ITC596 Risk Management Assignment Help

ITC596 Risk Management Assignment Help

ITC596 Risk Management Assignment Help

1. Use a diagram (produced by the means of using Rationale, Visio or any other relevant software application of your choice) to illustrate current security risks and concerns considered by the VIC government.

software application

2. Provide the detailed explanation of the diagram and identify the areas of high, medium, medium-low, and low-risk exposure.

High Risk

Auditor General Office data insecurity: - Victorian Public Sector retains the data of the Auditor general office. This office used to retain the data of all the offices under the Victorian government and has the power to check the financial data of the other entire department. If the hackers manipulate the data then the corruption of the particular department can be hide that would result in hiding of the corruption and people would do more corruption (McCray, 2012).

Public record office data insecurity: - Public records are kept by the Victorian Public sector for implementing the new plans in the society. The new policies are designed on the basis of the plans that are made by the government. If there would be the alteration in the plans that are made by the government that would result in the high risk for the government. There can be altered in the plans and change in the policies that can be occurred if the insecurity by the hackers is observed (McCray, 2012).

Insecurity for Department of Treasury and Finance data: - All the fundsare issued by this department for the projects that are made by the government. Victorian Public sector used to protect this data by the Victorian protective data security framework. If the framework has the possibility of alteration of the data, then there would be a risk of the data copy that can be used for the purpose that is against the Nation as well as Victoria State. 

Victoria secretaries Board Info: - The secretary board used to implement the policies that are decided by the government. The secretary office has the important information of the home and other affairs of the state. If this information is leaked and goes with the unsocial groups then that would be not a favourable thing for the government. There can be social wars in the country. There can be the war home wars. It is a great risk that Victorian Public sector is facing and trying hard to secure all the data (Differencebetween.net, 2016).

Medium Risk

Department of premier and cabinet data: - Cabinet ministries and the other ministries used to retain the data of the amendment in the law and inaction of the laws. If any law has to be put in the parliament that has to be passed by the government. If the information that is not to be disclosed before the particular date and this information is hacked then that would be the act that can create the risk to the government. Many conspiracies can be created in this case that would not be a good condition for VIC government and Victorian Public sector.

Insecurity of transport and infrastructure data: -The quotations on which the projects would be passed by the government, that data is present in the database of the Victorian Public sector, if this data is hacked by the particular company for the personal benefits then that company can get the particular project. It is not sure that particular company would provide good quality in the work, as the company designed the quotation on the basis of hacked data.

Insecurity of parliamentary committee data: - the Parliamentary committee has the data of the parliament works and other important information management. It has the details of the ministers and high profile officials of the state. If this information is hacked or get leaked then there would be the risk of insecurity in the parliament. There would be the insecurity of any ministers’ life(Loke, et. al., 2016).

Data insecurity of health and security: -The health data of the public of Victoria State is retained with the Victorian Public sector. Data insecurity in this department can be risky for the life of any person. If the information is not by any particular person and that want to take the revenge from a particular person can risk the life of that particular person by the means of health issue information by hacking the information from the database. In this way, it is a risky act for the Victorian Public sector (Differencebetween.net, 2016).

Lower Medium Risk

Business data retained with Victorian Government: -If the data of the business is hacked by the hacker that can be used by the competitor for their own benefits. But this would make the risk of the information that the Victorian Public sector having, that the important non-disclosure data of the company would be disclosed.

Low Risk

Data Insecurity of Managed Insurance Authority: -The data of the insurance can be hacked that is very risky for an individual as anybody can risk the life of any person in demand of insurance repayments (Victoria, 2016).

3. Carry out the comparative analysis of the Deliberate and Accidental Threats and rank those threats in order of importance. Justify your rankings not only on the basis of the case study but also by the means of doing further research and drawing upon other relevant case studies (e.g. Security guidelines for other private and public organizations) that you can identify

Accidental Threat: -

  • It is the threat that used to takes place because of the carelessness and negligence that occurred by mistake or the different means.

 

 

  • Prior access to the data is there, after that the threat used to created(Rickards, et. al., 2014).

 

  • Involvement of the employee of the organisation is seen in this threat.

 

Deliberate Threat: -

  • Espionage or trespass is the act that is done by the information hackers for the personal interests or the interest of any individual that used to hire the hacker for the personal reason of the hacking.
  • The person that is involved in the hacking is not from the organisation that belongs to out of the organisation.
  • Involvement of the person of the organisation is not there in the hacking after which this threat is possible.

Ranking according to importance of different threats

Deliberate Threat

Supervisory Control and Data Acquisition (SCADA) Attacks: -Chemical and different plants are used to be operated by the SCADA, if the database of the particular plant is getting hacked then there can be a threat of explosion or the attack that would create a vast life damage to the people (Victoria, 2016).

Cyber terrorism and Cyber ware: -Cybercrimes are performed by the hackers for their personal benefits that are not really a good condition for Victorian Public Sector as the most important data is retained with this sector.

Alien Software: -In this, the installation of such software is done in the database of theVictorian Public Sector that would create a problem of threat or the deliberate threat for the VIC government.

Accidental Threat

Data Extract: -For the individual’s benefit of any person the information is get leaked by the particular person of the Victorian Public Sector that can give benefits to that individual but it acts as a threat for the Victorian Public Sector and the Government of the State.

 Infect the system with malware: -The person with the bad motive does this in the system of the Victorian Public Sector for gaining the amount that is offered to that individual from the hackers (Rickards, et. al., 2014)

Sell data: -The important information of the Victorian Public Sector is selling by the official of the Victorian Public Sector for the purpose of getting the amount from the hackers. 

4. While drawing upon theories, tools and patterns covered on the subject as well as your own research, explain the challenges that the VIC government is going to face while deciding on whether security/risk management should be carried out internally or externally (e.g. via outsourcing).

The Victorian government has the major concerns of the risks, after analysing the risk they need to be managed. The framework that is designed for the security of the data is at risk, so the data is secured through the management, If the outsourcing is done through securing data internally or externally then different challenges and the risks that have to be faced by the VIC government are as follows: -

1. Outsourcing would result in the leakage of the important information of the government that is not being supposed to be leaked.
2. It would affect the privacy policy of Victorian Public Sector(Young, et. al., 2012).
3. Information confidentiality would be a major risk or the concern that which has to be focused after the outsourcing by the Victorian Public Sector.
4. The important information in the form of knowledge can be passed to those people that can leak information for their advantages and the advantages of the other people
5. The non-clear specification of the contract of the outsourcing would also be the risk for the Victorian Public Sector (Young, et. al., 2012).

It is the concern of the VIC government to conduct the security of data internally or externally. In outsourcing, the data is hired with the outer sources that are the risk for the Victorian Public Sector. This can cause both Accidental Threat and Deliberate Threat for the Victorian Public sector.

In the Internal Data Securing there is the risk of the alteration of the data or theft act of the data that would create the Accidental Threat for the Victorian Public Sector. This is the risk that can create the problem for the VIC government(Khan, et. al., 2014).

5. Explain the difference between the concepts of ‘’Risk’’ and ‘’Uncertainty’’ (make sure that your discussion is linked to the case considered).

Risk

Uncertainty

  • The important data is at the risk because the framework that is designed at the risk(Laegreid & Christensen, 2013).

 

  • It is the condition in which the things that are involved in the data protection can be uncertain as the data can be hacked anytime by the hackers.
  • There are the confined results that can be opted out if the data is hacked so the plans for the protective measures can be made.

 

  • It is unknown that the happening that can take place that would because of the data insecurity (Laegreid & Christensen, 2013).

 

  • The risk can be controlled from the external as well as the external source.

 

  • It can’t be controlled as this is unknown for the Victorian Public Sector (Khan, et. al., 2014).

 

  • The quantification of the risks can be done that would be helpful for securing the data.

 

  • There is the uncertainty in the data that can be hacked from the Victorian Public Sector. It can’t be analysed(Warburton, et. al., 2014).
  • The protective measures can be taken on the risks by the Victorian Public Sector for the data protection of the VIC government (Victoria, 2016).

 

  • The protective measures would be taken only if there is the known of uncertainty act.

 

  • Data Protection Act, 2014 can act that defines the protective measures for the data insecurities for the Victorian Public Sector
  • It is non-analysed therefore no laws are there that gives the protective measures specifications(Warburton, et. al., 2014).

6. Discuss and evaluate (with examples) different approaches available to the VIC government for risk control and mitigation.

Security Risk Profile Assessment (SRPA): -In this process, the risk assessment is done on the data that is insecure. It is known that most important data is secured by VIC government like the administrative data and the cabinet data. If this data is pre analysed then that would be helpful in protection of the data of Victorian Public Sector. SRPA evolution helps in making the protective measures that would help in securing the data in an effective manner (Broy, et. al., 2012).

The data that can create the cause and disturbance if at risk is analysed with the SRPA so that there would not be any security risk to that particular data. This would help to make the peace in the Victorian state. The confidentiality of the data of state can be maintained with the help of this method (Victoria, 2016).

Protective Data Security Plan (PDSP): -

It is the method that is used by theVictorian Public Sector for making the plansthat would be helpful in making the security of the data that is retained by the Victorian Public Sector. PDSP would be helpful in making the plans on the uncertainty or the risks of the data of the VIC government. The monitoring of the risk and then the protective measures on such risks would be helpful in protecting the data of the Victorian Public Sector and the VIC government(Broy, et. al., 2012).

For example, SRPA and PDSP are the plans that are made by the Victorian Public Sector for securing the data of the different department for which the Victorian Public Sector is associated. In this way the protective measures taken for the mitigation of risk of the data of Victorian Public Sector. 

References

Broy, M., Cengarle, M. V., & Geisberger, E. (2012). Cyber-physical systems: imminent challenges. In Proceedings of the 17th Monterey conference on Large-Scale Complex IT Systems: development, operation and management (pp. 1-28). Springer-Verlag. Barbosa, J. L. V., Barbosa, D. N. F., & Wagner, A. (2012). Learning in ubiquitous computing environments. International Journal of Information and Communication Technology Education (IJICTE), 8(3), 64-77.

Differencebetween.net. (2016). Difference Between Risk and Uncertainty. [Online] Differencebetween.net, Available at: http://www.differencebetween.net/language/difference-between-risk-and-uncertainty/. [Accessed on: 26, August 2017]

Khan, G. F., Swar, B., & Lee, S. K. (2014). Social media risks and benefits: A public sector perspective. Social Science Computer Review, 32(5), 606-627.

Laegreid, P., & Christensen, T. (Eds.). (2013). Transcending new public management: the transformation of public sector reforms. Ashgate Publishing, Ltd..

McCray, S., 2012. The Top 10 Problems with Outsourcing Implementation (and how to overcome them). [Online] Ssonetwork, Available at: https://www.ssonetwork.com/business-process-outsourcing/articles/the-top-10-problems-with-outsourcing-implementatio. [Accessed on: 26, August 2017]

Rickards, L., Wiseman, J., Edwards, T., & Biggs, C. (2014). The problem of fit: scenario planning and climate change adaptation in the public sector. Environment and Planning C: Government and Policy, 32(4), 641-662.

Victoria. (2016). Victorian Government Risk Management Framework. [Online] Victoria, Available at: file:///C:/Users/Administrator/Downloads/VGRMF-Dec-2016-web-version.pdf. [Accessed on: 26, August 2017]

Victoria. (2016). Victorian Protective Data Security Standards. [Online] Victoria, Available at: http://www.vic.gov.au/news/victorian-protective-data-security-standards.html. [Accessed on: 26, August 2017]

Warburton, J., Moore, M. L., Clune, S. J., & Hodgkin, S. P. (2014). Extrinsic and intrinsic factors impacting on the retention of older rural healthcare workers in the north Victorian public sector: a qualitative study. Rural and Remote Health, 14(3), 2721.

Young, R., Young, M., Jordan, E., & O'Connor, P. (2012). Is strategy being implemented through projects? Contrary evidence from a leader in New Public Management. International Journal of Project Management, 30(8), 887-900.

Loke, P., Koplin, J., Beck, C., Field, M., Dharmage, S. C., Tang, M. L., & Allen, K. J. (2016). Statewide prevalence of school children at risk of anaphylaxis and rate of adrenaline autoinjector activation in Victorian government schools, Australia. Journal of Allergy and Clinical Immunology, 138(2), 529-535.