Comprehensive Report: VIC Government Data Security Risks and Concerns
VerifiedAdded on 2020/02/24
|11
|3156
|439
Report
AI Summary
This report provides a detailed analysis of the security risks and concerns affecting the VIC Government's data and information. It begins with an introduction to the Victorian Protective Data Security Framework (VPDSF) and outlines various security risks, categorizing them by exposure level (high, medium, medium-low, and low). The report identifies insider threats and availability attacks as high-exposure risks, while information leakage and integrity attacks are categorized as medium exposure. It distinguishes between deliberate and accidental threats, providing examples of each. The report then explores potential challenges and issues in security/risk management execution, comparing risks and uncertainties. It concludes with a discussion of risk control and mitigation strategies, including administrative, technical, and physical security approaches, along with recommendations. The report underscores the importance of addressing security gaps and implementing robust measures to protect sensitive data, referencing the Department of Homeland Security's approach to threat management. It also highlights the differences between risks and uncertainties, emphasizing the need for proactive measures to protect the VIC Government's data assets.
VIC Government
Security Risks and Concerns
8/28/2017
Security Risks and Concerns
8/28/2017
Paraphrase This Document
Need a fresh take? Get an instant paraphrase of this document with our AI Paraphraser
VIC Government
Table of Contents
Introduction....................................................................................................................................................3
Security Risks and Concerns – Diagram.......................................................................................................3
Diagram – Description & Explanation of the Diagram.................................................................................4
Risks with High Exposure.........................................................................................................................4
Risks with Medium Exposure....................................................................................................................4
Risks with Medium-Low Exposure...........................................................................................................4
Risks with Low Exposure..........................................................................................................................5
Deliberate v/s Accidental Threats..................................................................................................................5
Security/Risk Management Execution – Possible Challenges and Issues.....................................................7
Comparison of Risks and Uncertainties.........................................................................................................8
Risk Control and Mitigation..........................................................................................................................9
Administrative Approach for Risk Mitigation...........................................................................................9
Technical Approach for Risk Mitigation...................................................................................................9
Physical Security Approach for Risk Mitigation.....................................................................................10
Recommendations & Conclusion................................................................................................................10
References....................................................................................................................................................10
2
Table of Contents
Introduction....................................................................................................................................................3
Security Risks and Concerns – Diagram.......................................................................................................3
Diagram – Description & Explanation of the Diagram.................................................................................4
Risks with High Exposure.........................................................................................................................4
Risks with Medium Exposure....................................................................................................................4
Risks with Medium-Low Exposure...........................................................................................................4
Risks with Low Exposure..........................................................................................................................5
Deliberate v/s Accidental Threats..................................................................................................................5
Security/Risk Management Execution – Possible Challenges and Issues.....................................................7
Comparison of Risks and Uncertainties.........................................................................................................8
Risk Control and Mitigation..........................................................................................................................9
Administrative Approach for Risk Mitigation...........................................................................................9
Technical Approach for Risk Mitigation...................................................................................................9
Physical Security Approach for Risk Mitigation.....................................................................................10
Recommendations & Conclusion................................................................................................................10
References....................................................................................................................................................10
2
VIC Government
Introduction
Every user, business unit and Government is associated with a lot of data and information in the
present scenario of digitalization. There are numerous web-based and cloud computing
applications that are being used by all of these entities for a variety of different purposes. As a
result, there are many security risks and concerns that have emerged which are required to be
managed, controlled and dealt with. Victorian Protective Data Security Framework abbreviated
as VPDSF is a Victorian Government security initiative that has been brought forward to keep
the public sector unit of Victoria safe from all the security occurrences. Public sector units carry
out a lot many operations and activities which are open to many security risks. VPDSF has three
major elements in terms of the security definition and protocols, assurance model in association
with security and many supporting guides and references to move ahead in the direction of
security. The report also covers many of the areas for protection against the security events and
threats.
Security Risks and Concerns – Diagram
3
VIC Government
Data & Information
Security Risks
High Exposure Risks
Insider Threats
Availability Attacks
Medium Exposure Risks
Information leakage &
breaches
Integrity Attacks
Low Exposure Risks
Operational errors
Technical faults
Medium-Low
Exposure Risks
Legal and regulatory risks
Introduction
Every user, business unit and Government is associated with a lot of data and information in the
present scenario of digitalization. There are numerous web-based and cloud computing
applications that are being used by all of these entities for a variety of different purposes. As a
result, there are many security risks and concerns that have emerged which are required to be
managed, controlled and dealt with. Victorian Protective Data Security Framework abbreviated
as VPDSF is a Victorian Government security initiative that has been brought forward to keep
the public sector unit of Victoria safe from all the security occurrences. Public sector units carry
out a lot many operations and activities which are open to many security risks. VPDSF has three
major elements in terms of the security definition and protocols, assurance model in association
with security and many supporting guides and references to move ahead in the direction of
security. The report also covers many of the areas for protection against the security events and
threats.
Security Risks and Concerns – Diagram
3
VIC Government
Data & Information
Security Risks
High Exposure Risks
Insider Threats
Availability Attacks
Medium Exposure Risks
Information leakage &
breaches
Integrity Attacks
Low Exposure Risks
Operational errors
Technical faults
Medium-Low
Exposure Risks
Legal and regulatory risks
⊘ This is a preview!⊘
Do you want full access?
Subscribe today to unlock all pages.
Trusted by 1+ million students worldwide
VIC Government
Risks with High Exposure
There are certain security risks and concerns that have a low likelihood or a low impact. In case
of the VIC Government, the data security risks that may take place will have the potential to
cause damage to the public and private information sects associated with the public sector unit of
Victoria. There are two such security attacks that have a high exposure in association with the
VIC Government. Insider threats may be carried out by the internal employees of the various
organizations belonging to the public sector unit in Victoria. These internal entities will be aware
of the data security policies and mechanisms being applied and may take advantage of the same
to cause damage to the properties of the information sets. In addition to the same, there may also
be attacks on the information availability with the execution of the flooding attacks (Cpdp,
2016).
Risks with Medium Exposure
The next category of the attacks is the risks with medium risk exposure. There may be cases of
information and data breaches that may take place along with the occurrences which may lead to
the leakage of the information in front of the unauthorized entities. The integrity of the
information is one of the properties that may get violated with the integrity attacks such as
message alteration, media alteration or changes in the properties of the data packets. The access
points in the network may be utilized for this purpose which may impact the information present
in the databases or the one under transmission as well.
Risks with Medium-Low Exposure
Some security risks may lead to the damage to the information properties of personal and
sensitive information sets. There are tighter legal policies that are associated with these
information sets and the security attack in turn may lead to the emergence of further risks in form
of legal risks and regulatory obligations. There are initiatives that VIC Government has taken to
provide additional protection to these sensitive data sets and therefore, the likelihood of the
occurrence is not very high.
4
Risks with High Exposure
There are certain security risks and concerns that have a low likelihood or a low impact. In case
of the VIC Government, the data security risks that may take place will have the potential to
cause damage to the public and private information sects associated with the public sector unit of
Victoria. There are two such security attacks that have a high exposure in association with the
VIC Government. Insider threats may be carried out by the internal employees of the various
organizations belonging to the public sector unit in Victoria. These internal entities will be aware
of the data security policies and mechanisms being applied and may take advantage of the same
to cause damage to the properties of the information sets. In addition to the same, there may also
be attacks on the information availability with the execution of the flooding attacks (Cpdp,
2016).
Risks with Medium Exposure
The next category of the attacks is the risks with medium risk exposure. There may be cases of
information and data breaches that may take place along with the occurrences which may lead to
the leakage of the information in front of the unauthorized entities. The integrity of the
information is one of the properties that may get violated with the integrity attacks such as
message alteration, media alteration or changes in the properties of the data packets. The access
points in the network may be utilized for this purpose which may impact the information present
in the databases or the one under transmission as well.
Risks with Medium-Low Exposure
Some security risks may lead to the damage to the information properties of personal and
sensitive information sets. There are tighter legal policies that are associated with these
information sets and the security attack in turn may lead to the emergence of further risks in form
of legal risks and regulatory obligations. There are initiatives that VIC Government has taken to
provide additional protection to these sensitive data sets and therefore, the likelihood of the
occurrence is not very high.
4
Paraphrase This Document
Need a fresh take? Get an instant paraphrase of this document with our AI Paraphraser
VIC Government
Risks with Low Exposure
Public sector units in VIC Government have many people deployed at various levels in the
technical, operational and managerial departments. Due to the presence of so many activities and
the need to execute so many different processes, there may be technical or operational errors that
may be executed. These may lead to some permanent damage which may not be roll-backed.
Such risks are therefore placed in this category (Dang-Pham, 2017).
Deliberate v/s Accidental Threats
Data and information security attacks that are given shape by the attackers involve a lot many
threat agents. There are also different motives and benefits that are involved with each of such
occurrence. The case is same with VIC Government that may become victim to many of the
information security attacks. These occurrences have been put in two categories on the basis of
the motive of the attacker that is involved. These risks may be deliberately caused or may be
caused by an accidental step.
Deliberate Threats Accidental Threats
In these forms of attacks on data and
information security, the primary motive of
the attack is to cause intentional damage to
the contents and properties of the data sets.
In these forms of attacks on data and
information security, the primary motive of the
attack is to not to cause intentional damage to
the contents and properties of the data sets.
These are cause by an accident.
The damage and the outcomes of these
attacks can be extremely severe in a
negative manner.
These attacks may have no or low impact or
may also have a permanent damage with a
severe impact
The time of execution of these attacks is
determined in advance and these are
planned to be triggered at specific duration.
The time of execution of these attacks is not
known or planned as they are caused by
accident.
Flooding attacks such as denial of service
and distributed denial of service and other
availability attacks (Kaynar, 2016)
Malware attacks such as the ones caused by
Information loss or leakage due to an operation
error or a deviation from the regular path.
Information breaching by an external entity
due to exposure of private information.
5
Risks with Low Exposure
Public sector units in VIC Government have many people deployed at various levels in the
technical, operational and managerial departments. Due to the presence of so many activities and
the need to execute so many different processes, there may be technical or operational errors that
may be executed. These may lead to some permanent damage which may not be roll-backed.
Such risks are therefore placed in this category (Dang-Pham, 2017).
Deliberate v/s Accidental Threats
Data and information security attacks that are given shape by the attackers involve a lot many
threat agents. There are also different motives and benefits that are involved with each of such
occurrence. The case is same with VIC Government that may become victim to many of the
information security attacks. These occurrences have been put in two categories on the basis of
the motive of the attacker that is involved. These risks may be deliberately caused or may be
caused by an accidental step.
Deliberate Threats Accidental Threats
In these forms of attacks on data and
information security, the primary motive of
the attack is to cause intentional damage to
the contents and properties of the data sets.
In these forms of attacks on data and
information security, the primary motive of the
attack is to not to cause intentional damage to
the contents and properties of the data sets.
These are cause by an accident.
The damage and the outcomes of these
attacks can be extremely severe in a
negative manner.
These attacks may have no or low impact or
may also have a permanent damage with a
severe impact
The time of execution of these attacks is
determined in advance and these are
planned to be triggered at specific duration.
The time of execution of these attacks is not
known or planned as they are caused by
accident.
Flooding attacks such as denial of service
and distributed denial of service and other
availability attacks (Kaynar, 2016)
Malware attacks such as the ones caused by
Information loss or leakage due to an operation
error or a deviation from the regular path.
Information breaching by an external entity
due to exposure of private information.
5
VIC Government
triggering and launch of a virus or worm.
Network based security attacks such as man
in the middle attacks, eavesdropping attack
etc.
Attacks that are caused by the internal
employees of the agencies and organizations
can fall in any of these two threat categories.
It is because of the reason that there may be
certain insiders that may cause deliberate
damage by giving shape to the information
and data security risks.
Insider attacks may also come in the category
of the accidental risks and attacks. There may
be certain insiders that may cause unintentional
damage by giving shape to the information and
data security risks due to an accident.
Irrespective of the type of the security risk or an attack, it is necessary to control and prevent the
same. The VIC Government has also carried out an analysis on the possible deliberate and
accidental threats and has therefore, developed measures to prevent and detect these risks.
There are also various other organizations and departments that have carried out successful steps
and strategies to control these attacks.
One such entity is the Department of Homeland security that has successfully controlled the
various deliberate and accidental threats and attacks. There is a step by step procedure that was
followed in this case. In the initial step, there was an analysis that was carried out to identify and
classify the attacks in each of the two categories. In the next step, there were mitigation
guidelines and strategies that were developed and identified to put a check on the security
occurrences that were identified. It was concluded that the deliberate attacks were intentional and
planned in advanced and therefore, they had the potential to cause damage that was severe in
most cases as compared to the accidental attacks.
There were many security gaps that were highlighted by the Department of Homeland Security
in its analysis phase. The department as a result, implemented many automated solutions to
resolve the gaps that were discovered. Training sessions were also conducted to improve the
knowledge of the insiders.
6
triggering and launch of a virus or worm.
Network based security attacks such as man
in the middle attacks, eavesdropping attack
etc.
Attacks that are caused by the internal
employees of the agencies and organizations
can fall in any of these two threat categories.
It is because of the reason that there may be
certain insiders that may cause deliberate
damage by giving shape to the information
and data security risks.
Insider attacks may also come in the category
of the accidental risks and attacks. There may
be certain insiders that may cause unintentional
damage by giving shape to the information and
data security risks due to an accident.
Irrespective of the type of the security risk or an attack, it is necessary to control and prevent the
same. The VIC Government has also carried out an analysis on the possible deliberate and
accidental threats and has therefore, developed measures to prevent and detect these risks.
There are also various other organizations and departments that have carried out successful steps
and strategies to control these attacks.
One such entity is the Department of Homeland security that has successfully controlled the
various deliberate and accidental threats and attacks. There is a step by step procedure that was
followed in this case. In the initial step, there was an analysis that was carried out to identify and
classify the attacks in each of the two categories. In the next step, there were mitigation
guidelines and strategies that were developed and identified to put a check on the security
occurrences that were identified. It was concluded that the deliberate attacks were intentional and
planned in advanced and therefore, they had the potential to cause damage that was severe in
most cases as compared to the accidental attacks.
There were many security gaps that were highlighted by the Department of Homeland Security
in its analysis phase. The department as a result, implemented many automated solutions to
resolve the gaps that were discovered. Training sessions were also conducted to improve the
knowledge of the insiders.
6
⊘ This is a preview!⊘
Do you want full access?
Subscribe today to unlock all pages.
Trusted by 1+ million students worldwide
VIC Government
It is recommended for the VIC Government to follow a similar policy such that the security gaps
are listed and identified and there are measures developed and implemented in accordance with
the same (Korzhik, 2003).
Security/Risk Management Execution – Possible Challenges and Issues
Management of the security risks can be done by adopting different methods and techniques.
Some of these methods may include the resources that may be internal in nature while there are
certain measures that be taken which may involve the use of external resources and entities. The
aim in both the cases will be to put a stop on the security risks and occurrences.
In case of the internal methodology, it will be decided to make use of the in-house development
processes to give rise to the required security controls and protocols. The security infrastructure
in the VIC Government will thereafter make use of all these controls developed. The resources in
terms of tools, equipment, processes and human resources that will be used in this methodology
will be entirely internal in nature. There are specific set of challenges that are associated with
these methods.
There may be insufficient skills and inadequate knowledge that may be witnessed which
may lead to the compromise of security.
The human resources that will be working on the development process will have
additional information on the security framework which may be misused by them.
There may be technical failures that may lead to breakdown.
There may be operational errors that may cause permanent damage.
The second methodology that has been recommended in association with the VIC Government is
the use and application of the external methods and resources. In this case, the best possible
method will be the use of outsourcing process. In this process, the third-parties will be contacted
to develop and implement the necessary security protocols.
The external method will cost more than the internal method and there may be a number
of additional costs involved (Bertino, 2015).
There may be deviations that may be observed in terms of the functional and non-
functional requirements.
7
It is recommended for the VIC Government to follow a similar policy such that the security gaps
are listed and identified and there are measures developed and implemented in accordance with
the same (Korzhik, 2003).
Security/Risk Management Execution – Possible Challenges and Issues
Management of the security risks can be done by adopting different methods and techniques.
Some of these methods may include the resources that may be internal in nature while there are
certain measures that be taken which may involve the use of external resources and entities. The
aim in both the cases will be to put a stop on the security risks and occurrences.
In case of the internal methodology, it will be decided to make use of the in-house development
processes to give rise to the required security controls and protocols. The security infrastructure
in the VIC Government will thereafter make use of all these controls developed. The resources in
terms of tools, equipment, processes and human resources that will be used in this methodology
will be entirely internal in nature. There are specific set of challenges that are associated with
these methods.
There may be insufficient skills and inadequate knowledge that may be witnessed which
may lead to the compromise of security.
The human resources that will be working on the development process will have
additional information on the security framework which may be misused by them.
There may be technical failures that may lead to breakdown.
There may be operational errors that may cause permanent damage.
The second methodology that has been recommended in association with the VIC Government is
the use and application of the external methods and resources. In this case, the best possible
method will be the use of outsourcing process. In this process, the third-parties will be contacted
to develop and implement the necessary security protocols.
The external method will cost more than the internal method and there may be a number
of additional costs involved (Bertino, 2015).
There may be deviations that may be observed in terms of the functional and non-
functional requirements.
7
Paraphrase This Document
Need a fresh take? Get an instant paraphrase of this document with our AI Paraphraser
VIC Government
The production data and information may be played with.
The changes that will be introduced with the adaptation of any of these two processes will be
common. These will give rise to a lot many migration challenges in terms of change planning
and management of these changes.
Comparison of Risks and Uncertainties
Risk and uncertainty are the two terms that are often used inter-changeably. However, there is a
vast difference between the two terms, their meaning and their results. Risk is a term that refers
to the event or an occurrence that is predictable and can therefore be controlled as well. The
impacts that a risk may have may be positive but are usually negative in nature. There are many
of the data and information security risks that may be executed by the attackers in association
with the VIC Government.
These risks may have a varying degree of impact as the impact may be low or exactly opposite of
it. There are two security attacks that have a high exposure in association with the VIC
Government. Insider threats may be carried out by the internal employees of the various
organizations belonging to the public sector unit in Victoria. In addition to the same, there may
also be attacks on the information availability with the execution of the flooding attacks. There
may be cases of information and data breaches that may take place along with the occurrences
which may lead to the leakage of the information in front of the unauthorized entities. The
integrity of the information is one of the properties that may get violated with the integrity
attacks such as message alteration, media alteration or changes in the properties of the data
packets. Some of the security events may lead to the emergence of legal and regulatory risks
with medium-low impact. Due to the presence of so many activities and the need to execute so
many different processes, there may be technical or operational errors that may be executed.
These may lead to some permanent damage which may not be roll-backed. Such risks are
therefore placed in this category of low-impact risks (Pernebekova, 2015).
Uncertainties are referred to the occurrences and events that are not predictable and because of
the same reason; it is difficult to put any control on these occurrences. One such event may be
the changes in the rules defined by the Government in terms of the regulatory processes of legal
policies that are set up. With changes in the terms and conditions of these policies, there will be
8
The production data and information may be played with.
The changes that will be introduced with the adaptation of any of these two processes will be
common. These will give rise to a lot many migration challenges in terms of change planning
and management of these changes.
Comparison of Risks and Uncertainties
Risk and uncertainty are the two terms that are often used inter-changeably. However, there is a
vast difference between the two terms, their meaning and their results. Risk is a term that refers
to the event or an occurrence that is predictable and can therefore be controlled as well. The
impacts that a risk may have may be positive but are usually negative in nature. There are many
of the data and information security risks that may be executed by the attackers in association
with the VIC Government.
These risks may have a varying degree of impact as the impact may be low or exactly opposite of
it. There are two security attacks that have a high exposure in association with the VIC
Government. Insider threats may be carried out by the internal employees of the various
organizations belonging to the public sector unit in Victoria. In addition to the same, there may
also be attacks on the information availability with the execution of the flooding attacks. There
may be cases of information and data breaches that may take place along with the occurrences
which may lead to the leakage of the information in front of the unauthorized entities. The
integrity of the information is one of the properties that may get violated with the integrity
attacks such as message alteration, media alteration or changes in the properties of the data
packets. Some of the security events may lead to the emergence of legal and regulatory risks
with medium-low impact. Due to the presence of so many activities and the need to execute so
many different processes, there may be technical or operational errors that may be executed.
These may lead to some permanent damage which may not be roll-backed. Such risks are
therefore placed in this category of low-impact risks (Pernebekova, 2015).
Uncertainties are referred to the occurrences and events that are not predictable and because of
the same reason; it is difficult to put any control on these occurrences. One such event may be
the changes in the rules defined by the Government in terms of the regulatory processes of legal
policies that are set up. With changes in the terms and conditions of these policies, there will be
8
VIC Government
direct impact on the agencies and organizations connected with the same. VIC Government is
made up of hundreds of agencies and organizations that adapt these policies in their framework
and have developed their security profile accordingly. With such uncertain events, there will be
modifications that will become mandatory to be executed which may lead to the violation of
security.
Risk Control and Mitigation
Administrative Approach for Risk Mitigation
The first approach that has been suggested for VIC Government is the administrative approach
that involves the use of advanced measures in the security administration. The overall security
status and scenario is based upon the policies and plans that have been implemented in
association with the data and information security. It is therefore necessary to have advanced
administrative policies and measures in place.
This approach suggests the use and implementation of the automated tools for security
administration such as security audits, security reviews and inspections. These tools will provide
the administrators with an automated process to carry out these activities. The VIC Government
shall also make sure that the security administrators have a correct mix of skills and knowledge.
Technical Approach for Risk Mitigation
The second approach that has been recommended to the VIC Government is the use of technical
approach and methods (Joshi, 2017).
There are a lot many technical tools that are automated in nature and are built using the latest
technology. These tools shall be installed and implemented in the agencies and organizations that
are governed by the VIC Government to detect, prevent and control the attacks on the
information confidentiality, integrity and availability. These tools will also minimize the
occurrence of the network based attacks as the network activities will be captured at a non-stop
basis.
9
direct impact on the agencies and organizations connected with the same. VIC Government is
made up of hundreds of agencies and organizations that adapt these policies in their framework
and have developed their security profile accordingly. With such uncertain events, there will be
modifications that will become mandatory to be executed which may lead to the violation of
security.
Risk Control and Mitigation
Administrative Approach for Risk Mitigation
The first approach that has been suggested for VIC Government is the administrative approach
that involves the use of advanced measures in the security administration. The overall security
status and scenario is based upon the policies and plans that have been implemented in
association with the data and information security. It is therefore necessary to have advanced
administrative policies and measures in place.
This approach suggests the use and implementation of the automated tools for security
administration such as security audits, security reviews and inspections. These tools will provide
the administrators with an automated process to carry out these activities. The VIC Government
shall also make sure that the security administrators have a correct mix of skills and knowledge.
Technical Approach for Risk Mitigation
The second approach that has been recommended to the VIC Government is the use of technical
approach and methods (Joshi, 2017).
There are a lot many technical tools that are automated in nature and are built using the latest
technology. These tools shall be installed and implemented in the agencies and organizations that
are governed by the VIC Government to detect, prevent and control the attacks on the
information confidentiality, integrity and availability. These tools will also minimize the
occurrence of the network based attacks as the network activities will be captured at a non-stop
basis.
9
⊘ This is a preview!⊘
Do you want full access?
Subscribe today to unlock all pages.
Trusted by 1+ million students worldwide
VIC Government
Physical Security Approach for Risk Mitigation
Data and information that is associated with the VIC Government is placed at the data centres,
workstations of the employees, cloud databases, server rooms and various other physical and
virtual environments (Shamala, 2013).
The third approach that has been recommended for the security and risk mitigation is the
physical security approach. It will make use of the physical entities at all the access and entry
points to manage the access and identity.
Out of the three approaches that have been suggested, the one that is recommended is the
technical approach. This approach has been recommended as it will provide the VIC
Government with the latest technology and tools to deal with the security risks and attacks. Also,
there shall be an update on the administrative and physical security that shall also be done to
strengthen the security framework (Renaud, 2017).
Recommendations & Conclusion
The data security risks that may take place in the VIC Government may impact three primary
properties of information as confidentiality, availability and integrity. It is required to develop
mechanisms to control all of these risks and the use of technical approach towards security will
serve the purpose. It will include the latest set of security tools and equipment that will not only
identify the security risks but will also lead to the control and prevention of the risks (Elci,
2015).
References
Bertino, E. (2015). Security and privacy of electronic health information systems. International
Journal Of Information Security, 14(6), 485-486. http://dx.doi.org/10.1007/s10207-015-
0303-z
Cpdp. (2016). Victorian Protective Data Security Framework. Retrieved 28 August 2017, from
https://www.cpdp.vic.gov.au/images/content/pdf/data_security/20160628%20VPDSF
%20Framework%20June%202016%20v1.0.pdf
Dang-Pham, D. (2017). Exploring behavioral information security networks in an organizational
10
Physical Security Approach for Risk Mitigation
Data and information that is associated with the VIC Government is placed at the data centres,
workstations of the employees, cloud databases, server rooms and various other physical and
virtual environments (Shamala, 2013).
The third approach that has been recommended for the security and risk mitigation is the
physical security approach. It will make use of the physical entities at all the access and entry
points to manage the access and identity.
Out of the three approaches that have been suggested, the one that is recommended is the
technical approach. This approach has been recommended as it will provide the VIC
Government with the latest technology and tools to deal with the security risks and attacks. Also,
there shall be an update on the administrative and physical security that shall also be done to
strengthen the security framework (Renaud, 2017).
Recommendations & Conclusion
The data security risks that may take place in the VIC Government may impact three primary
properties of information as confidentiality, availability and integrity. It is required to develop
mechanisms to control all of these risks and the use of technical approach towards security will
serve the purpose. It will include the latest set of security tools and equipment that will not only
identify the security risks but will also lead to the control and prevention of the risks (Elci,
2015).
References
Bertino, E. (2015). Security and privacy of electronic health information systems. International
Journal Of Information Security, 14(6), 485-486. http://dx.doi.org/10.1007/s10207-015-
0303-z
Cpdp. (2016). Victorian Protective Data Security Framework. Retrieved 28 August 2017, from
https://www.cpdp.vic.gov.au/images/content/pdf/data_security/20160628%20VPDSF
%20Framework%20June%202016%20v1.0.pdf
Dang-Pham, D. (2017). Exploring behavioral information security networks in an organizational
10
Paraphrase This Document
Need a fresh take? Get an instant paraphrase of this document with our AI Paraphraser
VIC Government
context: An empirical case study. Journal Of Information Security And Applications, 34,
46-62. http://dx.doi.org/10.1016/j.jisa.2016.06.002
Elci, A. (2015). Editorial: Special issue on security of information and networks. Journal Of
Information Security And Applications, 22, 1-2. http://dx.doi.org/10.1016/j.jisa.2015.06.002
Joshi, C. (2017). Information security risks management framework – A step towards
mitigating security risks in university network. Journal Of Information Security And
Applications, 35, 128-137. http://dx.doi.org/10.1016/j.jisa.2017.06.006
Kaynar, K. (2016). A taxonomy for attack graph generation and usage in network security.
Journal Of Information Security And Applications, 29, 27-56.
http://dx.doi.org/10.1016/j.jisa.2016.02.001
Korzhik, V. (2003). Hybrid authentication based on noisy channels. International Journal Of
Information Security, 1(4), 203-210. http://dx.doi.org/10.1007/s10207-002-0017-x
Pernebekova, A. (2015). Information Security and the Theory of Unfaithful Information. Journal
Of Information Security, 06(04), 265-272. http://dx.doi.org/10.4236/jis.2015.64026
Renaud, K. (2017). Contemplating human-centred security & privacy research: Suggesting
future directions. Journal Of Information Security And Applications, 34, 76-81.
http://dx.doi.org/10.1016/j.jisa.2017.05.006
Shamala, P. (2013). A conceptual framework of info structure for information security risk
assessment (ISRA). Journal Of Information Security And Applications, 18(1), 45-52.
http://dx.doi.org/10.1016/j.jisa.2013.07.002
11
context: An empirical case study. Journal Of Information Security And Applications, 34,
46-62. http://dx.doi.org/10.1016/j.jisa.2016.06.002
Elci, A. (2015). Editorial: Special issue on security of information and networks. Journal Of
Information Security And Applications, 22, 1-2. http://dx.doi.org/10.1016/j.jisa.2015.06.002
Joshi, C. (2017). Information security risks management framework – A step towards
mitigating security risks in university network. Journal Of Information Security And
Applications, 35, 128-137. http://dx.doi.org/10.1016/j.jisa.2017.06.006
Kaynar, K. (2016). A taxonomy for attack graph generation and usage in network security.
Journal Of Information Security And Applications, 29, 27-56.
http://dx.doi.org/10.1016/j.jisa.2016.02.001
Korzhik, V. (2003). Hybrid authentication based on noisy channels. International Journal Of
Information Security, 1(4), 203-210. http://dx.doi.org/10.1007/s10207-002-0017-x
Pernebekova, A. (2015). Information Security and the Theory of Unfaithful Information. Journal
Of Information Security, 06(04), 265-272. http://dx.doi.org/10.4236/jis.2015.64026
Renaud, K. (2017). Contemplating human-centred security & privacy research: Suggesting
future directions. Journal Of Information Security And Applications, 34, 76-81.
http://dx.doi.org/10.1016/j.jisa.2017.05.006
Shamala, P. (2013). A conceptual framework of info structure for information security risk
assessment (ISRA). Journal Of Information Security And Applications, 18(1), 45-52.
http://dx.doi.org/10.1016/j.jisa.2013.07.002
11
1 out of 11
Related Documents
Your All-in-One AI-Powered Toolkit for Academic Success.
+13062052269
info@desklib.com
Available 24*7 on WhatsApp / Email
![[object Object]](/_next/static/media/star-bottom.7253800d.svg)
Unlock your academic potential
Copyright © 2020–2025 A2Z Services. All Rights Reserved. Developed and managed by ZUCOL.