IT Risk Management and Security Policies in Australia
VerifiedAdded on 2025/06/23
|17
|3301
|423
AI Summary
Desklib provides solved assignments and past papers to help students succeed.
ITC 596 IT RISK MANAGEMENT
1
1
Paraphrase This Document
Need a fresh take? Get an instant paraphrase of this document with our AI Paraphraser
Table of Contents
Introduction......................................................................................................................................4
ASSESSMENT 2.............................................................................................................................5
Part one............................................................................................................................................5
Part Two...........................................................................................................................................8
Conclusion.....................................................................................................................................16
References......................................................................................................................................17
2
Introduction......................................................................................................................................4
ASSESSMENT 2.............................................................................................................................5
Part one............................................................................................................................................5
Part Two...........................................................................................................................................8
Conclusion.....................................................................................................................................16
References......................................................................................................................................17
2
Introduction
The management of risk is a crucial process which requires proper procedures and strategies in a
way which tends to generate maximum returns. The main purpose of the risk management is to
secure the data and information of their clients. The data and policies which are considered to be
necessary requires the validation in every manner and there should no loss of data and
information of the company in order to retain maximum consumers. This report summarizes
about the planning, developing and managing the security policy which are required in the
process. The report also provide information about the “My health record” who’s main function
is to gather the data in regards with the individual’s health related information and to secure
these information it requires proper security plan and it will also involves risk assessment and
understanding of IT systems.
3
The management of risk is a crucial process which requires proper procedures and strategies in a
way which tends to generate maximum returns. The main purpose of the risk management is to
secure the data and information of their clients. The data and policies which are considered to be
necessary requires the validation in every manner and there should no loss of data and
information of the company in order to retain maximum consumers. This report summarizes
about the planning, developing and managing the security policy which are required in the
process. The report also provide information about the “My health record” who’s main function
is to gather the data in regards with the individual’s health related information and to secure
these information it requires proper security plan and it will also involves risk assessment and
understanding of IT systems.
3
⊘ This is a preview!⊘
Do you want full access?
Subscribe today to unlock all pages.
Trusted by 1+ million students worldwide
ASSESSMENT 2
Part one
Plan, Develop and manage a security policy.
The security plan is refers to the recognized plan which tends to define the plan of action which
helps in maintenance of system and at the same time controlling too. It is consist of the proper
approach and technique which helps in providing the protection for the computer from the
unauthorized user access and entry of other viruses which can be consider as the destruction of
the society.
It is also consist of the access system performs identification and authorization of users and also
it has proper amount of evaluation and other credentials which has inclusion of the passwords,
personal identification through government ids etc, use of biometric or it also includes other
security systems (Chao & Ringlee,2018).
Plan for the Security Policy
The plan should cover the access and control of users and systems which enables
interaction or communication along with the other systems.
It also ensures the proper running of information and control towards the same which also
include other resources.
The plan provides the proper access of control and at the same time provide the power to
the organisation in order to control and monitor the performance.
It helps in maintenance of data confidentiality and to avoid any sort of mis conduct in the
near future.
It has proper system backup plan in case of any emergency it helps in restoring the data.
The company also has access in order to block so it eliminates the users interference in
the system.
Developing the Security Policy
4
Part one
Plan, Develop and manage a security policy.
The security plan is refers to the recognized plan which tends to define the plan of action which
helps in maintenance of system and at the same time controlling too. It is consist of the proper
approach and technique which helps in providing the protection for the computer from the
unauthorized user access and entry of other viruses which can be consider as the destruction of
the society.
It is also consist of the access system performs identification and authorization of users and also
it has proper amount of evaluation and other credentials which has inclusion of the passwords,
personal identification through government ids etc, use of biometric or it also includes other
security systems (Chao & Ringlee,2018).
Plan for the Security Policy
The plan should cover the access and control of users and systems which enables
interaction or communication along with the other systems.
It also ensures the proper running of information and control towards the same which also
include other resources.
The plan provides the proper access of control and at the same time provide the power to
the organisation in order to control and monitor the performance.
It helps in maintenance of data confidentiality and to avoid any sort of mis conduct in the
near future.
It has proper system backup plan in case of any emergency it helps in restoring the data.
The company also has access in order to block so it eliminates the users interference in
the system.
Developing the Security Policy
4
Paraphrase This Document
Need a fresh take? Get an instant paraphrase of this document with our AI Paraphraser
The development of security policy has huge requirement as it helps in assessing the risks and at
the same time provides the clear set of information by considering it the development of plan
should take place (Liu & Wang,2014). The security policy itself determines the use and severity
for the development as it contain the information which cannot be shared among other people
and requires huge security in order to protect the data of “My health record”. It also comprises of
different rules and regulation and also various other procedures to protect the information and
which also have inclusion of different ethical standards (Mack & Holper,2016).
The development of the security plan provides a platform where you can compete with the
situations of cyber crime. The “My health record” is in a way which tends to ensure there is no
unauthorization of data in any manner. The information which is the part of the security policy
requires following the proper IT structure in manner which ensures the proper protection of data
and there access on laptop and mobile phones helps towards the protection of security policies.
The development shows the written information security policy which depicts all the information
in relation with the clients data and as well as of employees too. The developed policy helps in
gaining the trust of employees and outsiders as it ensures the aura of trust among new customers.
The documentation of policy provides the required amount of help in order to satisfy the
requirements of government contracts such as HIPPA and other healthcare related compliances.
The Government of Australia has decided to use the “My health record” in order to gain the
one’s individual health information. My health record have been taken care by the people who
are involved in the commonwealth games and are also the part of the management (Michelberger
& Dombora, 2016).
The development of the security policy helps in recognizing the problems which takes places in
the working of “My health record” and there are chances it leads to the destruction and causes
other sort of problems. The Company has launched “My health record” which ensures better
functioning and provides control access which is in regards with the organization and to generate
positive results.
Managing the security Policy
The “My health record” has requirement for managing the services which are as follows:
5
the same time provides the clear set of information by considering it the development of plan
should take place (Liu & Wang,2014). The security policy itself determines the use and severity
for the development as it contain the information which cannot be shared among other people
and requires huge security in order to protect the data of “My health record”. It also comprises of
different rules and regulation and also various other procedures to protect the information and
which also have inclusion of different ethical standards (Mack & Holper,2016).
The development of the security plan provides a platform where you can compete with the
situations of cyber crime. The “My health record” is in a way which tends to ensure there is no
unauthorization of data in any manner. The information which is the part of the security policy
requires following the proper IT structure in manner which ensures the proper protection of data
and there access on laptop and mobile phones helps towards the protection of security policies.
The development shows the written information security policy which depicts all the information
in relation with the clients data and as well as of employees too. The developed policy helps in
gaining the trust of employees and outsiders as it ensures the aura of trust among new customers.
The documentation of policy provides the required amount of help in order to satisfy the
requirements of government contracts such as HIPPA and other healthcare related compliances.
The Government of Australia has decided to use the “My health record” in order to gain the
one’s individual health information. My health record have been taken care by the people who
are involved in the commonwealth games and are also the part of the management (Michelberger
& Dombora, 2016).
The development of the security policy helps in recognizing the problems which takes places in
the working of “My health record” and there are chances it leads to the destruction and causes
other sort of problems. The Company has launched “My health record” which ensures better
functioning and provides control access which is in regards with the organization and to generate
positive results.
Managing the security Policy
The “My health record” has requirement for managing the services which are as follows:
5
It also helps in recognizing the account type which can be in the form of individuals,
group systems etc.
I also put emphasis in generating the system access in accordance with the proper
authorization.
It put emphasis on the retaining the acceptance in relation with the formation of accounts
and detaining those in which people are not available or permanently left the organization
(Tucci, et.al, 2017).
These days companies tend to use automated systems as they as they are way useful and
at the same it consumes less amount of time.
The automated system has effective system which performs audits in timely manner and
also it tends to modify and terminate the things whenever required.
To ensure the proper working organizations are required to do follow the procedure of
logout after the assigned work is completed.
It also deals with the leverages which has been provided to the users and at the same time
ensures there should be any sort of violation towards the same.
The managing requires the proper use of different set of tactics in accordance with the
data and information generation which tends to ensure proper implementation of
resources and at the same times helps in fulfilling the needs of the organizations.
The management has decided to provide the access of “My health record” to the staff
members, doctors, nurse and other related members who can provide proper amount of
information and helps in dealing with the activities (Singh & Van Dorn, 2014).
The organization has focused on implementing the information system and also providing
the procedure which ensures proper management of services.
6
group systems etc.
I also put emphasis in generating the system access in accordance with the proper
authorization.
It put emphasis on the retaining the acceptance in relation with the formation of accounts
and detaining those in which people are not available or permanently left the organization
(Tucci, et.al, 2017).
These days companies tend to use automated systems as they as they are way useful and
at the same it consumes less amount of time.
The automated system has effective system which performs audits in timely manner and
also it tends to modify and terminate the things whenever required.
To ensure the proper working organizations are required to do follow the procedure of
logout after the assigned work is completed.
It also deals with the leverages which has been provided to the users and at the same time
ensures there should be any sort of violation towards the same.
The managing requires the proper use of different set of tactics in accordance with the
data and information generation which tends to ensure proper implementation of
resources and at the same times helps in fulfilling the needs of the organizations.
The management has decided to provide the access of “My health record” to the staff
members, doctors, nurse and other related members who can provide proper amount of
information and helps in dealing with the activities (Singh & Van Dorn, 2014).
The organization has focused on implementing the information system and also providing
the procedure which ensures proper management of services.
6
⊘ This is a preview!⊘
Do you want full access?
Subscribe today to unlock all pages.
Trusted by 1+ million students worldwide
Part Two
Introduction to the Australian Securities Investments Commission
The Australian Securities Investments Commission termed as an independent Australian
government entity which acts as and Australia’s corporate manager. The major role of the
Australian Securities Investments Commission is to enforce the laws and regulate them in the
proper manner and also focuses on protecting the financial laws in relation with the consumers,
investors and other creditors. Australian Securities Investments Commission has various
responsibilities in accordance with the administration and always has inclusion of various
legislations which are as follows:
Corporations Act 2001
Insurance Contracts Act 1984
National Consumer Credit Protection Act, 2009
The main work of the Australian Securities Investments Commission to maintain the companies
of Australia and other business which are registered in accordance with the law and they are also
present online. Australian Securities Investments Commission registers the companies which are
foreign companies, involves proper management investment schemes and other non-registered
entities. The major area of responsibility for Australian Securities Investments Commission
includes corporate governance, financial services, consumer protection, financial freedom etc.
The Use of Information Technology in the Australian Securities Investments Commission
Information technology has huge level of importance in working of every organization which
requires company to use that technology which provide them maximum customer and strong
hold towards the Information technology tools. It helps in managing the funds which are used by
the internet procedures and at the same time it requires proper amount of security. The persons
who issue the securities and other investments have proper hold towards the internet in order to
establish relation with the trading market to commence the business activities van (Schooten &
van,2015). The proper Information technology tends to provide the safety in order to secure the
data and information of the consumers. The main work of the information technology is to build
7
Introduction to the Australian Securities Investments Commission
The Australian Securities Investments Commission termed as an independent Australian
government entity which acts as and Australia’s corporate manager. The major role of the
Australian Securities Investments Commission is to enforce the laws and regulate them in the
proper manner and also focuses on protecting the financial laws in relation with the consumers,
investors and other creditors. Australian Securities Investments Commission has various
responsibilities in accordance with the administration and always has inclusion of various
legislations which are as follows:
Corporations Act 2001
Insurance Contracts Act 1984
National Consumer Credit Protection Act, 2009
The main work of the Australian Securities Investments Commission to maintain the companies
of Australia and other business which are registered in accordance with the law and they are also
present online. Australian Securities Investments Commission registers the companies which are
foreign companies, involves proper management investment schemes and other non-registered
entities. The major area of responsibility for Australian Securities Investments Commission
includes corporate governance, financial services, consumer protection, financial freedom etc.
The Use of Information Technology in the Australian Securities Investments Commission
Information technology has huge level of importance in working of every organization which
requires company to use that technology which provide them maximum customer and strong
hold towards the Information technology tools. It helps in managing the funds which are used by
the internet procedures and at the same time it requires proper amount of security. The persons
who issue the securities and other investments have proper hold towards the internet in order to
establish relation with the trading market to commence the business activities van (Schooten &
van,2015). The proper Information technology tends to provide the safety in order to secure the
data and information of the consumers. The main work of the information technology is to build
7
Paraphrase This Document
Need a fresh take? Get an instant paraphrase of this document with our AI Paraphraser
firewall which acts as shield for the online transactions which takes place in the Australian
Securities Investments Commission.
8
Securities Investments Commission.
8
Identify and explain any major risk in the IT systems components
The use of internet has pros and cons which holds high level of severity in order to create the
impacts which can be positive and as well as negative too. The risks are founded in the 3 types
of components which are as follows:
The occurrence of the risk and what could be possibility for that.
The probability of the risk.
The impact of the risk and what sort of difficulties it can lead too.
Australian Securities Investments Commission faces various risks which can lead to the increase
in the cost and causes complexities in the Information technology environment. There are times
when financial services technology starts becoming obsolete which cause the situation of
complexities in the company. The Securities and other investments has done on the online
platforms which shows that there is huge requirement of information technology to make the
payments secure and preserve the data in proper manner. The threats which are present in the
Information technology can be determined by the assessing the other factors which can lead to
the various exposures and other values (Singh & Van Dorn, 2014).
The risks takes place from intervenes of unauthorized access or users and at the same it also
involves modification and destruction of information. There are also chances it give rise to the
errors and oversights. Information technology can also be disrupted by the use of natural or man-
made disasters. It also shows the failures in exercises and at the same time implementation of the
Information technology systems.
9
The use of internet has pros and cons which holds high level of severity in order to create the
impacts which can be positive and as well as negative too. The risks are founded in the 3 types
of components which are as follows:
The occurrence of the risk and what could be possibility for that.
The probability of the risk.
The impact of the risk and what sort of difficulties it can lead too.
Australian Securities Investments Commission faces various risks which can lead to the increase
in the cost and causes complexities in the Information technology environment. There are times
when financial services technology starts becoming obsolete which cause the situation of
complexities in the company. The Securities and other investments has done on the online
platforms which shows that there is huge requirement of information technology to make the
payments secure and preserve the data in proper manner. The threats which are present in the
Information technology can be determined by the assessing the other factors which can lead to
the various exposures and other values (Singh & Van Dorn, 2014).
The risks takes place from intervenes of unauthorized access or users and at the same it also
involves modification and destruction of information. There are also chances it give rise to the
errors and oversights. Information technology can also be disrupted by the use of natural or man-
made disasters. It also shows the failures in exercises and at the same time implementation of the
Information technology systems.
9
⊘ This is a preview!⊘
Do you want full access?
Subscribe today to unlock all pages.
Trusted by 1+ million students worldwide
Consequences of the risk
Australian Securities Investments Commission has indulgence of various transactions in the
timely manner which gives rise to the numerous consequences and leads to the destruction of the
company and in their services. Every company has shifted their operations on online platforms as
it requires lesser man power and tends to consumes less effort and ensures smooth business
transactions but it has consequences too. The consequences are in the form of hacking the
accounts, unauthorized access and sharing of information gives rise to the wrongful acts and
huge losses. The duplicity and hacking the servers provides the confidential data outside which
shows that inappropriate access and unauthorized access are taking place in the Australian
Securities Investments Commission. The Australian Securities Investments Commission deals in
accordance with law which shows that company have pool of data and information which has
high amount of severity and can give rise to loss of reliable information (Rampini&
Viswanathan,2014).
10
Australian Securities Investments Commission has indulgence of various transactions in the
timely manner which gives rise to the numerous consequences and leads to the destruction of the
company and in their services. Every company has shifted their operations on online platforms as
it requires lesser man power and tends to consumes less effort and ensures smooth business
transactions but it has consequences too. The consequences are in the form of hacking the
accounts, unauthorized access and sharing of information gives rise to the wrongful acts and
huge losses. The duplicity and hacking the servers provides the confidential data outside which
shows that inappropriate access and unauthorized access are taking place in the Australian
Securities Investments Commission. The Australian Securities Investments Commission deals in
accordance with law which shows that company have pool of data and information which has
high amount of severity and can give rise to loss of reliable information (Rampini&
Viswanathan,2014).
10
Paraphrase This Document
Need a fresh take? Get an instant paraphrase of this document with our AI Paraphraser
Inherent Risk Assessment in Australian Securities Investments Commission
Risk Assessment is used in every company or industry as it helps in developing the
understanding the probability in which they can lose and asset or any sort of investment. The risk
assessment is become an essential method which helps in determination of the risks in
accordance with the investments. The risk takes place in light of the expected and unexpected
events which can create impact in the economy or in financial markets.
There are various types of risk which can create impact in the Australian Securities Investments
Commission are as follows:
Credit Risk: The credit risk is huge in nature as it tends to determine about the
borrower’s and their repayment situations which people are fail to meet in accordance
with the terms and conditions of the Australian Securities Investments Commission. It
includes the uncertainty which is in regards with the repayment of dues and also declines
the value towards the same (Flowerday & Tuyikeze, 2016).
Market Risk: This risk also huge value as it has involvement of outsiders and other
clients which tend to create a negative image in the economy. The borrowings and
investments are done in the bank but at the same it also has huge set of involvement
which can create or destroy the customer’s experience in the economy and at the same
time it also create negative image which leads to the loss of consumers in the long run.
Cyber Security Risk: Cyber risk is termed as the which can create high amount of
financial loss, disruptions or holds the power which can lead to damaging the reputation
of the organization and the main reason behind that is failures in information technology
systems. The risks involved are in the form of bad software which can affect the system
and also steals the data and unauthorized access to laptops and other related devices
(Dawson & Thompson,2015).
11
Risk Assessment is used in every company or industry as it helps in developing the
understanding the probability in which they can lose and asset or any sort of investment. The risk
assessment is become an essential method which helps in determination of the risks in
accordance with the investments. The risk takes place in light of the expected and unexpected
events which can create impact in the economy or in financial markets.
There are various types of risk which can create impact in the Australian Securities Investments
Commission are as follows:
Credit Risk: The credit risk is huge in nature as it tends to determine about the
borrower’s and their repayment situations which people are fail to meet in accordance
with the terms and conditions of the Australian Securities Investments Commission. It
includes the uncertainty which is in regards with the repayment of dues and also declines
the value towards the same (Flowerday & Tuyikeze, 2016).
Market Risk: This risk also huge value as it has involvement of outsiders and other
clients which tend to create a negative image in the economy. The borrowings and
investments are done in the bank but at the same it also has huge set of involvement
which can create or destroy the customer’s experience in the economy and at the same
time it also create negative image which leads to the loss of consumers in the long run.
Cyber Security Risk: Cyber risk is termed as the which can create high amount of
financial loss, disruptions or holds the power which can lead to damaging the reputation
of the organization and the main reason behind that is failures in information technology
systems. The risks involved are in the form of bad software which can affect the system
and also steals the data and unauthorized access to laptops and other related devices
(Dawson & Thompson,2015).
11
Mitigating the Risk
The mitigation of risks by the Australian Securities Investments Commission has been briefly
explained below:
The mitigation in Cyber security risks is crucial for the bank and helps in ensuring the
control which should be applicable in every area of working. It involves providing access
with prior informing the authorities and taking guidance towards the same and also
applying risk management strategies. Australian Securities Investments Commission
strategies provide the solution for the risks which may arise in the near future and affect
the working of the company.
The mitigating of market risk in the Australian Securities Investments Commission
requires the maintenance of positive market image in order to avoid the loss of
consumers. It requires working accordingly to the financial laws and other corporate
laws which provides the set of framework which helps in maintaining the reputation and
the financial resources too (Flowerday & Tuyikeze, 2016).
Australian Securities Investments Commission can lessens the chances of credit risk by
taking the proper documents of the borrowers which provide the clear picture of the
borrower’s financial situation and to safeguard yourselves do not provide the loan which
is more than their income.
Australian Securities Investments Commission is focused on providing the risk
management rules and regulations and at the same time providing them training towards
the same. The management has created the plans which provide the clear picture of the
things in order to deal with risks and attain desired amount of returns.
12
The mitigation of risks by the Australian Securities Investments Commission has been briefly
explained below:
The mitigation in Cyber security risks is crucial for the bank and helps in ensuring the
control which should be applicable in every area of working. It involves providing access
with prior informing the authorities and taking guidance towards the same and also
applying risk management strategies. Australian Securities Investments Commission
strategies provide the solution for the risks which may arise in the near future and affect
the working of the company.
The mitigating of market risk in the Australian Securities Investments Commission
requires the maintenance of positive market image in order to avoid the loss of
consumers. It requires working accordingly to the financial laws and other corporate
laws which provides the set of framework which helps in maintaining the reputation and
the financial resources too (Flowerday & Tuyikeze, 2016).
Australian Securities Investments Commission can lessens the chances of credit risk by
taking the proper documents of the borrowers which provide the clear picture of the
borrower’s financial situation and to safeguard yourselves do not provide the loan which
is more than their income.
Australian Securities Investments Commission is focused on providing the risk
management rules and regulations and at the same time providing them training towards
the same. The management has created the plans which provide the clear picture of the
things in order to deal with risks and attain desired amount of returns.
12
⊘ This is a preview!⊘
Do you want full access?
Subscribe today to unlock all pages.
Trusted by 1+ million students worldwide
1 out of 17
Related Documents
Your All-in-One AI-Powered Toolkit for Academic Success.
+13062052269
info@desklib.com
Available 24*7 on WhatsApp / Email
![[object Object]](/_next/static/media/star-bottom.7253800d.svg)
Unlock your academic potential
Copyright © 2020–2025 A2Z Services. All Rights Reserved. Developed and managed by ZUCOL.