IT Risk Management Report: CSIRO Security Policy and Risks

Verified

Added on 2023/04/21

AI Summary

This report provides a comprehensive overview of IT risk management, emphasizing its importance in today's organizations. It delves into various types of risks, such as data privacy breaches, employee misconduct, and cyberattacks, and their potential economic impacts. The report includes a detailed risk analysis and offers recommendations to mitigate these risks. A key component is a security policy specifically designed for granting privileged accounts, focusing on protecting data integrity and preventing unauthorized access within the Commonwealth Scientific and Industrial Research Organisation (CSIRO). The policy outlines the intent, rationale, scope, and specific measures, such as documentation, access restrictions, and user verification, to ensure secure IT system management. The report concludes by highlighting the significance of implementing risk mitigation techniques to create a secure working environment for both students and staff.

Running head: IT RISK MANAGEMENT
IT RISK MANAGEMENT
Name of the student:
Name of the university:
Author note:

Paraphrase This Document

Need a fresh take? Get an instant paraphrase of this document with our AI Paraphraser

1IT RISK MANAGEMENT
Table of Contents
Introduction:...............................................................................................................................2
Security policy for the granting privileged accounts to users (Part 2):..................................2
Intent and rationale of the policy:..........................................................................................2
The policy:.............................................................................................................................3
Scope:.....................................................................................................................................4
Conclusion:................................................................................................................................4
References:.................................................................................................................................5

2IT RISK MANAGEMENT
Introduction:
IT risk management is one of the most important tasks for the organizations in today’s
world. There are different kinds of risks that the organizations may face in terms of data
privacy, acts of employee vandalism, brand defamation, virus infections as well as intrusions
by hackers. These issues can have enormous economic impacts on the overall business of the
organizations. The following report will conduct a complete risk analysis faced by the
Information technology used in the different organizations and suggest recommendations to
prevent them. A security policy will also be provided in the second part of the report. By the
end of the report, the reader will have a clear idea on the complete IT risk management within
tan organization and how they can be implemented.
Security policy for the granting privileged accounts to users (Part 2):
The security policy to be followed at the Commonwealth Scientific and Industrial
Research Organisation (CSIRO) while granting privileged accounts to the different users is
explained below:
Intent and rationale of the policy:
Protecting and managing access to the IT systems as well as applications since it is
crucial to ensure the integrity of the Commonwealth Scientific and Industrial Research
Organisation data and unauthorised access to the resources shall be prevented.
Access to the CSIRO systems should be restricted only to the authorized users based
on the security principles of the organization, just to get their job completed. Users” can be
the students, agents, CSIRO employees, consultants as well as contractors, accessing the
CSIRO computers and other applications. “Access Privileges” are the permission of the
CSIRO systems, which are linked, to an account. It includes the permissions to access as well

3IT RISK MANAGEMENT
as change student data or other university confidential information and processing financial
transactions.
Figure 1: Privilege access management (Velasquez & Hester, 2013).
It is the responsibility of the chief information officer including the other security
personnel to be honest and ethical while designing the security policy and ensure there is
transparency at every step of designing the policy (Aven, 2015). The administrative rights
should only be given only to the users with greater privilege and only they should be allowed
elevated access to the important enterprise workstations and systems. There should be no
dishonesty in any employees of the university and mandatory strict actions should be taken
against them in case they are found involved in any unethical practises in the university
premises or even outside, without the knowledge of the management.
The policy:
- Requests for special privileges should be documented using an appropriate ticketing
system and approved.
- Access to the important passwords must only be restricted to IT administrators
- Automatic expiration of the user accounts should be activated on a pre-defined date.

Paraphrase This Document

Need a fresh take? Get an instant paraphrase of this document with our AI Paraphraser

4IT RISK MANAGEMENT
- Access rights for the users should be immediately disabled in case they are no longer
associated to the university.
- Chief information officer must perform a user verification prior to granting the
permissions.
Scope:
This policy applies to:
- All the CSIRO offices, campuses as well as the learning centres.
- All students, employees as well as other staff.
- Important CSIRO IT systems, mobile devices, software and telecommunication
systems used by CSIRO that store and transmit information.
Conclusion:
Therefore, it can be concluded from the report that there are different kinds of risks
and vulnerabilities that CSIRO can face in the future and it of utmost importance that the risk
mitigation techniques are properly implemented within the system to ensure a risk free work
atmosphere. This will not only be beneficial for the students but also ensure smoother work
operations for the university staff.

5IT RISK MANAGEMENT
References:
Aven, T. (2015). Risk analysis.
Aven, T., Baraldi, P., Flage, R., & Zio, E. (2013). Uncertainty in risk assessment: the
representation and treatment of uncertainties by probabilistic and non-probabilistic
methods.
Covello, V. T., & Merkhoher, M. W. (2013). Risk assessment methods: approaches for
assessing health and environmental risks. Springer Science & Business Media.
Hussein, N. H., & Khalid, A. (2016). A survey of Cloud Computing Security challenges and
solutions. International Journal of Computer Science and Information
Security, 14(1), 52.
Modarres, M. (2016). Risk analysis in engineering: techniques, tools, and trends. CRC press.
Modarres, M., Kaminskiy, M. P., & Krivtsov, V. (2016). Reliability engineering and risk
analysis: a practical guide. CRC press.
Park, J., Seager, T. P., Rao, P. S. C., Convertino, M., & Linkov, I. (2013). Integrating risk
and resilience approaches to catastrophe management in engineering systems. Risk
Analysis, 33(3), 356-367.
Parker, L. D. (2013). Contemporary university strategising: the financial
imperative. Financial Accountability & Management, 29(1), 1-25.
Reason, J. (2016). Managing the risks of organizational accidents.
Shelby, C. M. (2015). Privileged Access to Financial Innovation. Loy. U. Chi. LJ, 47, 315.
Velasquez, M., & Hester, P. T. (2013). An analysis of multi-criteria decision making
methods. International Journal of Operations Research, 10(2), 56-66.

6IT RISK MANAGEMENT
Wang, C. H., Lee, Y. D., Chou, H. L., & Kuo, J. H. (2014, May). Identifying the intellectual
structure of risk management studies. In Electronics, Computer and Applications,
2014 IEEE Workshop on (pp. 964-968). IEEE.