Information System Risk & Security
Added on 2023-06-13
13 Pages2968 Words361 Views
qwertyuiopasdfghjklzxcvbnmqw
ertyuiopasdfghjklzxcvbnmqwert
yuiopasdfghjklzxcvbnmqwertyui
opasdfghjklzxcvbnmqwertyuiop
asdfghjklzxcvbnmqwertyuiopasd
fghjklzxcvbnmqwertyuiopasdfgh
jklzxcvbnmqwertyuiopasdfghjkl
zxcvbnmqwertyuiopasdfghjklzxc
vbnmqwertyuiopasdfghjklzxcvb
nmqwertyuiopasdfghjklzxcvbnm
qwertyuiopasdfghjklzxcvbnmqw
ertyuiopasdfghjklzxcvbnmqwert
yuiopasdfghjklzxcvbnmqwertyui
opasdfghjklzxcvbnmqwertyuiop
asdfghjklzxcvbnmqwertyuiopasd
fghjklzxcvbnmqwertyuiopasdfgh
jklzxcvbnmrtyuiopasdfghjklzxcv
Information Systems Risk & Security
The Shire of Cornersea
4/11/2018
ertyuiopasdfghjklzxcvbnmqwert
yuiopasdfghjklzxcvbnmqwertyui
opasdfghjklzxcvbnmqwertyuiop
asdfghjklzxcvbnmqwertyuiopasd
fghjklzxcvbnmqwertyuiopasdfgh
jklzxcvbnmqwertyuiopasdfghjkl
zxcvbnmqwertyuiopasdfghjklzxc
vbnmqwertyuiopasdfghjklzxcvb
nmqwertyuiopasdfghjklzxcvbnm
qwertyuiopasdfghjklzxcvbnmqw
ertyuiopasdfghjklzxcvbnmqwert
yuiopasdfghjklzxcvbnmqwertyui
opasdfghjklzxcvbnmqwertyuiop
asdfghjklzxcvbnmqwertyuiopasd
fghjklzxcvbnmqwertyuiopasdfgh
jklzxcvbnmrtyuiopasdfghjklzxcv
Information Systems Risk & Security
The Shire of Cornersea
4/11/2018
Information System Risk & Security
Table of Contents
Introduction...........................................................................................................................................2
Purpose..............................................................................................................................................2
Significance.......................................................................................................................................2
Risk Appetite & Risk Tolerance........................................................................................................2
Risk Management Plan – An Outline....................................................................................................3
Scope & Boundaries..........................................................................................................................3
Schedule............................................................................................................................................4
Risk Assessment....................................................................................................................................5
Key Roles & Responsibilities............................................................................................................5
Proposed Schedule.............................................................................................................................6
Information Assets & Systems at Risk..................................................................................................6
Threat & Vulnerability Analysis............................................................................................................7
Likelihood & Impact Analysis of Risks.................................................................................................8
Significant Risks for the Shire of Cornersea..........................................................................................9
Risk Assessment Table........................................................................................................................10
Recommendations & Conclusion........................................................................................................10
References...........................................................................................................................................12
Appendix.............................................................................................................................................13
Gantt chart.......................................................................................................................................13
1
Table of Contents
Introduction...........................................................................................................................................2
Purpose..............................................................................................................................................2
Significance.......................................................................................................................................2
Risk Appetite & Risk Tolerance........................................................................................................2
Risk Management Plan – An Outline....................................................................................................3
Scope & Boundaries..........................................................................................................................3
Schedule............................................................................................................................................4
Risk Assessment....................................................................................................................................5
Key Roles & Responsibilities............................................................................................................5
Proposed Schedule.............................................................................................................................6
Information Assets & Systems at Risk..................................................................................................6
Threat & Vulnerability Analysis............................................................................................................7
Likelihood & Impact Analysis of Risks.................................................................................................8
Significant Risks for the Shire of Cornersea..........................................................................................9
Risk Assessment Table........................................................................................................................10
Recommendations & Conclusion........................................................................................................10
References...........................................................................................................................................12
Appendix.............................................................................................................................................13
Gantt chart.......................................................................................................................................13
1
Information System Risk & Security
Introduction
The Shire of Cornersea is a medium-sized council that is spread over the area of 900 square
kilometres. There are twenty townships and 18 postal districts in the council with a
population of over 150000. The residents are from diverse cultural and ethnic backgrounds,
such as Europe, Asia, and Africa. There are numerous risks that are identified in relation with
the information system and information security of the council. There are also legal risks,
physical security risks, resource risks, risks of natural hazards, and communication risks that
may take place. The report covers a risk management process for the council.
Purpose
The purpose of the plan is to highlight the outline and schedule that will be followed in risk
management process associated with The Shire of Cornersea. The plan is also prepared to
define the key roles and responsibilities for risk management and assess the risks in terms of
likelihood, impact, and priority.
Significance
The risk management plan is extremely significant for The Shire of Cornersea as there are
information security and information system risks that may occur. These risks shall be
prevented, controlled, detected, and avoided with the aid of this plan failing which there may
be adverse implications on the council and its associated entities.
Risk Appetite & Risk Tolerance
The Shire of Cornersea is composed of 150000 residents and manages huge data sets
associated with its residents. These data sets comprise of varied categories of information,
such as public information that may comprise of location details of the council, facilities, and
services offered, etc. There are also private, sensitive, and confidential data sets associated
with the council as well (Calandro, 2015).
For instance, demographic and health details of the residents is extremely private and
confidential in nature. The legal norms and principles that the council shall maintain along
with the regulatory policies is also sensitive information. The internal processes and
information is private information.
The risk tolerance level would be high for public information sets as compared to the private,
confidential, or sensitive data. The Shire of Cornersea is exposed to numerous risks and
2
Introduction
The Shire of Cornersea is a medium-sized council that is spread over the area of 900 square
kilometres. There are twenty townships and 18 postal districts in the council with a
population of over 150000. The residents are from diverse cultural and ethnic backgrounds,
such as Europe, Asia, and Africa. There are numerous risks that are identified in relation with
the information system and information security of the council. There are also legal risks,
physical security risks, resource risks, risks of natural hazards, and communication risks that
may take place. The report covers a risk management process for the council.
Purpose
The purpose of the plan is to highlight the outline and schedule that will be followed in risk
management process associated with The Shire of Cornersea. The plan is also prepared to
define the key roles and responsibilities for risk management and assess the risks in terms of
likelihood, impact, and priority.
Significance
The risk management plan is extremely significant for The Shire of Cornersea as there are
information security and information system risks that may occur. These risks shall be
prevented, controlled, detected, and avoided with the aid of this plan failing which there may
be adverse implications on the council and its associated entities.
Risk Appetite & Risk Tolerance
The Shire of Cornersea is composed of 150000 residents and manages huge data sets
associated with its residents. These data sets comprise of varied categories of information,
such as public information that may comprise of location details of the council, facilities, and
services offered, etc. There are also private, sensitive, and confidential data sets associated
with the council as well (Calandro, 2015).
For instance, demographic and health details of the residents is extremely private and
confidential in nature. The legal norms and principles that the council shall maintain along
with the regulatory policies is also sensitive information. The internal processes and
information is private information.
The risk tolerance level would be high for public information sets as compared to the private,
confidential, or sensitive data. The Shire of Cornersea is exposed to numerous risks and
2
Information System Risk & Security
vulnerabilities that are covered in the later sections of the report; however, the risks with low
probability and low impact levels may be tolerated.
Risk Management Plan – An Outline
Risk Management Process
An outline of the risk management plan has been depicted in the diagram above. There will
be five processes involved in the risk management plan viz. risk identification, risk analysis
and prioritization, risk treatment, risk control, and risk monitor & report.
The first process will include a listing of all the risks that may occur in association with The
Shire of Cornersea irrespective of their probability and impact score. There will be
information investigation techniques, such as interviews, surveys, observations, and domain
analysis conducted to identify the risks (Bromiley, Rau and McShane, 2014).
The second process will analyse and prioritize the risks identified. In this process, a risk
assessment table will be developed that will include the probability and impact score for each
risk and a priority will be assigned accordingly.
The risk treatment process will include the assigned of a treatment strategy to each risk that
may include risk avoidance, risk mitigation, risk acceptance, or risk transfer. The strategy
selected will be implemented for each risk (Frigo and Anderson, 2011).
The risk control process will be applied in the fourth process. It will include the attempts to
reduce the risk impact on the council and its associated entities and may include controls,
such as internal controls, preventive, or detective controls (Ykhlef and Algawiaz, 2014).
The application of the risk treatment strategy and risk controls will be monitored in the last
process and the risk reports will be prepared to trach status and completion.
Scope & Boundaries
The scope of risk management process will cover the identification, analysis & prioritization,
treatment, control, monitoring and reporting of the risks. The identification process will
3
Risk
Identification
Risk Analysis
and
Prioritization
Risk
Treatment Risk Control Monitor &
Report
vulnerabilities that are covered in the later sections of the report; however, the risks with low
probability and low impact levels may be tolerated.
Risk Management Plan – An Outline
Risk Management Process
An outline of the risk management plan has been depicted in the diagram above. There will
be five processes involved in the risk management plan viz. risk identification, risk analysis
and prioritization, risk treatment, risk control, and risk monitor & report.
The first process will include a listing of all the risks that may occur in association with The
Shire of Cornersea irrespective of their probability and impact score. There will be
information investigation techniques, such as interviews, surveys, observations, and domain
analysis conducted to identify the risks (Bromiley, Rau and McShane, 2014).
The second process will analyse and prioritize the risks identified. In this process, a risk
assessment table will be developed that will include the probability and impact score for each
risk and a priority will be assigned accordingly.
The risk treatment process will include the assigned of a treatment strategy to each risk that
may include risk avoidance, risk mitigation, risk acceptance, or risk transfer. The strategy
selected will be implemented for each risk (Frigo and Anderson, 2011).
The risk control process will be applied in the fourth process. It will include the attempts to
reduce the risk impact on the council and its associated entities and may include controls,
such as internal controls, preventive, or detective controls (Ykhlef and Algawiaz, 2014).
The application of the risk treatment strategy and risk controls will be monitored in the last
process and the risk reports will be prepared to trach status and completion.
Scope & Boundaries
The scope of risk management process will cover the identification, analysis & prioritization,
treatment, control, monitoring and reporting of the risks. The identification process will
3
Risk
Identification
Risk Analysis
and
Prioritization
Risk
Treatment Risk Control Monitor &
Report
End of preview
Want to access all the pages? Upload your documents or become a member.
Related Documents
Research Proposal on Information Security Governance in the Financial & Banking Sectorlg...
|5
|798
|374
Managing Project Risks - National Archives of Australialg...
|16
|4270
|78
Networking: Malicious Attacks, Social Engineering, Information Security Risks, Network Auditing, and Risk Assessment Managementlg...
|10
|3587
|73
Project Risk Managementlg...
|15
|3514
|419
IT Audit Report: Root Cause Analysis, Risk Management & Change Control, NIST Cybersecurity Framework, and Vendor Risk Managementlg...
|12
|3619
|499
Big Data Integration: Phases & Planlg...
|13
|2810
|190