IT Risk Management Report: VIC Government Information Security

Verified

Added on  2020/03/04

|15
|3279
|87
Report
AI Summary
This report provides a comprehensive analysis of IT risk management within the context of the VIC government's information systems. It begins with an illustration of current security risks and concerns, followed by a detailed diagram analysis and risk classification, identifying high, medium, and low-risk exposure areas. The report then compares and ranks various threats, distinguishing between accidental and deliberate threats, and ranks them based on their potential impact. Furthermore, the report delves into the security challenges faced by the VIC information system, including modeling, organizational, system, and data challenges, as well as regulatory issues. A comparison of risk versus uncertainty is presented, followed by a discussion of risk mitigation and management strategies. The report concludes by providing references to the sources used in the analysis. The content of this report is contributed by a student and is published on Desklib, a platform offering AI-based study tools.
Document Page
Running head: IT RISK MANAGEMENT
IT Risk Management
Name of the student:
Student ID:
Name of the University:
Author’s note:
tabler-icon-diamond-filled.svg

Paraphrase This Document

Need a fresh take? Get an instant paraphrase of this document with our AI Paraphraser
Document Page
1IT RISK MANAGEMENT
Table of Contents
1. Illustration of Current Security Risks and Concerns of VIC Government..................................2
2. Diagram Analysis and Risk Classification..................................................................................3
2.1 Analysis of the Security Risks and Concerns of VIC Government Diagram........................3
2.2 Classification of the Risk and Identifying their Exposure Area............................................4
3. Comparison and Ranking of Threats...........................................................................................6
3.1 Comparing the Accidental and Deliberate Threats................................................................6
3.2 Ranking Threats for VIC Information System......................................................................7
4. Security Challenges of VIC information system.........................................................................9
5. Risk vs. Uncertainty in VIC information system.......................................................................10
6. Risk Mitigation and Management in VIC Information System.................................................12
References......................................................................................................................................13
Document Page
2IT RISK MANAGEMENT
1. Illustration of Current Security Risks and Concerns of VIC Government
The VIC government had been facing some threats for their security system developed
and it requires protection against vulnerabilities. The illustrative diagram for identifying the
current security risks and concerns considered by the VIC government is given below,
Figure 1: Security Risks and Concerns of VIC Government
Document Page
3IT RISK MANAGEMENT
(Source: Created by the author in Ms-Visio)
2. Diagram Analysis and Risk Classification
2.1 Analysis of the Security Risks and Concerns of VIC Government Diagram
The VIC government requires the formation of the improved facilities and it would
integrate the development of the existing operations. The implementation of the technology
would form some issues and risk concerns for the VIC government. The block diagram for the
Analysis of the Security Risks and Concerns of VIC Government is explained below,
VIC Government: The VIC government is responsible for the use of technology and
improved data storage. The data stored in the database is formed for the deployment of the
effective and smart management of the operations. The VIC government would involve the
formation of the effective and smart organizational processing. The VIC government would
employ the users and visitors for the deployment of the effective operational processing.
Information Security Management: Information security management is implied for
forming the effective deployment of the operations and building the effective and smart
processing. The information security management is being implied for forming the development
of the security features for the integration of the operations and development of the improved
privacy of the data stored. The management of the information security would include the
comprehensive deployment of the operational processing.
Internal Risk: The internal risk is formed due to the system configuration and design
errors. The factors of internal risk are technical issues, denial of service, designing flaws,
spamming, and the unauthorized entry in the network of data storage. The internal risk factors
are developed after being comprehensively slacked for the formation of the effective system.
tabler-icon-diamond-filled.svg

Paraphrase This Document

Need a fresh take? Get an instant paraphrase of this document with our AI Paraphraser
Document Page
4IT RISK MANAGEMENT
External Risk: The factors of the external risk are user generated risks and some social
errors in compliance to the operations of the VIC government. The external risks for the
information system of VIC government can be deliberate and done in order to extort the
classified information from the system. These risks are caused for forming the major influence
on the operations of the issues in the organization. The treatment for external risk factors is
developed for forming the accurate and commercially developed operations in the organization.
Potential Risks: The potential risks for the system of VIC government can be classified
into three major sub divisions such as threats, security risks, and vulnerabilities. The system of
the VIC government includes some design flaws and errors that had resulted in the formation of
the potential risk data loss or theft. The conceptual errors in the system can be treated as the
threat because those errors might or might not have impact on the system. However, the
deliberate threats have major impact on the VIC government and hence, it can be considered as
vulnerability issue.
Risk Assessment: The analysis of the factors of the risk for the system developed for
VIC government would involve the formation of the improved facilities for the risk assessment.
The risk assessment deals with analysis and treatment of the risk factors along with the
consideration of their impacts and resource requirements.
2.2 Classification of the Risk and Identifying their Exposure Area
There are a number of risk factors that have an impact on the operations and security of
the VIC government and they are potential risk, security risk, data theft, vulnerabilities, technical
errors, malwares, intrusion and un-authorized entry, designing errors, denial of service,
Document Page
5IT RISK MANAGEMENT
spamming, social engineering errors, and user generated errors. These risks can be classified into
high, medium, medium-low, and low risk exposure areas.
High risk exposure areas The high risk exposure areas are potential risk, security
risk, and data theft for the VIC government. The high risk area exposures are being considered as
first priority for the treatment implementation. The security is the primary concern for the VIC
government as they have many confidential and private data stored within their storage system.
The theft of the data would be highly responsible for building the immediate threat and loss of
the integrity of the organization.
Medium risk exposure areas The medium risk exposure areas are vulnerabilities,
technical errors, malwares, intrusion and un-authorized entry, and designing errors. These factors
form the influential issues in basic operations of the VIC government. The medium risk exposure
areas have a significant influence on the operations of the organization. These risk are generally
prioritized below the major security threats.
Medium-low risk exposure areas The medium low risk exposure areas are the denial
of service and spamming. These issues have low impact on the operations of the VIC
government and can be sorted out with the help of less influence. The medium low risk exposure
areas are very limited in terms of the development of the operations.
Low risk exposure areas The low risk exposure areas are social engineering errors
and user generated errors. These risks for the information system of VIC government can be
undeliberate and done by mistake either inside or outside of the system. The risks can be treated
as mistakes and sorted whenever required. There is potentially very less harm due to the low
exposure risk areas.
Document Page
6IT RISK MANAGEMENT
3. Comparison and Ranking of Threats
3.1 Comparing the Accidental and Deliberate Threats
As opined by Alcorn, Good and Pain (2013), the accidental threats can be considered as
the issues that have been risen without any individual’s concern and activity. Accidental threats
would result in forming the operational issues for the formation of the system. The threat of
implying the information system would cause the successful issues in the formation of the
operational errors in the operations. The accidental threats for the VIC government include the
data compromise due to the flaws, deleting the file accidentally, and data loss due to natural
disaster. On the contrary, Ali et al. (2014) stated that the deliberate threats are considered as the
threats that have been done on purpose for affecting the operations of the organization. The
deliberate threats to the project would include the factors like data compromise for financial
gain, hacking and cyber criminal activities, physical storage device being theft, and
virus/malware infection on the system. These actions would lead to the formation of the
particular notation in the operations.
tabler-icon-diamond-filled.svg

Paraphrase This Document

Need a fresh take? Get an instant paraphrase of this document with our AI Paraphraser
Document Page
7IT RISK MANAGEMENT
Figure 2: Accidental Vs Deliberate Threats for VIC information system
(Source: Steinberg, 2016, pp.-334)
3.2 Ranking Threats for VIC Information System
The threats of the VIC information system can be classified into accidental and deliberate
threats. The accidental threats for the VIC government include the data compromise due to the
flaws, deleting the file accidentally, and data loss due to natural disaster. The deliberate threats to
the system would include the factors like data compromise for financial gain, hacking and cyber
criminal activities, physical storage device being theft, and virus/malware infection on the
system. The two types of the threats have been ranked and explained for ranking in the table
below,
Rank: 1st
Threats
Data Compromise Accidental
File Deletion Unknowingly
Flaws of the System
Natural Disasters
Hacking and Cyber Crimes
Virus and Malware Attacks
Data compromise for financial gain
Physical storage device being theft
Accidental Threats Deliberate Threats
Document Page
8IT RISK MANAGEMENT
Threat Type: Deliberate
Examples: Data Compromise for Financial Gain, Hacking and Cyber Criminal Activities,
Physical Storage Device being Theft, and Virus/Malware Infection on the System
Explanation of the Rank: As explained by Alcorn, Good and Pain (2013), the deliberate threat
types has very high potential for impacting the operations of VIC government. The data storage
would be in high probability of negative impact due to these threats. The organization would
have to face the threat of their private and confidential data being misused from external.
Rank: 2nd
Threat Type: Accidental
Examples: Data Compromise due to the Flaws, Deleting the File Accidentally, and Data Loss
due to Natural Disaster.
Explanation of the Rank: The accidental threats are not being caused due to any specific
motives or reasons and they arise due to mistakes unknowingly (Ali et al., 2014). The accidental
threats may or may not be of higher impact on the operations of the VIC government.
Table 1: Threat ranking for VIC information system
(Source: Steinberg, 2016, pp.-340)
Document Page
9IT RISK MANAGEMENT
4. Security Challenges of VIC information system
VIC government had implemented an information system for improving the efficiencies
of the information system management. According to Sharma et al. (2013), the management of
the risk factors would involve the development of the risk assessment in the organization. The
private and confidential data stored by the VIC government would involve the use of effective
risk management operations (Rakow, Heard & Newell, 2015). However, the risk management is
a complex process and VIC government would have to deal with several issues and problems.
The challenges of the VIC government can be divided into four sub divisions namely modeling
challenges, organizational challenges, system and data challenges, and regulatory issues. These
issues would form the decomposition of the operations resulting in forming the issues of the
operations.
Modeling challenges: The modeling challenges of the VIC information system would
include the issues of inaccuracy and slower speed of operations (Mans et al., 2013). The
correlation of the information system with the risk management model would be another major
issue in the deployment of the effective risk treatment operations.
Organizational challenges: The organizational challenges of the VIC information
system would include the limitations in the operations and development of the risk analysis.
According to Silbey (2013), the role of the individual members would cause the narrowing of the
compliance approaches that could focus for the risk management.
System and data challenges: The system and data challenges of the VIC information
system would include the data missing or the incomplete data stored in the storage of the
information system. According to Sharma et al. (2013), the limited information and incompatible
tabler-icon-diamond-filled.svg

Paraphrase This Document

Need a fresh take? Get an instant paraphrase of this document with our AI Paraphraser
Document Page
10IT RISK MANAGEMENT
data analysis would be a major issue in the deployment of the effective risk management for the
VIC government.
Regulatory issues: The regulatory issues of the VIC information system include the lack
of the back testing and analysis model that can be used for tracking down the risk factors in the
information system (Varshney, 2014). The reliability of the risk assessment would be another
concern topic for the development for the risk analysis and development.
5. Risk vs. Uncertainty in VIC information system
The risk and uncertainty in VIC information system can be compares by using the factors
of description, result, system of control, probability, effect, and ascertainment. The following
table would show the comparison of the risk and uncertainty,
Risk
Description: According to Covello et al. (2013), Risk is a probable factor that causes the
deviation of the expected outcome from any operations. The risk analysis would be developed
for evaluating the impact of the operations and processes.
Result: Outcome is dependent on activities and may or may not be same as the assumptions.
System of control: Risk management is helpful for the deployment of the system of control.
Probability: It has high probability of occurrence as the activities of the project would include
the development of the operations.
Effect: The impact of the risk can be maximized or minimized by using risk management and
Document Page
11IT RISK MANAGEMENT
assessment.
Ascertainment: Estimation of the risk factors can be followed by the use of the techniques and
methods of estimation.
Uncertainty
Description: Uncertainty can be considered as the development of the chances in the activities
that result in making the outcome unsure (Covello et al., 2013). The uncertainty would decrease
the overall efficiency of operations and would tend to form the issues in VIC information system.
Result: Outcome of the operations cannot be predetermined and it would form the estimation
useless
System of control: No proper system of control can be used. Only Change management plan can
be implied for ensuring the changes are accepted in the system.
Probability: Low probability of occurrence as most of the activities are being planned and
scheduled as per requirements
Effect: The effect has to be accepted and cannot be minimized or altered
Ascertainment: Measuring of the uncertainty has no scope for implementation
Table 2: Risk vs. Uncertainty for VIC information system
(Source: Rasmussen, 2013, pp.-163)
chevron_up_icon
1 out of 15
circle_padding
hide_on_mobile
zoom_out_icon
[object Object]