Risk Control and Mitigation for VIC
VerifiedAdded on 2020/02/24
|12
|3162
|125
AI Summary
The assignment examines risk control and mitigation strategies applicable to VIC (an organization or system implied in the text). It delves into four primary risk management approaches: avoidance, transference, mitigation, and acceptance. VIC is tasked with implementing these strategies through various methods like staff training, outsourcing, disaster recovery planning, and acknowledging inherent risks. The document emphasizes the importance of continuous risk assessment and control maintenance for VIC's security.
Contribute Materials
Your contribution can guide someone’s learning journey. Share your
documents today.
Assessment 2
August 27
2017
Student’s Name:
VICTORIAN PROTECTIVE
DATA SECURITY
FRAMEWORK (VPDSF)
August 27
2017
Student’s Name:
VICTORIAN PROTECTIVE
DATA SECURITY
FRAMEWORK (VPDSF)
Secure Best Marks with AI Grader
Need help grading? Try our AI Grader for instant feedback on your assignments.
Table of Content
Question 1...................................................................................................................................................2
Solution 1....................................................................................................................................................2
Question 2...................................................................................................................................................3
Solution 2....................................................................................................................................................3
Question 3...................................................................................................................................................4
Solution 3....................................................................................................................................................4
Question 4...................................................................................................................................................5
Solution 4....................................................................................................................................................6
Question 5...................................................................................................................................................7
Solution 5....................................................................................................................................................7
Question6....................................................................................................................................................9
Solution 6....................................................................................................................................................9
References.................................................................................................................................................10
Bibliography...............................................................................................................................................10
List of Figures
Figure 1: Risk & Issues considered by Victoria Government......................................................................2
Question 1.
Question 1...................................................................................................................................................2
Solution 1....................................................................................................................................................2
Question 2...................................................................................................................................................3
Solution 2....................................................................................................................................................3
Question 3...................................................................................................................................................4
Solution 3....................................................................................................................................................4
Question 4...................................................................................................................................................5
Solution 4....................................................................................................................................................6
Question 5...................................................................................................................................................7
Solution 5....................................................................................................................................................7
Question6....................................................................................................................................................9
Solution 6....................................................................................................................................................9
References.................................................................................................................................................10
Bibliography...............................................................................................................................................10
List of Figures
Figure 1: Risk & Issues considered by Victoria Government......................................................................2
Question 1.
Use a diagram (produced by the means of using Rationale, Visio or any other relevant software
application of your choice) to illustrate current security risks and concerns considered by the VIC
government.
Solution 1.
VPDSF (Victoria Protective Data Security Framework) is the rules created for the use by
Victoria open segment associations to comprehend on data security commitments, create abilities
for overseeing dangers and comprehend the current administration standards and rules. VPDSF
is created with the objective of helping Victorian open part associations to distinguish data and
Figure 1: Risk & Issues considered by Victoria Government
confirm proprietorship, assess the estimation of data, information security and assurance,
actualize security measure and to build up a positive security culture. The VPDSF furnishes
associations with information security prerequisites to go along at any rate level crosswise over
four noteworthy defensive security spaces. These security needs consolidated with affirmation
application of your choice) to illustrate current security risks and concerns considered by the VIC
government.
Solution 1.
VPDSF (Victoria Protective Data Security Framework) is the rules created for the use by
Victoria open segment associations to comprehend on data security commitments, create abilities
for overseeing dangers and comprehend the current administration standards and rules. VPDSF
is created with the objective of helping Victorian open part associations to distinguish data and
Figure 1: Risk & Issues considered by Victoria Government
confirm proprietorship, assess the estimation of data, information security and assurance,
actualize security measure and to build up a positive security culture. The VPDSF furnishes
associations with information security prerequisites to go along at any rate level crosswise over
four noteworthy defensive security spaces. These security needs consolidated with affirmation
activities which are produced to assist open part associations with overcoming data security
dangers. The four defensive security spaces are Information Security, Personnel, Information,
and Communication Technology (ICT) security and Physical Security. The affirmation model
will give the procedures to evaluation of data security as far as satisfying privacy, uprightness,
and accessibility (Commissioner for Privacy and Data Protection, 2015). The dangers and
concerns considered by Victoria Government are shown above (refer Figure 1).
Question 2.
Provide detailed explanation of the diagram and identify the areas of: high, medium, medium-
low, and low risk exposure.
Solution 2.
Figure 1 gives the way to deal with VPDSF in building up their standards and methods for data
security. It must be noticed that the dangers and concerns are recorded which must be considered
for their level of effect. The confirmation display gives the classification, honesty, and
accessibility which frame the reason for guaranteeing data esteem and their security standards
must be created in like manner (Australian Government, 2017). The risk rating is done to
comprehend the level of effect. The rating gave is Low, Moderate, High and Critical in light of
the seriousness of the effect. The risk rating network for the risk related to VPDSF is given in the
framework underneath:
Data Security is always at the high risk which can result to loss of information. Network Security
is having medium risk of exposure and can have consequences of service disruption. Breach of
privacy is also having medium range of risk exposure and can cause the loss the data from the
server. Critical services have medium-low risk exposure with consequence of loss of data or
other assets. Unauthorized access can have medium-low or medium level of risk exposure and
can cause loss of data. Insider Threat is exposed to low and medium-low risk and it can cause
data loss. Deliberate threats have potentially high and medium level of risk exposure and it can
cause loss of data and systems. Accidental threats are the area having medium and medium-low
risk with consequence of loss in data and system. Inadequate access control can have medium
dangers. The four defensive security spaces are Information Security, Personnel, Information,
and Communication Technology (ICT) security and Physical Security. The affirmation model
will give the procedures to evaluation of data security as far as satisfying privacy, uprightness,
and accessibility (Commissioner for Privacy and Data Protection, 2015). The dangers and
concerns considered by Victoria Government are shown above (refer Figure 1).
Question 2.
Provide detailed explanation of the diagram and identify the areas of: high, medium, medium-
low, and low risk exposure.
Solution 2.
Figure 1 gives the way to deal with VPDSF in building up their standards and methods for data
security. It must be noticed that the dangers and concerns are recorded which must be considered
for their level of effect. The confirmation display gives the classification, honesty, and
accessibility which frame the reason for guaranteeing data esteem and their security standards
must be created in like manner (Australian Government, 2017). The risk rating is done to
comprehend the level of effect. The rating gave is Low, Moderate, High and Critical in light of
the seriousness of the effect. The risk rating network for the risk related to VPDSF is given in the
framework underneath:
Data Security is always at the high risk which can result to loss of information. Network Security
is having medium risk of exposure and can have consequences of service disruption. Breach of
privacy is also having medium range of risk exposure and can cause the loss the data from the
server. Critical services have medium-low risk exposure with consequence of loss of data or
other assets. Unauthorized access can have medium-low or medium level of risk exposure and
can cause loss of data. Insider Threat is exposed to low and medium-low risk and it can cause
data loss. Deliberate threats have potentially high and medium level of risk exposure and it can
cause loss of data and systems. Accidental threats are the area having medium and medium-low
risk with consequence of loss in data and system. Inadequate access control can have medium
Secure Best Marks with AI Grader
Need help grading? Try our AI Grader for instant feedback on your assignments.
level of risk and it can have consequence of data and system hijacking. Incorrect configurations
also have high or medium level of risk exposure and can cause loss of data and system. Business
risk has medium-low or low and Natural calamities can have medium risk exposures.
Question 3.
Carry out comparative analysis of the Deliberate and Accidental Threats and rank those threats in
order of importance. Justify your rankings not only on the basis of the case study but also by the
means of doing further research and drawing upon other relevant case studies (e.g. Security
guidelines for other private and public organizations) that you can identify.
Solution 3.
Deliberate Threat alludes to annihilation or control of an administration or hardware either
stubbornly or discarded by restriction or noncompliance. Wellsprings of think dangers
incorporate miserable representatives or specialists, activists, offenders, programmers and
additionally operators from different countries. Ponder dangers can bring about loss of privacy,
accessibility, trustworthiness, responsibility, legitimacy, and dependability which additionally
prompts the Monetary misfortune, Loss of notoriety, Breakdown of legitimate care, Injury or
passing of life, Breakdown of open administrations or security rupture to government, Violation
of consistence and Disruptions or harm to basic frameworks. The deliberate thereat may cause
the denial of service, issue of fire, virus or malicious code; destroy all data or other assets, fraud,
unauthorized access and even it can cause changes in software (Shahri & Ismail, 2012).
Accidental threat happen because of blunders or absentmindedness. Ordinarily, the purposes
behind data security issues are oversights or blunders by representatives or insiders. At times,
these blunders can be a risk, for example, loss of imperative information, framework crash,
unapproved client picking up control to frameworks, et cetera. Coincidental dangers upgrade the
weakness in inaccurately arranged frameworks, databases or powerless controls which have the
potential for abuse. Unplanned dangers can in a few circumstances prompt harm, however for the
most part they are dealt with as a blunder or an oversight (Oluwasefunmi, Adio, Zhi, &
Xiaoguang, 2011). The accidental threats can prompt Business disturbances, Loss of certainty or
also have high or medium level of risk exposure and can cause loss of data and system. Business
risk has medium-low or low and Natural calamities can have medium risk exposures.
Question 3.
Carry out comparative analysis of the Deliberate and Accidental Threats and rank those threats in
order of importance. Justify your rankings not only on the basis of the case study but also by the
means of doing further research and drawing upon other relevant case studies (e.g. Security
guidelines for other private and public organizations) that you can identify.
Solution 3.
Deliberate Threat alludes to annihilation or control of an administration or hardware either
stubbornly or discarded by restriction or noncompliance. Wellsprings of think dangers
incorporate miserable representatives or specialists, activists, offenders, programmers and
additionally operators from different countries. Ponder dangers can bring about loss of privacy,
accessibility, trustworthiness, responsibility, legitimacy, and dependability which additionally
prompts the Monetary misfortune, Loss of notoriety, Breakdown of legitimate care, Injury or
passing of life, Breakdown of open administrations or security rupture to government, Violation
of consistence and Disruptions or harm to basic frameworks. The deliberate thereat may cause
the denial of service, issue of fire, virus or malicious code; destroy all data or other assets, fraud,
unauthorized access and even it can cause changes in software (Shahri & Ismail, 2012).
Accidental threat happen because of blunders or absentmindedness. Ordinarily, the purposes
behind data security issues are oversights or blunders by representatives or insiders. At times,
these blunders can be a risk, for example, loss of imperative information, framework crash,
unapproved client picking up control to frameworks, et cetera. Coincidental dangers upgrade the
weakness in inaccurately arranged frameworks, databases or powerless controls which have the
potential for abuse. Unplanned dangers can in a few circumstances prompt harm, however for the
most part they are dealt with as a blunder or an oversight (Oluwasefunmi, Adio, Zhi, &
Xiaoguang, 2011). The accidental threats can prompt Business disturbances, Loss of certainty or
notoriety, Financial or information misfortune, unexpected costs because of off base choices in
the association, Breakdown of legitimate liabilities. The accidental threat can cause network
failure, operational failure of outsourced part, absenteeism, wrong understanding of any message
and technical failure.
The comparative analysis of above two threats: vulnerabilities emerge because of consider
dangers can bring about equipment disappointments, information misfortune, programming or
application harm and harm to frameworks. These are caused by occasions, for example, infection
assault, hacks, or insider assault or fire or tremor. In every one of these cases the effect can be
direct to high and in the circumstance when the association does not have an information
reinforcement strategy while information is lost, this can have a basic negative effect on the
association. While dangers are investigated, arrange breakdowns can significantly affect benefit
disturbances, information winds up plainly inaccessible and unwavering quality decays
(Department of Commerce, 2003).
Similarly, the effect of cataclysmic events, for example, fire or seismic tremor can bring about
physical harm to offices. On account of unintentional dangers, the effect is on the loss of
information, basic information falling into wrong hands, erasure or inadvertent alteration of
information. This effect likewise has a suggestion on accessibility, secrecy, and trustworthiness
of information and resources. Notwithstanding, these issues can be settled by guaranteeing
satisfactory safety efforts, for example, validation and guaranteeing appropriate design of
frameworks and the system. It might be noticed that regardless of the kind of risk the harm is
more on information and on offices.
Question 4.
While drawing upon theories, tools and patterns covered in the subject as well as your own
research, explain the challenges that the VIC government is going to face while deciding on
whether security/risk management should be carried out internally or externally (e.g. via
outsourcing).
the association, Breakdown of legitimate liabilities. The accidental threat can cause network
failure, operational failure of outsourced part, absenteeism, wrong understanding of any message
and technical failure.
The comparative analysis of above two threats: vulnerabilities emerge because of consider
dangers can bring about equipment disappointments, information misfortune, programming or
application harm and harm to frameworks. These are caused by occasions, for example, infection
assault, hacks, or insider assault or fire or tremor. In every one of these cases the effect can be
direct to high and in the circumstance when the association does not have an information
reinforcement strategy while information is lost, this can have a basic negative effect on the
association. While dangers are investigated, arrange breakdowns can significantly affect benefit
disturbances, information winds up plainly inaccessible and unwavering quality decays
(Department of Commerce, 2003).
Similarly, the effect of cataclysmic events, for example, fire or seismic tremor can bring about
physical harm to offices. On account of unintentional dangers, the effect is on the loss of
information, basic information falling into wrong hands, erasure or inadvertent alteration of
information. This effect likewise has a suggestion on accessibility, secrecy, and trustworthiness
of information and resources. Notwithstanding, these issues can be settled by guaranteeing
satisfactory safety efforts, for example, validation and guaranteeing appropriate design of
frameworks and the system. It might be noticed that regardless of the kind of risk the harm is
more on information and on offices.
Question 4.
While drawing upon theories, tools and patterns covered in the subject as well as your own
research, explain the challenges that the VIC government is going to face while deciding on
whether security/risk management should be carried out internally or externally (e.g. via
outsourcing).
Solution 4.
The VPDSF rules and standards likewise give extension to outsourcing the security
administration and risk appraisal with outside gatherings. To have a far reaching risk appraisal
and administration system, the accompanying concerns must be tended to by VPDSF
(Government of Australia. Department of Defense, 2016). These worries includes,
The organization chose to outsource or lead an inner appraisal will guarantee applicable
data security needs are required to be satisfied with data security strategies and methods.
These data security techniques must be incorporated into the terms and states of the
defensive security contract. This must be guaranteed.
The worry of sub-contracting must be tended sufficiently. It must be guaranteed that no
administration or capacity which approaches official data is sub-contracted to an alternate
supplier. On the off chance that sub-contracting is required, composed endorsement must
be acquired by the outsourcing office. This is critical to guarantee information secrecy
and to ensure the protection of information.
The specialist organization must guarantee to unveil potential irreconcilable
circumstances with the office which can likely affect the security and execution of
capacities or potential benefits which are done in the interest of the Australian
government.
Concerns are identified with leeway for workers of the specialist co-op. The specialist co-
op workers must be cleared to a proper level on the off chance that they require access to
grouped data.
Concerns of information misfortune or robbery must be tended to with the specialist
organization. It is vital in the interest of the specialist co-op to guarantee sufficient
storerooms or premises are accessible to deal with and store ordered data. These offices
must satisfy certain base measures that are satisfactory to deal with official and private
data up to the named security order level.
Since information is put away at the specialist organization office, it must be guaranteed
the supplier's offices are intended to satisfy data security benchmarks for electronic
The VPDSF rules and standards likewise give extension to outsourcing the security
administration and risk appraisal with outside gatherings. To have a far reaching risk appraisal
and administration system, the accompanying concerns must be tended to by VPDSF
(Government of Australia. Department of Defense, 2016). These worries includes,
The organization chose to outsource or lead an inner appraisal will guarantee applicable
data security needs are required to be satisfied with data security strategies and methods.
These data security techniques must be incorporated into the terms and states of the
defensive security contract. This must be guaranteed.
The worry of sub-contracting must be tended sufficiently. It must be guaranteed that no
administration or capacity which approaches official data is sub-contracted to an alternate
supplier. On the off chance that sub-contracting is required, composed endorsement must
be acquired by the outsourcing office. This is critical to guarantee information secrecy
and to ensure the protection of information.
The specialist organization must guarantee to unveil potential irreconcilable
circumstances with the office which can likely affect the security and execution of
capacities or potential benefits which are done in the interest of the Australian
government.
Concerns are identified with leeway for workers of the specialist co-op. The specialist co-
op workers must be cleared to a proper level on the off chance that they require access to
grouped data.
Concerns of information misfortune or robbery must be tended to with the specialist
organization. It is vital in the interest of the specialist co-op to guarantee sufficient
storerooms or premises are accessible to deal with and store ordered data. These offices
must satisfy certain base measures that are satisfactory to deal with official and private
data up to the named security order level.
Since information is put away at the specialist organization office, it must be guaranteed
the supplier's offices are intended to satisfy data security benchmarks for electronic
Paraphrase This Document
Need a fresh take? Get an instant paraphrase of this document with our AI Paraphraser
handling or capacity, transmission, and transfer of characterized data. This must be in
conformance with the Australian Government Security Manual. In this manner, this
worry must be considered amid outsourcing.
The organization must address the worry for potential legitimate rights in light of the fact
that the administration gives will approach the office's classified data. The lawful rights
will be held by the office with the specialist organization in circumstances when there is
an infringement of the terms and conditions. Be that as it may, to the degree conceivable
the terms are made to ensure data against outsider access.
Notwithstanding the over, the office should likewise deliver the worry identified with the
misfortune or trade off of authority data took care of by the specialist co-op. Sufficient measures
must be taken to incorporate conditions in the agreement which will relieve any assessed
dangers.
Question 5.
Explain the difference between the concepts of ‘’Risk’’ and ‘’Uncertainty’’ (make sure that your
discussion is linked to the case considered).
Solution 5.
Risk
Risk alludes to a negative case or an event. More often than not, chance likewise infers the state
of vulnerability that has either a positive or a negative impact on the security targets identified
with data administration in VPDSF. The risk is an aftereffect of a reason, which can be either
positive or negative. Risks are described as beneath:
The potential for an occasion to unfurl or develop amid the undertaking is comprehended
as the potential risk. For instance, on account of a danger of system assaults, the risk
when it happens will bring about the issue of accessibility.
conformance with the Australian Government Security Manual. In this manner, this
worry must be considered amid outsourcing.
The organization must address the worry for potential legitimate rights in light of the fact
that the administration gives will approach the office's classified data. The lawful rights
will be held by the office with the specialist organization in circumstances when there is
an infringement of the terms and conditions. Be that as it may, to the degree conceivable
the terms are made to ensure data against outsider access.
Notwithstanding the over, the office should likewise deliver the worry identified with the
misfortune or trade off of authority data took care of by the specialist co-op. Sufficient measures
must be taken to incorporate conditions in the agreement which will relieve any assessed
dangers.
Question 5.
Explain the difference between the concepts of ‘’Risk’’ and ‘’Uncertainty’’ (make sure that your
discussion is linked to the case considered).
Solution 5.
Risk
Risk alludes to a negative case or an event. More often than not, chance likewise infers the state
of vulnerability that has either a positive or a negative impact on the security targets identified
with data administration in VPDSF. The risk is an aftereffect of a reason, which can be either
positive or negative. Risks are described as beneath:
The potential for an occasion to unfurl or develop amid the undertaking is comprehended
as the potential risk. For instance, on account of a danger of system assaults, the risk
when it happens will bring about the issue of accessibility.
Risks can be quantifiable as a danger which as a rule prompts a negative effect on data
security. More often than not, dangers can be seen as being difficult for information, and
are evaluated as far as their potential effect on data frameworks and their probability of
event.
The outcome of risk is vulnerable. Security administration is a questionable zone,
because of new and complex dangers that rise which look to distinguish vulnerabilities in
data frameworks. Note that vulnerability is an immaterial territory which can't be
measured in genuine terms however may emerge to make an effect.
Risks are socially constructed and can be arranged and consequently can be considered as
subjective. It must be noticed that risk is not a property of a protest or relic, but rather
created by people in light of conditions and conceded to the circumstance or on the
question. The risk is assessed in light of various conditions the question will connect
with.
Risks make an effect on the venture in which they happen. For example, on account of
the security system, dangers are assessed to the most extreme degree conceivable to
create safety efforts to guarantee data assurance. In this way, the risk is comprehended as
a vulnerability which will influence at least one of the targets when it happens.
Vulnerability
Vulnerability in ventures is innate and mirrors the obscure. Thusly vulnerability is seen as a
condition of the obscure. For instance, on account of unplanned dangers, a client accidentally
erasing information, or unwittingly altering some framework setups unconsciously can represent
a risk or helplessness. Subsequently, risk administration will guarantee to defeat vulnerabilities
in the framework. The qualities of vulnerability are as per the following:
The condition of an accident is vulnerable. This further suggests with vulnerability there
is no evident conviction over a conceivable result in a particular arrangement of
conditions. It incorporates everything which is known or questionable as far as safety
efforts and perceives the specialized capacities of the association to oversee it.
security. More often than not, dangers can be seen as being difficult for information, and
are evaluated as far as their potential effect on data frameworks and their probability of
event.
The outcome of risk is vulnerable. Security administration is a questionable zone,
because of new and complex dangers that rise which look to distinguish vulnerabilities in
data frameworks. Note that vulnerability is an immaterial territory which can't be
measured in genuine terms however may emerge to make an effect.
Risks are socially constructed and can be arranged and consequently can be considered as
subjective. It must be noticed that risk is not a property of a protest or relic, but rather
created by people in light of conditions and conceded to the circumstance or on the
question. The risk is assessed in light of various conditions the question will connect
with.
Risks make an effect on the venture in which they happen. For example, on account of
the security system, dangers are assessed to the most extreme degree conceivable to
create safety efforts to guarantee data assurance. In this way, the risk is comprehended as
a vulnerability which will influence at least one of the targets when it happens.
Vulnerability
Vulnerability in ventures is innate and mirrors the obscure. Thusly vulnerability is seen as a
condition of the obscure. For instance, on account of unplanned dangers, a client accidentally
erasing information, or unwittingly altering some framework setups unconsciously can represent
a risk or helplessness. Subsequently, risk administration will guarantee to defeat vulnerabilities
in the framework. The qualities of vulnerability are as per the following:
The condition of an accident is vulnerable. This further suggests with vulnerability there
is no evident conviction over a conceivable result in a particular arrangement of
conditions. It incorporates everything which is known or questionable as far as safety
efforts and perceives the specialized capacities of the association to oversee it.
Uncertainty alludes to absence of data. Absence of data alludes to missing data. For
instance, data identified with insider risk can be absent while creating security standards.
This can posture powerlessness for the office. Vulnerability can likewise be
comprehended as having halfway data identified with a circumstance or a conceivable
outcome. As it were, it is the distinction between the required data and the information
officially accessible, which suggests lacking data. Thus no data must be overlooked when
it is dubious in data security.
Uncertainty cannot be analyzed by any examination. On account of dangers, it is
quantifiable and the likelihood of event can be evaluated. While creating security
administration standards, after the sum total of what dangers have been distinguished and
assessed, vulnerability can represent a risk since it is dubious.
Uncertainty prompts data security chance. Vulnerability and dangers are firmly related in
every aspect of security of data. Any vulnerability or risk can bring about information
misfortune which can be harm the association to a vast degree.
Uncertainty can be either positive or negative. It must be noticed the level of
vulnerability increments in dealing with all open doors and the dangers. The positive
factor is that the undertaking can give new open doors which can be abused for better
results. In the meantime because of vulnerabilities related with every open door can bring
about a negative effect for the undertaking.
Question6.
Discuss and evaluate (with examples) different approaches available to the VIC government for
risk control and mitigation.
Solution 6.
So as to control dangers, VIC can pick the four risk administration systems (Bromiley, McShane,
Nair, & Rustambekov, 2014) as beneath:
instance, data identified with insider risk can be absent while creating security standards.
This can posture powerlessness for the office. Vulnerability can likewise be
comprehended as having halfway data identified with a circumstance or a conceivable
outcome. As it were, it is the distinction between the required data and the information
officially accessible, which suggests lacking data. Thus no data must be overlooked when
it is dubious in data security.
Uncertainty cannot be analyzed by any examination. On account of dangers, it is
quantifiable and the likelihood of event can be evaluated. While creating security
administration standards, after the sum total of what dangers have been distinguished and
assessed, vulnerability can represent a risk since it is dubious.
Uncertainty prompts data security chance. Vulnerability and dangers are firmly related in
every aspect of security of data. Any vulnerability or risk can bring about information
misfortune which can be harm the association to a vast degree.
Uncertainty can be either positive or negative. It must be noticed the level of
vulnerability increments in dealing with all open doors and the dangers. The positive
factor is that the undertaking can give new open doors which can be abused for better
results. In the meantime because of vulnerabilities related with every open door can bring
about a negative effect for the undertaking.
Question6.
Discuss and evaluate (with examples) different approaches available to the VIC government for
risk control and mitigation.
Solution 6.
So as to control dangers, VIC can pick the four risk administration systems (Bromiley, McShane,
Nair, & Rustambekov, 2014) as beneath:
Secure Best Marks with AI Grader
Need help grading? Try our AI Grader for instant feedback on your assignments.
Risk evasion: This alludes to actualizing shields which dispose of or limits the
uncontrolled outstanding dangers for vulnerabilities. This methodology averts promote abuse of
the helplessness.
Transference: Transference alludes to moving of risk to other outer elements.
Alleviation: Mitigation is to decrease the effect when weakness is abused.
Acknowledgment: Acceptance technique will acknowledge the risk without control or
alleviation.
Shirking can be acknowledged by applying the arrangement, preparing, and training to staff,
overseeing dangers, and executing security controls and precautionary measures. Transference is
accomplished by inspecting on how administrations are given, reexamining deployment models,
outsourcing to outsiders, buying protection or by an administration contract with suppliers.
Alleviation approach will have plans for fiasco recuperation, episode reaction, and business
congruity. In conclusion, acknowledgment will acknowledge the result of a subsequent misuse.
Risk system will guarantee to lessen the probability of helplessness and limit the effect of risk
event. VIC having built up a complete data security intend to deal with dangers and assurances
must guarantee to assess, evaluate and keep up chance controls progressively.
References
Australian Government. (2017). Risk management - A tool for small-to-medium sized businesses.
Retrieved August 26, 2017, from http://www.austrac.gov.au: http://www.austrac.gov.au/risk-
management-tool-small-medium-sized-businesses
Bromiley, P., McShane, M., Nair, A., & Rustambekov, E. (2014). Enterprise Risk Management: Review,
Critique, and Research Directions. Retrieved August 26, 2017, from
http://www.sciencedirect.com:
http://www.sciencedirect.com/science/article/pii/S0024630114000582
uncontrolled outstanding dangers for vulnerabilities. This methodology averts promote abuse of
the helplessness.
Transference: Transference alludes to moving of risk to other outer elements.
Alleviation: Mitigation is to decrease the effect when weakness is abused.
Acknowledgment: Acceptance technique will acknowledge the risk without control or
alleviation.
Shirking can be acknowledged by applying the arrangement, preparing, and training to staff,
overseeing dangers, and executing security controls and precautionary measures. Transference is
accomplished by inspecting on how administrations are given, reexamining deployment models,
outsourcing to outsiders, buying protection or by an administration contract with suppliers.
Alleviation approach will have plans for fiasco recuperation, episode reaction, and business
congruity. In conclusion, acknowledgment will acknowledge the result of a subsequent misuse.
Risk system will guarantee to lessen the probability of helplessness and limit the effect of risk
event. VIC having built up a complete data security intend to deal with dangers and assurances
must guarantee to assess, evaluate and keep up chance controls progressively.
References
Australian Government. (2017). Risk management - A tool for small-to-medium sized businesses.
Retrieved August 26, 2017, from http://www.austrac.gov.au: http://www.austrac.gov.au/risk-
management-tool-small-medium-sized-businesses
Bromiley, P., McShane, M., Nair, A., & Rustambekov, E. (2014). Enterprise Risk Management: Review,
Critique, and Research Directions. Retrieved August 26, 2017, from
http://www.sciencedirect.com:
http://www.sciencedirect.com/science/article/pii/S0024630114000582
Commissioner for Privacy and Data Protection. (2015). Victorian Protective Data Security Framework
(VPDSF). Retrieved August 26, 2017, from www.cpdp.vic.gov.au:
https://www.cpdp.vic.gov.au/menu-data-security/victorian-protective-data-security-
framework/vpdsf
Department of Commerce. (2003, une). Information Security Guideline for NSW Government - Part 2 .
Retrieved August 26, 2017, from http://www.albany.edu:
http://www.albany.edu/acc/courses/ia/inf766/nswinfosecriskmanagementpt21997.pdf
Government of Australia. Department of Defense. (2016). Australian Government nformation Security
Manual. Retrieved August 26, 2017, from www.asd.gov.au:
https://www.asd.gov.au/publications/Information_Security_Manual_2016_Controls.pdf
Oluwasefunmi, A., Adio, A., Zhi, J., & Xiaoguang, Y. (2011). Vulnerability Analysis Approach To Capturing
Information System Safety Threats and Requirements. International Journal of Software
Engineering and Its Applications.
Shahri, A. B., & Ismail, Z. (2012). A Tree Model for Identification of Threats as the First Stage of Risk
Assessment in HIS. Journal of Information Security, 169-176.
(VPDSF). Retrieved August 26, 2017, from www.cpdp.vic.gov.au:
https://www.cpdp.vic.gov.au/menu-data-security/victorian-protective-data-security-
framework/vpdsf
Department of Commerce. (2003, une). Information Security Guideline for NSW Government - Part 2 .
Retrieved August 26, 2017, from http://www.albany.edu:
http://www.albany.edu/acc/courses/ia/inf766/nswinfosecriskmanagementpt21997.pdf
Government of Australia. Department of Defense. (2016). Australian Government nformation Security
Manual. Retrieved August 26, 2017, from www.asd.gov.au:
https://www.asd.gov.au/publications/Information_Security_Manual_2016_Controls.pdf
Oluwasefunmi, A., Adio, A., Zhi, J., & Xiaoguang, Y. (2011). Vulnerability Analysis Approach To Capturing
Information System Safety Threats and Requirements. International Journal of Software
Engineering and Its Applications.
Shahri, A. B., & Ismail, Z. (2012). A Tree Model for Identification of Threats as the First Stage of Risk
Assessment in HIS. Journal of Information Security, 169-176.
1 out of 12
Related Documents
![[object Object]](/_next/image/?url=%2F_next%2Fstatic%2Fmedia%2Flogo.6d15ce61.png&w=640&q=75){kind=small}
Your All-in-One AI-Powered Toolkit for Academic Success.
+13062052269
info@desklib.com
Available 24*7 on WhatsApp / Email
![[object Object]](/_next/static/media/star-bottom.7253800d.svg)
Unlock your academic potential
© 2024 | Zucol Services PVT LTD | All rights reserved.