IS Security and Risk Management
Added on 2023-01-09
13 Pages3313 Words58 Views
IS Security and Risk Management
1
1
Contents
INTRODUCTION...........................................................................................................................3
MAIN BODY..................................................................................................................................3
Identify and examine all types of threat facing the Australian health sector organizations and
summarise into table....................................................................................................................3
Identifying the categories assets which include the different elements of health organization’s
system..........................................................................................................................................5
Identifying and prioritizing threats..............................................................................................7
Analysis of principles with cyber security mitigation and control recommendations proposed
by ACSC for health...................................................................................................................10
CONCLUSION..............................................................................................................................12
REFERENCES..............................................................................................................................13
2
INTRODUCTION...........................................................................................................................3
MAIN BODY..................................................................................................................................3
Identify and examine all types of threat facing the Australian health sector organizations and
summarise into table....................................................................................................................3
Identifying the categories assets which include the different elements of health organization’s
system..........................................................................................................................................5
Identifying and prioritizing threats..............................................................................................7
Analysis of principles with cyber security mitigation and control recommendations proposed
by ACSC for health...................................................................................................................10
CONCLUSION..............................................................................................................................12
REFERENCES..............................................................................................................................13
2
INTRODUCTION
Information security risk management is based on the process that mainly used for managing
different risk which associated with use of information technology. Generally, it involves the
different processes such as identifying, assessing and treating the risks to maintain
confidentiality, integrity as well as availability of organizations assets. The primary goal of this
process is to perform the significant role while treating the risk in accordance with health care
organizations.
The documentation will discuss about the different type of threats facing the Australian
health sectors organizations. It will identify the different categories of assets which mainly
include the elements of organizational system. Furthermore, there are different type of threats
performed the action against the assets and impact on the overall processes. However, the
documentation will describe five different fundamental security principles to manage or control
cyber security mitigation process with health organization’s sector.
MAIN BODY
Identify and examine all types of threat facing the Australian health sector organizations and
summarise into table.
According to given case study, it has identified that virus continues impact on the health
sector across the global world. APT groups may be seeking information, data and intellectual
properly related the vaccine development, treatments. The Australian health as well as research
sector could be greater deals with the malicious APT groups (World Health Organization, 2019).
Due to increase the pressure place within healthcare sector to respond towards Covid-19
Pandemic. It is consider one of the most critical issue that increases the malicious cyber threats
and directly impact on the entire business system.
Advanced persistent threat (APT)
Advanced persistent threat is important term which given into the sophisticated and well-
resourced type of malicious cyber adversary. This is commonly associated with the nation and
seek to comprise with network to obtain policy, defence, legal and security information for
strategy advantage (Offner, Sitnikova and MacIntyre, 2020). Malicious cyber actors are actively
targeting the individuals and Australian organizations with COVID-19 related scam, phishing
3
Information security risk management is based on the process that mainly used for managing
different risk which associated with use of information technology. Generally, it involves the
different processes such as identifying, assessing and treating the risks to maintain
confidentiality, integrity as well as availability of organizations assets. The primary goal of this
process is to perform the significant role while treating the risk in accordance with health care
organizations.
The documentation will discuss about the different type of threats facing the Australian
health sectors organizations. It will identify the different categories of assets which mainly
include the elements of organizational system. Furthermore, there are different type of threats
performed the action against the assets and impact on the overall processes. However, the
documentation will describe five different fundamental security principles to manage or control
cyber security mitigation process with health organization’s sector.
MAIN BODY
Identify and examine all types of threat facing the Australian health sector organizations and
summarise into table.
According to given case study, it has identified that virus continues impact on the health
sector across the global world. APT groups may be seeking information, data and intellectual
properly related the vaccine development, treatments. The Australian health as well as research
sector could be greater deals with the malicious APT groups (World Health Organization, 2019).
Due to increase the pressure place within healthcare sector to respond towards Covid-19
Pandemic. It is consider one of the most critical issue that increases the malicious cyber threats
and directly impact on the entire business system.
Advanced persistent threat (APT)
Advanced persistent threat is important term which given into the sophisticated and well-
resourced type of malicious cyber adversary. This is commonly associated with the nation and
seek to comprise with network to obtain policy, defence, legal and security information for
strategy advantage (Offner, Sitnikova and MacIntyre, 2020). Malicious cyber actors are actively
targeting the individuals and Australian organizations with COVID-19 related scam, phishing
3
emails. Generally, APT is mainly targeting the Australian health care organizations and system
to access the personal information or data through malicious attacks.
These are considered the incidents which likely to increase the problem or issue of
Australian health care organizations. There are different threats facing the Australian health
sector organizations.
Remote access scams: it is the most commonly threat that mainly occurred during
COVID-19, according to report, it has identified that receive large number of remote
access scams. Generally, it is targeting the people who will work from home. Many
individual health care professionals are conducted the meeting with team members so that
it has chances to attempt the remote access (Offner, Sitnikova and MacIntyre, 2020). In
this way, it can easily access the confidential information or data about medicine,
vaccine. This type of threat may be occurred to access computer or devices while
compromises the personal accounts of health officers.
Wire fraud email: It is also another threat which mainly faced by Australian health care
organizations, individuals. According to survey, it has identified that one client had
received a COVID-19 themed fraud email which include the health care organizations.
Usually, Australian health organizations are managed or comprised by manager and then
send to invoice themed mail to client. But the attacker can easily hack the details while
sending information to client (Offner, Sitnikova and MacIntyre, 2020). In this way, it is
considered as unauthorised activities performed by hackers in order to increase problem
or issue for both client and health organization in term of security or privacy.
SMS phishing scam: this type of threat will use SMS phishing messages which offering
where to get tested for COVID-19. Sometimes, SMS may appears to come from “Gov.”,
whereas it can easily identify the malicious link to get tested in local areas (Offner,
Sitnikova and MacIntyre, 2020). This is completely fraud which directly affecting on the
device and access sensitive information. ACSC always aware about the SMS scam
because this can be sender identification of my Gov.
Relief payment scam: The phishing email is mainly pretending to be from world health
organization and prompts to open the attachment for advice on safety measurement and
4
to access the personal information or data through malicious attacks.
These are considered the incidents which likely to increase the problem or issue of
Australian health care organizations. There are different threats facing the Australian health
sector organizations.
Remote access scams: it is the most commonly threat that mainly occurred during
COVID-19, according to report, it has identified that receive large number of remote
access scams. Generally, it is targeting the people who will work from home. Many
individual health care professionals are conducted the meeting with team members so that
it has chances to attempt the remote access (Offner, Sitnikova and MacIntyre, 2020). In
this way, it can easily access the confidential information or data about medicine,
vaccine. This type of threat may be occurred to access computer or devices while
compromises the personal accounts of health officers.
Wire fraud email: It is also another threat which mainly faced by Australian health care
organizations, individuals. According to survey, it has identified that one client had
received a COVID-19 themed fraud email which include the health care organizations.
Usually, Australian health organizations are managed or comprised by manager and then
send to invoice themed mail to client. But the attacker can easily hack the details while
sending information to client (Offner, Sitnikova and MacIntyre, 2020). In this way, it is
considered as unauthorised activities performed by hackers in order to increase problem
or issue for both client and health organization in term of security or privacy.
SMS phishing scam: this type of threat will use SMS phishing messages which offering
where to get tested for COVID-19. Sometimes, SMS may appears to come from “Gov.”,
whereas it can easily identify the malicious link to get tested in local areas (Offner,
Sitnikova and MacIntyre, 2020). This is completely fraud which directly affecting on the
device and access sensitive information. ACSC always aware about the SMS scam
because this can be sender identification of my Gov.
Relief payment scam: The phishing email is mainly pretending to be from world health
organization and prompts to open the attachment for advice on safety measurement and
4
End of preview
Want to access all the pages? Upload your documents or become a member.
Related Documents
Threat Update COVID19 Malicious Cyber Activitylg...
|12
|3293
|72
Threats Faced by Australian Health Sector Organizationslg...
|9
|2361
|75
Cyber Security: Scams, Browser Security, Malware Prevention, DoS Attacks, Hacking Tools and Cryptography Methodslg...
|12
|2636
|382
Managing Cyber Security Threats and Non-Cyber Security Threatslg...
|11
|3818
|103
Ethical Issues in Cybersecurity: A Case Study of ASIC v. RI Advicelg...
|6
|1407
|352
Security and Risk Managementlg...
|22
|4725
|55