Delivery in day(s): 4
ITC596 Risk Management Paper Editing Service
1. Use a diagram (produced by the means of using Rationale, Visio or any other relevant software application of your choice) to illustrate current security risks and concerns considered by the VIC government.
2. Provide the detailed explanation of the diagram and identify the areas of high, medium, medium-low, and low-risk exposure.
Auditor General Office data insecurity: - Victorian Public Sector retains the data of the Auditor general office. This office used to retain the data of all the offices under the Victorian government and has the power to check the financial data of the other entire department. If the hackers manipulate the data then the corruption of the particular department can be hide that would result in hiding of the corruption and people would do more corruption (McCray, 2012).
Public record office data insecurity: - Public records are kept by the Victorian Public sector for implementing the new plans in the society. The new policies are designed on the basis of the plans that are made by the government. If there would be the alteration in the plans that are made by the government that would result in the high risk for the government. There can be altered in the plans and change in the policies that can be occurred if the insecurity by the hackers is observed (McCray, 2012).
Insecurity for Department of Treasury and Finance data: - All the fundsare issued by this department for the projects that are made by the government. Victorian Public sector used to protect this data by the Victorian protective data security framework. If the framework has the possibility of alteration of the data, then there would be a risk of the data copy that can be used for the purpose that is against the Nation as well as Victoria State.
Victoria secretaries Board Info: - The secretary board used to implement the policies that are decided by the government. The secretary office has the important information of the home and other affairs of the state. If this information is leaked and goes with the unsocial groups then that would be not a favourable thing for the government. There can be social wars in the country. There can be the war home wars. It is a great risk that Victorian Public sector is facing and trying hard to secure all the data (Differencebetween.net, 2016).
Department of premier and cabinet data: - Cabinet ministries and the other ministries used to retain the data of the amendment in the law and inaction of the laws. If any law has to be put in the parliament that has to be passed by the government. If the information that is not to be disclosed before the particular date and this information is hacked then that would be the act that can create the risk to the government. Many conspiracies can be created in this case that would not be a good condition for VIC government and Victorian Public sector.
Insecurity of transport and infrastructure data: -The quotations on which the projects would be passed by the government, that data is present in the database of the Victorian Public sector, if this data is hacked by the particular company for the personal benefits then that company can get the particular project. It is not sure that particular company would provide good quality in the work, as the company designed the quotation on the basis of hacked data.
Insecurity of parliamentary committee data: - the Parliamentary committee has the data of the parliament works and other important information management. It has the details of the ministers and high profile officials of the state. If this information is hacked or get leaked then there would be the risk of insecurity in the parliament. There would be the insecurity of any ministers’ life(Loke, et. al., 2016).
Data insecurity of health and security: -The health data of the public of Victoria State is retained with the Victorian Public sector. Data insecurity in this department can be risky for the life of any person. If the information is not by any particular person and that want to take the revenge from a particular person can risk the life of that particular person by the means of health issue information by hacking the information from the database. In this way, it is a risky act for the Victorian Public sector (Differencebetween.net, 2016).
Lower Medium Risk
Business data retained with Victorian Government: -If the data of the business is hacked by the hacker that can be used by the competitor for their own benefits. But this would make the risk of the information that the Victorian Public sector having, that the important non-disclosure data of the company would be disclosed.
Data Insecurity of Managed Insurance Authority: -The data of the insurance can be hacked that is very risky for an individual as anybody can risk the life of any person in demand of insurance repayments (Victoria, 2016).
3. Carry out the comparative analysis of the Deliberate and Accidental Threats and rank those threats in order of importance. Justify your rankings not only on the basis of the case study but also by the means of doing further research and drawing upon other relevant case studies (e.g. Security guidelines for other private and public organizations) that you can identify
Accidental Threat: -
Deliberate Threat: -
Ranking according to importance of different threats
Supervisory Control and Data Acquisition (SCADA) Attacks: -Chemical and different plants are used to be operated by the SCADA, if the database of the particular plant is getting hacked then there can be a threat of explosion or the attack that would create a vast life damage to the people (Victoria, 2016).
Cyber terrorism and Cyber ware: -Cybercrimes are performed by the hackers for their personal benefits that are not really a good condition for Victorian Public Sector as the most important data is retained with this sector.
Alien Software: -In this, the installation of such software is done in the database of theVictorian Public Sector that would create a problem of threat or the deliberate threat for the VIC government.
Data Extract: -For the individual’s benefit of any person the information is get leaked by the particular person of the Victorian Public Sector that can give benefits to that individual but it acts as a threat for the Victorian Public Sector and the Government of the State.
Infect the system with malware: -The person with the bad motive does this in the system of the Victorian Public Sector for gaining the amount that is offered to that individual from the hackers (Rickards, et. al., 2014).
Sell data: -The important information of the Victorian Public Sector is selling by the official of the Victorian Public Sector for the purpose of getting the amount from the hackers.
4. While drawing upon theories, tools and patterns covered on the subject as well as your own research, explain the challenges that the VIC government is going to face while deciding on whether security/risk management should be carried out internally or externally (e.g. via outsourcing).
The Victorian government has the major concerns of the risks, after analysing the risk they need to be managed. The framework that is designed for the security of the data is at risk, so the data is secured through the management, If the outsourcing is done through securing data internally or externally then different challenges and the risks that have to be faced by the VIC government are as follows: -
1. Outsourcing would result in the leakage of the important information of the government that is not being supposed to be leaked.
3. Information confidentiality would be a major risk or the concern that which has to be focused after the outsourcing by the Victorian Public Sector.
4. The important information in the form of knowledge can be passed to those people that can leak information for their advantages and the advantages of the other people
5. The non-clear specification of the contract of the outsourcing would also be the risk for the Victorian Public Sector (Young, et. al., 2012).
It is the concern of the VIC government to conduct the security of data internally or externally. In outsourcing, the data is hired with the outer sources that are the risk for the Victorian Public Sector. This can cause both Accidental Threat and Deliberate Threat for the Victorian Public sector.
In the Internal Data Securing there is the risk of the alteration of the data or theft act of the data that would create the Accidental Threat for the Victorian Public Sector. This is the risk that can create the problem for the VIC government(Khan, et. al., 2014).
5. Explain the difference between the concepts of ‘’Risk’’ and ‘’Uncertainty’’ (make sure that your discussion is linked to the case considered).
6. Discuss and evaluate (with examples) different approaches available to the VIC government for risk control and mitigation.
Security Risk Profile Assessment (SRPA): -In this process, the risk assessment is done on the data that is insecure. It is known that most important data is secured by VIC government like the administrative data and the cabinet data. If this data is pre analysed then that would be helpful in protection of the data of Victorian Public Sector. SRPA evolution helps in making the protective measures that would help in securing the data in an effective manner (Broy, et. al., 2012).
The data that can create the cause and disturbance if at risk is analysed with the SRPA so that there would not be any security risk to that particular data. This would help to make the peace in the Victorian state. The confidentiality of the data of state can be maintained with the help of this method (Victoria, 2016).
Protective Data Security Plan (PDSP): -
It is the method that is used by theVictorian Public Sector for making the plansthat would be helpful in making the security of the data that is retained by the Victorian Public Sector. PDSP would be helpful in making the plans on the uncertainty or the risks of the data of the VIC government. The monitoring of the risk and then the protective measures on such risks would be helpful in protecting the data of the Victorian Public Sector and the VIC government(Broy, et. al., 2012).
For example, SRPA and PDSP are the plans that are made by the Victorian Public Sector for securing the data of the different department for which the Victorian Public Sector is associated. In this way the protective measures taken for the mitigation of risk of the data of Victorian Public Sector.
Broy, M., Cengarle, M. V., & Geisberger, E. (2012). Cyber-physical systems: imminent challenges. In Proceedings of the 17th Monterey conference on Large-Scale Complex IT Systems: development, operation and management (pp. 1-28). Springer-Verlag. Barbosa, J. L. V., Barbosa, D. N. F., & Wagner, A. (2012). Learning in ubiquitous computing environments. International Journal of Information and Communication Technology Education (IJICTE), 8(3), 64-77.
Differencebetween.net. (2016). Difference Between Risk and Uncertainty. [Online] Differencebetween.net, Available at: http://www.differencebetween.net/language/difference-between-risk-and-uncertainty/. [Accessed on: 26, August 2017]
Khan, G. F., Swar, B., & Lee, S. K. (2014). Social media risks and benefits: A public sector perspective. Social Science Computer Review, 32(5), 606-627.
Laegreid, P., & Christensen, T. (Eds.). (2013). Transcending new public management: the transformation of public sector reforms. Ashgate Publishing, Ltd..
McCray, S., 2012. The Top 10 Problems with Outsourcing Implementation (and how to overcome them). [Online] Ssonetwork, Available at: https://www.ssonetwork.com/business-process-outsourcing/articles/the-top-10-problems-with-outsourcing-implementatio. [Accessed on: 26, August 2017]
Rickards, L., Wiseman, J., Edwards, T., & Biggs, C. (2014). The problem of fit: scenario planning and climate change adaptation in the public sector. Environment and Planning C: Government and Policy, 32(4), 641-662.
Victoria. (2016). Victorian Government Risk Management Framework. [Online] Victoria, Available at: file:///C:/Users/Administrator/Downloads/VGRMF-Dec-2016-web-version.pdf. [Accessed on: 26, August 2017]
Victoria. (2016). Victorian Protective Data Security Standards. [Online] Victoria, Available at: http://www.vic.gov.au/news/victorian-protective-data-security-standards.html. [Accessed on: 26, August 2017]
Warburton, J., Moore, M. L., Clune, S. J., & Hodgkin, S. P. (2014). Extrinsic and intrinsic factors impacting on the retention of older rural healthcare workers in the north Victorian public sector: a qualitative study. Rural and Remote Health, 14(3), 2721.
Young, R., Young, M., Jordan, E., & O'Connor, P. (2012). Is strategy being implemented through projects? Contrary evidence from a leader in New Public Management. International Journal of Project Management, 30(8), 887-900.
Loke, P., Koplin, J., Beck, C., Field, M., Dharmage, S. C., Tang, M. L., & Allen, K. J. (2016). Statewide prevalence of school children at risk of anaphylaxis and rate of adrenaline autoinjector activation in Victorian government schools, Australia. Journal of Allergy and Clinical Immunology, 138(2), 529-535.