logo

Information Security Risk Management

14 Pages3276 Words39 Views
   

Charles Sturt University

   

IT Risk Management (ITC596)

   

Added on  2020-03-07

About This Document

The framework is based on the risk assessment technique. There are many reasons that cause information security risks, among them is theft, malware infection, and eavesdropping. We will discuss a case study of Victorian State Government about identification of Security Risk Management, Ranking of threats in order of importance, Comparative analysis of the Deliberate and Accidental Threats, Justification of the rankings.

Information Security Risk Management

   

Charles Sturt University

   

IT Risk Management (ITC596)

   Added on 2020-03-07

ShareRelated Documents
Running head: INFORMATION SECURITY RISK MANAGEMENTInformation Security Risk Management: A Case Study ofVictorian State GovernmentStudent Name:University Name:
Information Security Risk Management_1
1INFORMATION SECURITY RISK MANAGEMENTTable of Contents1. Diagram for illustrating Victorian State Government security risks and concerns andthe Protective security policy framework........................................................................................22. Detailed explanation of the diagram................................................................................22.1 Identification of risks according to area of exposure.................................................33. Comparative analysis of the Deliberate and Accidental Threats.....................................43.1 Ranking of threats in order of importance.................................................................53.2 Justification of the rankings.......................................................................................64. Challenges faced by Victorian state government in deciding Risk management............75. Difference between Risk and Uncertainty.......................................................................86. Different approaches for risk control and mitigation in Victorian State Government....9Privacy and data Protection Act 2014...........................................................................10Victorian Protective Data Security Framework.............................................................10Public Sector Data.........................................................................................................10Protective Data Security................................................................................................10Information Privacy Principle........................................................................................11References..........................................................................................................................12
Information Security Risk Management_2
2INFORMATION SECURITY RISK MANAGEMENT1. Diagram for illustrating Victorian State Government security risks andconcerns and the Protective security policy frameworkInformation Security RisksMalware InfectionsTheftSocial EngineeringEavesdroppingRisksProtective Security Policy framework(PSPF)Risk AssessmentRISK IDENTIFICATION RISK ANALYSIS RISK EVALUATION DOCUMENTATION CodeISO/IEC 27002:2013 ( Code of practice for informationsecurity controls)Based up onFollowsManages RiskHas the following risksCompany faces the risksFigure 1: Victorian State Government security risks and concerns and the Protectivesecurity policy frameworkSource: (created by Author)2. Detailed explanation of the diagramThe diagram provides the details about the details about the security and the risk that areinvolved with the Information Security Risk Management System that is adopted by theVictorian government. The diagram explains the different type of risks and also categories therisk according the effect of the risk and their outcomes on the organization. The diagram alsoprovides the information about the Victorian Protective data Security Framework. Thisframework comes under the Protective Security Policy Framework. Additionally the diagram
Information Security Risk Management_3
3INFORMATION SECURITY RISK MANAGEMENTalso provides the information about the internal and the external risks. In addition to this thethreats that were identified can also be categorized into deliberate threats and accidental threats.The report is concerned with the analysis of the threats that were faced by the government andalso the different type of threat analysis and the risk mitigation techniques that can beimplemented by the Victorian government for their safety. The entire procedure has beendisplayed efficiently in the diagram that is provided in this report. Additionally, there has beensome information about the information security risk and the different parts of the informationsecurity risks. They can occur by various types of sources. Theft is one of the main reasons thatgive rise to the Information security risks. In addition to this, the Malware Infection andEavesdropping also affects the security of the information system and hampers them. TheVictorian government has adopted the Victorian Protective data Security Framework, that wouldhelp them to mitigate the risk obtain optimum resolution for the risks. The frame is theInformation Security Risk Management system for the government. This framework follows theISO/IEC 27002:2013 (Code of practice for information security controls). The framework isbased upon the risk assessment technique. The risk assessment technique involves the processesof risk identification, risk evaluation, risk analysis and Documentation of the risk assessmenttechniques. 2.1 Identification of risks according to area of exposureArea of ExposureInternal RisksExternal RisksDeliberateAccidentalDeliberateAccidentalHighFireSabotageFailure oftheoutsourcedoperationsMaliciousdestructionof the dataand the files.MasqueradeUnauthorized Dial-InAccessProgramming or codingerrors
Information Security Risk Management_4

End of preview

Want to access all the pages? Upload your documents or become a member.

Related Documents
(solved) IT Risk Management PDF
|15
|3652
|47

IT Risk Management Security System
|17
|3744
|61

Victorian Protective Data Security Framework - ICT 303
|18
|3857
|81

Detailed Explanation of Risk Exposure Area 5 4. Analysis of Deliberate and Accidental Threats in Victoria Government
|15
|2687
|458

IT Risk Management & Security In Victorian Government
|17
|3721
|49

itc596 - Risk faced by VIC Government - Report
|15
|2864
|45