Information Systems Security Risk Management
Added on 2020-03-04
14 Pages3441 Words46 Views
|
|
|
Running head: INFORMATION SECURITY RISK MANAGEMENT
Information Security Risk Management: A Case Study of
VIC Government
Name of the Student
Name of the University
Information Security Risk Management: A Case Study of
VIC Government
Name of the Student
Name of the University
INFORMATION SECURITY RISK MANAGEMENT1
Table of Contents
1. Illustration of Current Security Risks and Concerns Considered by the VIC through Diagram:2
2. Explanation of the Diagram:........................................................................................................2
3. Analysis of the Deliberate and Accidental Threats:....................................................................3
3.1 Accidental Threats:................................................................................................................3
3.2 Deliberate Threats:.................................................................................................................4
3.3 Ranking of threats in order of importance.............................................................................4
3.4 Justification of the rankings...................................................................................................5
4. Challenges of Security/Risk Management Internally or Externally:...........................................5
5. Difference between Risk and Uncertainty:..................................................................................6
6. Discuss and Evaluation of Different Approaches Available to the VIC for Risk Control and
Mitigation:.......................................................................................................................................8
6.1 Risk Control Approaches:......................................................................................................8
6.2 Risk Mitigation Approaches:...............................................................................................10
Reference List:...............................................................................................................................11
Table of Contents
1. Illustration of Current Security Risks and Concerns Considered by the VIC through Diagram:2
2. Explanation of the Diagram:........................................................................................................2
3. Analysis of the Deliberate and Accidental Threats:....................................................................3
3.1 Accidental Threats:................................................................................................................3
3.2 Deliberate Threats:.................................................................................................................4
3.3 Ranking of threats in order of importance.............................................................................4
3.4 Justification of the rankings...................................................................................................5
4. Challenges of Security/Risk Management Internally or Externally:...........................................5
5. Difference between Risk and Uncertainty:..................................................................................6
6. Discuss and Evaluation of Different Approaches Available to the VIC for Risk Control and
Mitigation:.......................................................................................................................................8
6.1 Risk Control Approaches:......................................................................................................8
6.2 Risk Mitigation Approaches:...............................................................................................10
Reference List:...............................................................................................................................11
INFORMATION SECURITY RISK MANAGEMENT2
1. Illustration of Current Security Risks and Concerns Considered by the VIC
through Diagram:
Figure 1: VIC Security Risks and Concerns
(Source: Created by Author)
2. Explanation of the Diagram:
The above diagram illustrates the issues along with the risks associated with the VIC
government information security. Within the figure 1, certain entities has been presented that are
highly recommended by VIC government for the establishment of ISMS or Information Security
Risk Management System. There is single block in the diagram that several cyber security
threats like Malware infections, Eavesdropping, DDoS and Theft. The information security
threats that has been presented within the diagram are categorized into two sections, deliberate
and accidental. These two types of threats further can be divided into two sections called internal
and external. The information security guidelines of the VIC government entails that on the basis
of the risk assessment the implementation of the ISMS and code of practice in order to choose
security configuration (ISO/IEC.AS/NZS 17799:2001) must be done. Therefore, in the figure 1,
1. Illustration of Current Security Risks and Concerns Considered by the VIC
through Diagram:
Figure 1: VIC Security Risks and Concerns
(Source: Created by Author)
2. Explanation of the Diagram:
The above diagram illustrates the issues along with the risks associated with the VIC
government information security. Within the figure 1, certain entities has been presented that are
highly recommended by VIC government for the establishment of ISMS or Information Security
Risk Management System. There is single block in the diagram that several cyber security
threats like Malware infections, Eavesdropping, DDoS and Theft. The information security
threats that has been presented within the diagram are categorized into two sections, deliberate
and accidental. These two types of threats further can be divided into two sections called internal
and external. The information security guidelines of the VIC government entails that on the basis
of the risk assessment the implementation of the ISMS and code of practice in order to choose
security configuration (ISO/IEC.AS/NZS 17799:2001) must be done. Therefore, in the figure 1,
INFORMATION SECURITY RISK MANAGEMENT3
the risk assessment procedure has been described as way of dealing with the risks with the stages
like Risk Recognition, Investigation, Evaluation and Documentation.
3. Analysis of the Deliberate and Accidental Threats:
3.1 Accidental Threats:
Accidental threats are generated because of the mistakes and negligence. The issues in
the working behavior of the internal stakeholders can be the reason behind the occurrence of
data security risk (Jouini, Rabai & Aissa, 2014). The mistakes, can be considered as risks such as
programming error leads to system crash, may also lead to vulnerability such as a PC screen left
unattended might be abused by an unapproved client.
It is specifically a significant threat that occurs due to the weekly configured security
features and configurations and exploit the gaps in the programming. Taken as an example, the
running systems and databases that are not updated or patched with current version are
vulnerable to new security threats. Such threats may be the result of double dealing yet are well
while in transit to be accidental errors or rejections (Kaaniche, 2015).
The threats can affect in the following way:
Improper decision making process;
Harming the business capability;
The possibility of losing the open picture;
Financial misfortune (Jouini, Rabai & Aissa, 2014)
Legal liabilities;
Fall of Consideration’s obligation ;
The cost of business maintenance will rise tremendously.
the risk assessment procedure has been described as way of dealing with the risks with the stages
like Risk Recognition, Investigation, Evaluation and Documentation.
3. Analysis of the Deliberate and Accidental Threats:
3.1 Accidental Threats:
Accidental threats are generated because of the mistakes and negligence. The issues in
the working behavior of the internal stakeholders can be the reason behind the occurrence of
data security risk (Jouini, Rabai & Aissa, 2014). The mistakes, can be considered as risks such as
programming error leads to system crash, may also lead to vulnerability such as a PC screen left
unattended might be abused by an unapproved client.
It is specifically a significant threat that occurs due to the weekly configured security
features and configurations and exploit the gaps in the programming. Taken as an example, the
running systems and databases that are not updated or patched with current version are
vulnerable to new security threats. Such threats may be the result of double dealing yet are well
while in transit to be accidental errors or rejections (Kaaniche, 2015).
The threats can affect in the following way:
Improper decision making process;
Harming the business capability;
The possibility of losing the open picture;
Financial misfortune (Jouini, Rabai & Aissa, 2014)
Legal liabilities;
Fall of Consideration’s obligation ;
The cost of business maintenance will rise tremendously.
End of preview
Want to access all the pages? Upload your documents or become a member.
Related Documents