Discuss about the IS Security and Risk Management for Technology Sydney.
University of Technology or UTS’s started its operations in the 1870s but the current form of the University was formed in the year of 1988. UTS is an public research University which is situated in Sydney, Australia. This University is considered to be one of the leading young University of Australia. Under the rank of 50 this university is ranked 1st in Australia and 8th in the world. This report mainly discusses about the services that are provided by UTS and how the IS is associated with supporting the various business operations of the organization (uts.edu.au, 2018). This report also discusses about the GMC o the general management control used by UTS so as to manage the various risks. The application control for information system, comparisons between the GMC and Ac or application control has also been done in this report. The report also highlights the risk management techniques that has been adopted by UTS.
UTS or University of technology Sydney is associated with providing of various services so as to enhance the learning process along with health and well-being of all the UTS students. The services provided by UTS are discussed below:
Along with this there also exists other services like the Multi-faith Chaplaincy, Careers Service, and Counselling.
The IS or Information System of UTS provides support to all the ongoing processes especially the teaching processes. The main aim of Information system of the university is to create an integrated system which would be aimed at computerizing all the processes of the university and this mainly makes use of the university registers, general classification (Laudon & Laudon, 2016). This helps the users by assisting them in avoiding the interpretation of the same data in different ways. The IS helps the university in storing all the information’s at a centralized database which helps in avoiding the problem of data duplication. Firstly the information is gathered and then put the database and then it is managed (Arvidsson, Holmström & Lyytinen, 2014).
GMCs or general management control system is the framework that is established for the purpose of guiding the various operations of the University provide various services to the peoples associated with the university. By making use of the GMCs the UTS is capable of identifying various types of risks so as to achieve the main objectives and perform the necessary things which is needed to manage the risks. (Ter Bogt & Scapens, 2012). The major components included in the GMCs of UTS are strategic planning, operational planning, monitoring and control, functional threading and lastly providing motivation, rewards and recognition. This management system is associated with controlling of the information system of the University and this mainly includes the controlling of the data centers of UTS, system software acquisition and maintenance, security access, along with application and maintenance (Kallio & Kallio, 2014). The GMC is generally used by UTS so as to support the various functionalities of the application control or AI. Some of the major features of the GMC of UTS includes the following:
The GMC system of the university consists of some practices which are generally designed for the purpose of maintaining the integrity and availability of various information processing functions of the university, the networks as well as the associated application systems (Rainer et al., 2013).. The GMCs of the university consists of the following:
The university has adopted certain ways for the purpose of managing the risks the risk management techniques adopted by the university has been discussed below with respect to an event when the Nursing academy at the university were being stretched to breaking points as they have to work for 50 hours a week with more than 20 contact hours.
This is generally done by the university by asking themselves about the possibilities by which the delivery of objectives might get hampered and by what means this can happen. The risks are recorded by the university in a clear and precise way which helps in describing the various events as well as the root causes of the problem. Thin in turn helps in effective mitigation, audit and assessment of the risks (McNeil, Frey & Embrechts, 2015). (Haimes, 2015). By this practice they are capable of achieving the strategic priorities, operational objectives and operation health. For each identified risks a risk owner is assigned and this owner is responsible for overseeing any kind of management of the risks and provide the periodical report. The main identified reason for this risk is due to the shifting of the teaching load to fewer staffs so as to free the other employees for the research purpose. It was also denied by the university that their staffs were carrying unsustainable workloads.
The risk assessment of UTS includes a clear and decisive consideration regarding the impacts severity along with its likelihood. This in turn supports the risk prioritization which is associated with turning of the risk controls and allocation of the resources (McNeil, Frey & Embrechts, 2015). (Haimes, 2015). The risk assessment matrix of the University helps in recording and communicating the risks which are derived from the evidence based assessments. The assessment also helps the university in understanding the risk escalation. The staffs were excessive workload so around 15 of employees submitted a written complaint. The complaint mainly stated that they were having lots of stress and ill health.
UTS puts the countermeasures in place so as to mitigate the risks that are recorded. The mitigation actions of UTS is clear and concise which are agreed and updated at a regular basis. After identification of the countermeasures the risk assessment is applied for the second time. If any type of residual risk remains which seems to be critical on the local risk register, then the university considers this to be an escalation in the Corporate Risk Register. Certain changes were made regarding the workplace policies and new changes were done so as to eliminate the workloads.
This is done by the university so as to determine if any type of additional risks exists or not and what are the additional actions which would be required for the purpose of reducing the impacts of the risks or the likelihood of reoccurrence of the risks. By this technique the University identifies the risks which are not adequately mitigated. And if it is found that some risks are still significant and critical then an additional column is added to the risk register.
The AC of the university consists of mechanism which is placed over different separate computer system so as to make sure the data authorization is processed completely and accurately. They have been designed so as to make the university capable of preventing, detecting and correcting the errors and the irregularities (Covello, Menkes & Mumpower, 2012). This happens due to the fact that flow of all the transactions takes place through the business system of the university. Application control of the university makes it sure that all the transactions and programs are secured and along with the system generally resumes sometimes later after the interruption in the business has occurred. Along with this all the transactions of the university is corrected and accounted for whenever any kind of error occurs and also this system helps the university in processing the data in an efficient manner (Vijayakumar & Nagaraja, 2012).
Risk management generally refers to the process of identifying, assessing and controlling the threats that an organization faces regarding its capital and earnings. And this threats or risks are capable of stemming a wide variety of sources which might include the uncertainty regarding financial matters, liabilities regarding legal issues, errors in the strategic management system and many more (Camacho & Bordons, 2012)
Application control of the university is associated with the specific control over each computerized applications whereas the general management control is associated with management of the risks by establishing of designs and makes use of the computerized programs throughout the organization.
Major things which must be anticipated by risk management includes the following:
University of technology Sydney has adopted a certain risk management methodology which includes the following steps:
|
Information Asset |
Criterion 1: Impact to Revenue |
Criterion 2: Impact to Profitability |
Criterion 3: Impact to public image |
Weighted score |
|
Criteria weights out of 100 |
45 |
60 |
55 |
|
|
EDI document set 1-logistics BOL to outsourcer |
0.9 |
0.7 |
0.6 |
75 |
|
EDI document set 2-Supplier orders |
0.7 |
0.8 |
0.8 |
78 |
|
EDI document set 2-Supplier Fulfillment advice |
0.5 |
0.6 |
0.2 |
41 |
|
Customer order via SSL |
1.0 |
1.0 |
1.0 |
100 |
|
Customer service request via e-mail |
0.3 |
0.6 |
0.8 |
55 |
|
Asset |
Asset relative value |
vulnerability |
Loss frequency |
Loss magnitude |
|
Customer service request via e-mail (inbound) |
55 |
E-mail disruption due to hardware failure |
0.2 |
11 |
|
customer order via SSL (Inbound) |
100 |
Lost orders due to web server hardware failure |
0.1 |
10 |
|
Customer order via SSL (inbound) |
100 |
Lost orders due to web server or ISP service failure |
0.1 |
10 |
|
Customer service request via e-mail (inbound) |
55 |
E-mail disruption due to SMTP mail relay attack |
0.1 |
5.5 |
|
Customer service request via e-mail (inbound) |
55 |
E-mail disruption due to ISP service failure |
0.1 |
5.5 |
|
Customer order via SSL (inbound) |
100 |
Lost orders due to web server denial-of-service attack |
0.025 |
2.5 |
The audit plan of UTS includes the improvement of the effectiveness of the campus governance, management of the risks and control over various processes. Along with this the plan would also assist the leaders of the University in discharging their oversight, management and responsibilities related to their various operations. It also assists the managers in addressing various financial operational and compliance risks of the university and help them in taking informed risk acceptance decisions. The plan also helps in leveraging and supporting the efforts of the campus so as to identify evaluate and mitigate the various risks. A support to the management restructuring and the strategies for the budget is also provided by this plan. The plan also supports the evaluation of the System wide Compliance Program. This plan also helps the university in meeting up all the challenges so as to enhance the value of the Internal Audit program.
The University of Technology has adopted certain IS which helps each and every individuals associated with this university. They are also associated with providing of several services for their students and staffs which makes achieve success in various fields. Along with this there also exists General Management control for the purpose of dealing with various types of risks. Along with the GMCs there are also certain risk management strategies which has been adopted by the university. There also exists application control which helps the university in its different processes.
References:
Arvidsson, V., Holmström, J., & Lyytinen, K. (2014). Information systems use as strategy practice: A multi-dimensional view of strategic information system implementation and use. The Journal of Strategic Information Systems, 23(1), 45-61.
Camacho, E. F., & Bordons, C. A. (2012). Model predictive control in the process industry. Springer Science & Business Media.
Covello, V. T., Menkes, J., & Mumpower, J. L. (Eds.). (2012). Risk evaluation and management (Vol. 1). Springer Science & Business Media.
Haimes, Y. Y. (2015). Risk modeling, assessment, and management. John Wiley & Sons.
Janvrin, D. J., Payne, E. A., Byrnes, P., Schneider, G. P., & Curtis, M. B. (2012). The updated COSO Internal Control—Integrated Framework: Recommendations and opportunities for future research. Journal of Information Systems, 26(2), 189-213.
Kallio, K. M., & Kallio, T. J. (2014). Management-by-results and performance measurement in universities–implications for work motivation. Studies in Higher Education, 39(4), 574-589.
Klamm, B. K., Kobelsky, K. W., & Watson, M. W. (2012). Determinants of the persistence of internal control weaknesses. Accounting Horizons, 26(2), 307-333.
Laudon, K. C., & Laudon, J. P. (2016). Management information system. Pearson Education India.
McNeil, A. J., Frey, R., & Embrechts, P. (2015). Quantitative risk management: Concepts, techniques and tools. Princeton university press.
Rainer, R. K., Cegielski, C. G., Splettstoesser-Hogeterp, I., & Sanchez-Rodriguez, C. (2013). Introduction to information systems. John Wiley & Sons.
Stefaniak, C. M., Houston, R. W., & Cornell, R. M. (2012). The effects of employer and client identification on internal and external auditors’ evaluations of internal control deficiencies. Auditing: A Journal of Practice & Theory, 31(1), 39-56.
Ter Bogt, H. J., & Scapens, R. W. (2012). Performance management in universities: Effects of the transition to more quantitative measurement systems. European Accounting Review, 21(3), 451-497.
uts.edu.au. (2018). Services and support | University of Technology Sydney. Uts.edu.au. Retrieved 3 April 2018, from https://www.uts.edu.au/current-students/info-international-students/services-and-support
Vijayakumar, A. N., & Nagaraja, N. (2012). Internal Control Systems: Effectiveness of Internal Audit in Risk Management at Public Sector Enterprises. BVIMR Management Edge, 5(1).
Essay Writing Service Features
Our Experience
No matter how complex your assignment is, we can find the right professional for your specific task. Contact Essay is an essay writing company that hires only the smartest minds to help you with your projects. Our expertise allows us to provide students with high-quality academic writing, editing & proofreading services.
Free Features
Free revision policy
$10Free bibliography & reference
$8Free title page
$8Free formatting
$8How Our Essay Writing Service Works
First, you will need to complete an order form. It's not difficult but, in case there is anything you find not to be clear, you may always call us so that we can guide you through it. On the order form, you will need to include some basic information concerning your order: subject, topic, number of pages, etc. We also encourage our clients to upload any relevant information or sources that will help.
Complete the order form
Once we have all the information and instructions that we need, we select the most suitable writer for your assignment. While everything seems to be clear, the writer, who has complete knowledge of the subject, may need clarification from you. It is at that point that you would receive a call or email from us.
Writer’s assignment
As soon as the writer has finished, it will be delivered both to the website and to your email address so that you will not miss it. If your deadline is close at hand, we will place a call to you to make sure that you receive the paper on time.
Completing the order and download