University Digital Security Risk Assessment Report - ITC596

Verified

Added on 2023/04/21

AI Summary

This report, prepared for a university's Chief Information Security Officer (CISO), presents a comprehensive digital security risk assessment. It begins with an executive summary and table of contents, followed by an introduction that highlights the increasing threats faced by universities due to emerging technologies and malicious actors. The report identifies potential risks, describing their nature and the potential impact on the university's data, research, and operations. It includes an inherent risk assessment, categorizing risks associated with IT system components, people, and procedures. Key controls for mitigating these risks are outlined, followed by a residual risk assessment. The report emphasizes the importance of prioritizing risks using a risk matrix and concludes with a call for proactive risk management to protect the university's IT infrastructure and data assets. The report also includes a risk register which lists digital assets, risk descriptions, impact summaries, inherent risk assessments, key controls, residual risk assessments, and prioritization based on a risk matrix.

Running head: RISK ASSESSMENT - DIGITAL SECURITY RISKS
Risk Assessment - Digital Security Risks
Name of the Student
Name of the University
Author Note

Paraphrase This Document

Need a fresh take? Get an instant paraphrase of this document with our AI Paraphraser

1RISK ASSESSMENT - DIGITAL SECURITY RISKS
Executive Summary
Identification of potential risks within any system is an obligation is the Chief Information
Security Officer or the CISO of an Australian University. There are many ways in which the
information and data generated within a university through the day to day activities is that a
potential risk of getting compromised due to various factors. These factors need to be identified,
so that further they can be prioritised according to the severity and taken appropriate measures to
mitigate them. if these identified risk are not mitigated they have the potential of destroying the
information system and information technology architecture of the IT system completely.

2RISK ASSESSMENT - DIGITAL SECURITY RISKS
Table of Contents
Introduction......................................................................................................................................3
Description of the Risk................................................................................................................3
Summary of the Impact or Consequences if the Risk was to arise..............................................3
Inherent Risk Assessment............................................................................................................3
Key controls to mitigate the risks................................................................................................3
Residual Risk Assessment...........................................................................................................3
Risk Prioritization with Risk Matrix............................................................................................3
Conclusion.......................................................................................................................................3
References........................................................................................................................................4

3RISK ASSESSMENT - DIGITAL SECURITY RISKS
Introduction
The current situation of emerging Technologies has made the universities adopt the use
of advanced technological systems within the institutions unwell for their day-to-day operations
and much more. However, as an added disadvantage, the malicious hackers do not go past the
network and systems of the universities as well tour of the mount of their valuable data and
information regarding various researches and others (McNeil, Frey & Embrechts, 2015). In a
similar way Australian universities are also at risk of being vulnerable to these threats of hacking
or the potential of being hacked. Following would be a detailed report on the potentiality of these
risks including their impact and the key controls to mitigate the risks as well as a residual risk
assessment with their prioritisation and risk matrix.
Description of the Risk
Australian universities are being bombarded by different hacking threads and various
other security risks every now and then. With increasing understanding of the network and
technological advancements, the risks are also becoming much more increased in number. If
these are not identified in a proper way, they have the potential of barging into the system
without any authority getting hold of all the intricate, confidential and valuable information
regarding research is conducted by the University as well as the personal data about the staff and
students (Glendon & Clarke, 2015). This potential list mostly can be located at the weaknesses of
the operations within the organisation or the university, the understanding of the system in which
information within the organisation or university is transmitted, processed or stored and the
identification of the available resources.

Paraphrase This Document

Need a fresh take? Get an instant paraphrase of this document with our AI Paraphraser

4RISK ASSESSMENT - DIGITAL SECURITY RISKS
Summary of the Impact or Consequences if the Risk was to arise
As a Chief Information Security Officer or the CISO at the Australian University, it is
essential important that with all due methods the risks within the system should be identified or
there could be implications on consequences of the risks when they would finally arise.
First and foremost there would be loss of valuable data and information regarding the
staff and students associated with the Australian University. Every person has their rights to their
personal data and information and in anyway nobody has the rights to access this information
without having an authority (Carvalho & Rabechini, 2015). This is regarded as a lawful crime
according to ACS codes of ethics.
Again, the Australian University handles various scholar researches and ongoing research
programs that has confidential and elaborate data based on the subjects of this research is stored
within the system of the university. All of these research data has the potential of having huge
impact within the intercontinental country of Australia based on the research topics. If the risks
do not have proper ways to mitigate them, it could cause a huge implication since that would
mean handing over the confidential research data to unauthorised users.
There are also noticed risks of internal management and usage of information and data
within the University itself. There are immense risks within the system due to mismanagement of
data (Hillson, 2017). All of the disks are regarding securing the data and information generating
within the university operations and management every day, because data forms an important
asset in any business industry or kind.

5RISK ASSESSMENT - DIGITAL SECURITY RISKS
Inherent Risk Assessment
As the Chief Information Security Officer at Australian University, it is quite natural that
the identification of several risks can be taken as inherent (Wolke, 2017). These are the risks that
occur naturally within the IT system components of a University system. These inherent risks
can be classified as follows:
IT System Components Inherent Risks
People Employees
Other staff members
People outside the organizations
Strangers interacting with the
university
Procedures IT business standard procedures
IT business sensitive procedures
Data Transmission
Processing
Storage
Software Applications
Operating Systems
Security Components
Hardware System and Peripheral Security
Devices
Networking LAN Components
Intranet Components
Internet Components
Cloud-based Components

6RISK ASSESSMENT - DIGITAL SECURITY RISKS
Key controls to mitigate the risks
The first and foremost mitigation of the risk starts with identifying them. if a risk factor is
not identified within the system it has a potential to create further problems within the system.
As for the Australian University, if risk is not identified, the confidential data of staff and
students as well as the research data was at risk of getting compromised (Grace et al., 2015).
Next, it is important to take appropriate measures to cover the risks. In this way, there is
can be mitigated to avoid creating for the problems within the system.
Residual Risk Assessment
After assessing the risk through the risk identification process, it is necessary to make
sure that deliberate steps are taken against the risk factors to eradicate them from the system
(Bromiley et al., 2015). Then for residual risk assessment it should be made sure that any
impending threat is identified will the system other than the risk that have been previously
identified. In this way for the creation of the potential of having a risk can be avoided.
Risk Prioritization with Risk Matrix
The risk identified within the IT system component of Australian University can be easily
prioritized through a risk matrix, and this would be done through the ANSI B11.0.TR3 Risk
Assessment Matrix (Hopkin, 2018). This model follows the correlation of the level of the risk
terms to the level of risk reduction required:
Potential Risks Probability
of
Occurrence
Severity Mitigating
Action
Contingent
Action
Status
 Employees
 Other staff
members
 People outside
the
Very Likely Medium Have the
identification
check for all
the member
interacting
Have every
person assign
to their
personal
details feed in
Open

Paraphrase This Document

Need a fresh take? Get an instant paraphrase of this document with our AI Paraphraser

7RISK ASSESSMENT - DIGITAL SECURITY RISKS
organizations
 Strangers
interacting with
the university
with the
organization
the
information
system
 IT business
standard
procedures
 IT business
sensitive
procedures
Very Likely High
Have a
standard
policy set up
for every
business
procedure
going on
within the
organization
Build up an
IT security
policy and
make it
known to all
the workforce
taking
feedback
from all of
them before
making them
agree to the
terms
Open
 Transmission
 Processing
 Storage
Likely Low
Have a
storage
procedure set
up for the
processing,
transmission
and storage of
information
Have a
training set
up for the
people within
the
organization
to establish a
better storage
procedure for
intricate data
Open
 Applications
 Operating
Systems
 Security
Components
Very Likely High
Have a
standardized
system set up
for all the
systems using
the same kind
of
applications,
operating
systems and
security
components
Install similar
Operating
System and
other
peripheral
devices set up
for the entire
organization
Open

8RISK ASSESSMENT - DIGITAL SECURITY RISKS
 System and
Peripheral
Security
Devices
Very Likely High
Have a
standardized
system check
for the
security
systems of the
computers and
connecting
devices used
Install similar
Operating
System and
other
peripheral
devices set up
for the entire
organization
Open
 LAN
Components
 Intranet
Components
 Internet
Components
 Cloud-based
Components
Very Likely High
All the
networking
components
should be
used as per
the
standardized
policy and
there should
be a security
check for all
the
networking
devices used
Check all the
networking
components
for the
organization
to make sure
about the
security
system so that
they are
impermeable
Open
Table 1: Risk Register
(Source: Created by Author)
Conclusion
Therefore, in conclusion can be stated that as the Chief Information Security Officer or
the CISO, it is important that all the impending risks identified and sorted through a prioritizing
the risks through a proper risk matrix so that the occurrence of the risk and potential harm can be
identified before it creates a problem within the system. Thus, through the above mentioned
planning and adoption of appropriate measures for eradicating the risks make sure that the
Australian University is free of all the probable risk that can into the system through the IT
related components.

9RISK ASSESSMENT - DIGITAL SECURITY RISKS
References
Bromiley, P., McShane, M., Nair, A., & Rustambekov, E. (2015). Enterprise risk management:
Review, critique, and research directions. Long range planning, 48(4), 265-276.
Carvalho, M. M. D., & Rabechini Junior, R. (2015). Impact of risk management on project
performance: the importance of soft skills. International Journal of Production
Research, 53(2), 321-340.
Glendon, A. I., & Clarke, S. (2015). Human safety and risk management: A psychological
perspective. Crc Press.
Grace, M. F., Leverty, J. T., Phillips, R. D., & Shimpi, P. (2015). The value of investing in
enterprise risk management. Journal of Risk and Insurance, 82(2), 289-316.
Hillson, D. (2017). Managing risk in projects. Routledge.
Hopkin, P. (2018). Fundamentals of risk management: understanding, evaluating and
implementing effective risk management. Kogan Page Publishers.
McNeil, A. J., Frey, R., & Embrechts, P. (2015). Quantitative Risk Management: Concepts,
Techniques and Tools-revised edition. Princeton university press.
Wolke, T. (2017). Risk Management. Walter de Gruyter GmbH & Co KG.