New South Wales is the most preferred site in the region of Asia-Pacific because it had a robust economy. “NSW government is working on securing property and personal. It also focuses on risk management program. It works on providing structure to the on-going risk management” Mark, 2014). The activities like documentation and record keeping are also generated with the development of risk management program. The most important step correspondent to the security purposes is the regular monitoring of the activities and evaluation. “The activities which are associated with the risk management program are divided into four sections which are named as framework for security risk management, control for core security risk, control for security risk should be provided in priority areas, and control for security risk should be provided in unplanned activities” (Moodley, 2011).
The objectives of the government of NSW are summarized below:
“Confidentiality of the information: It restricts the unauthorized access and the disclosure of the information” (Taylor, 2008).
Integrity of the information: it helps in protecting the information for unauthorized alteration of the data and prevents it from challenges faced in providing authenticity.
Availability: The authorized user of the information should be provided reliable and timely access of the information and data.
Compliance: “The security controls should comply with the applicable regulations, policies, legislation, and contractual obligation which are essential for the information to be lawfully available to the users” (Jin, 2011).
Assurance: The assurance should be provided to the government for accessing the confidential information.
Explanation of the Diagram:
Identification of Hazard for Security:
The nature of work should be observed
Proper review should be carried out of incident reports, hazard reports, and any other relevant data.
Proper review should be carried out of results of the recent security incident
Proper review should be carried out of the operational reviews.
“Consultation should be done with staff to predict the data which they consider as the hazards” (Taylor, 2008)
Consultation should be done with the stakeholders to predict the external agencies data which they consider as the hazards
Inspection and audits should be done of the workplace
“Development of the scenarios which can be predict as the consequence of the incident which is relevant to the security” (Richard, 2011)
Proper analysis of the breaches and the incidents
Establishing of the risk factors which are associated with the information.
Frequency and exposure of the hazard
The potential of the loss which is associated with the risk
Occurrence of the damage or loss
Risk associated with the property
Control strategies which are taken into consideration.
|
Source of the risk |
Action associated with it |
|
Cracker |
· Profiling of the system · Social engineering concept · Intrusion in the system · Accessing of the unauthorized system |
|
Computer criminals |
· Cyber crime · Act of frauds · Bribery of the information · Spoofing of the system · Intrusion in the system · Botnets · Spam · Activity of phishing |
|
Terrorist |
· Penetration of the system · Tampering of the system |
|
Espionage of the industries |
· Exploitation of the economy · Theft of the information · Penetration of the system · Social engineering · Unauthorized access of the system |
|
Insiders |
· Blackmailing · Computer abuse · Theft and the fraud · Loss of personal information · Misuse of personal information · Creation of the system bugs · Creation of the system intrusion |
The magnitude of the risk can be categorized as high, low, and medium which are summarized in the table below:
|
Impact of the Risk |
Explanation |
|
High |
The costly loss of Assets is categorized as High |
|
Medium |
The risks which are associated with violating and harming operational activities are categorized as medium |
|
Low |
Some Loss of assets and operational activities are categorized as low |
The table below shows scaling of the risk:
|
Portability of the Risk |
Low
|
Medium |
High |
|
High (1.0) |
Medium 10 * (10 * 0.1)
|
Medium 20 (20 * 0.1) |
High 30 * (30 * 0.1) |
|
Medium (0.5) |
Low 10 * (10 * 0.5)
|
Medium 10 (20 * 0.5) |
Medium 15 (30 * 0.5) |
|
Low (0.1) |
Low 1 (10 * 0.1)
|
Low 2 (20 * 0.1) |
Low 3 (30 * 0.1) |
“Deliberate threats are the threats which are caused to the sensitive data by unauthorized accessing of the data” (Gordon, 2015). Failure of the equipment and software etc are come under the category of accidental threats.
Sequential order of the threats is given below:
Failure due to power
Failure of errors in network infrastructure
Obsolescence in technology
Errors or failure in the hardware
Errors or failure in the software
Issues in operation
Interception in communication
Repudiation
Espionage of the communication
Attacks of Social engineering
Deliberation attack of data
Misusing of the system
Unauthorized accessing of the resources
Shortage of the staff
Threats due to environment
Reduction in the quality of service
Misusing of the web application
Incomplete policies or planning for the organization
Fraud in finance
Unauthorized access of information
Equipment theft
NSW government works on providing structure to the on-going risk management. “The risk associated with the information security is amalgamation of the likelihood and the result associated with the incident” (Brightwell, 2014). The risks are associated with the threats and threat can exploit the vulnerabilities of the information system. “The situation which arises from imperfect and unknown information is known as uncertainty” (Mahmood, 2015). It may arise due to the internal or external accidental loss of data.
|
Economic Appraisal |
Management of the risk |
Management of the values |
|
· Objective specification · Identification of the option · Modification of the option according to the reviewing of the risks · Evaluation of the option · Selection of the option |
For each option available: · Establishment of the content of risk · Identification of the risk associated with each option · Assessment of the magnitude · Development of the strategies |
· Development of the option · Identification and evaluation of the risk · Evaluation of the option · Preparation of the report |
Familiarization of the proposal:
Analysis of the risk
Planning of the response:
Report Generation
Implementation:
Substitution of the hazard which can give rise to the hazard
Isolation of the hazard by putting it on the risk
Minimization of the risk by using the engineering process
Minimization of the risk by using the administrative process
Equipments should be used for personnel protection
Inspection and audits should be done of the workplace
Development of the scenarios which can be predict as the consequence of the incident which is relevant to the security
Proper development of the hazard report, incident report, incident management report, incident investigation report, injury management report, and others.
The key principles on which the policies are based are as follows:
The objective is to provide services which are in the welfare of the people.
The information related to the person should be securely managed so that the privacy and confidentiality of the data can be preserved
Security should be provided to the critical and sensitive information
The level of security should be determined for securing the information
Policy for digital information security is classified as M2012-15
Awareness program should be organized for educating the people about the security to the digital information
The information which is released should be comply with the current state of the legislation
The controls for securing the information should be implemented to mitigate from the risk associated with the sensitive information.
Least privileged rule: For example; creation of the security policies
Change rule: For example; Backup of the test server
Trust rule: For example; accuracy in the perception
Weakest link rule: For example; Identification of the environment weakest link
Separation rule: Isolation of services and data
Three fold process rule: It is the combination of implementation, monitoring, and maintenance
Preventative action rule: Awareness of security issues
Immediate and proper response rule: Quick reaction
Mark, S. (2014). Regulation of the legal services in the E-world (1st ed.). Retrieved from https://www.olsc.nsw.gov.au/Documents/regulation_of_legal-services_working_paper_oct2011_part1.pdf
Moodley, K. (2011). Electronic Information Security Policy – NSW Health s (1st ed.). Retrieved from https://www0.health.nsw.gov.au/policies/pd/2013/pdf/PD2013_033.pdf
Gordon, T. (2015). Useful Security Information for Business (1st ed.). Retrieved from https://www.secure.nsw.gov.au/what-you-can-do/useful-security-information-for-business/
Brightwell, L. (2014). NSW Electoral Commission (1st ed.). Retrieved from https://www.elections.nsw.gov.au/__data/assets/pdf_file/0007/193219/iVote-Security_Implementation_Statement-Mar2015.pdf
Mahmood, F. (2015). Eight Rules of Information System Security (1st ed.). Iversion. Retrieved from https://blog.iversion.com.au/eight-rules-of-information-system-security/
Taylor, A. (2008). Information Security Management Principles (1st ed.). BCS. Retrieved from https://www.bcs.org/upload/pdf/infosec-mgt-principles.pdf
Richard, M. (2011). Risk Management Guideline (1st ed.). Retrieved from https://www.treasury.nsw.gov.au/__data/assets/pdf_file/0009/5103/risk_management.pdf
Jin, Z. (2011). Vulnerability Analysis Approach To Capturing Information System Safety Threats and Requirements (1st ed.). Retrieved from https://www.sersc.org/journals/IJSEIA/vol5_no4_2011/7.pdf
Essay Writing Service Features
Our Experience
No matter how complex your assignment is, we can find the right professional for your specific task. Contact Essay is an essay writing company that hires only the smartest minds to help you with your projects. Our expertise allows us to provide students with high-quality academic writing, editing & proofreading services.
Free Features
Free revision policy
$10Free bibliography & reference
$8Free title page
$8Free formatting
$8How Our Essay Writing Service Works
First, you will need to complete an order form. It's not difficult but, in case there is anything you find not to be clear, you may always call us so that we can guide you through it. On the order form, you will need to include some basic information concerning your order: subject, topic, number of pages, etc. We also encourage our clients to upload any relevant information or sources that will help.
Complete the order form
Once we have all the information and instructions that we need, we select the most suitable writer for your assignment. While everything seems to be clear, the writer, who has complete knowledge of the subject, may need clarification from you. It is at that point that you would receive a call or email from us.
Writer’s assignment
As soon as the writer has finished, it will be delivered both to the website and to your email address so that you will not miss it. If your deadline is close at hand, we will place a call to you to make sure that you receive the paper on time.
Completing the order and download