Role and Importance of Risk Register for University's Digital Security
Added on 2023-04-21
13 Pages3003 Words227 Views
Running head: IT RISK MANAGEMENT
ITC596 – IT Risk Management Assignment Two
Student Name:
University Name:
ITC596 – IT Risk Management Assignment Two
Student Name:
University Name:
1
Executive Summary
This report reflects the role and importance of using a risk register for a University to measure
the impact of each identified risks. Digital security is one of the crucial elements that help to
keep the confidentiality of information. The risk register is consists of identified risk, its
probability, likelihood, score and overall impact on the university campus. The second section
deals with recommendation for appointment of a CISO. The roles and responsibilities of a CISO
and its importance in an organization are also elaborated in this report.
Executive Summary
This report reflects the role and importance of using a risk register for a University to measure
the impact of each identified risks. Digital security is one of the crucial elements that help to
keep the confidentiality of information. The risk register is consists of identified risk, its
probability, likelihood, score and overall impact on the university campus. The second section
deals with recommendation for appointment of a CISO. The roles and responsibilities of a CISO
and its importance in an organization are also elaborated in this report.
2
Table of Contents
Part One - Conducting A Risk Assessment.....................................................................................3
Option Two - Recommendations on the Appointment of a CISO (Chief Information Security
Officer)............................................................................................................................................6
Definition of CISO......................................................................................................................6
Importance of CISO for the startup business...............................................................................8
References......................................................................................................................................10
Table of Contents
Part One - Conducting A Risk Assessment.....................................................................................3
Option Two - Recommendations on the Appointment of a CISO (Chief Information Security
Officer)............................................................................................................................................6
Definition of CISO......................................................................................................................6
Importance of CISO for the startup business...............................................................................8
References......................................................................................................................................10
3IT RISK MANAGEMENT
Part One - Conducting A Risk Assessment
Ri
sk
N
o.
Date
Iden
tifie
d Risk Name Risk Description
Impact
or
Conseq
uences
Likelihood
Impact
Multiplier
Inherent Risk Rating
Key Controls
in place to
mitigate the
risks
Likelihood2
Impact2
Multiplier2
Residual Risk Rating
Miti
gatio
n
Actio
ns
Actio
n
Own
er
Date Action
Completed
1
20/1
1/20
18
Cyber threats
and incidents
Cyber-attacks or
incidents could
occur resulting
into infiltration to
the University
system
Loss of
business
or
critical
informat
ion 4 3
1
2
Hi
gh
Implementati
on of proper
security
measures and
controls 3 3 9
Mod
erat
e
26/11
/2018
Chief
Infor
matio
n
Offic
er 30/11/2018
2
22/1
1/20
18
Loss of theft
of data
The data or
information could
be stolen or lost
from the
University
system
Exposur
e of
valuable
informat
ion and
business
processe
s 3 5
1
5
Hi
gh
Adequate
security
policies and
procedures
for users of
workstations
in the
University 3 4
1
2
Hig
h
30/11
/2018
Secur
ity
Advi
sor 29/11/2018
3
26/1
1/20
18
Exploits
related to
users and the
public
The exploitation
of the University
server could
affect users of the
system as well as
exposure of
general public
information
The
systems
will be
damage
d and
vital
informat
ion may
be
leaked
publicly 2 3 6
Lo
w
Data
protection and
anti-theft
applications
installed in
the system 2 3 6 Low
2/12/
2018
Syste
m
Admi
nistra
tor 5/12/2018
4
3/12/
2018
Compliance/
regulatory
incidents
If the University
systems are not
developed
following
compliance
The
non-
complia
nce or
regulato 3 3 9
Mo
der
ate
Evaluation of
systems as per
compliance
and
regulatory 3 3 9
Mod
erat
e
5/12/
2018
Regu
lator
y
Auth
ority 5/12/2018
Part One - Conducting A Risk Assessment
Ri
sk
N
o.
Date
Iden
tifie
d Risk Name Risk Description
Impact
or
Conseq
uences
Likelihood
Impact
Multiplier
Inherent Risk Rating
Key Controls
in place to
mitigate the
risks
Likelihood2
Impact2
Multiplier2
Residual Risk Rating
Miti
gatio
n
Actio
ns
Actio
n
Own
er
Date Action
Completed
1
20/1
1/20
18
Cyber threats
and incidents
Cyber-attacks or
incidents could
occur resulting
into infiltration to
the University
system
Loss of
business
or
critical
informat
ion 4 3
1
2
Hi
gh
Implementati
on of proper
security
measures and
controls 3 3 9
Mod
erat
e
26/11
/2018
Chief
Infor
matio
n
Offic
er 30/11/2018
2
22/1
1/20
18
Loss of theft
of data
The data or
information could
be stolen or lost
from the
University
system
Exposur
e of
valuable
informat
ion and
business
processe
s 3 5
1
5
Hi
gh
Adequate
security
policies and
procedures
for users of
workstations
in the
University 3 4
1
2
Hig
h
30/11
/2018
Secur
ity
Advi
sor 29/11/2018
3
26/1
1/20
18
Exploits
related to
users and the
public
The exploitation
of the University
server could
affect users of the
system as well as
exposure of
general public
information
The
systems
will be
damage
d and
vital
informat
ion may
be
leaked
publicly 2 3 6
Lo
w
Data
protection and
anti-theft
applications
installed in
the system 2 3 6 Low
2/12/
2018
Syste
m
Admi
nistra
tor 5/12/2018
4
3/12/
2018
Compliance/
regulatory
incidents
If the University
systems are not
developed
following
compliance
The
non-
complia
nce or
regulato 3 3 9
Mo
der
ate
Evaluation of
systems as per
compliance
and
regulatory 3 3 9
Mod
erat
e
5/12/
2018
Regu
lator
y
Auth
ority 5/12/2018
End of preview
Want to access all the pages? Upload your documents or become a member.
Related Documents
Recommendation to the CEO and the Board regarding the appointment of a CISOlg...
|9
|1603
|429
IT Risk Managementlg...
|10
|2567
|204
Risk Assessment on Network of CONVXYZlg...
|16
|3227
|104
Information Governance: Risk Assessment, Business Continuity, and Security Enhancementlg...
|26
|5829
|25