Risk Management and Mitigation Strategies
VerifiedAdded on  2020/02/19
|17
|3744
|61
AI Summary
This assignment delves into the crucial topic of risk management and mitigation. It examines different approaches to identifying, assessing, and managing risks across various domains. The document explores key concepts such as risk analysis, vulnerability assessment, and control measures. It also highlights the importance of effective risk communication and stakeholder engagement in successful risk management.
Contribute Materials
Your contribution can guide someone’s learning journey. Share your
documents today.
Running head: IT RISK MANAGEMENT
IT Risk Management
Name of the Student
Name of the University
Author Note
IT Risk Management
Name of the Student
Name of the University
Author Note
Secure Best Marks with AI Grader
Need help grading? Try our AI Grader for instant feedback on your assignments.
1
IT RISK MANAGEMENT
Table of Contents
Introduction..........................................................................................................................3
1. Diagram to Illustrate the Security Issues in VIC.............................................................3
2. Risk Areas........................................................................................................................4
2.1 Exposure of Risk........................................................................................................5
2.1.1 High Risk Area...................................................................................................5
2.1.2. Medium Risk Area.............................................................................................5
2.1.3 Low Risk Areas..................................................................................................6
3. Deliberate and Accidental Threats...................................................................................6
3.1. Deliberate Threats.....................................................................................................6
3.2 Accidental Threats.....................................................................................................6
3.3 Risk Ranking.............................................................................................................7
4. Security/ Risk management Issues in the organization...................................................8
4.1 Internal Security/ Risk Management.........................................................................8
4.2. External Security/Risk Management........................................................................9
4.3 The Risk Management Strategy for VIC...................................................................9
5. Risk Vs Uncertainty......................................................................................................10
5.1 Risk..........................................................................................................................10
5.2. Uncertainty.............................................................................................................11
6. Risk Control and Risk Mitigation..................................................................................11
IT RISK MANAGEMENT
Table of Contents
Introduction..........................................................................................................................3
1. Diagram to Illustrate the Security Issues in VIC.............................................................3
2. Risk Areas........................................................................................................................4
2.1 Exposure of Risk........................................................................................................5
2.1.1 High Risk Area...................................................................................................5
2.1.2. Medium Risk Area.............................................................................................5
2.1.3 Low Risk Areas..................................................................................................6
3. Deliberate and Accidental Threats...................................................................................6
3.1. Deliberate Threats.....................................................................................................6
3.2 Accidental Threats.....................................................................................................6
3.3 Risk Ranking.............................................................................................................7
4. Security/ Risk management Issues in the organization...................................................8
4.1 Internal Security/ Risk Management.........................................................................8
4.2. External Security/Risk Management........................................................................9
4.3 The Risk Management Strategy for VIC...................................................................9
5. Risk Vs Uncertainty......................................................................................................10
5.1 Risk..........................................................................................................................10
5.2. Uncertainty.............................................................................................................11
6. Risk Control and Risk Mitigation..................................................................................11
2
IT RISK MANAGEMENT
6.1. Risk Mitigation: Risk Transfer...............................................................................11
6.2. Risk Mitigation: Risk Control................................................................................12
6.3. Risk Mitigation: Risk Avoidance...........................................................................12
6.4 Risk Mitigation: Risk Monitoring...........................................................................12
Conclusion.........................................................................................................................12
References..........................................................................................................................14
IT RISK MANAGEMENT
6.1. Risk Mitigation: Risk Transfer...............................................................................11
6.2. Risk Mitigation: Risk Control................................................................................12
6.3. Risk Mitigation: Risk Avoidance...........................................................................12
6.4 Risk Mitigation: Risk Monitoring...........................................................................12
Conclusion.........................................................................................................................12
References..........................................................................................................................14
3
IT RISK MANAGEMENT
Introduction
The report focuses on the information security system of the VIC government that is
facing certain information security risks. The issue is important because the confidential
information of the Victorian government should be properly protected in order prevent the data
breach and the loss of data and information (Healey, 2016). The report discusses the current
security risks Victorian government is facing and the area of risk exposure. The problems that
Victorian government might face due to its exposure towards the deliberate and the accidental
threats are elaborated in the report. Enforcement of a proper data security standard is essential for
protection and security of the confidential information of a system. The report discusses the area
of high, medium and low risks penetrating in the system. Furthermore, the report contains a
diagrammatic representation of the risks, the government is exposed to and their possible causes.
The information security system should be efficient enough to prevent the threats from
penetrating into the system. The Threats, risks and the risk management plan of the Victorian
government is elaborated in the following paragraphs.
1. Diagram to Illustrate the Security Issues in VIC
IT RISK MANAGEMENT
Introduction
The report focuses on the information security system of the VIC government that is
facing certain information security risks. The issue is important because the confidential
information of the Victorian government should be properly protected in order prevent the data
breach and the loss of data and information (Healey, 2016). The report discusses the current
security risks Victorian government is facing and the area of risk exposure. The problems that
Victorian government might face due to its exposure towards the deliberate and the accidental
threats are elaborated in the report. Enforcement of a proper data security standard is essential for
protection and security of the confidential information of a system. The report discusses the area
of high, medium and low risks penetrating in the system. Furthermore, the report contains a
diagrammatic representation of the risks, the government is exposed to and their possible causes.
The information security system should be efficient enough to prevent the threats from
penetrating into the system. The Threats, risks and the risk management plan of the Victorian
government is elaborated in the following paragraphs.
1. Diagram to Illustrate the Security Issues in VIC
Secure Best Marks with AI Grader
Need help grading? Try our AI Grader for instant feedback on your assignments.
4
IT RISK MANAGEMENT
Figure 1: Illustration of Current Security Risks and Threats in VIC Government
(Source: Created by the author in MS Visio)
2. Risk Areas
The figure illustrated above depicts a clear picture of the security risks and threats
associated with Victorian government. The major security risks associated with the organization
is definitely the security threat because of the insider. This is particularly because the insider has
a proper knowledge about the security features of the organization and therefore can misuse the
information for its own benefit. Apart from this, the threat involved in the system includes
IT RISK MANAGEMENT
Figure 1: Illustration of Current Security Risks and Threats in VIC Government
(Source: Created by the author in MS Visio)
2. Risk Areas
The figure illustrated above depicts a clear picture of the security risks and threats
associated with Victorian government. The major security risks associated with the organization
is definitely the security threat because of the insider. This is particularly because the insider has
a proper knowledge about the security features of the organization and therefore can misuse the
information for its own benefit. Apart from this, the threat involved in the system includes
5
IT RISK MANAGEMENT
storage of data in the cloud storage that indicates major security concerns and privacy issues.
Furthermore, the manual record keeping is also an important area of security risks (Cardona et
al., 2012). Apart from this the other minor threats or security risks associated with the system is
the active monitoring of the database and the cloud storage that requires proper attention. The
different areas of risk include, high, medium and low risk exposure are identified and elaborated
in the following paragraph.
2.1 Exposure of Risk
Areas of risk and the risk exposure are essential to determine in order to determine the
impact of the risk (Behl & Behl, 2012). The risks associated with the Victorian government are
classified into the areas of high, medium and low risk exposure.
2.1.1 High Risk Area
The high-risk area of the Victorian government is definitely the security threat due to
insider along with the manual access of the data. This must be taken care of with highest priority
in order to control and manage the risk. Proper data security must be implemented in order to
eliminate these risks (Haimes, 2015).
2.1.2. Medium Risk Area
The area of medium risk exposure includes the storage of data in the cloud. The cloud
storage of data is very simple and easy to use but has certain security concerns associated with
the system. The cloud storage is vulnerable to attacks and therefore proper security measures are
needed to be implemented in order to manage and control the risk. Proper security measures are
to be taken to protect the data confidentiality (Bommer, Crowley & Pinho, 2015).
IT RISK MANAGEMENT
storage of data in the cloud storage that indicates major security concerns and privacy issues.
Furthermore, the manual record keeping is also an important area of security risks (Cardona et
al., 2012). Apart from this the other minor threats or security risks associated with the system is
the active monitoring of the database and the cloud storage that requires proper attention. The
different areas of risk include, high, medium and low risk exposure are identified and elaborated
in the following paragraph.
2.1 Exposure of Risk
Areas of risk and the risk exposure are essential to determine in order to determine the
impact of the risk (Behl & Behl, 2012). The risks associated with the Victorian government are
classified into the areas of high, medium and low risk exposure.
2.1.1 High Risk Area
The high-risk area of the Victorian government is definitely the security threat due to
insider along with the manual access of the data. This must be taken care of with highest priority
in order to control and manage the risk. Proper data security must be implemented in order to
eliminate these risks (Haimes, 2015).
2.1.2. Medium Risk Area
The area of medium risk exposure includes the storage of data in the cloud. The cloud
storage of data is very simple and easy to use but has certain security concerns associated with
the system. The cloud storage is vulnerable to attacks and therefore proper security measures are
needed to be implemented in order to manage and control the risk. Proper security measures are
to be taken to protect the data confidentiality (Bommer, Crowley & Pinho, 2015).
6
IT RISK MANAGEMENT
2.1.3 Low Risk Areas
The area of low risk exposure includes the VIC government database. The accidental
threats that are incorporated with the manual record keeping and are erroneous data entry are the
primary causes of the risk. This risk can be eliminated by imparting proper training to the users
and the database administrator. Therefore, this risk has the lowest priority.
3. Deliberate and Accidental Threats
Victorian Government is exposed to mainly two different types of threats: deliberate
threat and accidental threat. The details about the deliberate and the accidental threats along with
their order of ranking are elaborated in the following paragraphs.
3.1. Deliberate Threats
The deliberate threats include those threats that are done intentionally. The different areas
of deliberate threats include espionage threats that occur when any unauthorized person try to
access the confidential information, Information extortion, which occurs when an attacker
threatens to commit a theft for his own benefit, software attack, which includes hacking, denial
of service attack or using malicious software to fetch the information (Alcorn, Good & Pain,
2013). The deliberate threats are implied intentionally into a system with an aiming to cause
harm to the victims. Victorian government is exposed to a serious deliberate threat, as many
opportunists will be benefited with the information stored in the security system. Victorian
government should implement proper methods of detecting the deliberate threats and eliminating
it from the system as well.
3.2 Accidental Threats
IT RISK MANAGEMENT
2.1.3 Low Risk Areas
The area of low risk exposure includes the VIC government database. The accidental
threats that are incorporated with the manual record keeping and are erroneous data entry are the
primary causes of the risk. This risk can be eliminated by imparting proper training to the users
and the database administrator. Therefore, this risk has the lowest priority.
3. Deliberate and Accidental Threats
Victorian Government is exposed to mainly two different types of threats: deliberate
threat and accidental threat. The details about the deliberate and the accidental threats along with
their order of ranking are elaborated in the following paragraphs.
3.1. Deliberate Threats
The deliberate threats include those threats that are done intentionally. The different areas
of deliberate threats include espionage threats that occur when any unauthorized person try to
access the confidential information, Information extortion, which occurs when an attacker
threatens to commit a theft for his own benefit, software attack, which includes hacking, denial
of service attack or using malicious software to fetch the information (Alcorn, Good & Pain,
2013). The deliberate threats are implied intentionally into a system with an aiming to cause
harm to the victims. Victorian government is exposed to a serious deliberate threat, as many
opportunists will be benefited with the information stored in the security system. Victorian
government should implement proper methods of detecting the deliberate threats and eliminating
it from the system as well.
3.2 Accidental Threats
Paraphrase This Document
Need a fresh take? Get an instant paraphrase of this document with our AI Paraphraser
7
IT RISK MANAGEMENT
The threats that a system is exposed to mainly due to human error is termed as accidental
threat. Accidental threats are unintentional and can be eliminated with proper caution. The
number of accidental threats reported in the Victorian Government is huge mainly due to the
involvement of untrained employees. An organization is exposed to accidental threats only due
to its employees. Outsiders can never be a reason of accidental threats. Accidental threats lead to
certain circumstances that causes potential harm to the system in form of disclosure or
modification of data due to human error. The effects of accidental threats are therefore very
minor and can be eliminated from the system with little labor (Man et al., 2013). Victorian
government can eliminate the accidental threats by training their employees regarding the current
issues the government is facing.
3.3 Risk Ranking
The deliberate and the accidental threats are ranked on basic of their severity and the
negative effect an organization might face. Deliberate threat is more dangerous than accidental
threat and therefore it is ranked at number one.
Rank 1: Deliberate Threat: Deliberate threats hold the number one position because the
information system of the Victorian government is probable of causing serious damage and data
loss to the information security system. Deliberate threats include access of information by
hacking into the system or by other malicious acts, which may result in serious data and
information loss (Luiijf, 2012). Therefore, this threat is allocated the number one ranking so that
Victorian government look into the matter with greater priority and importance and implement
necessary actions to eliminate any sort of deliberate risks from the system in order to protect
confidential information of the organization.
IT RISK MANAGEMENT
The threats that a system is exposed to mainly due to human error is termed as accidental
threat. Accidental threats are unintentional and can be eliminated with proper caution. The
number of accidental threats reported in the Victorian Government is huge mainly due to the
involvement of untrained employees. An organization is exposed to accidental threats only due
to its employees. Outsiders can never be a reason of accidental threats. Accidental threats lead to
certain circumstances that causes potential harm to the system in form of disclosure or
modification of data due to human error. The effects of accidental threats are therefore very
minor and can be eliminated from the system with little labor (Man et al., 2013). Victorian
government can eliminate the accidental threats by training their employees regarding the current
issues the government is facing.
3.3 Risk Ranking
The deliberate and the accidental threats are ranked on basic of their severity and the
negative effect an organization might face. Deliberate threat is more dangerous than accidental
threat and therefore it is ranked at number one.
Rank 1: Deliberate Threat: Deliberate threats hold the number one position because the
information system of the Victorian government is probable of causing serious damage and data
loss to the information security system. Deliberate threats include access of information by
hacking into the system or by other malicious acts, which may result in serious data and
information loss (Luiijf, 2012). Therefore, this threat is allocated the number one ranking so that
Victorian government look into the matter with greater priority and importance and implement
necessary actions to eliminate any sort of deliberate risks from the system in order to protect
confidential information of the organization.
8
IT RISK MANAGEMENT
Rank 2: Accidental Threats
Accidental threats are allotted the second position because effect of these threats can be
easily controlled or mitigated (Jouini, Rabai & Aissa, 2014). In Victorian government, the
accidental threats are the result of human error and therefore it can be easily controllable.
4. Security/ Risk management Issues in the organization
Risk is unavoidable and therefore, it should be managed with greater priority. A risk is a
probability of damage that may occur due to the result of external and internal vulnerabilities.
Risk implies future uncertainty and deviation from expected or calculated result. Therefore, an
effective risk management plan is essential to eliminate the negative effects of the risk. There are
mainly two different processes of risk management, internal risk management and the external
risk management. The risk management plan suitable for the Victorian government is discussed
in the following paragraphs.
4.1 Internal Security/ Risk Management
Internal security risk management includes the internal employees of an organization and
authorities to come together in resolving a problem and eliminating a risk. This is an effective
risk management strategy where the insider of an organization come together to eliminate the
risk. Internal risk management helps in elimination of the minor risks associated with a system.
Internal risk management does not involve any outsider in the risk management procedure and
therefore it is a cost effective solution. In this method, risk is eliminated by properly training the
user and researching about the effects and the impact of the risk. This process however, needs
involvement of honest employees, as dishonest employees may not suggest an effective solution
to the existing problem. One of the major benefits of internal risk management is that, the
IT RISK MANAGEMENT
Rank 2: Accidental Threats
Accidental threats are allotted the second position because effect of these threats can be
easily controlled or mitigated (Jouini, Rabai & Aissa, 2014). In Victorian government, the
accidental threats are the result of human error and therefore it can be easily controllable.
4. Security/ Risk management Issues in the organization
Risk is unavoidable and therefore, it should be managed with greater priority. A risk is a
probability of damage that may occur due to the result of external and internal vulnerabilities.
Risk implies future uncertainty and deviation from expected or calculated result. Therefore, an
effective risk management plan is essential to eliminate the negative effects of the risk. There are
mainly two different processes of risk management, internal risk management and the external
risk management. The risk management plan suitable for the Victorian government is discussed
in the following paragraphs.
4.1 Internal Security/ Risk Management
Internal security risk management includes the internal employees of an organization and
authorities to come together in resolving a problem and eliminating a risk. This is an effective
risk management strategy where the insider of an organization come together to eliminate the
risk. Internal risk management helps in elimination of the minor risks associated with a system.
Internal risk management does not involve any outsider in the risk management procedure and
therefore it is a cost effective solution. In this method, risk is eliminated by properly training the
user and researching about the effects and the impact of the risk. This process however, needs
involvement of honest employees, as dishonest employees may not suggest an effective solution
to the existing problem. One of the major benefits of internal risk management is that, the
9
IT RISK MANAGEMENT
employees or the insider of the organization gets a clear idea of the risk associated with a system
or process and takes necessary measures to eliminate the risk (Poolsappasit, Dewri & Ray,
2012). The minor issues or the risks associated with the Victorian government, which includes
the out of date security system, untrained users problem can be resolved effectively using the
internal risk management method. .
4.2. External Security/Risk Management
The risk management strategy, which includes the suggestion of suitable solution from an
outsourced staff, is known External risk management. The major issues of an organization that
cannot be resolved by internal risk management includes hiring of an experienced external agent
who would look into the matter, evaluate and analyzes the risks associated with a system and
recommend proper risk management strategy to eliminate those risks. An organization therefore,
uses external risk management strategy when the insider cannot identify the risk perpetrating in
the organization and the effects of the threat cannot be evaluated (Ali et al., 2014). External risk
management however, is subjected to a large amount of capital investment, as the organization
will have to pay a considerable amount to the external agent. The major benefit of the external
risk management is that, it yields guaranteed result. This is subjected to a proper decision based
on the choosing the external agent. An experienced agent is preferred as he will have a more
detailed knowledge of the risks and uncertainties, an organization is exposed to. The consultant
or the agent will however have the authority to access the important and confidential information
associated with the organization in order to evaluate and analyze the risks associated with a
system (Rakow, Heard & Newell, 2015).
4.3 The Risk Management Strategy for VIC
IT RISK MANAGEMENT
employees or the insider of the organization gets a clear idea of the risk associated with a system
or process and takes necessary measures to eliminate the risk (Poolsappasit, Dewri & Ray,
2012). The minor issues or the risks associated with the Victorian government, which includes
the out of date security system, untrained users problem can be resolved effectively using the
internal risk management method. .
4.2. External Security/Risk Management
The risk management strategy, which includes the suggestion of suitable solution from an
outsourced staff, is known External risk management. The major issues of an organization that
cannot be resolved by internal risk management includes hiring of an experienced external agent
who would look into the matter, evaluate and analyzes the risks associated with a system and
recommend proper risk management strategy to eliminate those risks. An organization therefore,
uses external risk management strategy when the insider cannot identify the risk perpetrating in
the organization and the effects of the threat cannot be evaluated (Ali et al., 2014). External risk
management however, is subjected to a large amount of capital investment, as the organization
will have to pay a considerable amount to the external agent. The major benefit of the external
risk management is that, it yields guaranteed result. This is subjected to a proper decision based
on the choosing the external agent. An experienced agent is preferred as he will have a more
detailed knowledge of the risks and uncertainties, an organization is exposed to. The consultant
or the agent will however have the authority to access the important and confidential information
associated with the organization in order to evaluate and analyze the risks associated with a
system (Rakow, Heard & Newell, 2015).
4.3 The Risk Management Strategy for VIC
Secure Best Marks with AI Grader
Need help grading? Try our AI Grader for instant feedback on your assignments.
10
IT RISK MANAGEMENT
The information security system of the VIC government is exposed to a number of threats
and security risks. The minor security risks associated with the system, which includes the old
and out of date security systems can be effectively managed using the internal risk management
strategy. However, the deliberate threats and the uncertainties that Victorian government is
exposed to might need the involvement of the external risk management. The external consultant
can help in evaluating the risks associated with VIC and therefore external risk management can
be an effective solution. The risk management strategies suggested by the external consultant
might provide a valid solution to the security risks the government is facing at this moment. This
is a very important decision and should be taken wisely. Therefore it is suggested that the
Victorian government undertake both internal and external security risk management in order to
eliminate the security issue and risks associated with the current system.
5. Risk Vs Uncertainty
Risk and uncertainty although appears similar, has varied differences. The contrasting
characters of risk and uncertainty is elaborated in the following paragraphs-
5.1 Risk
Risk associated with and organization implements the vulnerabilities associated with a
system or organization. The information system of the Victorian government is exposed to
certain risks, which includes the data security threats from an outsider, the loss of data due to
security breach and so on. This risk must be handled with highest priority in order to eliminate its
negative impacts (Silbey, 2013). The security system of VIC should be sturdy enough to
eliminate the information security risks and proper measures should be taken in order to
eliminate the risks associated. Different risk management procedures and strategies can be
IT RISK MANAGEMENT
The information security system of the VIC government is exposed to a number of threats
and security risks. The minor security risks associated with the system, which includes the old
and out of date security systems can be effectively managed using the internal risk management
strategy. However, the deliberate threats and the uncertainties that Victorian government is
exposed to might need the involvement of the external risk management. The external consultant
can help in evaluating the risks associated with VIC and therefore external risk management can
be an effective solution. The risk management strategies suggested by the external consultant
might provide a valid solution to the security risks the government is facing at this moment. This
is a very important decision and should be taken wisely. Therefore it is suggested that the
Victorian government undertake both internal and external security risk management in order to
eliminate the security issue and risks associated with the current system.
5. Risk Vs Uncertainty
Risk and uncertainty although appears similar, has varied differences. The contrasting
characters of risk and uncertainty is elaborated in the following paragraphs-
5.1 Risk
Risk associated with and organization implements the vulnerabilities associated with a
system or organization. The information system of the Victorian government is exposed to
certain risks, which includes the data security threats from an outsider, the loss of data due to
security breach and so on. This risk must be handled with highest priority in order to eliminate its
negative impacts (Silbey, 2013). The security system of VIC should be sturdy enough to
eliminate the information security risks and proper measures should be taken in order to
eliminate the risks associated. Different risk management procedures and strategies can be
11
IT RISK MANAGEMENT
implemented in order to eliminate the information security risks associated with the Victorian
government. Risk is controllable and managed and therefore it is less severe than uncertainties
that a system is exposed to (Rasmussen, 2013).
5.2. Uncertainty
Anything whose impact or effects cannot be determined or guessed is termed as
uncertainty. Uncertainty is furthermore dangerous than risk, as the effect of uncertainty can
never be predicted. Similar is the case with information security of Victorian government. There
are certain uncertainties associated with the Victorian government the major one being the
unidentified security issues and threats the organization is exposed to. Uncertainties may lead to
certain risks, which therefore is needed to be eliminated (Covello et al., 2013).
6. Risk Control and Risk Mitigation
Risk controlling is necessary to eliminate the negative effects of the threats, and
organization is exposed to. Risk mitigation works for reducing the effect of the threat or risk
present in an organization. There are certain risk management and mitigation processes that can
be considered for eliminating the associated risks. Risk mitigation is important mainly when the
risk avoidance is not possible. Identification and analyzing of the risk is very essential in order to
manage, control and mitigate the risk. Risk identification and ranking according to their adverse
effects is necessary for an effective risk management and mitigation. The external as well as the
risk management procedure can help the government in successful risk control and risk
mitigation. The different strategies that Victorian government can consider in risk controlling
and mitigation are elaborated in the following paragraphs-
6.1. Risk Mitigation: Risk Transfer
IT RISK MANAGEMENT
implemented in order to eliminate the information security risks associated with the Victorian
government. Risk is controllable and managed and therefore it is less severe than uncertainties
that a system is exposed to (Rasmussen, 2013).
5.2. Uncertainty
Anything whose impact or effects cannot be determined or guessed is termed as
uncertainty. Uncertainty is furthermore dangerous than risk, as the effect of uncertainty can
never be predicted. Similar is the case with information security of Victorian government. There
are certain uncertainties associated with the Victorian government the major one being the
unidentified security issues and threats the organization is exposed to. Uncertainties may lead to
certain risks, which therefore is needed to be eliminated (Covello et al., 2013).
6. Risk Control and Risk Mitigation
Risk controlling is necessary to eliminate the negative effects of the threats, and
organization is exposed to. Risk mitigation works for reducing the effect of the threat or risk
present in an organization. There are certain risk management and mitigation processes that can
be considered for eliminating the associated risks. Risk mitigation is important mainly when the
risk avoidance is not possible. Identification and analyzing of the risk is very essential in order to
manage, control and mitigate the risk. Risk identification and ranking according to their adverse
effects is necessary for an effective risk management and mitigation. The external as well as the
risk management procedure can help the government in successful risk control and risk
mitigation. The different strategies that Victorian government can consider in risk controlling
and mitigation are elaborated in the following paragraphs-
6.1. Risk Mitigation: Risk Transfer
12
IT RISK MANAGEMENT
Risk transfer is an important risk mitigation approach in which the negative effect of the
risk is transferred to an external stakeholder who is willing to take the responsibility of the
negative effects of the risk. Risk transfer is a secondary option of risk control and mitigation
(Webster, 2016).
6.2. Risk Mitigation: Risk Control
Risk control contains different strategies of risk management, which is chosen after
evaluating the different risk criteria and order of their impact. Risk control is generally done after
the risk is identified into the system and a proper strategy of risk management is chosen (Abdul-
Rahman, Mohd-Rahim & Chen, 2012). Risk control generally aims at decreasing the negative
impact of the risks associated with the system.
6.3. Risk Mitigation: Risk Avoidance
An effective mitigation approach is risk avoidance. Risk can be avoided when the effect
of the risk is minor and does not cause any serious harm to the organization.
6.4 Risk Mitigation: Risk Monitoring
After implementing a proper risk management strategy, monitoring of the risk is also
essential. This is necessary to prevent exposure to any new risks in the information system and
also evaluating the success percentage of the risk management strategy applied. Monitoring of
risk is therefore one of the most important risk mitigation technique (McNeil, Frey & Embrechts,
2015).
Conclusion
IT RISK MANAGEMENT
Risk transfer is an important risk mitigation approach in which the negative effect of the
risk is transferred to an external stakeholder who is willing to take the responsibility of the
negative effects of the risk. Risk transfer is a secondary option of risk control and mitigation
(Webster, 2016).
6.2. Risk Mitigation: Risk Control
Risk control contains different strategies of risk management, which is chosen after
evaluating the different risk criteria and order of their impact. Risk control is generally done after
the risk is identified into the system and a proper strategy of risk management is chosen (Abdul-
Rahman, Mohd-Rahim & Chen, 2012). Risk control generally aims at decreasing the negative
impact of the risks associated with the system.
6.3. Risk Mitigation: Risk Avoidance
An effective mitigation approach is risk avoidance. Risk can be avoided when the effect
of the risk is minor and does not cause any serious harm to the organization.
6.4 Risk Mitigation: Risk Monitoring
After implementing a proper risk management strategy, monitoring of the risk is also
essential. This is necessary to prevent exposure to any new risks in the information system and
also evaluating the success percentage of the risk management strategy applied. Monitoring of
risk is therefore one of the most important risk mitigation technique (McNeil, Frey & Embrechts,
2015).
Conclusion
Paraphrase This Document
Need a fresh take? Get an instant paraphrase of this document with our AI Paraphraser
13
IT RISK MANAGEMENT
Therefore, from the above discussion, it can be concluded that the information security
risks, Victorian government should be immediately acknowledged and eliminated from the
system. Proper risk management strategy must be implemented in order to eliminate the risk
associated with the system. Prior to that, the risks associated with the system must be identified
and segregated on basis of the effects it may have on the system. The information security
system of the Victorian government is exposed to certain vulnerabilities, which must be
eliminated in order protect the confidential information and data of the system. The report
discusses the deliberate and the accidental threats, Victorian government is exposed to and their
necessary solution. The risks associated with the information system can be managed by taking a
expert advice and suggestion about different risk management strategies. The report further
discusses different approaches of risk mitigation and control that Victorian government can
undertake in order to eliminate the risk. The report also illustrates the security threats and
security risks associated with the Victorian government with the help of a diagram.
IT RISK MANAGEMENT
Therefore, from the above discussion, it can be concluded that the information security
risks, Victorian government should be immediately acknowledged and eliminated from the
system. Proper risk management strategy must be implemented in order to eliminate the risk
associated with the system. Prior to that, the risks associated with the system must be identified
and segregated on basis of the effects it may have on the system. The information security
system of the Victorian government is exposed to certain vulnerabilities, which must be
eliminated in order protect the confidential information and data of the system. The report
discusses the deliberate and the accidental threats, Victorian government is exposed to and their
necessary solution. The risks associated with the information system can be managed by taking a
expert advice and suggestion about different risk management strategies. The report further
discusses different approaches of risk mitigation and control that Victorian government can
undertake in order to eliminate the risk. The report also illustrates the security threats and
security risks associated with the Victorian government with the help of a diagram.
14
IT RISK MANAGEMENT
References
Abdul-Rahman, H., Mohd-Rahim, F. A., & Chen, W. (2012). Reducing failures in software
development projects: effectiveness of risk mitigation strategies. Journal of Risk
Research, 15(4), 417-433.
Alcorn, A.M., Good, J. and Pain, H., (2013, July). Deliberate system-side errors as a potential
pedagogic strategy for exploratory virtual learning environments. In International
Conference on Artificial Intelligence in Education (pp. 483-492). Springer Berlin
Heidelberg
Ali, E., Denis, A. F., Kujur, F. E., & Chaudhary, M. (2014). Risk Management Strategies for
Accidental Risk Occurrence on Construction Sites–A Case Study of Allahabad. Journal
of Academia and Industrial Research (JAIR),3(2), 89.
Behl, A., & Behl, K. (2012, October). An analysis of cloud computing security issues. In
Information and Communication Technologies (WICT), 2012 World Congress on (pp.
109-114). IEEE.
Bommer, J. J., Crowley, H., & Pinho, R. (2015). A risk-mitigation approach to the management
of induced seismicity. Journal of Seismology, 19(2), 623-646.
Cardona, O. D., van Aalst, M. K., Birkmann, J., Fordham, M., McGregor, G., & Mechler, R.
(2012). Determinants of risk: exposure and vulnerability.
Covello, V. T., Lave, L. B., Moghissi, A. A., & Uppuluri, V. R. R. (Eds.). (2013). Uncertainty in
risk assessment, risk management, and decision making (Vol. 4). Springer Science &
Business Media.
IT RISK MANAGEMENT
References
Abdul-Rahman, H., Mohd-Rahim, F. A., & Chen, W. (2012). Reducing failures in software
development projects: effectiveness of risk mitigation strategies. Journal of Risk
Research, 15(4), 417-433.
Alcorn, A.M., Good, J. and Pain, H., (2013, July). Deliberate system-side errors as a potential
pedagogic strategy for exploratory virtual learning environments. In International
Conference on Artificial Intelligence in Education (pp. 483-492). Springer Berlin
Heidelberg
Ali, E., Denis, A. F., Kujur, F. E., & Chaudhary, M. (2014). Risk Management Strategies for
Accidental Risk Occurrence on Construction Sites–A Case Study of Allahabad. Journal
of Academia and Industrial Research (JAIR),3(2), 89.
Behl, A., & Behl, K. (2012, October). An analysis of cloud computing security issues. In
Information and Communication Technologies (WICT), 2012 World Congress on (pp.
109-114). IEEE.
Bommer, J. J., Crowley, H., & Pinho, R. (2015). A risk-mitigation approach to the management
of induced seismicity. Journal of Seismology, 19(2), 623-646.
Cardona, O. D., van Aalst, M. K., Birkmann, J., Fordham, M., McGregor, G., & Mechler, R.
(2012). Determinants of risk: exposure and vulnerability.
Covello, V. T., Lave, L. B., Moghissi, A. A., & Uppuluri, V. R. R. (Eds.). (2013). Uncertainty in
risk assessment, risk management, and decision making (Vol. 4). Springer Science &
Business Media.
15
IT RISK MANAGEMENT
Haimes, Y. Y. (2015). Risk modeling, assessment, and management. John Wiley & Sons.
Healey, A. N. (2016). The insider threat to nuclear safety and security. Security Journal, 29(1),
23-38.
Jouini, M., Rabai, L. B. A., & Aissa, A. B. (2014). Classification of security threats in
information systems. Procedia Computer Science, 32, 489-496.
Lam, J. (2014). Enterprise risk management: from incentives to controls. John Wiley & Sons.
Luiijf, E. (2012). Understanding cyber threats and vulnerabilities. In Critical Infrastructure
Protection (pp. 52-67). Springer Berlin Heidelberg.
Mans, R. S., van der Aalst, W. M., Vanwersch, R. J., & Moleman, A. J. (2013). Process mining
in healthcare: Data challenges when answering frequently posed questions. In Process
Support and Knowledge Representation in Health Care (pp. 140-153). Springer Berlin
Heidelberg.
McNeil, A. J., Frey, R., & Embrechts, P. (2015). Quantitative risk management: Concepts,
techniques and tools. Princeton university press.
Poolsappasit, N., Dewri, R., & Ray, I. (2012). Dynamic security risk management using bayesian
attack graphs. IEEE Transactions on Dependable and Secure Computing, 9(1), 61-74.
Rakow, T., Heard, C. L., & Newell, B. R. (2015). Meeting Three Challenges in Risk
Communication Phenomena, Numbers, and Emotions. Policy Insights from the
Behavioral and Brain Sciences, 2(1), 147-156.
IT RISK MANAGEMENT
Haimes, Y. Y. (2015). Risk modeling, assessment, and management. John Wiley & Sons.
Healey, A. N. (2016). The insider threat to nuclear safety and security. Security Journal, 29(1),
23-38.
Jouini, M., Rabai, L. B. A., & Aissa, A. B. (2014). Classification of security threats in
information systems. Procedia Computer Science, 32, 489-496.
Lam, J. (2014). Enterprise risk management: from incentives to controls. John Wiley & Sons.
Luiijf, E. (2012). Understanding cyber threats and vulnerabilities. In Critical Infrastructure
Protection (pp. 52-67). Springer Berlin Heidelberg.
Mans, R. S., van der Aalst, W. M., Vanwersch, R. J., & Moleman, A. J. (2013). Process mining
in healthcare: Data challenges when answering frequently posed questions. In Process
Support and Knowledge Representation in Health Care (pp. 140-153). Springer Berlin
Heidelberg.
McNeil, A. J., Frey, R., & Embrechts, P. (2015). Quantitative risk management: Concepts,
techniques and tools. Princeton university press.
Poolsappasit, N., Dewri, R., & Ray, I. (2012). Dynamic security risk management using bayesian
attack graphs. IEEE Transactions on Dependable and Secure Computing, 9(1), 61-74.
Rakow, T., Heard, C. L., & Newell, B. R. (2015). Meeting Three Challenges in Risk
Communication Phenomena, Numbers, and Emotions. Policy Insights from the
Behavioral and Brain Sciences, 2(1), 147-156.
Secure Best Marks with AI Grader
Need help grading? Try our AI Grader for instant feedback on your assignments.
16
IT RISK MANAGEMENT
Rasmussen, S. (2013). Risk and uncertainty. In Production Economics (pp. 163-180). Springer
Berlin Heidelberg.
Silbey, S. S. (2013). Organizational Challenges to Regulatory Enforcement and Compliance A
New Common Sense about Regulation. The Annals of the American Academy of Political
and Social Science, 649(1), 6-20.
Webster, L. R. (2016). Risk Mitigation Strategies. In Controlled Substance Management in
Chronic Pain (pp. 163-180). Springer International Publishing
IT RISK MANAGEMENT
Rasmussen, S. (2013). Risk and uncertainty. In Production Economics (pp. 163-180). Springer
Berlin Heidelberg.
Silbey, S. S. (2013). Organizational Challenges to Regulatory Enforcement and Compliance A
New Common Sense about Regulation. The Annals of the American Academy of Political
and Social Science, 649(1), 6-20.
Webster, L. R. (2016). Risk Mitigation Strategies. In Controlled Substance Management in
Chronic Pain (pp. 163-180). Springer International Publishing
1 out of 17
Related Documents
![[object Object]](/_next/image/?url=%2F_next%2Fstatic%2Fmedia%2Flogo.6d15ce61.png&w=640&q=75){kind=small}
Your All-in-One AI-Powered Toolkit for Academic Success.
 +13062052269
info@desklib.com
Available 24*7 on WhatsApp / Email
![[object Object]](/_next/static/media/star-bottom.7253800d.svg)
Unlock your academic potential
© 2024  |  Zucol Services PVT LTD  |  All rights reserved.