1.
The government of VIC has some objective for securing the public and private data which is in digital information form. These objectives they try to achieve with Privacy and Data Protection Act 2014. These objectives have some hierarchy in the defined security objective which are given in the boxes in the above diagram.
The objectives were obtained from the VIC Government Information Security Guidelines in Part One – Introduction, Page 12.
It is important for us to understand that every threat and risk can arise in any of area either private data or public data.
In this case study, public data is taken as information (for security).
For an Example – Use of pirate software can change security concern for CIA Model i.e. Confidentiality, Integrity and Availability.
Risk Assessment – To identify the high, medium and low risk factors for the VIC Government, I analysed that it can be on the basis of total number of security matters affected by some particular threat.
Below given threats are according to the VIC Government mentioned in the document-
According to VIC government VMIA-Practice Guide we must define the objective to determine the risk. One can consider the objective in HIGH, MEDIUM and LOW context for future perspective.
HIGH – It is a threat which occurs very frequently and higher degree of effect like Web Site Intrusion. Being a government organization VIC faces some similar issues with very high effects for the loss of information (public data). I have listed down threats which are of high risk category.
MEDIUM – Threat in this risk category can have major, moderate, minor or extreme effect with probability of occasional, remote, probable or frequent like programming errors. Because error in coding can cause major effect on the output in the form of security risk and can result in loss of business information or any kind of information depends upon agency. I have mentioned below categories of medium risk can happen. Each given threat is related to VIC government Data Security Framework for Security Obligations Governance.
MEDIUM LOW – It is about accessing information without authorization. If any agency stored its user’s data in any form either excel or in SQL that only the authorized person within the organization can access this information.
LOW – If any of employee within the organization uses pirate software then some issues can occur occasionally. In VMIA Practice Guide they talked about the user’s detail for some sale purchase data. So, in this case employee of the agency may not be able to properly access the data as some threat effect it. Some other natural hazards also come under the category of Low Risk category which are mentioned below –
3. With the help of Given CIA security concern in VIC Government’s VICTORIAN PROTECTIVE DATA SECURITY FRAMEWORK, I have tried to make some comparative analysis of deliberate and accidental threats. The common threats which have very high risk exposure for both type deliberate and accidental threats are mentioned below –
Based on the given task next threat category will be the medium risk exposure for deliberate and accidental threats’
Looking at Enisa’s top 15 threats of 2015, the medium-risk threats are ranked accordingly (Marinos, 2015).
The final threat category is the low risk exposure for deliberate and accidental threats.
Some of low risk threats has common theme for all type of threats. So, this would rank higher to lower risk threat.
For the support of protection for information, assets with people with sound work force security practices were developed by the Australian Government personnel security guidelines – Agency personnel security responsibilities. So, in this guideline provide some advice to help in their application of control identification Australian Government personnel security protocol. Few of the guidelines covers are given below –
4. VIC government made by many agencies and each agency required to ensure that it act according to the VIC government information security policy. Every department and agency very based on staff size and its business complexities which is one of the challenge to decide how they can manage risk/security either internally or externally.
According to the VPDSF Framework June 2016 v1.0 security/risk management should be carried out internally by the agency.
Each organization must have complete control over establishing, implementing and maintain security policies and procedures proportionate to their size, resources and risk posture. Some challenges that VIC government may face are mentioned below:
If the internal staff try to calculate error with the safety of the complete IT systems and Networks also then there is no financial complex action when the event receives. Managing security/risk internally is itself a risk as no other backup management will be there. So, managing the security/risk internally also represent a contradiction with the real user error.
In this case VIC Government choose to manage its security/risk internally, so it will focus on the following issues:
5. “Risk is an uncertain event or condition that, if it occurs, has a positive or negative effect on one or more project objective such as scope, schedule, cost, and quality.” PMBOK Guide Fifth edition.
So, basically risk is a condition which is unplanned event and in any case if it occurs it can affect any part of the organization/agency. Which can convert into loss of valuable information. In some documents risk is divided into two types – positive risk and negative risk. Is risk directly affects your information then it is positive risk and if it affects information in some negative sense than it is negative risk. A future event is made for known risk and organization use some future reserve to manage these risks.
Public Data stored on a server is down temporary because of electricity supply issue, so if organization plan for UPS to avoid this risk.
Where uncertainty is lack of planning, resources etc. It is about the not having certainty in some flow of managing risk/security because of frequent changes done in the system which was designed for security of information of an organization. So, the output of uncertainty is also not known and cannot be measured. In case if do not keep track of security threats in past than we cannot guess what is most common threat we will receive in future very soon and cannot protect our information as well.
According to given in VPDSF Framework one must ensure about the organization threats which were identified in past, risk through business decision while applying security controls to prevent the information (public sector data) so uncertainty and risk can be avoided easily.
6. According to VPDSF Framework there are two main result in which the PDPA that support a planned, considered and risk-based approach which can be protective to data security:
Security Risk Profile Assessment (SRPA): It is the process of assessment of the information which is public sector organization’s protective data security risks
Protective Data Security Plan (PDSP): This is main as it is a plan of action to identify and recover protective data security of the organisation which also include the mitigation of identified risks.
The basic element of a standard risk management processes are Security Risk Profile Assessment and Protective Data Security Plan. The assessment of the organization’s over protective information security risk is taken care by SRPA and on the same time informed to the PDSP for the treatment action.
The assurance activities/action plans to CPDP by the public data contained in SPPAs and PDSPs.
To meet the security risk and mitigation concern with VPDSS 2 and 11, CPDP which encourages each organization to start developing a SRPA and PDSP which is drawing on the organization’s internal risk management issues and business planning processes particularly:
References
David Watts (2016, June). Victorian Protective Data Security Framework. Retrieved from https://www.cpdp.vic.gov.au/images/content/pdf/data_security/20160628%20VPDSF%20Framework%20June%202016%20v1.0.pdf
Australian Government (2016, December). Agency Personal Security Responsibilities. Retrieved from https://www.protectivesecurity.gov.au/personnelsecurity/Pages/Agencypersonnelsecurityresponsibilitiesguidelines.aspx
ENISA threat landscape 2015. Retrieved from www.ensia.europa.eu
Victorian Government Risk Management Framework PRACTICE GUIDE. (2016, February).
Essay Writing Service Features
Our Experience
No matter how complex your assignment is, we can find the right professional for your specific task. Contact Essay is an essay writing company that hires only the smartest minds to help you with your projects. Our expertise allows us to provide students with high-quality academic writing, editing & proofreading services.
Free Features
Free revision policy
$10Free bibliography & reference
$8Free title page
$8Free formatting
$8How Our Essay Writing Service Works
First, you will need to complete an order form. It's not difficult but, in case there is anything you find not to be clear, you may always call us so that we can guide you through it. On the order form, you will need to include some basic information concerning your order: subject, topic, number of pages, etc. We also encourage our clients to upload any relevant information or sources that will help.
Complete the order form
Once we have all the information and instructions that we need, we select the most suitable writer for your assignment. While everything seems to be clear, the writer, who has complete knowledge of the subject, may need clarification from you. It is at that point that you would receive a call or email from us.
Writer’s assignment
As soon as the writer has finished, it will be delivered both to the website and to your email address so that you will not miss it. If your deadline is close at hand, we will place a call to you to make sure that you receive the paper on time.
Completing the order and download