CSI5133 - Information Security: Risk Management of Facial Recognition
VerifiedAdded on 2023/06/07
|22
|5582
|350
Report
AI Summary
This report provides a comprehensive analysis of facial recognition systems, focusing on the legal and ethical considerations surrounding their implementation, particularly in the context of the City of Perth's proposal. It explores the ethical principles and legal responsibilities relevant to information security professionals, including privacy, data protection, and compliance with regulations. The report also delves into risk management, covering risk identification, assessment, and mitigation strategies for facial recognition systems. Furthermore, it discusses various technologies for addressing security issues and highlights the advantages and disadvantages of facial recognition technology. The analysis includes considerations for system design, data storage, and potential impacts on individuals' rights to privacy and security. It also includes the role of risk management, risk identification, risk analysis and contingency planning in information security. The report concludes by summarizing the key findings and providing recommendations for responsible and ethical implementation of facial recognition systems.
Running Head: INFORMATION SECURITY 0
Information Security
Individual Assignment
Student Name
10/6/2018
Information Security
Individual Assignment
Student Name
10/6/2018
Secure Best Marks with AI Grader
Need help grading? Try our AI Grader for instant feedback on your assignments.
Information security 1
Contents
Executive Summary.....................................................................................................................................1
Introduction.................................................................................................................................................3
Legal issues for security system...................................................................................................................3
Principles underlying the code of ethics..................................................................................................5
Responsibilities to clients........................................................................................................................6
For the community worker:.................................................................................................................6
Responsibility to Organizations...........................................................................................................6
Responsibility to colleagues....................................................................................................................6
The community worker is expected to:...............................................................................................6
The community worker will:................................................................................................................6
Risk management:.......................................................................................................................................7
Risk identification................................................................................................................................8
Identifying application software, hardware devices, and networking devices....................................9
Identification people, procedures, and information assets:..............................................................10
Risk Assessment:...............................................................................................................................11
Likelihood:.........................................................................................................................................12
Assessing potential loss:....................................................................................................................12
Percentage of risk mitigated by current controls:.............................................................................12
Uncertainty:.......................................................................................................................................12
Risk determination:...........................................................................................................................12
Identify possible controls:..................................................................................................................13
Technologies for solving security issues....................................................................................................13
Facial recognition system:.........................................................................................................................16
Conclusion.................................................................................................................................................16
References.................................................................................................................................................18
Contents
Executive Summary.....................................................................................................................................1
Introduction.................................................................................................................................................3
Legal issues for security system...................................................................................................................3
Principles underlying the code of ethics..................................................................................................5
Responsibilities to clients........................................................................................................................6
For the community worker:.................................................................................................................6
Responsibility to Organizations...........................................................................................................6
Responsibility to colleagues....................................................................................................................6
The community worker is expected to:...............................................................................................6
The community worker will:................................................................................................................6
Risk management:.......................................................................................................................................7
Risk identification................................................................................................................................8
Identifying application software, hardware devices, and networking devices....................................9
Identification people, procedures, and information assets:..............................................................10
Risk Assessment:...............................................................................................................................11
Likelihood:.........................................................................................................................................12
Assessing potential loss:....................................................................................................................12
Percentage of risk mitigated by current controls:.............................................................................12
Uncertainty:.......................................................................................................................................12
Risk determination:...........................................................................................................................12
Identify possible controls:..................................................................................................................13
Technologies for solving security issues....................................................................................................13
Facial recognition system:.........................................................................................................................16
Conclusion.................................................................................................................................................16
References.................................................................................................................................................18
Information security 2
Executive Summary
In this report, facial recognition system will discussed, and various types of security
systems will be discussed in respect of information system for security. This report has
explaining ethical and legal issues, which are associated with facial recognition system, and it
also analyses their implications. There are so many risk in that time of systems, it was also
included in this report for identification of risk and analysis on that risk and manage that risk. In
this report, different types of investigation data are included for better understanding of
information system. According to this report, there are so many reviews for security systems
with their classification. There are also some implementation data of a facial recognition system.
This report shows many key points about a security system. Different types of system
requirements included in this report. It was based on the security system, which was related to
finding issues for security in different aspects, such as legal and ethical.
In the end of the report, it discussed about advantages of facial recognition system and
other systems for security systems.
.
Executive Summary
In this report, facial recognition system will discussed, and various types of security
systems will be discussed in respect of information system for security. This report has
explaining ethical and legal issues, which are associated with facial recognition system, and it
also analyses their implications. There are so many risk in that time of systems, it was also
included in this report for identification of risk and analysis on that risk and manage that risk. In
this report, different types of investigation data are included for better understanding of
information system. According to this report, there are so many reviews for security systems
with their classification. There are also some implementation data of a facial recognition system.
This report shows many key points about a security system. Different types of system
requirements included in this report. It was based on the security system, which was related to
finding issues for security in different aspects, such as legal and ethical.
In the end of the report, it discussed about advantages of facial recognition system and
other systems for security systems.
.
Information security 3
Introduction
Security system is based on the analysis for problem and providing solution of that
problem. There are different legal and ethical issues for security reasons, which are discussed in
the next part of this report. In this report, City of Perth’s facial recognition system proposal and
implementation research was discussed. There are lot of things for consider to development of
facial recognition system in a city. So many issues occurred in that types of system related to
confidentiality, legality, and privacy of people (Reynolds, 2011). Therefore, there are so many
variations in the results of facial recognition system. It have some limitation in which it fails, still
it have many advantages for the security purpose. This report is explaining about issues of facial
recognition system implementation in the City of Perth (aap, 2017). Basic outcomes of this
report are identifying the legal and ethical issues related to facial recognition information
security system and about their implementation issues ( Parker, 2018). A main issue is risk
analysis for the facial recognition system. It was start from identification of risks for that system
and solution of that risk. There are different types of planning for implementation of a security
system ( Burt, 2018).
Legal issues for security system
For the information security expert, it is must to understand about the responsibilities of
organization for ethics and legal laws. Security system is responsible for the privacy and security
risks at the organization (WARREN, 2011). It I must to know about current laws and ethical
issues for implementation of the security system, so in future no more changes will require for
those issues in the security system ( Epps, 2018). To reduce liability always considers all legal
action for information security system. It should be informed to all employees and operator for
proper use of their right, according to legal and ethical obligation (Quinn, 2010). Therefore,
organization focuses on the main objectives and properly uses of information technology in the
information system (Gupta & Hammond, 2005). In the first part of this report, it is describe
about the legislation and regulations for information management system of an organization.
In the next part, it is describe about the ethical issues in implementing security system in
the organization. Policies are required because of acceptable and unacceptable behaviors of
Introduction
Security system is based on the analysis for problem and providing solution of that
problem. There are different legal and ethical issues for security reasons, which are discussed in
the next part of this report. In this report, City of Perth’s facial recognition system proposal and
implementation research was discussed. There are lot of things for consider to development of
facial recognition system in a city. So many issues occurred in that types of system related to
confidentiality, legality, and privacy of people (Reynolds, 2011). Therefore, there are so many
variations in the results of facial recognition system. It have some limitation in which it fails, still
it have many advantages for the security purpose. This report is explaining about issues of facial
recognition system implementation in the City of Perth (aap, 2017). Basic outcomes of this
report are identifying the legal and ethical issues related to facial recognition information
security system and about their implementation issues ( Parker, 2018). A main issue is risk
analysis for the facial recognition system. It was start from identification of risks for that system
and solution of that risk. There are different types of planning for implementation of a security
system ( Burt, 2018).
Legal issues for security system
For the information security expert, it is must to understand about the responsibilities of
organization for ethics and legal laws. Security system is responsible for the privacy and security
risks at the organization (WARREN, 2011). It I must to know about current laws and ethical
issues for implementation of the security system, so in future no more changes will require for
those issues in the security system ( Epps, 2018). To reduce liability always considers all legal
action for information security system. It should be informed to all employees and operator for
proper use of their right, according to legal and ethical obligation (Quinn, 2010). Therefore,
organization focuses on the main objectives and properly uses of information technology in the
information system (Gupta & Hammond, 2005). In the first part of this report, it is describe
about the legislation and regulations for information management system of an organization.
In the next part, it is describe about the ethical issues in implementing security system in
the organization. Policies are required because of acceptable and unacceptable behaviors of
Secure Best Marks with AI Grader
Need help grading? Try our AI Grader for instant feedback on your assignments.
Information security 4
workers in the company, and manage all those issues raised by the behavior of an employee in
the company (Heiser & Nicolett, 2008). Therefore, policies and laws are used for solving those
issues with penalties, and require compliance of real issue. Basic five criteria for making policies
for an organization working process are as:
Distribution- it means all polices is must aware by the employee in hard copy or
electronic distribution.
Review- All policies and rules are converting in audio mode also so everyone
learn about all of the policies.
Understanding- the company must be able to explain that the worker understood
the content of policy and the requirements. They also used different types of ways
for understanding the policy, such as quizzes, and assessments.
Agreement- it should be assured from the employee side that he or she has read,
understood, and agreed to the treated according to the policy.
Uniform enforcement- it was must that; policy is not for a single person. It is
common for the all employees of organization.
All of these are helpful for creating policies for solving raised issues in the company by
the employees. All these are also provide authorization to organization for penalize the employee
who violate the terms and condition of the organization, which are mentioned in the policy of
organization (Tavani, 2003). Laws are dividing in two parts, which are civil and criminal laws
for different activities, but laws also divide two parts, such as private, and public laws. Private
laws handle family, commercial, labor, and regulate the bonding between personal and
companies. Public laws regulate the citizens, workers, and different government relationship
with the structure and administration of government agencies (Jin, Drozdenko, & Bassett, 2007).
Privacy has become one of the huge points in information security system. Many
organizations are having data about the employees and customers in their databases (Smith,
Dinev, & Xu, 2011). Many companies are selling personal information of their employees and
customers for different uses by third party companies. As an example we can take, Cambridge
Analytica and Facebook scandal for US election 2016 (Whitman & Mattord, 2011).
workers in the company, and manage all those issues raised by the behavior of an employee in
the company (Heiser & Nicolett, 2008). Therefore, policies and laws are used for solving those
issues with penalties, and require compliance of real issue. Basic five criteria for making policies
for an organization working process are as:
Distribution- it means all polices is must aware by the employee in hard copy or
electronic distribution.
Review- All policies and rules are converting in audio mode also so everyone
learn about all of the policies.
Understanding- the company must be able to explain that the worker understood
the content of policy and the requirements. They also used different types of ways
for understanding the policy, such as quizzes, and assessments.
Agreement- it should be assured from the employee side that he or she has read,
understood, and agreed to the treated according to the policy.
Uniform enforcement- it was must that; policy is not for a single person. It is
common for the all employees of organization.
All of these are helpful for creating policies for solving raised issues in the company by
the employees. All these are also provide authorization to organization for penalize the employee
who violate the terms and condition of the organization, which are mentioned in the policy of
organization (Tavani, 2003). Laws are dividing in two parts, which are civil and criminal laws
for different activities, but laws also divide two parts, such as private, and public laws. Private
laws handle family, commercial, labor, and regulate the bonding between personal and
companies. Public laws regulate the citizens, workers, and different government relationship
with the structure and administration of government agencies (Jin, Drozdenko, & Bassett, 2007).
Privacy has become one of the huge points in information security system. Many
organizations are having data about the employees and customers in their databases (Smith,
Dinev, & Xu, 2011). Many companies are selling personal information of their employees and
customers for different uses by third party companies. As an example we can take, Cambridge
Analytica and Facebook scandal for US election 2016 (Whitman & Mattord, 2011).
Information security 5
Different professional groups have provided rules for governing ethical behavior of
employees in the organization. There are some ethics for uses of computer system are:
Do not use a computer system to harm other person
Do not interfere in other person personal computer system work.
Do not access files from other person computer system.
Do not steal files form other person computer system
Do not use pirated software without paid for that software
Do not access and use other person’s computer system without proper permission.
Do not steal other person’s intellectual properties.
Always think about your program that is beneficial for social purpose.
Always use a computer system for respect for your fellow humans.
Most of the professional always follow ethics of their organization. All profession
expects from their employees to meet a standard of ethical behavior and this thing is based on the
code of ethics. In term of community work, ethics matter a lot because it is involved the group of
people (Kizza, 2007). The Australian Community Workers Association code of ethics sets a
space for community work for all practitioners. The community worker should respect the worth
of all individuals regardless of their religion, age, gender diversity, race, sexual, and other
individual differences (Kshetri, 2013).
Principles underlying the code of ethics
Every professional person, regardless of sexual, religious, race, age, and gender diversity,
or other individual differences.
Codes of ethics are helpful for maintaining equity, equality, social justice, and freedom.
Every society should balance equity in their society members. Therefore, no one can take
advantages of their position (Doctor, 1991).
Every person is legally protected from different types of discrimination based on
disability, gender, religious, age, sex, and their universal human rights are inviolable.
Responsibilities to clients
For the community worker:
They shall determine relationship between Client and them.
Different professional groups have provided rules for governing ethical behavior of
employees in the organization. There are some ethics for uses of computer system are:
Do not use a computer system to harm other person
Do not interfere in other person personal computer system work.
Do not access files from other person computer system.
Do not steal files form other person computer system
Do not use pirated software without paid for that software
Do not access and use other person’s computer system without proper permission.
Do not steal other person’s intellectual properties.
Always think about your program that is beneficial for social purpose.
Always use a computer system for respect for your fellow humans.
Most of the professional always follow ethics of their organization. All profession
expects from their employees to meet a standard of ethical behavior and this thing is based on the
code of ethics. In term of community work, ethics matter a lot because it is involved the group of
people (Kizza, 2007). The Australian Community Workers Association code of ethics sets a
space for community work for all practitioners. The community worker should respect the worth
of all individuals regardless of their religion, age, gender diversity, race, sexual, and other
individual differences (Kshetri, 2013).
Principles underlying the code of ethics
Every professional person, regardless of sexual, religious, race, age, and gender diversity,
or other individual differences.
Codes of ethics are helpful for maintaining equity, equality, social justice, and freedom.
Every society should balance equity in their society members. Therefore, no one can take
advantages of their position (Doctor, 1991).
Every person is legally protected from different types of discrimination based on
disability, gender, religious, age, sex, and their universal human rights are inviolable.
Responsibilities to clients
For the community worker:
They shall determine relationship between Client and them.
Information security 6
When they faced any failure then it should be informed to the client
Worker has an obligation to treat clients with dignity.
Worker always inform if he or she can access information about himself or herself.
Responsibility to Organizations
The community workers expected as an employee are:
Follow all rules and responsibilities to fulfill their terms and conditions.
Always achieved the targets provided by clients.
Always maintain a professional relationship with clients using social media also.
Act as a responsible persona in the spending of public monies.
Responsibility to colleagues
The community worker is expected to:
Always share their knowledge with their colleagues for enhancing their skills.
Always respect the knowledge, experience, and different skills of colleagues.
Always discuss about unethical behavior of colleague with the higher post person.
Should acknowledge the legal rights for protecting our health and safety at the workplace
The community worker will:
Should keep and upgrade education and training for the betterment of the organization
Should engage meeting with the colleagues through an appropriate channel.
Employee should always respect the other people protection rights (UWA, 2018).
Disclose about any improper relationship in the organization between a worker and
client.
Risk management:
Risk management is a factor in every project in whole lifetime of that project. Therefore,
every professional of project management, have to analysis deeply to all modules of that project.
There are different phase of risk analysis in case of information security, such as risk profile
selection, identification of risk on the bases of critical assets, control selection, and
When they faced any failure then it should be informed to the client
Worker has an obligation to treat clients with dignity.
Worker always inform if he or she can access information about himself or herself.
Responsibility to Organizations
The community workers expected as an employee are:
Follow all rules and responsibilities to fulfill their terms and conditions.
Always achieved the targets provided by clients.
Always maintain a professional relationship with clients using social media also.
Act as a responsible persona in the spending of public monies.
Responsibility to colleagues
The community worker is expected to:
Always share their knowledge with their colleagues for enhancing their skills.
Always respect the knowledge, experience, and different skills of colleagues.
Always discuss about unethical behavior of colleague with the higher post person.
Should acknowledge the legal rights for protecting our health and safety at the workplace
The community worker will:
Should keep and upgrade education and training for the betterment of the organization
Should engage meeting with the colleagues through an appropriate channel.
Employee should always respect the other people protection rights (UWA, 2018).
Disclose about any improper relationship in the organization between a worker and
client.
Risk management:
Risk management is a factor in every project in whole lifetime of that project. Therefore,
every professional of project management, have to analysis deeply to all modules of that project.
There are different phase of risk analysis in case of information security, such as risk profile
selection, identification of risk on the bases of critical assets, control selection, and
Paraphrase This Document
Need a fresh take? Get an instant paraphrase of this document with our AI Paraphraser
Information security 7
implementation and proper management of the system. In risk analysis, different types of risk
occur before implication and during running project (Gray, 2003).
Many organizations are use Risk Evolution matrix to find out different areas of risk, such
as legal, marketing, stability, productivity, and regulatory. In a system, some assets are so
important for proper functioning of the complete system, in case of information security system,
systems, network, people, and applications are important assets (Roberts, 2007). Risk
management is based on data storage also now a day’s data stored in the cloud storage, which is
a third party service (Zhang, Wuwong, Li, & Zhang, 2010). There are some questions for
implementation of the complete system to avoid risk and manage that risk at any time. The
questions are:
Who controls the system?
Who are the users?
How people use it?
Why it is important for any mission?
Security is a risk management strategy in which minimizes uncertain events in the
systems on the bases of a procedure. First identifies the issues in the system, then control that
issue and finally eliminate that issue form the system. Those issues may be affects information
assents of the system and resources also. There are number of concerns related to
implementation of facial recognition system. System should be designed to protect right to
privacy of every person (Reason, 2016). In an organization, information security departments are
managing information technology risks. It is a key responsibility of every manager in an
organization. There are two procedures for developing a risk management program. First, is risk
identification in the system, and second is risk control (Ericson, 2006).
First step of security knows about us, means level of security at your end. Risk
management is a process by which you maintain and control different devices of a system. It is
also must for every manager that flow of information in the system. Second thing knows about
the enemy, which means analyze threats facing by the system’s information assets (Bulgurcu,
Cavusoglu, & Benbasat, 2010).it is like identification, examining, and understanding about the
threat in the system. Manager must be preparing for handling that type of threat that creates risks
implementation and proper management of the system. In risk analysis, different types of risk
occur before implication and during running project (Gray, 2003).
Many organizations are use Risk Evolution matrix to find out different areas of risk, such
as legal, marketing, stability, productivity, and regulatory. In a system, some assets are so
important for proper functioning of the complete system, in case of information security system,
systems, network, people, and applications are important assets (Roberts, 2007). Risk
management is based on data storage also now a day’s data stored in the cloud storage, which is
a third party service (Zhang, Wuwong, Li, & Zhang, 2010). There are some questions for
implementation of the complete system to avoid risk and manage that risk at any time. The
questions are:
Who controls the system?
Who are the users?
How people use it?
Why it is important for any mission?
Security is a risk management strategy in which minimizes uncertain events in the
systems on the bases of a procedure. First identifies the issues in the system, then control that
issue and finally eliminate that issue form the system. Those issues may be affects information
assents of the system and resources also. There are number of concerns related to
implementation of facial recognition system. System should be designed to protect right to
privacy of every person (Reason, 2016). In an organization, information security departments are
managing information technology risks. It is a key responsibility of every manager in an
organization. There are two procedures for developing a risk management program. First, is risk
identification in the system, and second is risk control (Ericson, 2006).
First step of security knows about us, means level of security at your end. Risk
management is a process by which you maintain and control different devices of a system. It is
also must for every manager that flow of information in the system. Second thing knows about
the enemy, which means analyze threats facing by the system’s information assets (Bulgurcu,
Cavusoglu, & Benbasat, 2010).it is like identification, examining, and understanding about the
threat in the system. Manager must be preparing for handling that type of threat that creates risks
Information security 8
to the system. Using the risk management can be controlled or mitigated the threats in the system
(Zhou, Vasconcelos, & Nunes, 2008).
Next step for risk management is accountability. All systems working on these points for
managing risks are:
Evaluating the risk controls
Identifying threats
Identifying about cost effective control option
Installing the suitable control for managing risk
Overseeing processes
Identifying risks
Organizing assets
Allocating values to information assets
Assessing risks
Calculating the risks
Information assets
Reviewing controls for identification of vulnerabilities
Documentation of the all process of risk management
Risk identification
Risk identification is just like self-examination. In this, manager must identify the
information assets of the system, and provides priorities to all assets according to their
importance for the system. In the information assets of a system manager includes different
things, such as people, systems, data, software, hardware, procedures, network, and devices used
in the system.
to the system. Using the risk management can be controlled or mitigated the threats in the system
(Zhou, Vasconcelos, & Nunes, 2008).
Next step for risk management is accountability. All systems working on these points for
managing risks are:
Evaluating the risk controls
Identifying threats
Identifying about cost effective control option
Installing the suitable control for managing risk
Overseeing processes
Identifying risks
Organizing assets
Allocating values to information assets
Assessing risks
Calculating the risks
Information assets
Reviewing controls for identification of vulnerabilities
Documentation of the all process of risk management
Risk identification
Risk identification is just like self-examination. In this, manager must identify the
information assets of the system, and provides priorities to all assets according to their
importance for the system. In the information assets of a system manager includes different
things, such as people, systems, data, software, hardware, procedures, network, and devices used
in the system.
Information security 9
Risk Identification Process
Assets of an Organization, which used in systems, are:
Identifying application software, hardware devices, and networking devices
Identification is based on the importance of the asset for the system’s risk management.
Some preferences also provide to assets according to information technology communities. It is
also depend of the attributes of the information asset. Some potential attributes of information
asset are:
IP address
Risk Identification Process
Assets of an Organization, which used in systems, are:
Identifying application software, hardware devices, and networking devices
Identification is based on the importance of the asset for the system’s risk management.
Some preferences also provide to assets according to information technology communities. It is
also depend of the attributes of the information asset. Some potential attributes of information
asset are:
IP address
Secure Best Marks with AI Grader
Need help grading? Try our AI Grader for instant feedback on your assignments.
Information security 10
Logical location
MAC address
Name of System
Asset type
Machine Serial number
Model number
Version of software
Controlling entity
Physical location of the system
Port number
Vendor name
Identification people, procedures, and information assets:
It is depend on the managers, they will decide about this thing according to information,
skill, and judgment. When these assets identified, they should be recorded via a trustworthy
information management process, such as the one used for software program and hardware
devices of a system.
Some things are bind with assets are:
People
Procedures
Position number ID
Description
Supervisor name
Intendant purpose
Security clearance level
Software and hardware elements to which it is used
Location of data storage
Classification
Online or offline
Owner
Data structure used
Logical location
MAC address
Name of System
Asset type
Machine Serial number
Model number
Version of software
Controlling entity
Physical location of the system
Port number
Vendor name
Identification people, procedures, and information assets:
It is depend on the managers, they will decide about this thing according to information,
skill, and judgment. When these assets identified, they should be recorded via a trustworthy
information management process, such as the one used for software program and hardware
devices of a system.
Some things are bind with assets are:
People
Procedures
Position number ID
Description
Supervisor name
Intendant purpose
Security clearance level
Software and hardware elements to which it is used
Location of data storage
Classification
Online or offline
Owner
Data structure used
Information security 11
Backup procedures
Threat to information system:
Once, information assets identified, and documented threat assessment criteria. Also,
review every threat for each information asset. By help of review process, create list of
vulnerabilities. Vulnerabilities are the ways for attack on the information assets by threat agents.
At the end of this process, create a method to evaluate the risk from the different vulnerabilities
of the information assets.
Risk Assessment:
Factors for Risk Identification Estimate are:
Backup procedures
Threat to information system:
Once, information assets identified, and documented threat assessment criteria. Also,
review every threat for each information asset. By help of review process, create list of
vulnerabilities. Vulnerabilities are the ways for attack on the information assets by threat agents.
At the end of this process, create a method to evaluate the risk from the different vulnerabilities
of the information assets.
Risk Assessment:
Factors for Risk Identification Estimate are:
Information security 12
Risk is the likelihood of the occurrence of a vulnerability, which is multiplied by the
value of the information asset, and then minus the percentage of risk mitigated by current
controls, and then plus the uncertainly of current knowledge of the vulnerability.
Likelihood:
It is the rating between defined scales (0.1 to 1.0). It is the probability to exploitation of
vulnerability. It is also assign weight scores for each information asset in different ways, such as
1-100, low mid high, and many more.
Assessing potential loss:
Values are assigned after the asking:
Which threat is highly dangerous for the system?
What is the cost to recover from that threat?
Which threat requires highest cost to prevent the system?
Percentage of risk mitigated by current controls:
If an issue is fully managed by present control system, then it can be side, but if it is
partially managed, estimate what percentage of the issue has been controlled by the current
control system.
Uncertainty:
It is something, which is not possible to find out for every vulnerability.
Risk determination:
As an example, asset-1 has a value of 50 and it has one vulnerability. Assumption is 90 %
accurate according to manager. Then resulting rank for the vulnerability is as follows:
Asset-1: (50*1.0) – 0% + 10% = 55
Identify possible controls:
To each threat, specific control ideas are listed according to associated vulnerabilities for
reducing risk. Different types of controls are used for that management, such as policies,
controls, software programs, and technical controls.
Risk is the likelihood of the occurrence of a vulnerability, which is multiplied by the
value of the information asset, and then minus the percentage of risk mitigated by current
controls, and then plus the uncertainly of current knowledge of the vulnerability.
Likelihood:
It is the rating between defined scales (0.1 to 1.0). It is the probability to exploitation of
vulnerability. It is also assign weight scores for each information asset in different ways, such as
1-100, low mid high, and many more.
Assessing potential loss:
Values are assigned after the asking:
Which threat is highly dangerous for the system?
What is the cost to recover from that threat?
Which threat requires highest cost to prevent the system?
Percentage of risk mitigated by current controls:
If an issue is fully managed by present control system, then it can be side, but if it is
partially managed, estimate what percentage of the issue has been controlled by the current
control system.
Uncertainty:
It is something, which is not possible to find out for every vulnerability.
Risk determination:
As an example, asset-1 has a value of 50 and it has one vulnerability. Assumption is 90 %
accurate according to manager. Then resulting rank for the vulnerability is as follows:
Asset-1: (50*1.0) – 0% + 10% = 55
Identify possible controls:
To each threat, specific control ideas are listed according to associated vulnerabilities for
reducing risk. Different types of controls are used for that management, such as policies,
controls, software programs, and technical controls.
Paraphrase This Document
Need a fresh take? Get an instant paraphrase of this document with our AI Paraphraser
Information security 13
Classification Scheme
All security system follows classification system for implementation of a security system,
such as facial recognition security system. It follows normalized ethnicity classification. First
thing is necessary for implementation of security system understands about the purpose of that
system (Campbell, 2018). In this report, data storage of security system and sharing of those
system was a big issue for implementation is discussed, with the help of threat matrix, which can
helpful for identify the information assets. This report includes a classification for development
of a security system. It will required information about the data related to the system, such as
policy, people, marketing material, hardware, and software for management to the system. It
includes many things for completing the security system, such as documents, classification
category, admin controls, and description of the category, distribution, and destruction (Dhillon
& Torkzadeh, 2006).
There are so many ways for calculation of risk but threat matrix is a best approach to
calculate risk and weightage of every risk according to their damaging percentage system. It also
provides data for handling the risk in the system (Humphreys, 2008). Here is an example of asset
worksheet.
In this worksheet, mention values according to their vulnerabilities assigned by the
manager. It is showing correlation between vulnerabilities and assets.
Suppose that x assets, where the relative cost of each asset aj is Cj (j=1,....., n). Also
assume that cij be the impact of vulnerabilities vi on asset aj, then the impact of vulnerabilities on
the assets of the system vi is:
Classification Scheme
All security system follows classification system for implementation of a security system,
such as facial recognition security system. It follows normalized ethnicity classification. First
thing is necessary for implementation of security system understands about the purpose of that
system (Campbell, 2018). In this report, data storage of security system and sharing of those
system was a big issue for implementation is discussed, with the help of threat matrix, which can
helpful for identify the information assets. This report includes a classification for development
of a security system. It will required information about the data related to the system, such as
policy, people, marketing material, hardware, and software for management to the system. It
includes many things for completing the security system, such as documents, classification
category, admin controls, and description of the category, distribution, and destruction (Dhillon
& Torkzadeh, 2006).
There are so many ways for calculation of risk but threat matrix is a best approach to
calculate risk and weightage of every risk according to their damaging percentage system. It also
provides data for handling the risk in the system (Humphreys, 2008). Here is an example of asset
worksheet.
In this worksheet, mention values according to their vulnerabilities assigned by the
manager. It is showing correlation between vulnerabilities and assets.
Suppose that x assets, where the relative cost of each asset aj is Cj (j=1,....., n). Also
assume that cij be the impact of vulnerabilities vi on asset aj, then the impact of vulnerabilities on
the assets of the system vi is:
Information security 14
It is vulnerabilities worksheet for a system and it shows correlation between threat and
vulnerabilities of a system.
Suppose that there are t threat that affect the n vulnerabilities and dki is the potential of
damage from threat tk to vulnerabilities vi. Then the relative cumulative impact of the threat Tk is:
Threat workshop is showing correlation between controls and threats.
It is vulnerabilities worksheet for a system and it shows correlation between threat and
vulnerabilities of a system.
Suppose that there are t threat that affect the n vulnerabilities and dki is the potential of
damage from threat tk to vulnerabilities vi. Then the relative cumulative impact of the threat Tk is:
Threat workshop is showing correlation between controls and threats.
Information security 15
Suppose that there are q controls that can mitigate the t threats and elk is the impact of
control zo on the threat tk then the relative cumulative impact of the control Zo is:
Threat Matrix
Strong Moderate Weak Not Related
9 3 1 0
Ranking according to Priority
1 and 2 Not important
3 important
4 Important
5 Key Driver
Priority Vulnerability
Firewalls
Data Transmission rate
Databases
Application architecture
Physical security of the systems
Hardware – Server, Networking devices
Password length
Intranet Computer Servers
Workstations
Extranet Servers (internet facing)
Insecure wireless Network
Virtual Private Network
Power outage of systems
Total Score
Rank (Higher more significant)
Threat 13 13 11 10 9 9 7 6 5 4 3 2 1
Authentication 5 9 3 3 9 9 1 9 9 9 9 9 3 1 83 12
Failures of Server 3 9 9 9 3 9 9 1 9 1 9 1 1 9 79 11
Damage in hardware 1 1 9 9 9 9 9 0 3 3 3 1 1 3 60 10
Extortion 4 1 3 3 3 9 3 3 3 9 9 9 3 1 59 9
Malicious program 4 3 3 3 3 9 1 3 9 9 1 9 1 1 55 8
Spoofing of data 3 1 9 1 3 1 1 1 9 9 9 3 1 1 49 7
Denial of Service attack 2 9 1 0 9 1 3 1 9 1 9 3 3 1 50 6
Accidents due to human 3 3 9 3 3 3 1 3 9 3 3 1 1 1 43 5
Theft of laptops and
servers
2 1 0 1 1 9 1 1 1 9 1 3 1 1 30 4
Violation Export Control
compliance
1 1 1 1 1 9 1 1 1 9 1 1 1 1 29 3
Malwares 4 1 1 1 3 1 1 1 3 9 3 3 3 1 31 2
Storage overflow problem 5 0 9 0 1 1 1 1 3 1 3 1 1 1 23 1
Suppose that there are q controls that can mitigate the t threats and elk is the impact of
control zo on the threat tk then the relative cumulative impact of the control Zo is:
Threat Matrix
Strong Moderate Weak Not Related
9 3 1 0
Ranking according to Priority
1 and 2 Not important
3 important
4 Important
5 Key Driver
Priority Vulnerability
Firewalls
Data Transmission rate
Databases
Application architecture
Physical security of the systems
Hardware – Server, Networking devices
Password length
Intranet Computer Servers
Workstations
Extranet Servers (internet facing)
Insecure wireless Network
Virtual Private Network
Power outage of systems
Total Score
Rank (Higher more significant)
Threat 13 13 11 10 9 9 7 6 5 4 3 2 1
Authentication 5 9 3 3 9 9 1 9 9 9 9 9 3 1 83 12
Failures of Server 3 9 9 9 3 9 9 1 9 1 9 1 1 9 79 11
Damage in hardware 1 1 9 9 9 9 9 0 3 3 3 1 1 3 60 10
Extortion 4 1 3 3 3 9 3 3 3 9 9 9 3 1 59 9
Malicious program 4 3 3 3 3 9 1 3 9 9 1 9 1 1 55 8
Spoofing of data 3 1 9 1 3 1 1 1 9 9 9 3 1 1 49 7
Denial of Service attack 2 9 1 0 9 1 3 1 9 1 9 3 3 1 50 6
Accidents due to human 3 3 9 3 3 3 1 3 9 3 3 1 1 1 43 5
Theft of laptops and
servers
2 1 0 1 1 9 1 1 1 9 1 3 1 1 30 4
Violation Export Control
compliance
1 1 1 1 1 9 1 1 1 9 1 1 1 1 29 3
Malwares 4 1 1 1 3 1 1 1 3 9 3 3 3 1 31 2
Storage overflow problem 5 0 9 0 1 1 1 1 3 1 3 1 1 1 23 1
Secure Best Marks with AI Grader
Need help grading? Try our AI Grader for instant feedback on your assignments.
Information security 16
This is a threat matrix for a security system. Based on this matrix, issues solved according to
their respective ranks.
Facial recognition system:
This is a biometric processes in which cameras provides a picture of a person face and
take some points from that picture and matched in the database. If something is different then it
will be suspicious for the systems and it generate an alarm for administrator. They checked
information for incident and if there is any problem then do some needful for that case. There is
25 million dollar project for installing CCTV cameras at different places in the city of Perth for
facial recognition system (Cambell, 2018). Airport of Perth is main location for implementation
of CCTV cameras because people arrivals are possible from outside of country are possible from
airplanes. However, there are so many issues and peoples are opposing this thing because of
privacy reason ( Pearce, 2018). Stadium is also a large site for installation of CCTV camera for
security purpose but there cost will be so high and it is too complex for implementing such type
of system ( Prestipino, 2018).
Facial recognition system is also useful and it have many advantages for security
agencies, if it is also implement at public transport services (tenplay, 2017). Facial recognition
technology is a part of image processing and cloud commuting technology; it is used data
warehouses for data storages in large quantity for matching faces of different people ( Sturmer,
2017). People thought that it is a spy system on them for doing fraud with them. They also think
that it is not legal, and it removes their privacy, but it is a way to help people in different ways
(Cambell, 2018). It is the only a way to find out different person in a crowd. It is also helpful for
finding thief, terrorist, and unknown person (Tipton & Nozaki, 2007).
Conclusion
It is concluded form last parts of this report that, information security system is must for
every place, where it is required to save data from unauthorized persons in the world. It is also
concluded that, risk management is also a needful thing for successful project. Facial recognition
system is so beneficial for reducing the terrorist attacks and different types of theft at
organization. It is a basic tool for capturing data from the camera at different places and the bases
This is a threat matrix for a security system. Based on this matrix, issues solved according to
their respective ranks.
Facial recognition system:
This is a biometric processes in which cameras provides a picture of a person face and
take some points from that picture and matched in the database. If something is different then it
will be suspicious for the systems and it generate an alarm for administrator. They checked
information for incident and if there is any problem then do some needful for that case. There is
25 million dollar project for installing CCTV cameras at different places in the city of Perth for
facial recognition system (Cambell, 2018). Airport of Perth is main location for implementation
of CCTV cameras because people arrivals are possible from outside of country are possible from
airplanes. However, there are so many issues and peoples are opposing this thing because of
privacy reason ( Pearce, 2018). Stadium is also a large site for installation of CCTV camera for
security purpose but there cost will be so high and it is too complex for implementing such type
of system ( Prestipino, 2018).
Facial recognition system is also useful and it have many advantages for security
agencies, if it is also implement at public transport services (tenplay, 2017). Facial recognition
technology is a part of image processing and cloud commuting technology; it is used data
warehouses for data storages in large quantity for matching faces of different people ( Sturmer,
2017). People thought that it is a spy system on them for doing fraud with them. They also think
that it is not legal, and it removes their privacy, but it is a way to help people in different ways
(Cambell, 2018). It is the only a way to find out different person in a crowd. It is also helpful for
finding thief, terrorist, and unknown person (Tipton & Nozaki, 2007).
Conclusion
It is concluded form last parts of this report that, information security system is must for
every place, where it is required to save data from unauthorized persons in the world. It is also
concluded that, risk management is also a needful thing for successful project. Facial recognition
system is so beneficial for reducing the terrorist attacks and different types of theft at
organization. It is a basic tool for capturing data from the camera at different places and the bases
Information security 17
on those pictures, tried to found out similar picture of a person, who is involved in the crime or
any malicious activity. In this report, describing about ethical and legal issues of an information
security system. It is also concluded that, how different things are so important to plan a security
system, such as legality, confidentiality, privacy, and integrity.
Internet is a biggest advantage for successfulness of these types of information security
system. Data transfer and storage are basic need of that type of systems. It is also include details
about risk identification, risk analysis, and management of risk using the threat matrix. It is also
explained about classification of the security system.
Facial recognition system has many advantages but some issues make it difficult to
implement it properly, such as ethical and legal issues of an organization or at county level.
Finally, it is concluded that, facial recognition system is a helpful security system for
peoples in many ways. It is securing citizens and organization from different types of attacks.
on those pictures, tried to found out similar picture of a person, who is involved in the crime or
any malicious activity. In this report, describing about ethical and legal issues of an information
security system. It is also concluded that, how different things are so important to plan a security
system, such as legality, confidentiality, privacy, and integrity.
Internet is a biggest advantage for successfulness of these types of information security
system. Data transfer and storage are basic need of that type of systems. It is also include details
about risk identification, risk analysis, and management of risk using the threat matrix. It is also
explained about classification of the security system.
Facial recognition system has many advantages but some issues make it difficult to
implement it properly, such as ethical and legal issues of an organization or at county level.
Finally, it is concluded that, facial recognition system is a helpful security system for
peoples in many ways. It is securing citizens and organization from different types of attacks.
Information security 18
References
Burt, C. (2018, July 28). NYC, Perth deploy public facial recognition while London ethics panel
calls for greater transparency. Retrieved from www.biometricupdate.com:
https://www.biometricupdate.com/201807/nyc-perth-deploy-public-facial-recognition-
while-london-ethics-panel-calls-for-greater-transparency
Epps, T. (2018, Sepetember 20). Perth To Implement Face Recognition Software To Strengthen
City Security. Retrieved from livinghistorysociety:
https://www.livinghistorysociety.org/perth-to-implement-face-recognition-software-to-
strengthen-city-security/
Parker, G. (2018, July 23). Facial recognition cameras for Perth CBD. Retrieved from
www.6pr.com.au: https://www.6pr.com.au/podcast/facial-recognition-cameras-for-perth-
cbd/
Pearce, R. (2018, July 5). Sydney Airport collaborates with Qantas for facial recognition trial.
Retrieved from computerworld:
https://www.computerworld.com.au/article/643375/sydney-airport-collaborates-qantas-
facial-recognition-trial/
Prestipino, D. (2018, February 14). Perth Stadium fans may face high-tech facial recognition as
security at major sites assessed. Retrieved from www.watoday.com.au:
https://www.watoday.com.au/national/western-australia/perth-stadium-fans-may-face-
hightech-facial-recognition-20180214-h0w3i0.html
Sturmer, J. (2017, October 5). Facial recognition: Where is it being used, and how does the
technology work? Retrieved from http://www.abc.net.au/news/2017-10-05/how-is-facial-
recognition-technology-already-being-used/9019526
aap. (2017, February 14). Facial recognition cameras have been considered as part of security at
Perth's new Optus Stadium, a counter-terrorism inquiry has been told. Retrieved from
SBS: https://www.sbs.com.au/news/event-group-grilled-on-wa-terror-security
References
Burt, C. (2018, July 28). NYC, Perth deploy public facial recognition while London ethics panel
calls for greater transparency. Retrieved from www.biometricupdate.com:
https://www.biometricupdate.com/201807/nyc-perth-deploy-public-facial-recognition-
while-london-ethics-panel-calls-for-greater-transparency
Epps, T. (2018, Sepetember 20). Perth To Implement Face Recognition Software To Strengthen
City Security. Retrieved from livinghistorysociety:
https://www.livinghistorysociety.org/perth-to-implement-face-recognition-software-to-
strengthen-city-security/
Parker, G. (2018, July 23). Facial recognition cameras for Perth CBD. Retrieved from
www.6pr.com.au: https://www.6pr.com.au/podcast/facial-recognition-cameras-for-perth-
cbd/
Pearce, R. (2018, July 5). Sydney Airport collaborates with Qantas for facial recognition trial.
Retrieved from computerworld:
https://www.computerworld.com.au/article/643375/sydney-airport-collaborates-qantas-
facial-recognition-trial/
Prestipino, D. (2018, February 14). Perth Stadium fans may face high-tech facial recognition as
security at major sites assessed. Retrieved from www.watoday.com.au:
https://www.watoday.com.au/national/western-australia/perth-stadium-fans-may-face-
hightech-facial-recognition-20180214-h0w3i0.html
Sturmer, J. (2017, October 5). Facial recognition: Where is it being used, and how does the
technology work? Retrieved from http://www.abc.net.au/news/2017-10-05/how-is-facial-
recognition-technology-already-being-used/9019526
aap. (2017, February 14). Facial recognition cameras have been considered as part of security at
Perth's new Optus Stadium, a counter-terrorism inquiry has been told. Retrieved from
SBS: https://www.sbs.com.au/news/event-group-grilled-on-wa-terror-security
Paraphrase This Document
Need a fresh take? Get an instant paraphrase of this document with our AI Paraphraser
Information security 19
Bulgurcu, B., Cavusoglu, H., & Benbasat, I. (2010). Information security policy compliance: an
empirical study of rationality-based beliefs and information security awareness. MIS
quarterly, 34(3), 523-548.
Cambell, K. (2018, July 21). Facial recognition CCTV cameras: How City of Perth will spy on
you. Retrieved from www.perthnow.com.au:
https://www.perthnow.com.au/technology/security/facial-recognition-cctv-cameras-how-
city-of-perth-will-spy-on-you-ng-b88902734z
Campbell, K. (2018, July 22). Security vs spying: Facial recognition CCTV goes from sci-fi to
real life. Retrieved from https://www.news.com.au/national/western-australia/security-vs-
spying-facial-recognition-cctv-goes-from-scifi-to-real-life/news-story/
61ed9ad7afbc4656395e7799f5fddc5d
Dhillon, G., & Torkzadeh, G. (2006). Value‐focused assessment of information system security
in organizations. Information Systems Journal, 16(3), 293-314.
Doctor, R. D. (1991). Information technologies and social equity: Confronting the revolution.
Journal of the American Society for Information Science, 42(3), 216-228.
Ericson, R. (2006). Ten uncertainties of risk-management approaches to security. Canadian
Journal of Criminology and Criminal Justice, 48(3), 345-356.
Gray, M. (2003). Urban Surveillance and Panopticism: will we recognize the facial recognition
society? Surveillance & Society, 3(1), 314-330.
Gupta, A., & Hammond, R. (2005). Information systems security issues and decisions for small
businesses: An empirical examination. Information management & computer security,
13(4), 297-310.
Heiser, J., & Nicolett, M. (2008). Assessing the security risks of cloud computing. Gartner
Report, 27(1), 29-52.
Humphreys, E. (2008). Information security management standards: Compliance, governance
and risk management. information security technical report, 13(4), 247-255.
Bulgurcu, B., Cavusoglu, H., & Benbasat, I. (2010). Information security policy compliance: an
empirical study of rationality-based beliefs and information security awareness. MIS
quarterly, 34(3), 523-548.
Cambell, K. (2018, July 21). Facial recognition CCTV cameras: How City of Perth will spy on
you. Retrieved from www.perthnow.com.au:
https://www.perthnow.com.au/technology/security/facial-recognition-cctv-cameras-how-
city-of-perth-will-spy-on-you-ng-b88902734z
Campbell, K. (2018, July 22). Security vs spying: Facial recognition CCTV goes from sci-fi to
real life. Retrieved from https://www.news.com.au/national/western-australia/security-vs-
spying-facial-recognition-cctv-goes-from-scifi-to-real-life/news-story/
61ed9ad7afbc4656395e7799f5fddc5d
Dhillon, G., & Torkzadeh, G. (2006). Value‐focused assessment of information system security
in organizations. Information Systems Journal, 16(3), 293-314.
Doctor, R. D. (1991). Information technologies and social equity: Confronting the revolution.
Journal of the American Society for Information Science, 42(3), 216-228.
Ericson, R. (2006). Ten uncertainties of risk-management approaches to security. Canadian
Journal of Criminology and Criminal Justice, 48(3), 345-356.
Gray, M. (2003). Urban Surveillance and Panopticism: will we recognize the facial recognition
society? Surveillance & Society, 3(1), 314-330.
Gupta, A., & Hammond, R. (2005). Information systems security issues and decisions for small
businesses: An empirical examination. Information management & computer security,
13(4), 297-310.
Heiser, J., & Nicolett, M. (2008). Assessing the security risks of cloud computing. Gartner
Report, 27(1), 29-52.
Humphreys, E. (2008). Information security management standards: Compliance, governance
and risk management. information security technical report, 13(4), 247-255.
Information security 20
Jin, K. G., Drozdenko, R., & Bassett, R. (2007). Information technology professionals’ perceived
organizational values and managerial ethics: An empirical study. Journal of Business
Ethics, 71(2), 149-159.
Kizza, J. M. (2007). Ethical and social issues in the information age (Vol. 999). UK: Springer.
Kshetri, N. (2013). Privacy and security issues in cloud computing: The role of institutions and
institutional evolution. Telecommunications Policy, 37(4-5), 372-386.
Quinn, M. J. (2010). Ethics for the information age (4 ed.). USA: Addison-Wesley Publishing
Company.
Reason, J. (2016). Managing the risks of organizational accidents. London: Routledge.
Reynolds, G. W. (2011). Ethics in information technology (5 ed.). Boston: Cengage Learning.
Roberts, C. (2007). Biometric attack vectors and defences. Computers & Security, 26(1), 14-25.
Smith, J. H., Dinev, T., & Xu, H. (2011). Information privacy research: an interdisciplinary
review. MIS quarterly, 35(4), 989-1016.
Tavani, H. (2003). Ethics and technology: Ethical issues in an age of information and
communication technology. Boston: Routledge.
tenplay. (2017, June 9). Facial recognition cameras to be installed on public transport.
Retrieved from tenplay: https://tenplay.com.au/news/national/june-2017/facial-
recognition-cameras-to-be-installed-on-public-transport
Tipton, H., & Nozaki, M. K. (2007). Information security management handbook. USA: CRC
press.
UWA. (2018, August 14). Research Data Management Toolkit: Ethics, privacy, consent and
legal issues. Retrieved from uwa: http://guides.library.uwa.edu.au/c.php?
g=325196&p=2178575
WARREN, E. (2011). Legal, Ethical, and Professional Issues in Information Security. Retrieved
from cengage:
Jin, K. G., Drozdenko, R., & Bassett, R. (2007). Information technology professionals’ perceived
organizational values and managerial ethics: An empirical study. Journal of Business
Ethics, 71(2), 149-159.
Kizza, J. M. (2007). Ethical and social issues in the information age (Vol. 999). UK: Springer.
Kshetri, N. (2013). Privacy and security issues in cloud computing: The role of institutions and
institutional evolution. Telecommunications Policy, 37(4-5), 372-386.
Quinn, M. J. (2010). Ethics for the information age (4 ed.). USA: Addison-Wesley Publishing
Company.
Reason, J. (2016). Managing the risks of organizational accidents. London: Routledge.
Reynolds, G. W. (2011). Ethics in information technology (5 ed.). Boston: Cengage Learning.
Roberts, C. (2007). Biometric attack vectors and defences. Computers & Security, 26(1), 14-25.
Smith, J. H., Dinev, T., & Xu, H. (2011). Information privacy research: an interdisciplinary
review. MIS quarterly, 35(4), 989-1016.
Tavani, H. (2003). Ethics and technology: Ethical issues in an age of information and
communication technology. Boston: Routledge.
tenplay. (2017, June 9). Facial recognition cameras to be installed on public transport.
Retrieved from tenplay: https://tenplay.com.au/news/national/june-2017/facial-
recognition-cameras-to-be-installed-on-public-transport
Tipton, H., & Nozaki, M. K. (2007). Information security management handbook. USA: CRC
press.
UWA. (2018, August 14). Research Data Management Toolkit: Ethics, privacy, consent and
legal issues. Retrieved from uwa: http://guides.library.uwa.edu.au/c.php?
g=325196&p=2178575
WARREN, E. (2011). Legal, Ethical, and Professional Issues in Information Security. Retrieved
from cengage:
Information security 21
https://www.cengage.com/resource_uploads/downloads/1111138214_259148.pdf
Whitman, M., & Mattord, H. J. (2011). Principles of information security (1 ed.). London:
Cengage Learning.
Zhang, X., Wuwong, N., Li, H., & Zhang, X. (2010). Information security risk management
framework for the cloud computing environments. In Computer and Information
Technology (CIT) (pp. 1328-1334). IEEE.
Zhou, L., Vasconcelos, A., & Nunes, M. (2008). Supporting decision making in risk
management through an evidence-based information systems project risk checklist.
Information management & computer security, 16(2), 166-186.
https://www.cengage.com/resource_uploads/downloads/1111138214_259148.pdf
Whitman, M., & Mattord, H. J. (2011). Principles of information security (1 ed.). London:
Cengage Learning.
Zhang, X., Wuwong, N., Li, H., & Zhang, X. (2010). Information security risk management
framework for the cloud computing environments. In Computer and Information
Technology (CIT) (pp. 1328-1334). IEEE.
Zhou, L., Vasconcelos, A., & Nunes, M. (2008). Supporting decision making in risk
management through an evidence-based information systems project risk checklist.
Information management & computer security, 16(2), 166-186.
1 out of 22
Related Documents
Your All-in-One AI-Powered Toolkit for Academic Success.
+13062052269
info@desklib.com
Available 24*7 on WhatsApp / Email
![[object Object]](/_next/static/media/star-bottom.7253800d.svg)
Unlock your academic potential
© 2024 | Zucol Services PVT LTD | All rights reserved.