ITC596 Assignment 2: Security Policy and Risk Assessment

This report, prepared for ITC596, focuses on IT risk management through the lens of security policies and risk assessments. The first part of the report addresses the planning, development, and management of a security policy, specifically in the context of the 'My Health Record' project. It details the importance of establishing security measures to protect sensitive health information, including access control, data encryption, and staff training. The second part of the report undertakes a risk assessment for the XYZ multinational bank, identifying key IT-related risks such as data sharing issues, system security vulnerabilities, and the challenges of digital and mobile banking. The assessment includes risk identification, evaluation, and mitigation strategies, proposing measures like risk surveillance technology, encryption, and stress testing frameworks to enhance the bank's operational security and data protection. The report concludes by emphasizing the critical need for robust risk management to ensure the safety and integrity of IT systems within both healthcare and financial sectors.