IT Risk Management Report: Risks and Mitigation in VIC Government
VerifiedAdded on 2020/03/04
|19
|3163
|41
Report
AI Summary
This report examines IT risk management within the Victorian government, focusing on the establishment of a monitoring system to secure confidential information. The introduction highlights the government's objectives, including identifying information ownership, assessing information value, managing data security risks, and fostering a positive security culture. The report identifies current security risks across various domains such as governance, information, personnel, and ICT. It provides a comparison between deliberate and accidental threats, outlining the challenges faced by the government in managing information security, including issues with information value, security framework application, and incident management. The report differentiates between risks and uncertainty, detailing approaches for risk control and mitigation through a security management framework, security policies, access management, security obligations, training, incident management, business continuity, contracted service providers, government services, and security plans. The report emphasizes the importance of proactive measures to protect sensitive data and ensure the effective functioning of the government.
Contribute Materials
Your contribution can guide someone’s learning journey. Share your
documents today.
IT Risk Management
2017
2017
Secure Best Marks with AI Grader
Need help grading? Try our AI Grader for instant feedback on your assignments.
IT Risk Management
Contents
Introduction:..........................................................................................................................................4
Current security risks in the VIC government:......................................................................................4
1
Contents
Introduction:..........................................................................................................................................4
Current security risks in the VIC government:......................................................................................4
1
IT Risk Management
....5
Identification of the areas of risks exposure:.........................................................................................6
Comparison between Deliberate and accidental threats exposure:.........................................................6
2
Risk Associated
with the current
working of the
victorian
government
Policies and
operational
responsibilities
Understanding
of the
information
values
Security
culture and
monitoring
system
Cost associated
with the
project
Security in
Governance
Security of
information
Security of
Personal
ICT security
Physical
infrastructure
security
....5
Identification of the areas of risks exposure:.........................................................................................6
Comparison between Deliberate and accidental threats exposure:.........................................................6
2
Risk Associated
with the current
working of the
victorian
government
Policies and
operational
responsibilities
Understanding
of the
information
values
Security
culture and
monitoring
system
Cost associated
with the
project
Security in
Governance
Security of
information
Security of
Personal
ICT security
Physical
infrastructure
security
IT Risk Management
Challenges faced by the VIC government:............................................................................................7
Difference between risks and uncertainty:.............................................................................................7
Approaches for risk control and mitigation:..........................................................................................8
Conclusion:..........................................................................................................................................16
References...........................................................................................................................................17
3
Challenges faced by the VIC government:............................................................................................7
Difference between risks and uncertainty:.............................................................................................7
Approaches for risk control and mitigation:..........................................................................................8
Conclusion:..........................................................................................................................................16
References...........................................................................................................................................17
3
Secure Best Marks with AI Grader
Need help grading? Try our AI Grader for instant feedback on your assignments.
IT Risk Management
Introduction:
The Victorian government wants to establish a monitoring system to provide security to the
confidential information. The objective is to determine the ownership for identifying the
information, assessment of the information value, identification and management of the data
security risks, application of the security measures, creating the positive organization culture
for imposing security, and increasing the methods for providing data security. “The company
is working hard to provide the assurance actions for mitigating from the associated security
risks” (Venkatesh, 2015). The Victorian government requires a protective security policy
framework to enhance the working of the government in national interest. The information
security procedures should be created to cope up with the new threats, updated threats, and
the occurrence of vulnerabilities. The management of the information helps in overcoming
the problem seen in the disruption occurs in the business objectives. The positive security
culture in the organization helps in the deployment of continuous improvement plan which
helps in enhancing the functions performed by the Victorian government for the betterment
of the nation. “The application of the Victorian government depends on the value of the
information” (Lebanidze, 2014)). The proper security procedures should be indulge to create
the positive information value for the good will of the nation.
Current security risks in the VIC government:
“The analysis of the risks associated with the working of the government helps in enhancing
the decision making capability and providing priority to the security efforts which are
undertaken by the government” (Brezeanu, 2011). The government is working in the
direction to protect the domains which are named as security to governance, security to
information, security to personnel, security to information and communication technology,
and provides physical security. The current working of the Victorian government is equipped
with the risks equipped in the information sharing, assessment of information, management
of information, inclusion of personal life cycle, security plans, business continuity plan, and
information values.
4
Introduction:
The Victorian government wants to establish a monitoring system to provide security to the
confidential information. The objective is to determine the ownership for identifying the
information, assessment of the information value, identification and management of the data
security risks, application of the security measures, creating the positive organization culture
for imposing security, and increasing the methods for providing data security. “The company
is working hard to provide the assurance actions for mitigating from the associated security
risks” (Venkatesh, 2015). The Victorian government requires a protective security policy
framework to enhance the working of the government in national interest. The information
security procedures should be created to cope up with the new threats, updated threats, and
the occurrence of vulnerabilities. The management of the information helps in overcoming
the problem seen in the disruption occurs in the business objectives. The positive security
culture in the organization helps in the deployment of continuous improvement plan which
helps in enhancing the functions performed by the Victorian government for the betterment
of the nation. “The application of the Victorian government depends on the value of the
information” (Lebanidze, 2014)). The proper security procedures should be indulge to create
the positive information value for the good will of the nation.
Current security risks in the VIC government:
“The analysis of the risks associated with the working of the government helps in enhancing
the decision making capability and providing priority to the security efforts which are
undertaken by the government” (Brezeanu, 2011). The government is working in the
direction to protect the domains which are named as security to governance, security to
information, security to personnel, security to information and communication technology,
and provides physical security. The current working of the Victorian government is equipped
with the risks equipped in the information sharing, assessment of information, management
of information, inclusion of personal life cycle, security plans, business continuity plan, and
information values.
4
IT Risk Management
5
Risk Associated
with the current
working of the
victorian
government
Policies and
operational
responsibilities
Understanding
of the
information
values
Security
culture and
monitoring
system
Cost associated
with the
project
Security in
Governance
Security of
information
Security of
Personal
ICT security
Physical
infrastructure
security
5
Risk Associated
with the current
working of the
victorian
government
Policies and
operational
responsibilities
Understanding
of the
information
values
Security
culture and
monitoring
system
Cost associated
with the
project
Security in
Governance
Security of
information
Security of
Personal
ICT security
Physical
infrastructure
security
IT Risk Management
Identification of the areas of risks exposure:
The following table shows the risks associated with the working of the Victorian government:
Risks Description
Policies and operational responsibilities The associated person does not look on the
policies and operational responsibilities
provided to him
Understanding of the information value The confidentiality, integrity, and availability
of the information is not well-managed
Security culture and monitoring system “The risks associated with the system does
not given consideration” (Brown, 2016)
Cost associated with the project The project can go above the allocated
budget
Security in governance The risks are not properly managed by the
executives
Security of information “The lifecycle of the information should
maintains the confidentiality, availability,
and integrity of the project” (Thomsons,
2011)
Security of personal No un-authorised person should be able to
access the confidential information of the
government
ICT security The risks are associated with the storage of
information
Physical security “The security should be provided to the risks
associated with the availability of resources,
facilities, services, and equipment”
(Victorian managed insurance authority,
2016).
Comparison between Deliberate and accidental threats exposure:
The deliberate threat is the result of ignorance of the risks. The risks ignorance results into
the occurrence of errors and irrelevancy. “The occurrence of error can result into distortion
6
Identification of the areas of risks exposure:
The following table shows the risks associated with the working of the Victorian government:
Risks Description
Policies and operational responsibilities The associated person does not look on the
policies and operational responsibilities
provided to him
Understanding of the information value The confidentiality, integrity, and availability
of the information is not well-managed
Security culture and monitoring system “The risks associated with the system does
not given consideration” (Brown, 2016)
Cost associated with the project The project can go above the allocated
budget
Security in governance The risks are not properly managed by the
executives
Security of information “The lifecycle of the information should
maintains the confidentiality, availability,
and integrity of the project” (Thomsons,
2011)
Security of personal No un-authorised person should be able to
access the confidential information of the
government
ICT security The risks are associated with the storage of
information
Physical security “The security should be provided to the risks
associated with the availability of resources,
facilities, services, and equipment”
(Victorian managed insurance authority,
2016).
Comparison between Deliberate and accidental threats exposure:
The deliberate threat is the result of ignorance of the risks. The risks ignorance results into
the occurrence of errors and irrelevancy. “The occurrence of error can result into distortion
6
Paraphrase This Document
Need a fresh take? Get an instant paraphrase of this document with our AI Paraphraser
IT Risk Management
and incompleteness of deploying the security framework in the working culture of the
Victorian government” (Perkins, 2014). The major impact of ignorance can be seen in the
working of the Victorian government to take initatives for securing the information in terms
of confusion, uncertainty, inaccuracy, unavailability, loss of confidential information, and
fuzziness.
“The accidental threats are not known in advance. They can occur by chance” (Wuest, 2013).
The complete working of the Victorian government can get affected with the exposure of
accidental threats because the government is not proactive to face such a situation which can
change the current scenario of the government. “The accidental threats can be categorised as
non-availability of resources, flow of communication breakdown, and etc.” (Stoneburner,
2014).
Challenges faced by the VIC government:
In managing the security of the information, the Victorian government has to face many
challenges and have to developed many mitigation programs to cope up with the challenges
and issues in managing confidentiality and integrity of the information. The Victorian
government facing problems in managing value of the information, in the application of the
security framework, selecting and certifying security measures which should be specified for
developing the framework, management of response associated with the security incident,
monitoring and reviewing of implementing security framework, updating of security working
programs, reflecting changing in the business operations, conducting external monitoring of
activities, and others.
Difference between risks and uncertainty:
“The risks can be defined as the probability of losing or gaining something in carrying out the
procedures of the Victorian government” (Bansal, 2013). The uncertainty can be defined as
the situation arises when the Victorian government have to take instant steps to face the
situation for the betterment of the nation. The situation is not known before its existence.
“The risks associated with the securing the information of the Victorian government can be
identified and managed” (Bemile, 2012). The risks associated with the project can be
measured. The uncertainty arises for managing the information of the Victorian government
to prevent its confidentiality, integrity, and availability. The uncertainty cannot be measured
before its occurrence. The outcome of the risks identification and management process is
7
and incompleteness of deploying the security framework in the working culture of the
Victorian government” (Perkins, 2014). The major impact of ignorance can be seen in the
working of the Victorian government to take initatives for securing the information in terms
of confusion, uncertainty, inaccuracy, unavailability, loss of confidential information, and
fuzziness.
“The accidental threats are not known in advance. They can occur by chance” (Wuest, 2013).
The complete working of the Victorian government can get affected with the exposure of
accidental threats because the government is not proactive to face such a situation which can
change the current scenario of the government. “The accidental threats can be categorised as
non-availability of resources, flow of communication breakdown, and etc.” (Stoneburner,
2014).
Challenges faced by the VIC government:
In managing the security of the information, the Victorian government has to face many
challenges and have to developed many mitigation programs to cope up with the challenges
and issues in managing confidentiality and integrity of the information. The Victorian
government facing problems in managing value of the information, in the application of the
security framework, selecting and certifying security measures which should be specified for
developing the framework, management of response associated with the security incident,
monitoring and reviewing of implementing security framework, updating of security working
programs, reflecting changing in the business operations, conducting external monitoring of
activities, and others.
Difference between risks and uncertainty:
“The risks can be defined as the probability of losing or gaining something in carrying out the
procedures of the Victorian government” (Bansal, 2013). The uncertainty can be defined as
the situation arises when the Victorian government have to take instant steps to face the
situation for the betterment of the nation. The situation is not known before its existence.
“The risks associated with the securing the information of the Victorian government can be
identified and managed” (Bemile, 2012). The risks associated with the project can be
measured. The uncertainty arises for managing the information of the Victorian government
to prevent its confidentiality, integrity, and availability. The uncertainty cannot be measured
before its occurrence. The outcome of the risks identification and management process is
7
IT Risk Management
known before its existence whereas the outcome of the uncertainty cannot be predicted before
its existence. The risks can be minimized by deploying the risks mitigation policies but the
uncertainty cannot be reduced because it is an instant action. The probabilities of risks
occurrence can be assigned but the probabilities of uncertainty cannot be predicted. The
priority of risks management can be assigned with the prediction of the risks but the same is
not applicable for uncertainty because it is uncontrollable.
Approaches for risk control and mitigation:
The following table shows the risks control and mitigation plan:
Particular Standard Objectives Control
Security
management
framework
“It is the framework
which is used for
implementing and
maintaining the risks
associated with the
size, risk posture,
and resources”
(European
commission, 2016)
It helps in managing
the security risks by
providing:
Security
management
framework to
the
organization
for the
arrangement
of governance
The security
framework is
used for
monitoring
and reviewing
the
arrangement
for
organization
governance
It helps in
managing
The information
security management
framework is
required by the
organization to
manage the risks
associated with the
resources and other
equipment.
8
known before its existence whereas the outcome of the uncertainty cannot be predicted before
its existence. The risks can be minimized by deploying the risks mitigation policies but the
uncertainty cannot be reduced because it is an instant action. The probabilities of risks
occurrence can be assigned but the probabilities of uncertainty cannot be predicted. The
priority of risks management can be assigned with the prediction of the risks but the same is
not applicable for uncertainty because it is uncontrollable.
Approaches for risk control and mitigation:
The following table shows the risks control and mitigation plan:
Particular Standard Objectives Control
Security
management
framework
“It is the framework
which is used for
implementing and
maintaining the risks
associated with the
size, risk posture,
and resources”
(European
commission, 2016)
It helps in managing
the security risks by
providing:
Security
management
framework to
the
organization
for the
arrangement
of governance
The security
framework is
used for
monitoring
and reviewing
the
arrangement
for
organization
governance
It helps in
managing
The information
security management
framework is
required by the
organization to
manage the risks
associated with the
resources and other
equipment.
8
IT Risk Management
risks by
promoting
security
protocols for
overcoming
risks
environment
Security risks
management
The risks
management
framework is used
for managing
security risks
associated with the
government
The effective and
efficient management
schemes should be
used for providing
security mechanism to
manage the security
domains.
The risk
management
framework is
used for
managing
executive
sponsorship
It is used for
identifying
and recording
of the risk
register
Monitoring
and reviewing
of the risks
registered
Updating the
records of the
risk registers
The security
management
framework used by
the victorian
government is named
as Victorian
government risk
management
framework. It is used
for providing
principles and
guidelines to provide
risks management
security procedures
It helps in managing
the confidentiality,
integrity and
availability of
information.
9
risks by
promoting
security
protocols for
overcoming
risks
environment
Security risks
management
The risks
management
framework is used
for managing
security risks
associated with the
government
The effective and
efficient management
schemes should be
used for providing
security mechanism to
manage the security
domains.
The risk
management
framework is
used for
managing
executive
sponsorship
It is used for
identifying
and recording
of the risk
register
Monitoring
and reviewing
of the risks
registered
Updating the
records of the
risk registers
The security
management
framework used by
the victorian
government is named
as Victorian
government risk
management
framework. It is used
for providing
principles and
guidelines to provide
risks management
security procedures
It helps in managing
the confidentiality,
integrity and
availability of
information.
9
Secure Best Marks with AI Grader
Need help grading? Try our AI Grader for instant feedback on your assignments.
IT Risk Management
periodically
Security policies and
procedures
The security policies
and procedures are
used for managing
the risks associated
with the size of the
project, resources
used, and associated
risks posture
The policies and
procedure helps in
providing strategic
direction for
managing the risks
effectively.
It helps in fulfilling
the security
requirement of the
government
The security
framework is used for
monitoring and
reviewing the
arrangement for
organization
governance
It helps in managing
risks by promoting
security protocols for
overcoming risks
environment
The protective
security policies
framework has been
developed for
overcoming risks by
utilizing the policies
and procedures used
by the government
for risk management.
Accessing of the
information
The standard risks
security procedures
should be used for
defining the risks
management plan for
public data.
The executive
sponsorships should
be maintained for
deploying the access
management schemes.
The security
framework is used for
monitoring and
reviewing the
arrangement for
organization
Code of information
security controls
should be deployed
for resolving the
issues related to risks
management of the
enterprise. The
activities of the
organization should
be aligned with the
access management
10
periodically
Security policies and
procedures
The security policies
and procedures are
used for managing
the risks associated
with the size of the
project, resources
used, and associated
risks posture
The policies and
procedure helps in
providing strategic
direction for
managing the risks
effectively.
It helps in fulfilling
the security
requirement of the
government
The security
framework is used for
monitoring and
reviewing the
arrangement for
organization
governance
It helps in managing
risks by promoting
security protocols for
overcoming risks
environment
The protective
security policies
framework has been
developed for
overcoming risks by
utilizing the policies
and procedures used
by the government
for risk management.
Accessing of the
information
The standard risks
security procedures
should be used for
defining the risks
management plan for
public data.
The executive
sponsorships should
be maintained for
deploying the access
management schemes.
The security
framework is used for
monitoring and
reviewing the
arrangement for
organization
Code of information
security controls
should be deployed
for resolving the
issues related to risks
management of the
enterprise. The
activities of the
organization should
be aligned with the
access management
10
IT Risk Management
governance
It helps in managing
risks by promoting
security protocols for
overcoming risks
environment.
using the standard
code of information
security controls.
Security Obligations The security
obligations should be
reviewed by the
organization by
using the
documentation and
communication
schemes for
accessing public data
The security
obligations are used
for personal
management program.
It is used for
embedding the daily
functions and
activities for the
reflection of personal
management.
The protective
security policies
framework has been
developed for
overcoming risks by
utilizing the policies
and procedures used
by the government
for risk management.
The protective
security guidelines
should be used for
managing the
security
responsibility of
personal
management
Security training and
awareness
The training and
development
program should be
organized for
ensuring the security
procedures for public
data management.
The personal
management can be
exploring by
deploying the training
and development
program. Monitoring
and reviewing of the
personal management
program. “The
procedures should be
undertaken for
The protective
security policies
framework is used
for providing the
guidelines for
securing the
guidelines of
personal security.
11
governance
It helps in managing
risks by promoting
security protocols for
overcoming risks
environment.
using the standard
code of information
security controls.
Security Obligations The security
obligations should be
reviewed by the
organization by
using the
documentation and
communication
schemes for
accessing public data
The security
obligations are used
for personal
management program.
It is used for
embedding the daily
functions and
activities for the
reflection of personal
management.
The protective
security policies
framework has been
developed for
overcoming risks by
utilizing the policies
and procedures used
by the government
for risk management.
The protective
security guidelines
should be used for
managing the
security
responsibility of
personal
management
Security training and
awareness
The training and
development
program should be
organized for
ensuring the security
procedures for public
data management.
The personal
management can be
exploring by
deploying the training
and development
program. Monitoring
and reviewing of the
personal management
program. “The
procedures should be
undertaken for
The protective
security policies
framework is used
for providing the
guidelines for
securing the
guidelines of
personal security.
11
IT Risk Management
developing the
security risks
environments
(Walker, 2011).
Security incident
management
The security policies
and procedures are
used for managing
the risks associated
with the size of the
project, resources
used, and associated
risks posture.
The security risks
environment is used
for managing
activities for securing
incident management.
The security incident
management activities
are used for
improving the
incident management
of the organization
The investigation
techniques are used
for reporting and
providing security
guidelines to evolve
security associated
with risk
environment.
Business Continuity
management
The business
continuity
management
program used for
addressing the
security procedures
for public data.
The capability of the
organization can be
enhanced by
managing
confidentiality,
integrity, and
availability of public
data. The executive
sponsorship should be
managed for
providing security
requirement to
develop business
continuity
management program.
Monitoring and
reviewing of security
procedures should be
done periodically. The
“The business
continuity
management
program has three
sectors to be
undertaken which are
categorised as
continuity of the
business, disruption
in the management,
and related risks”
(Kutsch, 2010).
12
developing the
security risks
environments
(Walker, 2011).
Security incident
management
The security policies
and procedures are
used for managing
the risks associated
with the size of the
project, resources
used, and associated
risks posture.
The security risks
environment is used
for managing
activities for securing
incident management.
The security incident
management activities
are used for
improving the
incident management
of the organization
The investigation
techniques are used
for reporting and
providing security
guidelines to evolve
security associated
with risk
environment.
Business Continuity
management
The business
continuity
management
program used for
addressing the
security procedures
for public data.
The capability of the
organization can be
enhanced by
managing
confidentiality,
integrity, and
availability of public
data. The executive
sponsorship should be
managed for
providing security
requirement to
develop business
continuity
management program.
Monitoring and
reviewing of security
procedures should be
done periodically. The
“The business
continuity
management
program has three
sectors to be
undertaken which are
categorised as
continuity of the
business, disruption
in the management,
and related risks”
(Kutsch, 2010).
12
Paraphrase This Document
Need a fresh take? Get an instant paraphrase of this document with our AI Paraphraser
IT Risk Management
security risks
environment should
be evolved by
deploying the
business continuity
management program
Contracted service
providers
The Victorian
protective data
security standards
are used for ensuring
the public data
accessed by
contracted service
providers.
The security domains
which are analysed by
the Victorian
government are
development and
planning phase,
arrangements of
contracted service
providers, monitoring
and reviewing of
security requirements,
and evolving risks
environment
The outsource
service and functions
should be
incorporated in the
protective security
policy framework.
Developing and
managing contracts
should be signed for
getting better
security mechanism.
Government services The Victorian
government provides
data security
standards for
ensuring disclosure,
transfer,
management, and
collection of data.
The service level
agreements should be
signed for ensuring
the planning and
development phase.
The service level
agreements should be
monitored and
reviewed periodically
to give best practices
Protective security
policy framework is
used
Security plans “The security risks
can be managed by
implementing and
maintaining data
security procedures”
It is used for
identifying decision
which are cost
effective and capable
of securing private
The compliance
management system
is used for aligning
the compliance
13
security risks
environment should
be evolved by
deploying the
business continuity
management program
Contracted service
providers
The Victorian
protective data
security standards
are used for ensuring
the public data
accessed by
contracted service
providers.
The security domains
which are analysed by
the Victorian
government are
development and
planning phase,
arrangements of
contracted service
providers, monitoring
and reviewing of
security requirements,
and evolving risks
environment
The outsource
service and functions
should be
incorporated in the
protective security
policy framework.
Developing and
managing contracts
should be signed for
getting better
security mechanism.
Government services The Victorian
government provides
data security
standards for
ensuring disclosure,
transfer,
management, and
collection of data.
The service level
agreements should be
signed for ensuring
the planning and
development phase.
The service level
agreements should be
monitored and
reviewed periodically
to give best practices
Protective security
policy framework is
used
Security plans “The security risks
can be managed by
implementing and
maintaining data
security procedures”
It is used for
identifying decision
which are cost
effective and capable
of securing private
The compliance
management system
is used for aligning
the compliance
13
IT Risk Management
(Vassileios, 2011). dat. Identification,
assessment, and
recording of the risks
are used for managing
the risks in the
organization. The
privacy and data
protection act is used
for ensuring security
ot data. The business
planning process
should be monitored
and reviewed
periodically.
security activities.
Information value The integrity,
confidentiality, and
availability of the
data should be
managed
The executive
sponsorship should be
managed for
developing
information
management
framework
The information
security guidelines
should be
incorporated in the
security framework.
Information
management
“The information
management
framework is used
for maintaining the
security of the
information” (Nia,
2017).
“The security controls
and procedures should
be monitored and
reviewed
periodically”
(Ormrod, 2013).
The information
management
principles should be
incorporated with the
security framework
developed for the
Victorian
government. The
data validation and
security act should
be undertaken
Information sharing “The security
controls should be
“The information
management
The code of
information security
14
(Vassileios, 2011). dat. Identification,
assessment, and
recording of the risks
are used for managing
the risks in the
organization. The
privacy and data
protection act is used
for ensuring security
ot data. The business
planning process
should be monitored
and reviewed
periodically.
security activities.
Information value The integrity,
confidentiality, and
availability of the
data should be
managed
The executive
sponsorship should be
managed for
developing
information
management
framework
The information
security guidelines
should be
incorporated in the
security framework.
Information
management
“The information
management
framework is used
for maintaining the
security of the
information” (Nia,
2017).
“The security controls
and procedures should
be monitored and
reviewed
periodically”
(Ormrod, 2013).
The information
management
principles should be
incorporated with the
security framework
developed for the
Victorian
government. The
data validation and
security act should
be undertaken
Information sharing “The security
controls should be
“The information
management
The code of
information security
14
IT Risk Management
used for ensuring
security of the public
sector data” (Tara,
2015)
framework is used for
securing information”
(Steen, 2013). The
risks associated with
the sharing of data
should be periodically
reviewed and updated.
controls are used for
transferring and
sharing of
information between
different sectors.
Personal Life cycle The security controls
should be given
privilege to ensures
implementation and
maintenance of
personal security
The personal security
controls are used for
implementing
organization personal
management. It is
used for monitoring
and reviewing of the
organization personal
management.
The personal security
management
programs should be
used in the security
framework
Information
communication
technology life cycle
The ICT security
controls should be
used for securing the
activities related to
information
communication
technology.
The executives
sponsorship should be
used for providing
ICT security controls.
The reviewing and
monitoring of
information
technology and
security controls.
Information security
manuals should be
incorporated with the
security framework
of the organization.
Conclusion:
The Victorian government is looking forward to drive a set of risks management program
which helps in smooth functioning of the activities. The management schemes helps in
maintaining information confidentiality, integrity, and availability throughout the project life
cycle. The development of the security domains help in analysing the information security
management schemes. The unauthorised accessing of information should be completely
15
used for ensuring
security of the public
sector data” (Tara,
2015)
framework is used for
securing information”
(Steen, 2013). The
risks associated with
the sharing of data
should be periodically
reviewed and updated.
controls are used for
transferring and
sharing of
information between
different sectors.
Personal Life cycle The security controls
should be given
privilege to ensures
implementation and
maintenance of
personal security
The personal security
controls are used for
implementing
organization personal
management. It is
used for monitoring
and reviewing of the
organization personal
management.
The personal security
management
programs should be
used in the security
framework
Information
communication
technology life cycle
The ICT security
controls should be
used for securing the
activities related to
information
communication
technology.
The executives
sponsorship should be
used for providing
ICT security controls.
The reviewing and
monitoring of
information
technology and
security controls.
Information security
manuals should be
incorporated with the
security framework
of the organization.
Conclusion:
The Victorian government is looking forward to drive a set of risks management program
which helps in smooth functioning of the activities. The management schemes helps in
maintaining information confidentiality, integrity, and availability throughout the project life
cycle. The development of the security domains help in analysing the information security
management schemes. The unauthorised accessing of information should be completely
15
Secure Best Marks with AI Grader
Need help grading? Try our AI Grader for instant feedback on your assignments.
IT Risk Management
restricted. The security mechanism should be employed for managing the accidental loss of
information. The risk management plan helps in retaining the information value which is
classified as confidentiality, integrity, and availability. The value of the information can be
improved by securing the information from losing its confidentiality and integrity.
References
Bansal, B. (2014). Corporate governance and risk management in insurance sector: A review
of literature. Retrieved from http://www.ijsrp.org/research-paper-1014/ijsrp-
p3407.pdf
16
restricted. The security mechanism should be employed for managing the accidental loss of
information. The risk management plan helps in retaining the information value which is
classified as confidentiality, integrity, and availability. The value of the information can be
improved by securing the information from losing its confidentiality and integrity.
References
Bansal, B. (2014). Corporate governance and risk management in insurance sector: A review
of literature. Retrieved from http://www.ijsrp.org/research-paper-1014/ijsrp-
p3407.pdf
16
IT Risk Management
Bemile, R. (2012). Guide to risk assessment and response. Retrieved from
http://www.uvm.edu/~erm/RiskAssessmentGuide.pdf
Brezeanu, P. (2011). Does corporate governance impact risk management system. Retrieved
from http://store.ectap.ro/articole/580.pdf
Brown, R. (2016). Victorian Government risk management framework: Practice notes.
Retrieved from http://www.google.co.in/url?sa=t&rct=j&q=Research%20paper
%20pdf%20on%20Victorian%20government%20risk
%20management&source=web&cd=2&cad=rja&uact=8&ved=0ahUKEwiqj-
fn1ezVAhWLwI8KHW5OCOcQFggqMAE&url=https://www.vmia.vic.gov.au/~/
media/internet/content-documents/risk/vgrmf/vgrmf-practice-notes-risk-
culture.pdf&usg=AFQjCNGI9XM3W3ZDFt2KpQT1EZ_3F-NbOA
European Commission. (2013). Risk management in the procurement of innovation.
Retrieved from
http://ec.europa.eu/invest-in-research/pdf/download_en/risk_management.pdf
Kutsch, E. (2010). Deliberate ignorance in project risk management. Retrieved from
https://dspace.lib.cranfield.ac.uk/bitstream/1826/5114/1/Deliberate_ignorance_in_pro
ject_risk_management.pdf
Lebanidze, E. (2014). Guide to develop a risk mitigation plans. Retrieved from
https://www.smartgrid.gov/files/CyberSecurityGuideforanElectricCooperativeV11-
21.pdf
Nia, S. (2017). Effects of corporate governance structures on enterprise risks management
practice in Malaysia. Retrieved from
http://www.econjournals.com/index.php/ijefi/article/viewFile/2570/pdf
Ormrod, P. (2013). Corporate governance and Risks: A study of board structure process.
Retrieved from
http://www.accaglobal.com/content/dam/acca/global/PDF-technical/corporate-
governance/rr-129-001.pdf
Perkins, R. (2014). The role of risk management in data protection. Retrieved from
https://www.informationpolicycentre.com/uploads/5/7/1/0/57104281/white_paper_2-
the_role_of_risk_management_in_data_protection-c.pdf
17
Bemile, R. (2012). Guide to risk assessment and response. Retrieved from
http://www.uvm.edu/~erm/RiskAssessmentGuide.pdf
Brezeanu, P. (2011). Does corporate governance impact risk management system. Retrieved
from http://store.ectap.ro/articole/580.pdf
Brown, R. (2016). Victorian Government risk management framework: Practice notes.
Retrieved from http://www.google.co.in/url?sa=t&rct=j&q=Research%20paper
%20pdf%20on%20Victorian%20government%20risk
%20management&source=web&cd=2&cad=rja&uact=8&ved=0ahUKEwiqj-
fn1ezVAhWLwI8KHW5OCOcQFggqMAE&url=https://www.vmia.vic.gov.au/~/
media/internet/content-documents/risk/vgrmf/vgrmf-practice-notes-risk-
culture.pdf&usg=AFQjCNGI9XM3W3ZDFt2KpQT1EZ_3F-NbOA
European Commission. (2013). Risk management in the procurement of innovation.
Retrieved from
http://ec.europa.eu/invest-in-research/pdf/download_en/risk_management.pdf
Kutsch, E. (2010). Deliberate ignorance in project risk management. Retrieved from
https://dspace.lib.cranfield.ac.uk/bitstream/1826/5114/1/Deliberate_ignorance_in_pro
ject_risk_management.pdf
Lebanidze, E. (2014). Guide to develop a risk mitigation plans. Retrieved from
https://www.smartgrid.gov/files/CyberSecurityGuideforanElectricCooperativeV11-
21.pdf
Nia, S. (2017). Effects of corporate governance structures on enterprise risks management
practice in Malaysia. Retrieved from
http://www.econjournals.com/index.php/ijefi/article/viewFile/2570/pdf
Ormrod, P. (2013). Corporate governance and Risks: A study of board structure process.
Retrieved from
http://www.accaglobal.com/content/dam/acca/global/PDF-technical/corporate-
governance/rr-129-001.pdf
Perkins, R. (2014). The role of risk management in data protection. Retrieved from
https://www.informationpolicycentre.com/uploads/5/7/1/0/57104281/white_paper_2-
the_role_of_risk_management_in_data_protection-c.pdf
17
IT Risk Management
Steen, A. (2013). Risk management in corporate governance: A review and proposal.
Retrieved from http://onlinelibrary.wiley.com/doi/10.1111/j.1467-
8683.2009.00763.x/abstract
Stoneburner, G. (2014). Risk management guide for information technology system.
Retrieved from http://csrc.nist.gov/publications/nistpubs/800-30/sp800-30.pdf
Tara, S. (2015). Corporate governance and Risk management: An Indian perspective.
Retrieved from http://researchleap.com/wp-content/uploads/2015/08/3.-Corporate-
Governance-and-Risk-Management-An-Indian-Perspective.pdf
Thomson, R. (2011). Victorian government risk management framework. Retrieved from
http://www.google.co.in/url?sa=t&rct=j&q=Research%20paper%20pdf%20on
%20Victorian%20government%20risk
%20management&source=web&cd=5&cad=rja&uact=8&ved=0ahUKEwiqj-
fn1ezVAhWLwI8KHW5OCOcQFgg7MAQ&url=http://www.dtf.vic.gov.au/files/
26637dd0-0933-41f7-9564-a6f200b16c9b/Victorian-Government-Risk-Management-
Framework-December-
2016.pdf&usg=AFQjCNEQWVIJAdpC_saLQvI93OoYi2F7mA
Vassileios, K. (2011). Relation between corporate governance and risk management during
the credit crisis. Retrieved from http://mibes.teilar.gr/proceedings/2011/oral/12.pdf
Venkatesh, R. (2015). An introduction to information system risks management. Retrieved
from https://www.sans.org/reading-room/whitepapers/auditing/introduction-
information-system-risk-management-1204
Victorian managed insurance authority. (2016). Victorian Government risk management
framework. Retrieved from http://www.google.co.in/url?sa=t&rct=j&q=Research
%20paper%20pdf%20on%20Victorian%20government%20risk
%20management&source=web&cd=1&cad=rja&uact=8&ved=0ahUKEwiqj-
fn1ezVAhWLwI8KHW5OCOcQFgglMAA&url=https://www.vmia.vic.gov.au/~/
media/internet/content-documents/risk/risk-tools/risk-management-guide/vmia-
practice-guide.pdf&usg=AFQjCNE_MnkXzbiNFfa7VI4STur2sRJTNQ
Walker, M. (2011). Public services: Inter-agency risks. Retrieved from
http://mams.rmit.edu.au/0wqb9pk1hn2pz.pdf
18
Steen, A. (2013). Risk management in corporate governance: A review and proposal.
Retrieved from http://onlinelibrary.wiley.com/doi/10.1111/j.1467-
8683.2009.00763.x/abstract
Stoneburner, G. (2014). Risk management guide for information technology system.
Retrieved from http://csrc.nist.gov/publications/nistpubs/800-30/sp800-30.pdf
Tara, S. (2015). Corporate governance and Risk management: An Indian perspective.
Retrieved from http://researchleap.com/wp-content/uploads/2015/08/3.-Corporate-
Governance-and-Risk-Management-An-Indian-Perspective.pdf
Thomson, R. (2011). Victorian government risk management framework. Retrieved from
http://www.google.co.in/url?sa=t&rct=j&q=Research%20paper%20pdf%20on
%20Victorian%20government%20risk
%20management&source=web&cd=5&cad=rja&uact=8&ved=0ahUKEwiqj-
fn1ezVAhWLwI8KHW5OCOcQFgg7MAQ&url=http://www.dtf.vic.gov.au/files/
26637dd0-0933-41f7-9564-a6f200b16c9b/Victorian-Government-Risk-Management-
Framework-December-
2016.pdf&usg=AFQjCNEQWVIJAdpC_saLQvI93OoYi2F7mA
Vassileios, K. (2011). Relation between corporate governance and risk management during
the credit crisis. Retrieved from http://mibes.teilar.gr/proceedings/2011/oral/12.pdf
Venkatesh, R. (2015). An introduction to information system risks management. Retrieved
from https://www.sans.org/reading-room/whitepapers/auditing/introduction-
information-system-risk-management-1204
Victorian managed insurance authority. (2016). Victorian Government risk management
framework. Retrieved from http://www.google.co.in/url?sa=t&rct=j&q=Research
%20paper%20pdf%20on%20Victorian%20government%20risk
%20management&source=web&cd=1&cad=rja&uact=8&ved=0ahUKEwiqj-
fn1ezVAhWLwI8KHW5OCOcQFgglMAA&url=https://www.vmia.vic.gov.au/~/
media/internet/content-documents/risk/risk-tools/risk-management-guide/vmia-
practice-guide.pdf&usg=AFQjCNE_MnkXzbiNFfa7VI4STur2sRJTNQ
Walker, M. (2011). Public services: Inter-agency risks. Retrieved from
http://mams.rmit.edu.au/0wqb9pk1hn2pz.pdf
18
1 out of 19
Related Documents
Your All-in-One AI-Powered Toolkit for Academic Success.
+13062052269
info@desklib.com
Available 24*7 on WhatsApp / Email
![[object Object]](/_next/static/media/star-bottom.7253800d.svg)
Unlock your academic potential
© 2024 | Zucol Services PVT LTD | All rights reserved.