Risk Assessment: Digital Security Risks at Australian University

Verified

Added on 2023/04/21

AI Summary

This report provides a comprehensive analysis of digital security risks, specifically focusing on their impact on the Australian University. It begins with an executive summary and table of contents, followed by an introduction that outlines the scope of the assessment, including common digital security risks such as software/hardware failures, spam, human error, and malicious attacks. The report then describes the nature of digital risks, emphasizing their potential to disrupt business operations and compromise sensitive information. It explores the negative impacts of these risks on the university, including financial losses, reputational damage, and reduced student engagement. The assessment further delves into inherent risk management, highlighting the need for skilled personnel and updated software to mitigate vulnerabilities. Key controls for mitigating risks are discussed, including incident response, disaster recovery, and business continuity plans. The report also addresses residual risks, emphasizing the importance of continuous updates and employee training. Risk prioritization is presented through tables evaluating consequences and likelihood, enabling a structured approach to addressing the most critical threats. The conclusion reinforces the need for robust security measures and the preservation of corporate and financial information. The report references several sources to support its findings.

Running head: DIGITAL SECURITY RISK 1
DIGITAL SECURITY RISK
[Author]
[Institution

Paraphrase This Document

Need a fresh take? Get an instant paraphrase of this document with our AI Paraphraser

DIGITAL SECURITY RISK 2
Executive summary:
This part is the 1st part of the assignment. In this part, the risks of Information
Technology have been assessed. This assignment is based on the topic of the risk of digital
security. It is seen that as most of the business activities are based on digital technology thus due
to the risk of the risk of digital security the essential information can be destroyed. The software
needs to be updated. The technology savvy people need to be hired by the Australian University.
The advanced, as well as updated version of the software, needs to be used by the institution for
securing the data automatically. The corporate, as well as financial information, needs to be
preserved properly. Always the updated version needs to be used by the institution.

DIGITAL SECURITY RISK 3
Table of Contents
Introduction:....................................................................................................................................4
Description of the digital risk:.........................................................................................................4
Impacts of Digital Security Risk:....................................................................................................4
Inherent risk Management:..............................................................................................................5
Key controls for mitigating the risks:..............................................................................................5
Residual risk management:..............................................................................................................6
Risk Prioritization:...........................................................................................................................6
Conclusion:......................................................................................................................................8
Reference:........................................................................................................................................9

DIGITAL SECURITY RISK 4
Introduction:
This part is the 1st part of the assignment. In this part, the risks of Information
Technology have been assessed. In the risks of information technology, several types of risks are
included and these risks are such as software and hardware failure, spam, human error, malicious
and virus attacks and also some natural disasters. Due to the development of such risks the
authenticity and security of information are hampered and for this reason, the users do not have
proper information regarding any particular topic. This assignment is based on the topic of the
risk of digital security. It is seen that as most of the business activities are based on digital
technology thus due to the risk of the risk of digital security the essential information can be
destroyed. In this assignment, the impact of digital security risks on the Australian University has
been described. The risks prioritization has been also explained.
Description of the digital risk:
The risks of digital security are very dangerous. It is very tough to combat the risks of
digital risks as digital investments are targeted by digital security. It is seen that the potential
economic consequences in the business are raised by the risk of digital security as the digital
method becomes essential for any types of business (Gupta et al. 2016). Due to the risks of
digital security, all the important information can be destroyed permanently, for this reason, the
overall business process of the Australian University can become hampered. The operational
progress of the Australian University can become stopped. The risks of digital security can be
intentionally or accidentally. The most common risks of digital security are such as limited
security of configuration, the attack surface for RFC is increased, inconsistent enablement of
encryption and the code security becomes weak.
Impacts of Digital Security Risk:
It is seen that the risks of digital security provide a negative impact over the operational
progress as well as the success of the business of Australian university. Due to the attack of

Paraphrase This Document

Need a fresh take? Get an instant paraphrase of this document with our AI Paraphraser

DIGITAL SECURITY RISK 5
digital-security risks, the important business information of the organization is destroyed and a
great financial loss of the organization has been developed (Amoozadeh et al. 2015). The
business reputation of the institute is damaged. The engagement of the students in the Australian
University can be low. The profitability level of the business will be reduced (Redmiles, Malone
& Mazurek, 2016). The corporate information of the institute can be theft. The business contracts
of the university can be lost.
Inherent risk Management:
It is seen that in the Australian University the most basic risk of digital security is
configuration security is reduced, the attack surface for RFC is increased, inconsistent
enablement of encryption and the code security becomes weak. The Australian University must
hire some technology savvy people who can identify the actual risks of digital security can easily
manage the risks in a proper way (Glisson et al.2016). At first, the impact which is provided by
the attack needs to be reduced. After that, the outcomes of the incident should be reported to the
business authority. The affected systems need to be cleaned up by the experts. A proper strategy
needs to be implemented for managing the inherent risk of digital security. The software needs to
be updated.
Key controls for mitigating the risks:
It is very important to implement the strategy of mitigation risk control for reducing the
risks of digital security from the business process of the Australian University. In this strategy,
three various types of plans are included which are such as Plan for Incident response, Plan for
Disaster Recovery, and Plan for Business Continuity.
In the plan for Incident Response, some steps which are taken during the disaster need to
be sorted, the intelligence needs to be gathered and also the information analysts need to be
employed. In the Disaster Recovery Plan, it is planned that how some advanced technology is
used for securing the data automatically (Ali, Khan & Vasilakos, 2015). The third key control is

DIGITAL SECURITY RISK 6
the plan for Business Continuity and in this stage, it is planned for activating the secondary-data
centers and establishing the hot site in any remote location.
Residual risk management:
Residual risks are those risks which still remain after application of key controls for
mitigating the digital security risks. It is seen that every day the technology is developed in a new
way and for this reason, some new setbacks of the technology are raised which can be considered
as the residual risks of digital security. On the other malware attack can be also considered as the
residual risk by which the data encryption can be enabled. If any individual forgets the password
of any software then that can be considered as the residual risk of digital security.
The software needs to be updated. The technology savvy people need to be hired by the
Australian University. The advanced, as well as updated version of software, needs to be used by
the institution for securing the data automatically (Ge & Kim, 2015). Proper technology-related
training needs to be provided to the employees of the organization so that they can utilize the
advanced technology in an efficient way.
Risk Prioritization:
The risks of digital security are prioritized through the construction of some tables which
are mentioned below.
The consequences of risks are evaluated based on 5 different levels which are mentioned
below.
LEVEL DESCRIPTOR DESCRIPTION
1 Insignificant The low business reputation of the institute.
2 Minor Lower the student engagement
3 Moderate Financial loss
4 Major Data loss
5 Catastrophic Not applicable

DIGITAL SECURITY RISK 7
Table 1: Evaluation of consequences on 5 different tables
(Source: Computed by author)
LEVEL DESCRIPTOR DESCRIPTION
A Almost Certain The expectation of occurrence in most the cases.
B Likely Probable Occurrence
C Possible Little occurrence in most the cases
D Unlikely Not occurred all time
E Rare Occurrence in some exceptional cases.
Table 2: Assessment levels of likelihood
(Source: Computed by author)
RISK LEVEL CONSEQUENCE
S
LIKELIHOOD IMPACT MITIGATION
1. limited
security of
configuration
3.Moderate B. Likely 3B= High risk  Technology
savvy people
need to be
hired.
 Updated
version need to
be sued
2. The attack
surface for
RFC is
increased
4. Major A. Almost
Certain
4A= Extreme
Risk
 The updated
version of
Technology
needs to be
used.

Paraphrase This Document

Need a fresh take? Get an instant paraphrase of this document with our AI Paraphraser

DIGITAL SECURITY RISK 8
3.
Inconsistent
enablement
of encryption
2. Minor C. Possible 2C= Moderate
Risk
 Security
software needs
to be
implemented
4. The code
security
becomes
weak
1. Insignificant D. Unlikely 1D= Lower
Risk
 The code needs
to be
preserved.
Table 3: Prioritization Table
(Source: Computed by author)
Conclusion:
After analyzing the above information it can be concluded that the impact of limited
configuration security is higher than the weakened of code security. The corporate, as well as
financial information, needs to be preserved properly. Always the updated version needs to be
used by the institution.

DIGITAL SECURITY RISK 9
Reference:
Ali, M., Khan, S. U., & Vasilakos, A. V. (2015). Security in cloud computing: Opportunities and
challenges. Information sciences, 305, 357-383.
Amoozadeh, M., Raghuramu, A., Chuah, C. N., Ghosal, D., Zhang, H. M., Rowe, J., & Levitt, K.
(2015). Security vulnerabilities of connected vehicle streams and their impact on
cooperative driving. IEEE Communications Magazine, 53(6), 126-132.
Ge, M., & Kim, D. S. (2015, December). A framework for modeling and assessing the security
of the internet of things. In Parallel and Distributed Systems (ICPADS), 2015 IEEE 21st
International Conference on (pp. 776-781). IEEE.
Glisson, W. B., Storer, T., Blyth, A., Grispos, G., & Campbell, M. (2016). In The Wild Residual
Data Research and Privacy. arXiv preprint arXiv:1610.03229.
Gupta, B., Agrawal, D. P., & Yamaguchi, S. (Eds.). (2016). Handbook of research on modern
cryptographic solutions for computer and cybersecurity. IGI Global.
Redmiles, E. M., Malone, A. R., & Mazurek, M. L. (2016, May). I Think They're Trying to Tell
Me Something: Advice Sources and Selection for Digital Security. In Security and
Privacy (SP), 2016 IEEE Symposium on (pp. 272-288). IEEE.