IT Risk Management Report: IT Risk and Security Policy Analysis
VerifiedAdded on 2022/11/10
|12
|3139
|332
Report
AI Summary
This report provides a detailed analysis of IT risk management, particularly within the context of the Commonwealth Government of Australia's 'My Health Record' initiative and the Commonwealth Bank of Australia. The report is divided into two parts, the first part focuses on the planning, development, and management of security policies, emphasizing the importance of safeguarding sensitive information and aligning policies with organizational objectives. The second part delves into the major risks associated with IT systems, including general threats, hacking, and natural disasters, along with their potential consequences such as data loss and breaches. It also explores inherent risks within the banking sector, like complex relationships, and discusses mitigation strategies. The report underscores the need for robust security measures to protect data integrity, confidentiality, and availability, offering insights into risk assessment and management in the digital age. The report emphasizes the need for continuous monitoring and adaptation of security policies to address evolving threats, ensuring the protection of sensitive information and maintaining operational resilience.
Contribute Materials
Your contribution can guide someone’s learning journey. Share your
documents today.
Running head: IT RISK MANAGEMENT
IT RISK MANAGEMENT
Name of the Student
Name of the University
Author Note
IT RISK MANAGEMENT
Name of the Student
Name of the University
Author Note
Secure Best Marks with AI Grader
Need help grading? Try our AI Grader for instant feedback on your assignments.
IT RISK MANAGEMENT 1
Table of Contents
Part One:.....................................................................................................................................2
Introduction................................................................................................................................2
Discussions.................................................................................................................................2
Planning a security policy......................................................................................................2
Developing a security policy..................................................................................................3
Managing a security policy....................................................................................................4
Conclusion..............................................................................................................................5
Part Two:....................................................................................................................................5
Introduction:...............................................................................................................................5
Major Risk in the IT Systems Components:..............................................................................6
Consequence of the Risks:.........................................................................................................7
Inherent Risks:...........................................................................................................................8
Mitigation of the Inherent Risks:...............................................................................................8
Residual Risk Assessment:........................................................................................................9
Risk Register:.............................................................................................................................9
Conclusion:................................................................................................................................9
Bibliography.............................................................................................................................10
Table of Contents
Part One:.....................................................................................................................................2
Introduction................................................................................................................................2
Discussions.................................................................................................................................2
Planning a security policy......................................................................................................2
Developing a security policy..................................................................................................3
Managing a security policy....................................................................................................4
Conclusion..............................................................................................................................5
Part Two:....................................................................................................................................5
Introduction:...............................................................................................................................5
Major Risk in the IT Systems Components:..............................................................................6
Consequence of the Risks:.........................................................................................................7
Inherent Risks:...........................................................................................................................8
Mitigation of the Inherent Risks:...............................................................................................8
Residual Risk Assessment:........................................................................................................9
Risk Register:.............................................................................................................................9
Conclusion:................................................................................................................................9
Bibliography.............................................................................................................................10
2IT RISK MANAGEMENT
Part One:
Introduction
The report deals with the commonwealth Government of Australia. The commonwealth
Government of Australia is planning to launch ‘My health record’. It is a secure online
summary of an individual’s health information. This system is available to all the Australians;
my health record is an electronic summary of an individual’s health information. The my
health record is driven by the need for the health industry to continue a process of reform to
drive efficiencies in to the system of health care, improve the patient care quality by
minimizing several issues that were apparent from the lack of essential information that is
shared about the patient. Several staffs such as the doctor, system administrator, nurse, and
the patients use the record.
The report deals with the security of the organization. The report focuses on the planning of a
security policy of the organization. The report discusses about the developing of a security
policy and lastly the report deals with managing the security policy of the organization.
Discussions
Planning a security policy
Security policy means to be secure for a system, organization or other entity. For a company
it addresses the drawbacks on the behaviour of its members as well as the constraints that is
imposed on the adversaries by mechanisms such as locks, keys doors and the walls. First an
foremost, a security plan must be created in order to implement the security policy
successfully.
The organization is the Commonwealth Government of Australia and it deals with the
launching of my health records that keeps the record of all the individuals. The first job of the
Part One:
Introduction
The report deals with the commonwealth Government of Australia. The commonwealth
Government of Australia is planning to launch ‘My health record’. It is a secure online
summary of an individual’s health information. This system is available to all the Australians;
my health record is an electronic summary of an individual’s health information. The my
health record is driven by the need for the health industry to continue a process of reform to
drive efficiencies in to the system of health care, improve the patient care quality by
minimizing several issues that were apparent from the lack of essential information that is
shared about the patient. Several staffs such as the doctor, system administrator, nurse, and
the patients use the record.
The report deals with the security of the organization. The report focuses on the planning of a
security policy of the organization. The report discusses about the developing of a security
policy and lastly the report deals with managing the security policy of the organization.
Discussions
Planning a security policy
Security policy means to be secure for a system, organization or other entity. For a company
it addresses the drawbacks on the behaviour of its members as well as the constraints that is
imposed on the adversaries by mechanisms such as locks, keys doors and the walls. First an
foremost, a security plan must be created in order to implement the security policy
successfully.
The organization is the Commonwealth Government of Australia and it deals with the
launching of my health records that keeps the record of all the individuals. The first job of the
3IT RISK MANAGEMENT
organization is to develop a security team and a security team mission statement that will
align with the goals of the organization. The security planning is very important for the
organization. Security policies will keep the organization safe from the attackers that will try
to hack the information of the individuals from the ‘My Health record’.
The security policy must align with the objectives of the organization. The advantages of the
security policy outweigh the cost of the policy. The cost and performance of security are
managed and measured based on the policy. The policies of security are evolving constantly.
The resources planning are important for the polices of security. The security personnel must
be well trained and the organization must have CCTV cameras inside the organization so that
there is no information theft. Trained personnel must handle the security of the computers
where the data of the individuals will be kept, as the information is essential for the doctors.
Developing a security policy
The aim or the intent of the policies is to preserve the integrity, confidentiality and the
availability of the information and the systems that is used by the members of the
organization. Confidentiality involves the protection of assets from the entities that are
unauthorized.
The individuals who enforce these policies have huge responsibilities. The responsibility for
developing the procedures and the policy of the organization is based on the size of the
organization. For this organization, the individuals that are present should make the policies
of security and then enforce them. The NIST information security related publications will be
used for the development of the security policies for the company. The different officials of
the organization will enforce the security policies of the company.
The responsibilities are:
organization is to develop a security team and a security team mission statement that will
align with the goals of the organization. The security planning is very important for the
organization. Security policies will keep the organization safe from the attackers that will try
to hack the information of the individuals from the ‘My Health record’.
The security policy must align with the objectives of the organization. The advantages of the
security policy outweigh the cost of the policy. The cost and performance of security are
managed and measured based on the policy. The policies of security are evolving constantly.
The resources planning are important for the polices of security. The security personnel must
be well trained and the organization must have CCTV cameras inside the organization so that
there is no information theft. Trained personnel must handle the security of the computers
where the data of the individuals will be kept, as the information is essential for the doctors.
Developing a security policy
The aim or the intent of the policies is to preserve the integrity, confidentiality and the
availability of the information and the systems that is used by the members of the
organization. Confidentiality involves the protection of assets from the entities that are
unauthorized.
The individuals who enforce these policies have huge responsibilities. The responsibility for
developing the procedures and the policy of the organization is based on the size of the
organization. For this organization, the individuals that are present should make the policies
of security and then enforce them. The NIST information security related publications will be
used for the development of the security policies for the company. The different officials of
the organization will enforce the security policies of the company.
The responsibilities are:
Secure Best Marks with AI Grader
Need help grading? Try our AI Grader for instant feedback on your assignments.
4IT RISK MANAGEMENT
Make sure that the management of information security processes are integrated.
Make sure that the enforcement and the compliance with FISMA and the directives of
information security.
Giving training to the people with the responsibilities of information security.
Maintain, developing and issuing agency wide policies related to the information security.
These policies cover the health information and the systems of information to include the
information systems and the information that is used and managed by a contractor, or by
other organization.
These policies apply to all the employees of the organization, contractors and the users of the
information of the organization and the systems of information that support the assets and the
operations of the Commonwealth government of Australia.
Managing a security policy
The security policies can be monitored by verifying, defining and detailing the problem og
the organization. The next step is to establish the criteria of evaluation. Some alternative
policies should be made if the policy does not work. The individuals must evaluate the
alternative policies that are being made, if the policies will safeguard the information of the
organization. The alternative policies and the policies that were made first must be compared
and implement the policy that will safeguard the information. Last but not the least the
implemented policy must be monitored.
There are major outcomes of the policies. Each and everyone in the organization should
maintain the policies. The outcomes of the policies are that the information of the
organization will be secured. There will be no information thefts in the organization and the
organization will be saved from the hands of the hackers.
Make sure that the management of information security processes are integrated.
Make sure that the enforcement and the compliance with FISMA and the directives of
information security.
Giving training to the people with the responsibilities of information security.
Maintain, developing and issuing agency wide policies related to the information security.
These policies cover the health information and the systems of information to include the
information systems and the information that is used and managed by a contractor, or by
other organization.
These policies apply to all the employees of the organization, contractors and the users of the
information of the organization and the systems of information that support the assets and the
operations of the Commonwealth government of Australia.
Managing a security policy
The security policies can be monitored by verifying, defining and detailing the problem og
the organization. The next step is to establish the criteria of evaluation. Some alternative
policies should be made if the policy does not work. The individuals must evaluate the
alternative policies that are being made, if the policies will safeguard the information of the
organization. The alternative policies and the policies that were made first must be compared
and implement the policy that will safeguard the information. Last but not the least the
implemented policy must be monitored.
There are major outcomes of the policies. Each and everyone in the organization should
maintain the policies. The outcomes of the policies are that the information of the
organization will be secured. There will be no information thefts in the organization and the
organization will be saved from the hands of the hackers.
5IT RISK MANAGEMENT
The security policies of the organization must be changed from time to time. The old policies
must be replaced with new policies so that the employees are under control. The employees
break the old policies sometimes. For this some of the new policies must be changes and new
policies are made. This will keep the organization from any type of information theft from the
attackers. The new policies will safeguard the confidentiality, integrity and the availability of
the company. Thus, the information of the individuals that are kept in the records of the
company will be safe and it will not be in the wrong hands. Then the doctors, nurses and the
other personnel of the organization can access the information. Then the organization will
have a good security policy that will be good for the organization.
Conclusion
The report deals with the security policies of the Commonwealth of Australia organization.
The organization needs some security policies for the information that are recorded in the
organization. The report deals with the planning of the security policies for the organization
those are essential for the organization. The report focuses on the developing of the security
policies that are essential and the report focuses on the monitoring of the security policies of
the organization that will be done after the implementation of the organization. Lastly, the
report concludes with the need of the security policy for the organization and for the
safeguard of the confidentiality, integrity and the availability of the organization.
Part Two:
Introduction:
The information system technology or the IT system can be considered as a computer
system and a communication system which is can be utilized by various of organizations. The
information system technology consists various type of important components which includes
software, hardware and the websites. In the current aspects this type of systems are used in
The security policies of the organization must be changed from time to time. The old policies
must be replaced with new policies so that the employees are under control. The employees
break the old policies sometimes. For this some of the new policies must be changes and new
policies are made. This will keep the organization from any type of information theft from the
attackers. The new policies will safeguard the confidentiality, integrity and the availability of
the company. Thus, the information of the individuals that are kept in the records of the
company will be safe and it will not be in the wrong hands. Then the doctors, nurses and the
other personnel of the organization can access the information. Then the organization will
have a good security policy that will be good for the organization.
Conclusion
The report deals with the security policies of the Commonwealth of Australia organization.
The organization needs some security policies for the information that are recorded in the
organization. The report deals with the planning of the security policies for the organization
those are essential for the organization. The report focuses on the developing of the security
policies that are essential and the report focuses on the monitoring of the security policies of
the organization that will be done after the implementation of the organization. Lastly, the
report concludes with the need of the security policy for the organization and for the
safeguard of the confidentiality, integrity and the availability of the organization.
Part Two:
Introduction:
The information system technology or the IT system can be considered as a computer
system and a communication system which is can be utilized by various of organizations. The
information system technology consists various type of important components which includes
software, hardware and the websites. In the current aspects this type of systems are used in
6IT RISK MANAGEMENT
various of aspects regarding daily life of the humans. In the current context the IT system are
utilized for performing various types of important tasks which includes storing, sending,
retrieving and manipulation of the information.
The IT system also plays an important role within the banking sector regarding
exchange of the crucial information. Within Australia one of the important bank is the
commonwealth bank of Australia which is commonly known as the CBA or the CommBank.
This bank is a multinational bank which is having their businesses across United States,
United Kingdom, Asia and New Zealand. This banks currently provides various of financial
services which includes funds management, insurance, superannuation, institutional banking
and investment services. Currently the Commonwealth Bank of Australia is also utilizing the
IT related services within their organization for properly meeting the business objectives.
Considering the banking sector mainly the accounting information system is utilized in this
aspect. In the following sections theses IT systems are discussed in a brief way.
Major Risk in the IT Systems Components:
Considering these information systems there are several of risk are associated with the
component of the IT system. Theses risk factors of the IT system can create several of issues
within the Australia due to which business objective of the organization might not be fulfilled
properly. Also, security related issues can also arise due to this risk factors in the IT systems.
There are mainly three type of IT system risks which can occur in this aspect. These three
risks are the general IT threats, hacking related threats and threats of natural disasters. In this
aspect, the general threats are the software and hardware failure threats, virus and malware
related threats, human errors and spam and phishing related threats. Hacking threats is also a
big issue in this case. In many of the cases it has been seen that the IT systems is vulnerable
in some of the point and the hackers are taking the advantage of this vulnerability to hack into
various of aspects regarding daily life of the humans. In the current context the IT system are
utilized for performing various types of important tasks which includes storing, sending,
retrieving and manipulation of the information.
The IT system also plays an important role within the banking sector regarding
exchange of the crucial information. Within Australia one of the important bank is the
commonwealth bank of Australia which is commonly known as the CBA or the CommBank.
This bank is a multinational bank which is having their businesses across United States,
United Kingdom, Asia and New Zealand. This banks currently provides various of financial
services which includes funds management, insurance, superannuation, institutional banking
and investment services. Currently the Commonwealth Bank of Australia is also utilizing the
IT related services within their organization for properly meeting the business objectives.
Considering the banking sector mainly the accounting information system is utilized in this
aspect. In the following sections theses IT systems are discussed in a brief way.
Major Risk in the IT Systems Components:
Considering these information systems there are several of risk are associated with the
component of the IT system. Theses risk factors of the IT system can create several of issues
within the Australia due to which business objective of the organization might not be fulfilled
properly. Also, security related issues can also arise due to this risk factors in the IT systems.
There are mainly three type of IT system risks which can occur in this aspect. These three
risks are the general IT threats, hacking related threats and threats of natural disasters. In this
aspect, the general threats are the software and hardware failure threats, virus and malware
related threats, human errors and spam and phishing related threats. Hacking threats is also a
big issue in this case. In many of the cases it has been seen that the IT systems is vulnerable
in some of the point and the hackers are taking the advantage of this vulnerability to hack into
Paraphrase This Document
Need a fresh take? Get an instant paraphrase of this document with our AI Paraphraser
7IT RISK MANAGEMENT
the IT system. In the IT related threats the denial of service attack is also performed by the
attackers which is also a big threat in the IT systems. Also, the security breaches and the
password threats are also a big issue in the aspect of security related threats of the IT system.
Natural disasters also creates risks for the IT system as it can create damage to the overall IT
system.
Consequence of the Risks:
In the above section various types of risks related with the IT system has been
analysed in the aspects of Commonwealth Bank of Australia. This type of risks are having
various of consequences within the organizations. In this aspect one of the serious issue
which can occur due to these identified IT risks are the data loss and data corruption. As the
data can be loss and can be corrupted due to the failure of the IT systems, it is one of the vital
issue which will be impacting the overall performance of the businesses. Also, the normal
operation of the businesses can be disrupted due to these type of IT related risks. Again, this
will be harming the overall performance of the businesses. In the cases of hacking, due to this
kind of risk the organizational data can be breached by the hackers. In this way the hackers
will be able to access the confidential data of the organization and due to this reason their
important resources might be theft illegally. Thus, this will be creating business regarding
loss and the performance of the organization will be decreasing gradually. The natural
disasters also have some crucial consequences in this aspects. Important data loss for the
organization is the main consequences which will be occurring in this case. Natural disasters
most likely going to destroy the whole IT system of the organization and it is quite normal
that the important information stored within the IT system is going to be wiped permanently.
the IT system. In the IT related threats the denial of service attack is also performed by the
attackers which is also a big threat in the IT systems. Also, the security breaches and the
password threats are also a big issue in the aspect of security related threats of the IT system.
Natural disasters also creates risks for the IT system as it can create damage to the overall IT
system.
Consequence of the Risks:
In the above section various types of risks related with the IT system has been
analysed in the aspects of Commonwealth Bank of Australia. This type of risks are having
various of consequences within the organizations. In this aspect one of the serious issue
which can occur due to these identified IT risks are the data loss and data corruption. As the
data can be loss and can be corrupted due to the failure of the IT systems, it is one of the vital
issue which will be impacting the overall performance of the businesses. Also, the normal
operation of the businesses can be disrupted due to these type of IT related risks. Again, this
will be harming the overall performance of the businesses. In the cases of hacking, due to this
kind of risk the organizational data can be breached by the hackers. In this way the hackers
will be able to access the confidential data of the organization and due to this reason their
important resources might be theft illegally. Thus, this will be creating business regarding
loss and the performance of the organization will be decreasing gradually. The natural
disasters also have some crucial consequences in this aspects. Important data loss for the
organization is the main consequences which will be occurring in this case. Natural disasters
most likely going to destroy the whole IT system of the organization and it is quite normal
that the important information stored within the IT system is going to be wiped permanently.
8IT RISK MANAGEMENT
Inherent Risks:
In the aspect of baking sector with the IT risks there are several of inherent risks also.
In this type of cases the inherent risks are defined as the possibility of misleading and
incorrect information within the accounting statements. One of the crucial example of this
type of inherent risks are the complicated and longstanding relationship with various of
parties. The Commonwealth Bank of Australia is currently involved with different of entities.
Due to this fact the relationship is actually becoming complex and for this reason there is a
greater risk that the inherent risks are occurring within the organization. In this type of cases
the non-routine accounts and the transactions can also create some of the important inherent
risk. One of the prior example of this that accounting for the fire damage or acquisition upon
on another organization is quite uncommon that the auditors go through a risk of focusing too
little or too much on this type of unique risks.
Mitigation of the Inherent Risks:
Mitigation of this type of inherent risks are quite important for this type of financial
institutions so that proper flow of the business processes can be achieved. In this aspect there
are several of ways which can be utilized for the mitigation of inherent risks. Regulatory
approvals is one of the important steps that can be used in this case for the mitigation of the
inherent risks. The regulatory approval need to be executed properly within the organizations
so that the inherent risks can be mitigated properly. In this aspect the structural mitigants is
another aspect which can be utilized for the mitigation of inherent type of risks. Within the
structural mitigants there are two ways for the mitigation of inherent type of risks. First is the
reserve requirements for the exchanges and second one is the insurance products. Also, a
proper type of risk management framework can be implemented for mitigation of the inherent
risks and a mature ecosystem can be also implemented so that inherent type of risks can be
mitigated from the organization.
Inherent Risks:
In the aspect of baking sector with the IT risks there are several of inherent risks also.
In this type of cases the inherent risks are defined as the possibility of misleading and
incorrect information within the accounting statements. One of the crucial example of this
type of inherent risks are the complicated and longstanding relationship with various of
parties. The Commonwealth Bank of Australia is currently involved with different of entities.
Due to this fact the relationship is actually becoming complex and for this reason there is a
greater risk that the inherent risks are occurring within the organization. In this type of cases
the non-routine accounts and the transactions can also create some of the important inherent
risk. One of the prior example of this that accounting for the fire damage or acquisition upon
on another organization is quite uncommon that the auditors go through a risk of focusing too
little or too much on this type of unique risks.
Mitigation of the Inherent Risks:
Mitigation of this type of inherent risks are quite important for this type of financial
institutions so that proper flow of the business processes can be achieved. In this aspect there
are several of ways which can be utilized for the mitigation of inherent risks. Regulatory
approvals is one of the important steps that can be used in this case for the mitigation of the
inherent risks. The regulatory approval need to be executed properly within the organizations
so that the inherent risks can be mitigated properly. In this aspect the structural mitigants is
another aspect which can be utilized for the mitigation of inherent type of risks. Within the
structural mitigants there are two ways for the mitigation of inherent type of risks. First is the
reserve requirements for the exchanges and second one is the insurance products. Also, a
proper type of risk management framework can be implemented for mitigation of the inherent
risks and a mature ecosystem can be also implemented so that inherent type of risks can be
mitigated from the organization.
9IT RISK MANAGEMENT
Residual Risk Assessment:
The residual type of risks are those which still remains after all the efforts has been
made of identification of the risks and the mitigation of the risks. It is not possible to mitigate
the residual risk, thus it is better whether the risk is accepted or it is being avoided. In this
case from the identified risks the main residual risks that has been founded is the natural
disaster risk. This type of risks cannot be mitigated or avoided. So, it is better to accept this
type of risks.
Risk Register:
High Impact Moderate Impact Low Impact
Likely General IT Threats
Possible Hacking Threats Natural Disasters
Unlikely
Conclusion:
From the above discussion it can be concluded that IT related risks can create very
much negative aspects on the organization. In this aspect the Commonwealth Bank of
Australia has been selected and has been discussed and important IT risks which can occur in
this type of banking organization has been discussed. All of the identified risk has been
identified and discussed properly in this report. The consequences of these identified risks has
been also discussed in this report. A proper inherent risk assessment has been done in this
report and mitigation of this type of inherent risks has been also discussed. Residual risk
assessment has been also done in this context. In the further section of this report risk register
has been created based upon the risks that has been identified.
Residual Risk Assessment:
The residual type of risks are those which still remains after all the efforts has been
made of identification of the risks and the mitigation of the risks. It is not possible to mitigate
the residual risk, thus it is better whether the risk is accepted or it is being avoided. In this
case from the identified risks the main residual risks that has been founded is the natural
disaster risk. This type of risks cannot be mitigated or avoided. So, it is better to accept this
type of risks.
Risk Register:
High Impact Moderate Impact Low Impact
Likely General IT Threats
Possible Hacking Threats Natural Disasters
Unlikely
Conclusion:
From the above discussion it can be concluded that IT related risks can create very
much negative aspects on the organization. In this aspect the Commonwealth Bank of
Australia has been selected and has been discussed and important IT risks which can occur in
this type of banking organization has been discussed. All of the identified risk has been
identified and discussed properly in this report. The consequences of these identified risks has
been also discussed in this report. A proper inherent risk assessment has been done in this
report and mitigation of this type of inherent risks has been also discussed. Residual risk
assessment has been also done in this context. In the further section of this report risk register
has been created based upon the risks that has been identified.
Secure Best Marks with AI Grader
Need help grading? Try our AI Grader for instant feedback on your assignments.
10IT RISK MANAGEMENT
Bibliography
Bélanger, F., Collignon, S., Enget, K., & Negangard, E. (2017). Determinants of early
conformance with information security policies. Information & Management, 54(7),
887-901.
Chen, Y. A. N., Ramamurthy, K. R. A. M., & Wen, K. W. (2015). Impacts of comprehensive
information security programs on information security culture. Journal of Computer
Information Systems, 55(3), 11-19.
Cram, W. A., Proudfoot, J. G., & D’Arcy, J. (2017). Organizational information security
policies: a review and research framework. European Journal of Information
Systems, 26(6), 605-641.
D'Arcy, J., & Lowry, P. B. (2019). Cognitive‐affective drivers of employees' daily
compliance with information security policies: A multilevel, longitudinal
study. Information Systems Journal, 29(1), 43-69.
Griffiths, P. (2016). Risk-based auditing. Routledge.
Gustman, A. L., & Steinmeier, T. L. (2015). Effects of social security policies on benefit
claiming, retirement and saving. Journal of Public Economics, 129, 51-62.
Hopkin, P. (2018). Fundamentals of risk management: understanding, evaluating and
implementing effective risk management. Kogan Page Publishers.
McNeil, A. J., Frey, R., & Embrechts, P. (2015). Quantitative risk management:
Concepts. Economics Books.
Peltier, T. R. (2016). Information Security Policies, Procedures, and Standards: guidelines
for effective information security management. Auerbach Publications.
Bibliography
Bélanger, F., Collignon, S., Enget, K., & Negangard, E. (2017). Determinants of early
conformance with information security policies. Information & Management, 54(7),
887-901.
Chen, Y. A. N., Ramamurthy, K. R. A. M., & Wen, K. W. (2015). Impacts of comprehensive
information security programs on information security culture. Journal of Computer
Information Systems, 55(3), 11-19.
Cram, W. A., Proudfoot, J. G., & D’Arcy, J. (2017). Organizational information security
policies: a review and research framework. European Journal of Information
Systems, 26(6), 605-641.
D'Arcy, J., & Lowry, P. B. (2019). Cognitive‐affective drivers of employees' daily
compliance with information security policies: A multilevel, longitudinal
study. Information Systems Journal, 29(1), 43-69.
Griffiths, P. (2016). Risk-based auditing. Routledge.
Gustman, A. L., & Steinmeier, T. L. (2015). Effects of social security policies on benefit
claiming, retirement and saving. Journal of Public Economics, 129, 51-62.
Hopkin, P. (2018). Fundamentals of risk management: understanding, evaluating and
implementing effective risk management. Kogan Page Publishers.
McNeil, A. J., Frey, R., & Embrechts, P. (2015). Quantitative risk management:
Concepts. Economics Books.
Peltier, T. R. (2016). Information Security Policies, Procedures, and Standards: guidelines
for effective information security management. Auerbach Publications.
11IT RISK MANAGEMENT
Ray, S., Basak, A., & Bhunia, S. (2019). SoC Security Policies: The State of the Practice.
In Security Policy in System-on-Chip Designs (pp. 1-12). Springer, Cham.
Sadgrove, K. (2016). The complete guide to business risk management. Routledge.
Safa, N. S., Von Solms, R., & Furnell, S. (2016). Information security policy compliance
model in organizations. computers & security, 56, 70-82.
Tedeschi, M. (2019). Crime, Bodies and Space: Towards an Ethical Approach to Urban
Policies in the Information Age.
Tsohou, A., Karyda, M., & Kokolakis, S. (2015). Analyzing the role of cognitive and cultural
biases in the internalization of information security policies: Recommendations for
information security awareness programs. Computers & security, 52, 128-141.
Ray, S., Basak, A., & Bhunia, S. (2019). SoC Security Policies: The State of the Practice.
In Security Policy in System-on-Chip Designs (pp. 1-12). Springer, Cham.
Sadgrove, K. (2016). The complete guide to business risk management. Routledge.
Safa, N. S., Von Solms, R., & Furnell, S. (2016). Information security policy compliance
model in organizations. computers & security, 56, 70-82.
Tedeschi, M. (2019). Crime, Bodies and Space: Towards an Ethical Approach to Urban
Policies in the Information Age.
Tsohou, A., Karyda, M., & Kokolakis, S. (2015). Analyzing the role of cognitive and cultural
biases in the internalization of information security policies: Recommendations for
information security awareness programs. Computers & security, 52, 128-141.
1 out of 12
Related Documents
Your All-in-One AI-Powered Toolkit for Academic Success.
+13062052269
info@desklib.com
Available 24*7 on WhatsApp / Email
![[object Object]](/_next/static/media/star-bottom.7253800d.svg)
Unlock your academic potential
© 2024 | Zucol Services PVT LTD | All rights reserved.