The report focuses on the information security system of the VIC government that is facing certain information security risks. The issue is important because the confidential information of the Victorian government should be properly protected in order prevent the data breach and the loss of data and information (Healey, 2016). The report discusses the current security risks Victorian government is facing and the area of risk exposure. The problems that Victorian government might face due to its exposure towards the deliberate and the accidental threats are elaborated in the report. Enforcement of a proper data security standard is essential for protection and security of the confidential information of a system. The report discusses the area of high, medium and low risks penetrating in the system. Furthermore, the report contains a diagrammatic representation of the risks, the government is exposed to and their possible causes. The information security system should be efficient enough to prevent the threats from penetrating into the system. The Threats, risks and the risk management plan of the Victorian government is elaborated in the following paragraphs.
Figure 1: Illustration of Current Security Risks and Threats in VIC Government
(Source: Created by the author in MS Visio)
The figure illustrated above depicts a clear picture of the security risks and threats associated with Victorian government. The major security risks associated with the organization is definitely the security threat because of the insider. This is particularly because the insider has a proper knowledge about the security features of the organization and therefore can misuse the information for its own benefit. Apart from this, the threat involved in the system includes storage of data in the cloud storage that indicates major security concerns and privacy issues. Furthermore, the manual record keeping is also an important area of security risks (Cardona et al., 2012). Apart from this the other minor threats or security risks associated with the system is the active monitoring of the database and the cloud storage that requires proper attention. The different areas of risk include, high, medium and low risk exposure are identified and elaborated in the following paragraph.
Areas of risk and the risk exposure are essential to determine in order to determine the impact of the risk (Behl & Behl, 2012). The risks associated with the Victorian government are classified into the areas of high, medium and low risk exposure.
The high-risk area of the Victorian government is definitely the security threat due to insider along with the manual access of the data. This must be taken care of with highest priority in order to control and manage the risk. Proper data security must be implemented in order to eliminate these risks (Haimes, 2015).
The area of medium risk exposure includes the storage of data in the cloud. The cloud storage of data is very simple and easy to use but has certain security concerns associated with the system. The cloud storage is vulnerable to attacks and therefore proper security measures are needed to be implemented in order to manage and control the risk. Proper security measures are to be taken to protect the data confidentiality (Bommer, Crowley & Pinho, 2015).
The area of low risk exposure includes the VIC government database. The accidental threats that are incorporated with the manual record keeping and are erroneous data entry are the primary causes of the risk. This risk can be eliminated by imparting proper training to the users and the database administrator. Therefore, this risk has the lowest priority.
Victorian Government is exposed to mainly two different types of threats: deliberate threat and accidental threat. The details about the deliberate and the accidental threats along with their order of ranking are elaborated in the following paragraphs.
The deliberate threats include those threats that are done intentionally. The different areas of deliberate threats include espionage threats that occur when any unauthorized person try to access the confidential information, Information extortion, which occurs when an attacker threatens to commit a theft for his own benefit, software attack, which includes hacking, denial of service attack or using malicious software to fetch the information (Alcorn, Good & Pain, 2013). The deliberate threats are implied intentionally into a system with an aiming to cause harm to the victims. Victorian government is exposed to a serious deliberate threat, as many opportunists will be benefited with the information stored in the security system. Victorian government should implement proper methods of detecting the deliberate threats and eliminating it from the system as well.
The threats that a system is exposed to mainly due to human error is termed as accidental threat. Accidental threats are unintentional and can be eliminated with proper caution. The number of accidental threats reported in the Victorian Government is huge mainly due to the involvement of untrained employees. An organization is exposed to accidental threats only due to its employees. Outsiders can never be a reason of accidental threats. Accidental threats lead to certain circumstances that causes potential harm to the system in form of disclosure or modification of data due to human error. The effects of accidental threats are therefore very minor and can be eliminated from the system with little labor (Man et al., 2013). Victorian government can eliminate the accidental threats by training their employees regarding the current issues the government is facing.
The deliberate and the accidental threats are ranked on basic of their severity and the negative effect an organization might face. Deliberate threat is more dangerous than accidental threat and therefore it is ranked at number one.
Rank 1: Deliberate Threat: Deliberate threats hold the number one position because the information system of the Victorian government is probable of causing serious damage and data loss to the information security system. Deliberate threats include access of information by hacking into the system or by other malicious acts, which may result in serious data and information loss (Luiijf, 2012). Therefore, this threat is allocated the number one ranking so that Victorian government look into the matter with greater priority and importance and implement necessary actions to eliminate any sort of deliberate risks from the system in order to protect confidential information of the organization.
Rank 2: Accidental Threats: Accidental threats are allotted the second position because effect of these threats can be easily controlled or mitigated (Jouini, Rabai & Aissa, 2014). In Victorian government, the accidental threats are the result of human error and therefore it can be easily controllable.
Risk is unavoidable and therefore, it should be managed with greater priority. A risk is a probability of damage that may occur due to the result of external and internal vulnerabilities. Risk implies future uncertainty and deviation from expected or calculated result. Therefore, an effective risk management plan is essential to eliminate the negative effects of the risk. There are mainly two different processes of risk management, internal risk management and the external risk management. The risk management plan suitable for the Victorian government is discussed in the following paragraphs.
Internal security risk management includes the internal employees of an organization and authorities to come together in resolving a problem and eliminating a risk. This is an effective risk management strategy where the insider of an organization come together to eliminate the risk. Internal risk management helps in elimination of the minor risks associated with a system. Internal risk management does not involve any outsider in the risk management procedure and therefore it is a cost effective solution. In this method, risk is eliminated by properly training the user and researching about the effects and the impact of the risk. This process however, needs involvement of honest employees, as dishonest employees may not suggest an effective solution to the existing problem. One of the major benefits of internal risk management is that, the employees or the insider of the organization gets a clear idea of the risk associated with a system or process and takes necessary measures to eliminate the risk (Poolsappasit, Dewri & Ray, 2012). The minor issues or the risks associated with the Victorian government, which includes the out of date security system, untrained users problem can be resolved effectively using the internal risk management method. .
The risk management strategy, which includes the suggestion of suitable solution from an outsourced staff, is known External risk management. The major issues of an organization that cannot be resolved by internal risk management includes hiring of an experienced external agent who would look into the matter, evaluate and analyzes the risks associated with a system and recommend proper risk management strategy to eliminate those risks. An organization therefore, uses external risk management strategy when the insider cannot identify the risk perpetrating in the organization and the effects of the threat cannot be evaluated (Ali et al., 2014). External risk management however, is subjected to a large amount of capital investment, as the organization will have to pay a considerable amount to the external agent. The major benefit of the external risk management is that, it yields guaranteed result. This is subjected to a proper decision based on the choosing the external agent. An experienced agent is preferred as he will have a more detailed knowledge of the risks and uncertainties, an organization is exposed to. The consultant or the agent will however have the authority to access the important and confidential information associated with the organization in order to evaluate and analyze the risks associated with a system (Rakow, Heard & Newell, 2015).
The information security system of the VIC government is exposed to a number of threats and security risks. The minor security risks associated with the system, which includes the old and out of date security systems can be effectively managed using the internal risk management strategy. However, the deliberate threats and the uncertainties that Victorian government is exposed to might need the involvement of the external risk management. The external consultant can help in evaluating the risks associated with VIC and therefore external risk management can be an effective solution. The risk management strategies suggested by the external consultant might provide a valid solution to the security risks the government is facing at this moment. This is a very important decision and should be taken wisely. Therefore it is suggested that the Victorian government undertake both internal and external security risk management in order to eliminate the security issue and risks associated with the current system.
Risk and uncertainty although appears similar, has varied differences. The contrasting characters of risk and uncertainty is elaborated in the following paragraphs-
Risk associated with and organization implements the vulnerabilities associated with a system or organization. The information system of the Victorian government is exposed to certain risks, which includes the data security threats from an outsider, the loss of data due to security breach and so on. This risk must be handled with highest priority in order to eliminate its negative impacts (Silbey, 2013). The security system of VIC should be sturdy enough to eliminate the information security risks and proper measures should be taken in order to eliminate the risks associated. Different risk management procedures and strategies can be implemented in order to eliminate the information security risks associated with the Victorian government. Risk is controllable and managed and therefore it is less severe than uncertainties that a system is exposed to (Rasmussen, 2013).
Anything whose impact or effects cannot be determined or guessed is termed as uncertainty. Uncertainty is furthermore dangerous than risk, as the effect of uncertainty can never be predicted. Similar is the case with information security of Victorian government. There are certain uncertainties associated with the Victorian government the major one being the unidentified security issues and threats the organization is exposed to. Uncertainties may lead to certain risks, which therefore is needed to be eliminated (Covello et al., 2013).
Risk controlling is necessary to eliminate the negative effects of the threats, and organization is exposed to. Risk mitigation works for reducing the effect of the threat or risk present in an organization. There are certain risk management and mitigation processes that can be considered for eliminating the associated risks. Risk mitigation is important mainly when the risk avoidance is not possible. Identification and analyzing of the risk is very essential in order to manage, control and mitigate the risk. Risk identification and ranking according to their adverse effects is necessary for an effective risk management and mitigation. The external as well as the risk management procedure can help the government in successful risk control and risk mitigation. The different strategies that Victorian government can consider in risk controlling and mitigation are elaborated in the following paragraphs-
Risk transfer is an important risk mitigation approach in which the negative effect of the risk is transferred to an external stakeholder who is willing to take the responsibility of the negative effects of the risk. Risk transfer is a secondary option of risk control and mitigation (Webster, 2016).
Risk control contains different strategies of risk management, which is chosen after evaluating the different risk criteria and order of their impact. Risk control is generally done after the risk is identified into the system and a proper strategy of risk management is chosen (Abdul-Rahman, Mohd-Rahim & Chen, 2012). Risk control generally aims at decreasing the negative impact of the risks associated with the system.
An effective mitigation approach is risk avoidance. Risk can be avoided when the effect of the risk is minor and does not cause any serious harm to the organization.
After implementing a proper risk management strategy, monitoring of the risk is also essential. This is necessary to prevent exposure to any new risks in the information system and also evaluating the success percentage of the risk management strategy applied. Monitoring of risk is therefore one of the most important risk mitigation technique (McNeil, Frey & Embrechts, 2015).
Conclusion
Therefore, from the above discussion, it can be concluded that the information security risks, Victorian government should be immediately acknowledged and eliminated from the system. Proper risk management strategy must be implemented in order to eliminate the risk associated with the system. Prior to that, the risks associated with the system must be identified and segregated on basis of the effects it may have on the system. The information security system of the Victorian government is exposed to certain vulnerabilities, which must be eliminated in order protect the confidential information and data of the system. The report discusses the deliberate and the accidental threats, Victorian government is exposed to and their necessary solution. The risks associated with the information system can be managed by taking a expert advice and suggestion about different risk management strategies. The report further discusses different approaches of risk mitigation and control that Victorian government can undertake in order to eliminate the risk. The report also illustrates the security threats and security risks associated with the Victorian government with the help of a diagram.
References
Abdul-Rahman, H., Mohd-Rahim, F. A., & Chen, W. (2012). Reducing failures in software development projects: effectiveness of risk mitigation strategies. Journal of Risk Research, 15(4), 417-433.
Alcorn, A.M., Good, J. and Pain, H., (2013, July). Deliberate system-side errors as a potential pedagogic strategy for exploratory virtual learning environments. In International Conference on Artificial Intelligence in Education (pp. 483-492). Springer Berlin Heidelberg
Ali, E., Denis, A. F., Kujur, F. E., & Chaudhary, M. (2014). Risk Management Strategies for Accidental Risk Occurrence on Construction Sites–A Case Study of Allahabad. Journal of Academia and Industrial Research (JAIR),3(2), 89.
Behl, A., & Behl, K. (2012, October). An analysis of cloud computing security issues. In Information and Communication Technologies (WICT), 2012 World Congress on (pp. 109-114). IEEE.
Bommer, J. J., Crowley, H., & Pinho, R. (2015). A risk-mitigation approach to the management of induced seismicity. Journal of Seismology, 19(2), 623-646.
Cardona, O. D., van Aalst, M. K., Birkmann, J., Fordham, M., McGregor, G., & Mechler, R. (2012). Determinants of risk: exposure and vulnerability.
Covello, V. T., Lave, L. B., Moghissi, A. A., & Uppuluri, V. R. R. (Eds.). (2013). Uncertainty in risk assessment, risk management, and decision making (Vol. 4). Springer Science & Business Media.
Haimes, Y. Y. (2015). Risk modeling, assessment, and management. John Wiley & Sons.
Healey, A. N. (2016). The insider threat to nuclear safety and security. Security Journal, 29(1), 23-38.
Jouini, M., Rabai, L. B. A., & Aissa, A. B. (2014). Classification of security threats in information systems. Procedia Computer Science, 32, 489-496.
Lam, J. (2014). Enterprise risk management: from incentives to controls. John Wiley & Sons.
Luiijf, E. (2012). Understanding cyber threats and vulnerabilities. In Critical Infrastructure Protection (pp. 52-67). Springer Berlin Heidelberg.
Mans, R. S., van der Aalst, W. M., Vanwersch, R. J., & Moleman, A. J. (2013). Process mining in healthcare: Data challenges when answering frequently posed questions. In Process Support and Knowledge Representation in Health Care (pp. 140-153). Springer Berlin Heidelberg.
McNeil, A. J., Frey, R., & Embrechts, P. (2015). Quantitative risk management: Concepts, techniques and tools. Princeton university press.
Poolsappasit, N., Dewri, R., & Ray, I. (2012). Dynamic security risk management using bayesian attack graphs. IEEE Transactions on Dependable and Secure Computing, 9(1), 61-74.
Rakow, T., Heard, C. L., & Newell, B. R. (2015). Meeting Three Challenges in Risk Communication Phenomena, Numbers, and Emotions. Policy Insights from the Behavioral and Brain Sciences, 2(1), 147-156.
Rasmussen, S. (2013). Risk and uncertainty. In Production Economics (pp. 163-180). Springer Berlin Heidelberg.
Silbey, S. S. (2013). Organizational Challenges to Regulatory Enforcement and Compliance A New Common Sense about Regulation. The Annals of the American Academy of Political and Social Science, 649(1), 6-20.
Webster, L. R. (2016). Risk Mitigation Strategies. In Controlled Substance Management in Chronic Pain (pp. 163-180). Springer International Publishing
Essay Writing Service Features
Our Experience
No matter how complex your assignment is, we can find the right professional for your specific task. Contact Essay is an essay writing company that hires only the smartest minds to help you with your projects. Our expertise allows us to provide students with high-quality academic writing, editing & proofreading services.
Free Features
Free revision policy
$10Free bibliography & reference
$8Free title page
$8Free formatting
$8How Our Essay Writing Service Works
First, you will need to complete an order form. It's not difficult but, in case there is anything you find not to be clear, you may always call us so that we can guide you through it. On the order form, you will need to include some basic information concerning your order: subject, topic, number of pages, etc. We also encourage our clients to upload any relevant information or sources that will help.
Complete the order form
Once we have all the information and instructions that we need, we select the most suitable writer for your assignment. While everything seems to be clear, the writer, who has complete knowledge of the subject, may need clarification from you. It is at that point that you would receive a call or email from us.
Writer’s assignment
As soon as the writer has finished, it will be delivered both to the website and to your email address so that you will not miss it. If your deadline is close at hand, we will place a call to you to make sure that you receive the paper on time.
Completing the order and download