Discuss about the IT Risk Management for Applications and Sub-Systems.
NSW Government is composed of a number of components, applications and sub-systems. There is a massive exchange and storage of information on a daily basis in every single operation. With the expansion of operations, there are a number of security risks that have emerged and the document describes the same with the help of a diagram and also suggests the measures to overcome the same.
Security Risk Diagram (www.finance.nsw.gov.au, 2016)
The risks that have been displayed above have been classified in a number of different categories on the basis of the information that they impact.
Information Types in NSW Government (www.finance.nsw.gov.au, 2016)
For Office Use Only
This is the category of information that is allowed to be used specifically by the officials of NSW Government.
Protected
The information that must be kept secure and authenticated at all times such that only authorized users are allowed to access the same.
Confidential
This is the information that is critical in nature and comprises of the details that cannot be revealed without proper authentication.
Private
The information associated with NSW Government that must be kept private without authorized permission of disclosure.
Public
This is the information that is okay to be disclosed to the entire public.
Sensitive Information
The disclosure must be least in the case of this information category and the security that is applied must be extremely high.
Sensitive: Personal
The information that contains the personal details about the resources those are associated with NSW Government along with the users and the organizations.
Sensitive: Legal
This information qualifies for the legal professional privilege related to NSW Government and its various sub-systems and components.
Sensitive: Cabinet
The information that is contained under this category includes official documents and records of the cabinet and the decisions that are taken by the same.
Sensitive: NSW Cabinet
The records that are related to the NSW cabinet come under this category of information. It may include official records, policies, and decisions and may others.
Sensitive: NSW Government
This information if revealed without proper authorization can cause huge damage to the internal and external stakeholders
Sensitive: Law Enforcement
This is the information that is related to the law enforcement activities of the NSW Government.
Sensitive: Health Information
Health information is the category of information that is bound by a number of legal and regulatory policies
The risks can now be explained on the basis of their category.
|
Risk ID |
Risk |
Likelihood |
Impact |
Risk Ranking |
|
RS1 |
Data Integrity |
High |
Medium/High |
High |
|
RS2 |
Network Threats |
Medium |
High |
High |
|
RS3 |
Malware Threats |
High |
Medium-Low |
Medium |
|
RS4 |
Application Vulnerabilities |
High |
Medium |
Medium |
|
RS5 |
Operations Risks |
Medium |
Medium |
Medium |
|
RS6 |
Business Risks |
Low |
High |
High |
|
RS7 |
Legal Risks |
Low |
High |
High |
Risks Register – NSW Government
Deliberate threats or attacks are defined as the category of threats that are caused due to malicious intent (Vavoulas, 2016). Accidental threats are the ones that occur by chance or by mistake and do not involve the presence of malicious intent behind the same.
There are a number of threats that can cause substantial amount of damage to NSW Government. Out of all the probable risks and threats, there are some which qualify as deliberate attacks and some which come under accidental threats. Malware threats, network threats and data integrity threats are the ones that are always deliberate in nature as they come coupled with a malicious intent behind the same.
Business risks and application vulnerabilities are often accidental in nature which is generally caused due to the involvement of external parties (searchsecurity.techtarget.com, 2016).
There are also a few categories of risks which may be deliberate or accidental in nature depending upon the procedure of attack. Legal risks and operations risks are the two examples of such threats which may either be deliberate or accidental as well.
Human Factors
Workforce and clients that are a part of the world of NSW Government is massive. Conflicts and disputes are common occurrences due to the same which may prove to be a big hindrance in the implementation of an improved security/risk management policy.
Organizational Factors
At the organizational level, there can be a number of factors which may emerge as a barrier to the implementation of security policy such as existing infrastructure or capacity.
Technological Factors
Technology is something that is changing at a lightning speed. There are technological trends that come and go and the same can contribute to the factors that may disturb the implementation of security policy. There can also be compatibility issues between the existing infrastructure and the required infrastructure to implement the policy.
|
Risk |
Uncertainty |
|
Comprises of the probability to either win or loose |
Future is never known and cannot be predicted as well |
|
Measureable and Controllable |
Cannot be measured or controlled |
|
Can be determined through a defined procedure |
Cannot be determined through any means |
Difference between Risks and Uncertainties (Surbhi, 2016)
The risks that may occur in case of NSW Government have been listed above. There can also be a few uncertainties associated with the same which cannot be predicted well in advance. One of the examples of an uncertainty is the natural hazards and disasters that may occur any time without certainty but have the potential to cause some serious damage.
Enhanced Disaster Recovery
Disaster Recovery can be improved and applied in the architecture of the NSW Government so that there may be a back-up plan ready in advance in case of an attack.
Network Controls
Network is one of the prime mediums of risks and threats and the controls that are put up on the same are extremely essential. These include network scans and networking and many more.
Malware Controls
These controls will compel the malware to stop the attack on the target system and will also enhance the system security.
Legal and Regulatory Compliance
Legal and regulatory compliance is essential to maintain the desired level of quality of the product. Also, these controls will put a check on the validation and verification of the processes as per the defined rules.
Advanced Identity and Access Management
There are a number of measures that must be included to form an accurate identity and access management schemes. Use of One Time Passwords (OTPs), Single Sign On and single sign offs, physical security and display of ID cards at every exit and entry point is a must.
Conclusions
NSW Government is composed of a number of applications and sub-systems. Risks such as legal risks, operations risks, business risks, malware threats, network threats and data integrity threats are some of the examples of the same. Some of these risks are deliberate in nature whereas some are accidental. The challenges to overcome these risks include human factors, organizational factors and technological factors. There are also certain mechanisms and practices which if followed can reduce the probability of occurrence.
References
searchsecurity.techtarget.com,. (2016). Accidental insider threats and four ways to prevent them. SearchSecurity. Retrieved 16 August 2016, from https://searchsecurity.techtarget.com/tip/Accidental-insider-threats-and-four-ways-to-prevent-them
Surbhi, S. (2016). Difference Between Risk and Uncertainty – Key Differences. Key Differences. Retrieved 16 August 2016, from https://keydifferences.com/difference-between-risk-and-uncertainty.html
Vavoulas, N. (2016). A Quantitative Risk Analysis Approach for Deliberate Threats. Retrieved 16 August 2016, from https://cgi.di.uoa.gr/~xenakis/Published/39-CRITIS-2010/CRITIS2010-RiskAnalysisDeliberateThreats.pdf
www.amsro.com.au,. (2016). Information Technology and Security Risk Management Top 12 Risks What are the risks? What are the solutions?. Retrieved 16 August 2016, from https://www.amsro.com.au/amsroresp/wp-content/uploads/2010/12/AMSRO-TOP-12-Information-Technology-Security-Risk-Management-1.pdf
www.finance.nsw.gov.au,. (2016). NSW Government Digital Information Security Policy | NSW ICT STRATEGY. Finance.nsw.gov.au. Retrieved 16 August 2016, from https://www.finance.nsw.gov.au/ict/resources/nsw-government-digital-information-security-policy
www.praxiom.com,. (2016). ISO IEC 27000 2014 Information Security Definitions. Praxiom.com. Retrieved 16 August 2016, from https://www.praxiom.com/iso-27000-definitions.htm
Essay Writing Service Features
Our Experience
No matter how complex your assignment is, we can find the right professional for your specific task. Contact Essay is an essay writing company that hires only the smartest minds to help you with your projects. Our expertise allows us to provide students with high-quality academic writing, editing & proofreading services.
Free Features
Free revision policy
$10Free bibliography & reference
$8Free title page
$8Free formatting
$8How Our Essay Writing Service Works
First, you will need to complete an order form. It's not difficult but, in case there is anything you find not to be clear, you may always call us so that we can guide you through it. On the order form, you will need to include some basic information concerning your order: subject, topic, number of pages, etc. We also encourage our clients to upload any relevant information or sources that will help.
Complete the order form
Once we have all the information and instructions that we need, we select the most suitable writer for your assignment. While everything seems to be clear, the writer, who has complete knowledge of the subject, may need clarification from you. It is at that point that you would receive a call or email from us.
Writer’s assignment
As soon as the writer has finished, it will be delivered both to the website and to your email address so that you will not miss it. If your deadline is close at hand, we will place a call to you to make sure that you receive the paper on time.
Completing the order and download