SBM4304: IS Risk and Security Management Report for Semester 2, 2018
VerifiedAdded on 2023/06/08
|13
|2763
|231
Report
AI Summary
This report provides an in-depth analysis of IS risk and security management, focusing on the case of First Focus, an IT service provider. It begins by outlining the services offered by First Focus and how they leverage information systems to support business operations. The report then delves into the General Management Controls (GMCs) employed by the organization, exploring their role in risk management and establishing a robust internal control system. It also examines the Application Controls (ACs) used to secure specific applications and processes, differentiating them from GMCs. The report further investigates various risk management strategies, including reliability, confidentiality, availability, integrity, and security measures, along with the importance of IS auditing in safeguarding data quality and ensuring the transparency of business operations. Finally, the report concludes with recommendations for maintaining data sensitivity and implementing comprehensive backup plans to ensure business continuity.
IS risk and security management
Paraphrase This Document
Need a fresh take? Get an instant paraphrase of this document with our AI Paraphraser
Table of Contents
Introduction...........................................................................................................................................1
Services provided by First Focus............................................................................................................1
Operations to support the business......................................................................................................1
GMCs- General management control....................................................................................................2
Application Controls used by First focus................................................................................................3
Difference between general management control and application control for IS.................................4
Ways to manage the risk.......................................................................................................................5
Importance of auditing IS and safeguarding data quality......................................................................6
Conclusion.............................................................................................................................................8
References.............................................................................................................................................9
Introduction...........................................................................................................................................1
Services provided by First Focus............................................................................................................1
Operations to support the business......................................................................................................1
GMCs- General management control....................................................................................................2
Application Controls used by First focus................................................................................................3
Difference between general management control and application control for IS.................................4
Ways to manage the risk.......................................................................................................................5
Importance of auditing IS and safeguarding data quality......................................................................6
Conclusion.............................................................................................................................................8
References.............................................................................................................................................9
Introduction
In the past history of Australia, First focus is one of the largest organisations that offer
it services to mid sixed business. They work on the motive of delivering services by
maintaining the security. Their aim is to deliver high quality services in a secure manner.
They offer various technical solutions by focusing on the demand of customers. It is one of
the fast growing organisations that delivers end to end business support with a reliable
connection.
Services provided by First Focus
The services that are offered by first focus are a hybrid cloud solution that allows a
person to work on a platform that has a high level of security with a backup support. They
also offer services by transferring information to public cloud and enhancing the performance
(Herbert, 2017). They offer services of data acquisition so that high level of security is
attainted by managing the flexibility.
Operations to support the business
The main aim of First focus is to make sure that security is maintained while offering
the operations. There are various tools that are used to secure the operations. First focus
makes sure that all the operations are completed in a reliable condition without breaching the
security (Herbert, 2017). They develop intellectual solutions to make sure that information is
not leaked. The business operations are designed so that the result comes out to be positive.
This is done by protecting the system from all the bugs and errors by identifying the risk and
then undertaking proper mitigation steps (Farrell & Gallagher, 2015). This can be achieved
by installing firewalls, security endpoints and internet service provider so that they scan the
In the past history of Australia, First focus is one of the largest organisations that offer
it services to mid sixed business. They work on the motive of delivering services by
maintaining the security. Their aim is to deliver high quality services in a secure manner.
They offer various technical solutions by focusing on the demand of customers. It is one of
the fast growing organisations that delivers end to end business support with a reliable
connection.
Services provided by First Focus
The services that are offered by first focus are a hybrid cloud solution that allows a
person to work on a platform that has a high level of security with a backup support. They
also offer services by transferring information to public cloud and enhancing the performance
(Herbert, 2017). They offer services of data acquisition so that high level of security is
attainted by managing the flexibility.
Operations to support the business
The main aim of First focus is to make sure that security is maintained while offering
the operations. There are various tools that are used to secure the operations. First focus
makes sure that all the operations are completed in a reliable condition without breaching the
security (Herbert, 2017). They develop intellectual solutions to make sure that information is
not leaked. The business operations are designed so that the result comes out to be positive.
This is done by protecting the system from all the bugs and errors by identifying the risk and
then undertaking proper mitigation steps (Farrell & Gallagher, 2015). This can be achieved
by installing firewalls, security endpoints and internet service provider so that they scan the
⊘ This is a preview!⊘
Do you want full access?
Subscribe today to unlock all pages.
Trusted by 1+ million students worldwide
network thoroughly. This is done by checking the end points of the network so that no bugs
penetrate in the network (Grant, 2016). They assure that no vulnerabilities hit the system by
using antiviruses and various security architectures.
GMCs- General management control
General management control makes sure that all the operations in an organisation are
completed in an effective manner. In every organisation, GMCs are used to organise the
performance of operations by building a strong relationship between the staff. These are
important for every organisation as they make sure that all the assets and resources are used
at its maximum limit (Hristov & Ramkissoon, 2016). It covers the cost accounting system
along with human resource system. They are basically used to achieve the goals by defining
responsibility to every individual so that better outcome can be achieved. General
management control are used are basically used to improve the performance
(Rijamampianina & Carmichael, 2018). They are used to design polices so that goals can be
achieved without breaching security concerns. The general management controls are used to
deal with the different culture in the society so that conflicts could be resolved. GMC
supports in maximizing the profit margins so that performance could be improved. There are
many people at the workplace everyone having a different perception, thus GMC makes sure
that decision could be made by resolving the conflicts (Yourarticlelibrary, 2017). General
management control helps in achieving the goals smoothly by having coordination between
the employees so that conflicts could be resolved. They bring up new motivation ideas so that
performance of employees could be improved. The future plans of organisation could be
improved as they work on measuring the current performance and comparing it with the
defined goals (Yourarticlelibrary, 2017). The plans are designed to meet the difference
penetrate in the network (Grant, 2016). They assure that no vulnerabilities hit the system by
using antiviruses and various security architectures.
GMCs- General management control
General management control makes sure that all the operations in an organisation are
completed in an effective manner. In every organisation, GMCs are used to organise the
performance of operations by building a strong relationship between the staff. These are
important for every organisation as they make sure that all the assets and resources are used
at its maximum limit (Hristov & Ramkissoon, 2016). It covers the cost accounting system
along with human resource system. They are basically used to achieve the goals by defining
responsibility to every individual so that better outcome can be achieved. General
management control are used are basically used to improve the performance
(Rijamampianina & Carmichael, 2018). They are used to design polices so that goals can be
achieved without breaching security concerns. The general management controls are used to
deal with the different culture in the society so that conflicts could be resolved. GMC
supports in maximizing the profit margins so that performance could be improved. There are
many people at the workplace everyone having a different perception, thus GMC makes sure
that decision could be made by resolving the conflicts (Yourarticlelibrary, 2017). General
management control helps in achieving the goals smoothly by having coordination between
the employees so that conflicts could be resolved. They bring up new motivation ideas so that
performance of employees could be improved. The future plans of organisation could be
improved as they work on measuring the current performance and comparing it with the
defined goals (Yourarticlelibrary, 2017). The plans are designed to meet the difference
Paraphrase This Document
Need a fresh take? Get an instant paraphrase of this document with our AI Paraphraser
between the goals set and goals achieved. Apart from that, First focus works on removing the
difference so that actions plans could be used to eliminate the consequences.
Application Controls used by First focus
The application control differs from general management controls. They are used to
maintain the security of a particular application or process (Lowe & McInnes, 2015). Various
types of application controls are:
Input Control- It verifies that the input entered in the system is valid or not, this can
be done by checking that data is integrated and secure for all the business application.
Processing Control- Once the input is checked, application control makes sure that
operations are compete on time. This is used to make sure that operations are carried
out by authorised user and are completed in an accurate way (Firstfocus, 2017). It is
important to define who can access the data otherwise there are chances that
information gets leaked.
Output Control- This is used to check that the output that is obtained is same as the
desired output. If there is a difference in the expected output the errors need to be
found to make the system secure and error free.
Audit control- This is used to monitor the system regularly so that errors are
identified and proper solution could be taken (Watson, 2017).
Every organisation should take application controls into consideration as they deal with every
application and process individually (Watson, 2017). If there is a change in the application,
processor software these control measures make sure that changes are adapted effectively.
Companies can directly rely on Application control at time of change. They assure that
security of every application is met and they complete the operations in less duration as
compared to others. Application control make sure that data packets are accessed only by
difference so that actions plans could be used to eliminate the consequences.
Application Controls used by First focus
The application control differs from general management controls. They are used to
maintain the security of a particular application or process (Lowe & McInnes, 2015). Various
types of application controls are:
Input Control- It verifies that the input entered in the system is valid or not, this can
be done by checking that data is integrated and secure for all the business application.
Processing Control- Once the input is checked, application control makes sure that
operations are compete on time. This is used to make sure that operations are carried
out by authorised user and are completed in an accurate way (Firstfocus, 2017). It is
important to define who can access the data otherwise there are chances that
information gets leaked.
Output Control- This is used to check that the output that is obtained is same as the
desired output. If there is a difference in the expected output the errors need to be
found to make the system secure and error free.
Audit control- This is used to monitor the system regularly so that errors are
identified and proper solution could be taken (Watson, 2017).
Every organisation should take application controls into consideration as they deal with every
application and process individually (Watson, 2017). If there is a change in the application,
processor software these control measures make sure that changes are adapted effectively.
Companies can directly rely on Application control at time of change. They assure that
security of every application is met and they complete the operations in less duration as
compared to others. Application control make sure that data packets are accessed only by
authorised users, no invalid user can access the information as it will breach the privacy of
the company. (Sinnema, 2018) An access list is defined in which list of valid users are
defined so that privacy is controlled.
Difference between general management control and application
control for IS
The general management control differs with application control as GMCs deal with
all the policies and procedures related to an organisation (Sinnema, 2018). On the other hand,
application control deals with the security of a particular application or process. General
management control look at all the data centres wherever the information is stored by making
sure that sensitive data is not accessed by everyone. Thus, an access control list is defined so
that only valid users get eth right to access the sensitive data. Apart from that, application
control deals with the bugs in a particular application or ambiguity that arises in any software
(D’Arcy & Brogan, 2010). They define rules and regulations for an application so that
confidentiality, integrity and availability are maintained. They monitor all the IS operations
that are taking place over the network. They are basically used to verify the input, output and
processing unit of the network. The motive of both these control measures is to maintain the
security (Berry, Broadbent & Otley, 2016). In case of, application control security is
maintained of a particular process wherein general management control is used to resolve all
eth basic complication in an organisation related to human activities. Application control
checks the system on the basis of input, output and processing unit.
While comparing both the control measures for IS, it can be stated that general
management control deals in various fields of the company. In First focus, GMCs are applied
in all the areas whereas application control deals with a particular application security
(Bromiley, McShane, Nair & Rustambekov, 2015). The general management control deals
the company. (Sinnema, 2018) An access list is defined in which list of valid users are
defined so that privacy is controlled.
Difference between general management control and application
control for IS
The general management control differs with application control as GMCs deal with
all the policies and procedures related to an organisation (Sinnema, 2018). On the other hand,
application control deals with the security of a particular application or process. General
management control look at all the data centres wherever the information is stored by making
sure that sensitive data is not accessed by everyone. Thus, an access control list is defined so
that only valid users get eth right to access the sensitive data. Apart from that, application
control deals with the bugs in a particular application or ambiguity that arises in any software
(D’Arcy & Brogan, 2010). They define rules and regulations for an application so that
confidentiality, integrity and availability are maintained. They monitor all the IS operations
that are taking place over the network. They are basically used to verify the input, output and
processing unit of the network. The motive of both these control measures is to maintain the
security (Berry, Broadbent & Otley, 2016). In case of, application control security is
maintained of a particular process wherein general management control is used to resolve all
eth basic complication in an organisation related to human activities. Application control
checks the system on the basis of input, output and processing unit.
While comparing both the control measures for IS, it can be stated that general
management control deals in various fields of the company. In First focus, GMCs are applied
in all the areas whereas application control deals with a particular application security
(Bromiley, McShane, Nair & Rustambekov, 2015). The general management control deals
⊘ This is a preview!⊘
Do you want full access?
Subscribe today to unlock all pages.
Trusted by 1+ million students worldwide
with data storage, acquisition of data and access control. Apart from that, application control
deals with security and privacy issue of a particular process. The transaction between the
software is validated and information is kept in a sensitive way. These control measures are
important as it helps in building the trust among the customers. It also improves the image of
an organisation in the market (Hopkin, 2018). Application control allows only valid user to
access the data.
Ways to manage the risk
Every organisation has set of plans to overcome the failure. Similarly, First focus has
also defined some risk management plans so that security is maintained. This can be
accomplished by maintaining the confidentiality, availability, reliability and integrity of
information.
Reliability- It is important factor that make sure that quality of operations are
maintained. This is used to avoid the risk by dealing with all the failures (Cloudtango,
2017). The consistence of operations needs to be maintained.
Confidentiality- The information stored over the network is sensitive, thus it is
necessary that information is accessed by valid users. The overall security can be
maintained by defining an access list (Cloudtango, 2017).
Availability- First focus has grown in the global market, it is important that
information can be accessed at anytime from anywhere.
Integrity- It assures that the application and software are secured and it is used
accessed by nay invalid user (Cloudtango, 2017).
Security- The security of an organisation is maintained by assuring that sensitive
information is not leaked and is accessed only by valid user.
deals with security and privacy issue of a particular process. The transaction between the
software is validated and information is kept in a sensitive way. These control measures are
important as it helps in building the trust among the customers. It also improves the image of
an organisation in the market (Hopkin, 2018). Application control allows only valid user to
access the data.
Ways to manage the risk
Every organisation has set of plans to overcome the failure. Similarly, First focus has
also defined some risk management plans so that security is maintained. This can be
accomplished by maintaining the confidentiality, availability, reliability and integrity of
information.
Reliability- It is important factor that make sure that quality of operations are
maintained. This is used to avoid the risk by dealing with all the failures (Cloudtango,
2017). The consistence of operations needs to be maintained.
Confidentiality- The information stored over the network is sensitive, thus it is
necessary that information is accessed by valid users. The overall security can be
maintained by defining an access list (Cloudtango, 2017).
Availability- First focus has grown in the global market, it is important that
information can be accessed at anytime from anywhere.
Integrity- It assures that the application and software are secured and it is used
accessed by nay invalid user (Cloudtango, 2017).
Security- The security of an organisation is maintained by assuring that sensitive
information is not leaked and is accessed only by valid user.
Paraphrase This Document
Need a fresh take? Get an instant paraphrase of this document with our AI Paraphraser
To make sure that risk of an on organisation can be is mitigating. Some of the actions
plans are developed. The first step is identifying all the bugs and errors so that it doesn’t
affect the system future. The identification of risk can be assessed by finding the source
through which error or bugs entered in the system. Once the bug is found an action plan is
taken so that it does not cause failure to the network. Risk assessment plans are used to
assure that no information is lost and operations continue to work. Risk can be mitigated
by taking proper backup of the information so that in case of failure business continues to
work.
Importance of auditing IS and safeguarding data quality
The motive of IS auditing is to check the information and assure that only accurate
information is processed in the software’s. All the possible threats related to the software
are mitigated so that risk can be minimised. The auditing helps in making all the business
operations transparent so that decisions could be made accordingly. The auditing checks
all eth operations individually by making sure that confidentiality, integrity and
availability is checked. It makes sure that data packets are not visible to unauthorised user
and only valid users can access the data (Bedford, Malmi & Sandelin, 2016). The threats
that could exist in the system are identified beforehand so that privacy is maintained. The
plans are designed so that risk can be managed.
The audit plans covers a set of predefined strategies that need to be followed by an
organisation so that security is maintained. It identifies all the misconception so that risk
does not penetrate in the system. The audit plans are beneficial as they minimise the
overall time that is taken to complete an operation (Bedford, Malmi & Sandelin, 2016).
The audit plans are once defined then the employees in an organisation are made aware
by plan. This can be done by organising a meeting or conference so that the impact about
plans are developed. The first step is identifying all the bugs and errors so that it doesn’t
affect the system future. The identification of risk can be assessed by finding the source
through which error or bugs entered in the system. Once the bug is found an action plan is
taken so that it does not cause failure to the network. Risk assessment plans are used to
assure that no information is lost and operations continue to work. Risk can be mitigated
by taking proper backup of the information so that in case of failure business continues to
work.
Importance of auditing IS and safeguarding data quality
The motive of IS auditing is to check the information and assure that only accurate
information is processed in the software’s. All the possible threats related to the software
are mitigated so that risk can be minimised. The auditing helps in making all the business
operations transparent so that decisions could be made accordingly. The auditing checks
all eth operations individually by making sure that confidentiality, integrity and
availability is checked. It makes sure that data packets are not visible to unauthorised user
and only valid users can access the data (Bedford, Malmi & Sandelin, 2016). The threats
that could exist in the system are identified beforehand so that privacy is maintained. The
plans are designed so that risk can be managed.
The audit plans covers a set of predefined strategies that need to be followed by an
organisation so that security is maintained. It identifies all the misconception so that risk
does not penetrate in the system. The audit plans are beneficial as they minimise the
overall time that is taken to complete an operation (Bedford, Malmi & Sandelin, 2016).
The audit plans are once defined then the employees in an organisation are made aware
by plan. This can be done by organising a meeting or conference so that the impact about
the decision is also analysed. The audit process supports that security of an organisation is
maintained.
maintained.
⊘ This is a preview!⊘
Do you want full access?
Subscribe today to unlock all pages.
Trusted by 1+ million students worldwide
Conclusion
It is important to maintain the sensitivity of data as companies rely on network for
their data. The security of an organisation needs to be maintained so that customer’s
satisfaction is improved. In this report, the organisation that is discussed is first focus, the
general management control and application controls that are used by the organisation are
listed. The controls measures are designed so that risk can be mitigated and data can be
safeguarding are listed. The difference between both these control measures is listed. It is
recommended that the audit plans should be designed in such a way that confidentiality
and privacy of data is maintained. Thus, there should be a backup plan so that it case of
failure system could be recovered easily.
It is important to maintain the sensitivity of data as companies rely on network for
their data. The security of an organisation needs to be maintained so that customer’s
satisfaction is improved. In this report, the organisation that is discussed is first focus, the
general management control and application controls that are used by the organisation are
listed. The controls measures are designed so that risk can be mitigated and data can be
safeguarding are listed. The difference between both these control measures is listed. It is
recommended that the audit plans should be designed in such a way that confidentiality
and privacy of data is maintained. Thus, there should be a backup plan so that it case of
failure system could be recovered easily.
Paraphrase This Document
Need a fresh take? Get an instant paraphrase of this document with our AI Paraphraser
References
Bedford, D. S., Malmi, T., & Sandelin, M. (2016). Management control effectiveness and
strategy: An empirical analysis of packages and systems. Accounting, Organizations
and Society, 51, 12-28.
Berry, A. J., Broadbent, J., & Otley, D. T. (Eds.). (2016). Management control: theories,
issues and practices. Macmillan International Higher Education.
Bromiley, P., McShane, M., Nair, A., & Rustambekov, E. (2015). Enterprise risk
management: Review, critique, and research directions. Long range planning, 48(4),
265-276.
Cloudtango. (2017). primarily on delivering excellent Managed IT Services and cloud-based
services across Australia. Published on: January 31, 2018 Top 20 Managed Service
Providers in Australia. Retrieved from https://www.cloudtango.org/topMSPs/AU/.
D’Arcy, S. P., & Brogan, J. C. (2010). Enterprise risk management. Journal of Risk
Management of Korea, 12(1), 207-228.
Farrell, M., & Gallagher, R. (2015). The valuation implications of enterprise risk
management maturity. Journal of Risk and Insurance, 82(3), 625-657.
Firstfocus. (2017). Case Studies. Retrieved from
https://www.firstfocus.com.au/about-us/case-studies/.
Grant, E. M. (2016). Designing carceral environments for indigenous prisoners: A
comparison of approaches in Australia, Canada, Aotearoa New Zealand, the US and
Greenland (Kalaallit Nunaat).
Bedford, D. S., Malmi, T., & Sandelin, M. (2016). Management control effectiveness and
strategy: An empirical analysis of packages and systems. Accounting, Organizations
and Society, 51, 12-28.
Berry, A. J., Broadbent, J., & Otley, D. T. (Eds.). (2016). Management control: theories,
issues and practices. Macmillan International Higher Education.
Bromiley, P., McShane, M., Nair, A., & Rustambekov, E. (2015). Enterprise risk
management: Review, critique, and research directions. Long range planning, 48(4),
265-276.
Cloudtango. (2017). primarily on delivering excellent Managed IT Services and cloud-based
services across Australia. Published on: January 31, 2018 Top 20 Managed Service
Providers in Australia. Retrieved from https://www.cloudtango.org/topMSPs/AU/.
D’Arcy, S. P., & Brogan, J. C. (2010). Enterprise risk management. Journal of Risk
Management of Korea, 12(1), 207-228.
Farrell, M., & Gallagher, R. (2015). The valuation implications of enterprise risk
management maturity. Journal of Risk and Insurance, 82(3), 625-657.
Firstfocus. (2017). Case Studies. Retrieved from
https://www.firstfocus.com.au/about-us/case-studies/.
Grant, E. M. (2016). Designing carceral environments for indigenous prisoners: A
comparison of approaches in Australia, Canada, Aotearoa New Zealand, the US and
Greenland (Kalaallit Nunaat).
Herbert, J. (2017). Listen to the Voices: Informing, Reforming, and Transforming Higher
Education for First Nations’ Peoples in Australia. Handbook of Indigenous Education,
1-22.
Hopkin, P. (2018). Fundamentals of risk management: understanding, evaluating and
implementing effective risk management. Kogan Page Publishers, 1-13.
Hristov, D., & Ramkissoon, H. (2016). Leadership in destination management
organisations. Annals of Tourism Research, 61, 230-234.
Lowe, E. A., & McInnes, J. M. (2015). Control in socio-economic organisations: a rationale
for the design of management control systems (Section II). International Journal of
Critical Accounting, 7(5-6), 411-426.
Rijamampianina, R., & Carmichael, T. (2018). General Issues in
Management. Management, 3, 1.
Sinnema, R., EMC Corp (2018). Risk-adaptive access control of an application action based
on threat detection data. U.S. Patent 9,992,213.
Watson, I. (2017). Combatting cultural ‘nerve gas’: maintaining traditional media and culture
through local media production in Australia, Canada and Mexico. Journal of
Alternative and Community Media, 2, 1-13.
Yourarticlelibrary, (2017). Management Control System: Definition, Characteristics and
Factors. Available from http://www.yourarticlelibrary.com/accounting/company-
accounts/management-control-system-definition-characteristics-and-factors/52963 Ac
cessed on 07 aug 18.
Education for First Nations’ Peoples in Australia. Handbook of Indigenous Education,
1-22.
Hopkin, P. (2018). Fundamentals of risk management: understanding, evaluating and
implementing effective risk management. Kogan Page Publishers, 1-13.
Hristov, D., & Ramkissoon, H. (2016). Leadership in destination management
organisations. Annals of Tourism Research, 61, 230-234.
Lowe, E. A., & McInnes, J. M. (2015). Control in socio-economic organisations: a rationale
for the design of management control systems (Section II). International Journal of
Critical Accounting, 7(5-6), 411-426.
Rijamampianina, R., & Carmichael, T. (2018). General Issues in
Management. Management, 3, 1.
Sinnema, R., EMC Corp (2018). Risk-adaptive access control of an application action based
on threat detection data. U.S. Patent 9,992,213.
Watson, I. (2017). Combatting cultural ‘nerve gas’: maintaining traditional media and culture
through local media production in Australia, Canada and Mexico. Journal of
Alternative and Community Media, 2, 1-13.
Yourarticlelibrary, (2017). Management Control System: Definition, Characteristics and
Factors. Available from http://www.yourarticlelibrary.com/accounting/company-
accounts/management-control-system-definition-characteristics-and-factors/52963 Ac
cessed on 07 aug 18.
⊘ This is a preview!⊘
Do you want full access?
Subscribe today to unlock all pages.
Trusted by 1+ million students worldwide
1 out of 13
Related Documents
Your All-in-One AI-Powered Toolkit for Academic Success.
+13062052269
info@desklib.com
Available 24*7 on WhatsApp / Email
![[object Object]](/_next/static/media/star-bottom.7253800d.svg)
Unlock your academic potential
Copyright © 2020–2025 A2Z Services. All Rights Reserved. Developed and managed by ZUCOL.