2.Provide detailed explanation of the diagram and identify the areas of: high, medium, medium-low, and low risk exposure.
3.Carry out comparative analysis of the Deliberate and Accidental Threats and rank those threats in order of importance.
4.While drawing upon theories, tools and patterns covered in the subject as well as your own research, explain the challenges that the VIC government is going to face while deciding on whether security/risk management should be carried out internally or externally.
5.Explain the difference between the Concepts of Risk and Uncertainty.
6.Discuss and evaluate different approaches available to the VIC government for risk control and mitigation.
The main objective of this report is to discuss about the possible risks and uncertainty of regarding different ICT projects and the methods which can be applied against those risks. Risk management is an important part of the IT system. Due to various reasons there are many possibilities of risks. Security is the main parameter that has to be given the highest priority in case of an IT system management (Chance & Brooks, 2015). VIC government analyzes these kinds of risks and finds out the possible methods that can be used to overcome these risks and to make the system more secured.
There are many differences between risk and uncertainty. Those are discussed in details in this report. Threads are an important part in case of risk detection in the information system. Different kinds of threads are also discussed in this report. The main differences between the accidental and deliberate threads are given also.
In this report various type of risks regarding the information system are given along with the methods which can be used against the risks. These types of risks can break down the security system of the organisation. Different methods regarding risk management have been discussed in this report. These methods are discussed with respect to the regulation and standards of the VIC governments
1.Diagram regarding the security risks and concerns considered by the VIC government.
Figure: Current security risks and the methods to prevent those risks
2.Explanation of the diagram and identification of different levels of risk exposure.
According to the VIC government there are various kinds of risks in the Information technology and also other physical peripherals regarding the information system. The diagram explains the security risks and the measures of the risks and the methods to oppose those issues according to the VIC government standards (Aldunce et al., 2015). The main security problems or risks regarding the information system are ICT security risks, physical risks, hacking risks, risks regarding malware and virus. The security of the information system is the most important criteria for the system to make it properly work and to increase the security and reliability of the system to public (American Diabetes Association., 2016). The ICT security refers to the security issues related to the information communication technology. In various organisations ICT systems are used as the basic and fundamental structure of the information system. This current generation is highly dependent on the internet for several purposes and so the security is highly affected as internet is the source of various kinds of viruses, malwares and hackers. The main problems that the ICT problems are becoming more and more complex due to the presence of the sharing and distributive capabilities of the internet system and the bugs distributed by this system (Becken & Hughey, 2013). ICT environments are also becoming more heterogeneous and complex and as a result this can be seen that number of the intrusions is becoming more and more. The impact of the wireless radio connection has created new possibilities of the risks regarding the cyber attacks. Internet has a hierarchical structure itself and it is becoming more and more inaccessible from the outside users (Bianco et al., 2017). As a result the intranet users and the other users can not deal with the complexity of the internet system which is causing due to the outsourcing (Brindley, 2017). The amount of physical risks is also increasing day by day. Physical risk refers to the problems caused by the hardware and the peripherals of the system. This problem makes the system slow and there is also a high risk of stopping the whole system in case of the large amount of hardware or peripheral issues (Chance & Brooks, 2015). The hardware and the peripherals are connected to the main system to transfer the data as the input and output of the system. The information sometimes itself become harmful for the system. The bugs present in some information can harm the hardware like modem and servers. In this case the risk is also very high in nature as the main source of the internet connection is the modem and the server. Another kind of dangerous risk to the information system is the chances of hacking attacks (Bianco et al., 2017). The hackers most often attack the sources of information and make some vulnerable changes to the source. As a result it can harm the whole system which is connected to the source. The number of hacking attacks is increasing day by day. This kind of attack can be overcome by use of different methods like encryption and others which are distributed further. Malware and viruses are also one of the most important sources of the cyber security issues and risks. Sometimes the malware and the viruses are spread by intention from different kind of sources (Brindley, 2017). The amount of the sources which are spreading the viruses and the malwares, are increasing day by day. There are several kinds of viruses which can lead to damage software as well as the hardware system also. From the priority point of view of the dangers of the system the main issues are divided in different parts and those are high, medium, medium-low and low. The security issues caused by the ICT risks are very high. As the IST system deals with the information records of public information that can be in danger in case of different risks. The risks due to the hardware and peripherals are low as this kind of issues can be recovered very easily and also those are very few numbers. The dangers due to hacking are high as the information regarding the system security can be hacked by those hackers. Those hacking attacks can affect various database systems like the hospital, military base, transportation system and many more. The danger regarding the viruses and the malware are of medium risk (Cole et al., 2013). These malware and virus can a make a system totally failed and thus it can reach harm to the system that cannot be restored. If the system has to be regained then the malware and the viruses must be removed from the system.
In the next level of the diagram the methods are discussed according to the importance of their usage. The methods are used to oppose the issues regarding the problems generated by the given causes (Davies, 2014). The VIC government has some standards and regulations regarding the methods which are used to oppose the problems regarding the information system. The main methods those are used are security management framework, security incident management, security plans, government plans, security risk management, security policies and procedures, business continuity management, security obligations, security training and awareness, information access, contracted service providers, compliance, information value, information management, information sharing, personnel lifecycle, ICT lifecycle and physical lifecycle (DeAngelo & Stulz, 2015). These are some parameters related to the methods which can be used against the issues related to the IT system.
3.Comparative analysis of the Deliberate and Accidental Threats and ranking of those threats on the basis of importance
The threads can be identified as the sequential form of some responses to a message. The form of the thread can of different types like deliberate thread or accidental threads. The threads are one of the most important things that can be used in the computing system for several implications (Ferguson et al., 2013). The single threading refers to the sequential processing of the instruction at a time and multi threading refers to the threading done in the operating system having multitasking. The threading can be off different types on the basis of the occurrence of the threads. The Accidental thread can also be present in the system by any time or any process occurrence (Glendon, Clarke & McKenna, 2016). The application of the system depends upon the sudden change of sequences regarding the message. In case of the security of the system some sequential applications are there which can take place by intention. This type of sequential applications is called deliberate thread. The main difference between the accidental and the deliberate thread is that the occurrence of the sequences of the thread. In case of accidental thread the sequence can be present in any order (Heazle et al., 2013). In case of deliberate thread the sequences can be of different orders. In many cases it is seen that both the deliberate and the accidental threads are used in many organisations. Sometimes threads are used to get the information from the system. The system is also sometimes more important in case of using the accidental thread. The accidental thread is more usable in case of the field where the system is used to be suddenly responsive. In case of deliberate thread the system should be of some particular use. The deliberate thread can make the system more useful to the sequences related to the system (Holt et al., 2015). In most of the organisations like Google, Facebook security is considered as the subject to be given the highest priority. The priority should be given to the things like keeping the public security, making the information more secured with the use of new applications like antivirus and all. Encryption is an important feature that is added to the security feature of most of the organisations (Hopkin, 2017). Sometimes the organisations intentionally use some of the threads to get the information from the public which are also important for the organisation point of view. The organisations use deliberate threads in most of the cases.
4.Explanation of the challenges of VIC government regarding the internal and external risk management
There are many issues regarding the use of the risk management on the basis of the VIC government regulations. The amount of the risks is increasing day by day due to the use of the internet for organisational and individual need (Howard & Beasley, 2017). There are many problems for the VIC government in designing the risk management of the information system. The main problems are in case of using the security methods in various places and networks. There are different rules for different area and networks. To implement the security methods in several networks the organisation has to make a general regulation which is common to all the network system (Howes et al., 2015). For outsourcing the external computers are connected to the main internal computer system and the computers are not sometimes able to transfer the information due to the encryption. To overcome this kind of problems regarding the encryption the security methods are created in such a way that the networking systems can easily use them. The VIC government should first implement the security methods internally and then those can be applied externally. Application of the methods internally is more preferable as the complicacy can be identified first in this case and can be analyzed (Kettl, 2015). The application of these methods leads to the security of the system faster.
5.Difference between the concepts of Risk and Uncertainty
There are many differences between risks and uncertainty. In case of risk the possibility of a future outcome can be predicted but in case of uncertainty the possibility of a future outcome cannot be predicted (Lam, 2014). From this concept it is quite easy to understand that the risk can be managed but the uncertainty cannot be managed and it is uncontrollable. The risks can be defined and measured in terms of quantity by different kinds of analyzing techniques. Uncertainty cannot be measured and quantified. The background of risk is known to us and thus it can be identified previously (Lawrence et al., 2015). The background of the uncertainty is never known to us and it cannot be identified previously.
6.Discussion and evaluation of several methods available to the VIC government for risk management
VIC has made a list of different approaches that acts against the security issues in case of a information system. The information system is one of the most sensitive systems in modern world as it deals with the information of various organisations and the individuals. Thus making that information secured is one of the most prior tasks for the organisations to do. The VIC has made one of the most important and useful guidelines in case of information security (McNeil, Frey & Embrechts, 2015). Those are security management framework, security incident management, security plans, government plans, security risk management, security policies and procedures, business continuity management, security obligations, security training and awareness, information access, contracted service providers, compliance, information value, information management, information sharing, personnel lifecycle, ICT lifecycle and physical lifecycle (Paton et al., 2014). These methods and features contain some particular protocols. In the first method security management framework four protocols are used and those are executive sponsorship of the security management framework which is synchronised with the organisation’s governance arrangements. The security management framework is implemented and appropriately observed in the organisation’s governance arrangements (Poniszewska-Mara?da, 2014). This is also improved and updated to make the security environment more advanced. The next method is security risk management. There is executive sponsorship of security risk management and the risks are recorded in this system. The risks are appropriately observed in this system and also are used to improve and update the risk management environment (Tadeusiewicz & Horzyk, 2014). One of the most important parts of the security management is the policy making and getting the idea about the procedures. Security requirements are implemented, observed and used in the policy and the system (Pritchard & PMP, 2014). The information access and the security obligations also follow the rules regarding the system.
The security obligations are also important in case of the system for opposing the security. The security obligations are embedded into the daily functions and also it observed the organisation’s personnel management regime. The number of security training and awareness is also important for the system security. It is executive sponsorship of security training and awareness program and it also implemented and is observed for increasing the security (Reason, 2016). The uploaded and advanced version of this methods are utilised in the data security. Security incident management, business continuity management are also using the security requirements and the main thing is to implement the security features regarding this. The management system is also upgraded in order to make the security more strong. Contracted service providers, government services and the security plans also follow the regulations according to the system and the system is also very upgraded and observed. Compliance is one of the important features of the security regulations (Renz, 2016). This is an assessment of their application of the Victorian Protective Data Security Standards and report these data security features to the organisation (Ross, Fielding & Louis, 2014). The security of the organisation due to the compliances is also upgraded and the compliances are observed and upgraded by the organisation to get the reports about the security features. The information value of the organisation is the details regarding the system that can be considered as an import measure of the security and privacy related issues of the organisation. It is also observed and updated for better security (Riedlinger & Rea, 2015). The information sharing and information management are two important methods to maintain the data secured. There are three lifecycle that helps the information system to be analysed in secured way. Those are personnel lifecycle, ICT lifecycle and physical lifecycle. These lifecycle methods simply refer to some project management techniques that help to make the information system more secured and strong.
From the above discussion it is concluded that VIC government has made an important rule to overcome several risks. The VIC government has given an important rules and regulations for the risk management of different organisations and information system. From the diagram in the starting of the report, the idea about the risks and security issues can be understood. Then the VIC government has given the idea and outline of the methods that can be used against the risks caused by different risks and the security related issues
Aldunce, P., Beilin, R., Howden, M., & Handmer, J. (2015). Resilience for disaster risk management in a changing climate: Practitioners’ frames and practices. Global Environmental Change, 30, 1-11.
American Diabetes Association. (2016). 8. Cardiovascular disease and risk management. Diabetes care, 39(Supplement 1), S60-S71.
Becken, S., & Hughey, K. F. (2013). Linking tourism into emergency management structures to enhance disaster risk reduction. Tourism Management, 36, 77-85.
Bianco, R. J., Arnoux, P. J., Wagnac, E., Mac-Thiong, J. M., & Aubin, C. ?. (2017). Minimizing pedicle screw pullout risks: a detailed biomechanical analysis of screw design and placement. Clinical spine surgery, 30(3), E226-E232.
Brindley, C. (Ed.). (2017). Supply chain risk. Taylor & Francis.
Chance, D. M., & Brooks, R. (2015). Introduction to derivatives and risk management. Cengage Learning.
Cole, S., Gin?, X., Tobacman, J., Topalova, P., Townsend, R., & Vickery, J. (2013). Barriers to household risk management: Evidence from India. American Economic Journal: Applied Economics, 5(1), 104-135.
Davies, J. C. (2014). Comparing environmental risks: tools for setting government priorities. Routledge.
DeAngelo, H., & Stulz, R. M. (2015). Liquid-claim production, risk management, and bank capital structure: Why high leverage is optimal for banks. Journal of Financial Economics, 116(2), 219-236.
Ferguson, B. C., Brown, R. R., Frantzeskaki, N., de Haan, F. J., & Deletic, A. (2013). The enabling institutional context for integrated water management: Lessons from Melbourne. Water research, 47(20), 7300-7314.
Glendon, A. I., Clarke, S., & McKenna, E. (2016). Human safety and risk management. Crc Press.
Heazle, M., Tangney, P., Burton, P., Howes, M., Grant-Smith, D., Reis, K., & Bosomworth, K. (2013). Mainstreaming climate change adaptation: An incremental approach to disaster risk management in Australia. Environmental Science & Policy, 33, 162-170.
Holt, T. J., Smirnova, O., Chua, Y. T., & Copes, H. (2015). Examining the risk reduction strategies of actors in online criminal markets. Global Crime, 16(2), 81-103.
Hopkin, P. (2017). Fundamentals of risk management: understanding, evaluating and implementing effective risk management. Kogan Page Publishers.
Howard, D. L., & Beasley, L. M. (2017). Pregnant with a perforated levonorgestrel intrauterine system and visible threads at the cervical os. BMJ Case Reports, 2017, bcr-2017.
Howes, M., Tangney, P., Reis, K., Grant-Smith, D., Heazle, M., Bosomworth, K., & Burton, P. (2015). Towards networked governance: improving interagency communication and collaboration for disaster risk management and climate change adaptation in Australia. Journal of Environmental Planning and Management, 58(5), 757-776.
Kettl, D. F. (2015). The job of government: Interweaving public functions and private hands. Public Administration Review, 75(2), 219-229.
Lam, J. (2014). Enterprise risk management: from incentives to controls. John Wiley & Sons.
Lawrence, J., Sullivan, F., Lash, A., Ide, G., Cameron, C., & McGlinchey, L. (2015). Adapting to changing climate risk by local government in New Zealand: institutional practice barriers and enablers. Local Environment, 20(3), 298-320.
McNeil, A. J., Frey, R., & Embrechts, P. (2015). Quantitative risk management: Concepts, techniques and tools. Princeton university press.
Paton, D., Johnston, D., Mamula-Seadon, L., & Kenney, C. M. (2014). Recovery and development: perspectives from New Zealand and Australia. In Disaster and development (pp. 255-272). Springer International Publishing.
Poniszewska-Mara?da, A. (2014). Selected aspects of security mechanisms for cloud computing–current solutions and development perspectives.
Pritchard, C. L., & PMP, P. R. (2014). Risk management: concepts and guidance. CRC Press.
Reason, J. (2016). Managing the risks of organizational accidents. Routledge.
Renz, D. O. (2016). The Jossey-Bass handbook of nonprofit leadership and management. John Wiley & Sons.
Riedlinger, M., & Rea, J. (2015). Discourse ecology and knowledge niches: Negotiating the risks of radiation in online Canadian forums, post-Fukushima. Science, Technology, & Human Values, 40(4), 588-614.
Ross, V. L., Fielding, K. S., & Louis, W. R. (2014). Social trust, risk perceptions and public acceptance of recycled water: Testing a social-psychological model. Journal of environmental management, 137, 61-68.
Tadeusiewicz, R., & Horzyk, A. (2014, November). Man-Machine Interaction Improvement by Means of Automatic Human Personality Identification. In IFIP International Conference on Computer Information Systems and Industrial Management (pp. 278-289). Springer, Berlin, Heidelberg.