADA systems. Computers &
security, 56, pp.1-27.
Das, S., Mukhopadhyay, A., Saha, D. and Sadhukhan, S., 2019. A Markov-Based model for
information security risk assessment in healthcare MANETs. Information Systems
Frontiers, 21(5), pp.959-977.
INFORMATION SECURITY RISK ASSESSMENT 6
de Gusmão, A.P.H., e Silva, L.C., Silva, M.M., Poleto, T. and Costa, A.P.C.S., 2016.
Information security risk analysis model using fuzzy decision theory. International Journal of
Information Management, 36(1), pp.25-34.
Wangen, G., Hallstensen, C. and Snekkenes, E., 2018. A framework for estimating information
security risk assessment method completeness. International Journal of Information
Security, 17(6), pp.681-699.
Wu, X., Shen, Y., Zhang, G. and Zhi, H., 2016, August. Information security risk assessment
based on DS evidence theory and improved TOPSIS. In 2016 7th IEEE International Conference
on Software Engineering and Service Science (ICSESS) (pp. 153-156). IEEE.
de Gusmão, A.P.H., e Silva, L.C., Silva, M.M., Poleto, T. and Costa, A.P.C.S., 2016.
Information security risk analysis model using fuzzy decision theory. International Journal of
Information Management, 36(1), pp.25-34.
Wangen, G., Hallstensen, C. and Snekkenes, E., 2018. A framework for estimating information
security risk assessment method completeness. International Journal of Information
Security, 17(6), pp.681-699.
Wu, X., Shen, Y., Zhang, G. and Zhi, H., 2016, August. Information security risk assessment
based on DS evidence theory and improved TOPSIS. In 2016 7th IEEE International Conference
on Software Engineering and Service Science (ICSESS) (pp. 153-156). IEEE.
1 out of 6
Related Documents
Your All-in-One AI-Powered Toolkit for Academic Success.
+13062052269
info@desklib.com
Available 24*7 on WhatsApp / Email
![[object Object]](/_next/static/media/star-bottom.7253800d.svg)
Unlock your academic potential
© 2024 | Zucol Services PVT LTD | All rights reserved.