Monitoring Information Security Risks †Free Samples to Students

Question: Discuss about the Monitoring Information Security Risks. Answer: Introduction: The proper uses of information technology mainly done as unavoidable to do the formation of different issues that mainly related with the security and privacy of VIC Government. It also discussed that the Victorian Government mainly needs the proper development of different concise and improved processes so that it can easily deals with all risks factors. Apart from that, it also discussed about the formation of operations that directly implies all smart processing and effective processes in the organization (Xu Dinev, 2012). Below is the diagram that mainly shows different risks factors that related with the risk operations of VIC Government: The picture of concern and risk analysis of Victorian Government mainly showed the uses of proper Information System to do the implication and management of different advanced processes. Some of the components of VIC Government include VIC Government, Security requirements, Security threats, Risk Assessment and different vulnerabilities (Garrick Hall, 2014). VIC Government: the Victorian Government mainly symbolizes about both the members and users of Government that mainly uses about information system and also implies about the increase rate of different related operations efficiency (United Nations, 2012). However, the system development also eases all related operations of organization as well as their suggestions that mainly helps to have improvement in performance of organization (Jain Shanbhag, 2012). Information System: The information system mainly implies to integrate the proper development of different related operations that mainly helps to form an efficient information processing. Moreover, the system processing mainly results to employ better processing of data as well as information for the proper guidance of effective flow of information (Boyle, 2012). Apart from that, the system processing mainly implies to form better data processing as well as development (Wangwe, Eloff Venter, 2012). Risk Factors: Different types of risk factors that mainly affect the information processing of information within the organization network. Both the vulnerabilities and threats that mainly results to the integration of different developmental operational issues of organization. Joseph (2012) discussed that the security control system of VIC Government mainly includes about the formation of systematic control based on issues and errors. All types of threats and vulnerabilities causes some serious effect on developmental issues related to the functionalities of Victorian Government. The system requirement causes some serious errors depending on the growth factors of smart as well as effective operations (Karokola, Kowalski Yngstrm, 2013). Apart from that, it also discussed about system errors, privacy interference as well as data thefts become some factors of security threats of organizational development (Sitaram Manjunath, 2012). It also discussed about improved as well as effectiv e procedures that mainly caused more influence based on the obstacles of different risks factors. External and Internal Risks: all types of risks, vulnerabilities and threats mainly forms development of different issues that mainly helps to form various important operations occurred in an organization. Some risks of the information system of Victorian Government are mainly get categorized in both internal and external risks (Ofgem, 2012). Collier and Lakoff (2015) elaborated that internal risks are mainly developed from different types of internal vulnerabilities and threats like spamming, technical risks, un-authorized access, Denial of Services etc. All these risks factors mainly imply different technical errors in the organization operation system. On the other hand, external risks take account of different cyber criminal activities as well as different user generated technical errors (Karokola, Kowalski Yngstrm, 2013). All the errors are mainly occurred outside of system and also results of the formation of threats to system development. Risk Assessment: the risk assessment mainly helps in the development process of security risk management. It also implies for the development of smart risk analysis to form both smart processing and effective analysis of information (van Deursen, Buchanan Duff, 2013). Apart from that, Garrick and Hall (2014) pointed out that risk assessment mainly consists of different evaluation techniques, documentation analysis, and different risks identification techniques. All risk assessment techniques mainly involves the occurrence of improved processes as well as designing techniques (Amin, Schwartz Hussain, 2013). The evaluation and analysis of all risks factors mainly helps to form combined operations in VIC Government. Categorization of Risks and Identification of the Exposure Area All types of risks are mainly categorised in different types of internal and external risk factors that mainly helped to develop proper analysis of risk assessment. It also discussed that the VIC Government mainly deployed information processing techniques to form different improved processes of data processing (Fan, Zhang Yen, 2014). On the other hand, in the organization it mainly occurs different risks assessment factors of VIC Government like potential risk, malware, vulnerabilities, security risks, data thefts, phishing, and spamming, un-authorized access etc (Choi, Chun Cho, 2014). Some the risks are mainly categorised in medium-high, medium-low as well as low risk exposure. Risk Type Description Example High risk exposure areas The high risk exposure areas mainly creates vital and significant impacts on all VIC Government operations. The high risk exposure areas are given more priority to be rectified and treated in the operational system of project (Al-ahmad Mohammad, 2014). Different privacy concerns, data theft, security vulnerabilities, are some example of high risk exposure areas. Medium risk exposure areas In this type, it mainly helps to form different risk factors that mainly causes medium impact on different information system operations. All the types of risk exposure areas are considered with medium priority to develop and sort contingency plans. These types of areas are mainly be treated with the decrease in impact of different operations of VIC Government Information System (Zhao, Xue Whinston, 2013). Malwares, Intrusion, Design errors, and technical errors are the medium risk exposure areas Medium low risk exposure areas This medium low risk exposure areas are less causing factor that mainly causes impact on the Information Processing unit of VIC Government (Al-Hadadi Al Shidhani, 2013). This particular area is mainly given with less priority to be delivered of solution and processing. denial of service, spamming, different minor issues are the example of medium low risk exposure areas. Low risk exposure areas This area causes very minimal influence that causes impact on different operations of information processing unit of VIC Government. All risk factors processing mainly considered minimal time as well as the impact also causes very least (Demski, Poortinga Pidgeon, 2014). The Social engineering generated errors and the user generated errors are the low risk exposure areas. Comparison and Ranking of Threats Jain and Shanbhag (2012) highlighted that the accidental threat mainly have no proper causes for related operations of organization. In case of accidental threats, it mainly formed due to some different errors and mistakes that mainly caused without the consent of any personnel. Accidental threats can get sorted by taking pre-measures based on different operations occurred in Victorian Government. Apart from that, accidental threats mainly get caused due to both external as well as internal issues (Boyle, 2012). On the other side, Choi, Chun and Cho (2014) discussed that the type of deliberate threats mainly caused due to the involvement of different external influences. This type of threats is mainly caused because of any person intentional attacks. This threat mainly caused because of the uses of advanced technology that mainly harms the operation flows (Al-ahmad Mohammad, 2013). It also mainly compromise of different criminal activities as well as hacking technologies that mainly used intentionally to harm the VIC Government Information System. Accidental threats mainly get sorted with the help of different pre-planned actions of all operations depending on information processing at Victorian Government. All types of system flaws, natural disasters, system flaws are types of accidental threats based on the implementation of information system in Victorian Government. Some of deliberate threats are mainly getting caused because of the use of improvised technologies to harm the flow of different operations of VIC Government. According to Zhao, Xue and Whinston, (2013), the storage system device thefts, cyber crimes, hacking, different viruses and malware attacks are some of the deliberate threats to do the implementation of information system in Victorian Government. Both the threats are mentioned rank-wise in the below table: Rank Threat Type Example Explanation Ist Deliberate Hacking and Cyber Crimes, Theft of Storage System Device, Deliberate Data Compromise, Virus and Mal- ware Attack All of these risks are given highest priority due to their severe impact on the information system processing at the VIC Government 2nd Accidental Accidental Data Compromise, Natural Disasters, System Flaws, Unknown File Deletion, etc All these risks are give low priority due to the absence of any critical impact on the operations of information system of VIC Government Security Challenges of VIC information system The execution of information system faces different types of issues based on risk factors and also form generation of different challenges for VIC Government. The occurrence of different smart and proper operations may loose due to different types of issues (Collier Lakoff, 2015). Some of the different factors of challenges for Victorian Government includes system and data challenges, regulatory challenges, modeling challenges. System and Data Challenges: The system as well as data challenges are mainly understood for the information processing and development of various operation related issues for system data and challenges. Karokola, Kowalski and Yngstrm (2013) illustrated that both data and system challenges may resulted to form different issues related to information processing. Regulatory Challenges: Garrick and Hall (2014) opined that all types of regulatory issues of VIC Government becomes crucial as risk assessment techniques that are inter-related with development of different imperative and effective operational techniques. The fabrication of different imperative operation leads to the formation of different factors based on different Victorian Government challenges. Organizational challenges: System development causes direct implication for the proper development of different processes of operational development (Jain Shanbhag, 2012). In addition to this, Wangwe, Eloff and Venter (2012) discussed that some of organizational challenges are mainly developed to do the integration of different limited operational processing. Both smart and effective operations development mainly get slacked based on all identified operational issues. Modeling Challenges: According to Sitaram and Manjunath (2012), all modeling challenges mainly caused because of the implications of various identified errors in the system designing. It also causes issues in performance as well as operational speed of information processing. Apart from that, the information system development processes mainly face different formation issues and system incompatibility issues. Risk vs. Uncertainty in VIC information system The Victorian Government mainly remark the information processing technique to form different improved processes of data processing techniques. Hence, this particular organization mainly faced different risks and uncertainties factors for doing the development and integration (Karokola, Kowalski Yngstrm, 2013). () highlighted that the Victorian Government also faced different security hazards and risks. In addition to this, the comparison of all uncertainties and risks are provided below in the table format: Risks Description: van Deursen, Buchanan and Duff (2013) defined that risk is one of the factor that mainly causes different improper deviation of various operational end product from expected outcomes. The analysis technique mainly shown about the proper risks that plays vital role for the operational development of Victorian Government. Results: the output of risks are mainly become positive as well as negative based on the nature of operations. System of Control: the control system technique is mainly formed to integrate the operational development and also it mainly formed based on implication of different risk management procedures. According to Amin, Schwartz and Hussain (2013), risk management procedures mainly help to control the risk factors impact for Victorian Government. Probability: High probability of occurrence and would have considerable impact on the operations Effect: Impact of the risk is divergent and can be positive and negative. Uncertainties Description: according to Fan, Zhang and Yen (2014), various factors of uncertainties causes various limited and constrictive impacts on different operations. All the uncertainties of all issues related to operations of projects mainly results in the formation important issues. Result: all uncertainties outcomes can causes impact on all functions based on their operational nature of Victorian Government. System of Control: Lack of controlling techniques of operations results to cause various uncertainties of any major issue. Different important steps are considered for the acceptance of changes that leads to uncertainty (Zhao, Xue Whinston, 2013). Probability: less probability of occurrence created considerable impacts on all related functions of VIC Government. Effect: Uncertainties can causes serious impact on all different functional and non-functional operations of VIC Government. Risk Mitigation and Management in VIC Information System Based on the Victorian Government Information system, Al-Hadadi and Al Shidhani, (2013) discussed that risk assessment technique is mainly developed for the formation of improved and accurate procedures risk management and analysis in VIC Government. The Victorian Information System requires various approaches like analysis approach, investigation approach, strategy approach and 5 step procedure approach (Demski, Poortinga Pidgeon, 2014). Below block diagram of risk assessment of VIC Information System is depicted below: Risk Assessment of Victorian Information System Investigation Approach 1. Responsive approach 2. Structure Approach Analysis Approach 1. selection of best option 2. Proper analysis of the option Strategy Approach 1. Determination of proper risk management techniques 2. Development of high-level mitigation strategy 3. Identification of different actions and steps to implement the required mitigation strategies 4. Development of contingency plan of action 5 step procedure Approach 1. Avoid 2. Assume 3. Transfer 4. Control 5. Monitor Figure : Risk Mitigation and Management for VIC Information System References Al-ahmad, W., Mohammad, B. (2013). Addressing Information Security Risks by Adopting Standards. International Journal of Information Security Science, 2(2), 2843. Retrieved from https://eds.a.ebscohost.com.libezproxy.open.ac.uk/eds/pdfviewer/pdfviewer?sid=e1bf8be9-84ad-4d50-91fa-f9414e22825c@sessionmgr4003vid=0hid=4210 Al-Hadadi, M., Al Shidhani, A. (2013). Smartphone security awareness: Time to act. In Proceedings of the 2013 International Conference on Current Trends in Information Technology, CTIT 2013 (pp. 166171). https://doi.org/10.1109/CTIT.2013.6749496 Amin, S., Schwartz, G., Hussain, A. (2013). In quest of benchmarking security risks to cyber-physical systems. IEEE Network, 27(1), 1924. https://doi.org/10.1109/MNET.2013.6423187 Boyle, P. (2012). Surveillance or Security?: The Risks Posed by New Wiretapping Technologies. Contemporary Sociology, 41(2), 221223. https://doi.org/10.2307/j.ctt5vjqkc Boyle, P. (2012). Surveillance or Security?: The Risks Posed by New Wiretapping Technologies. Contemporary Sociology, 41(2), 221223. https://doi.org/10.2307/j.ctt5vjqkc Choi, J., Chun, S. A., Cho, J.-W. (2014). Smart SecureGov: Mobile Government Security Framework. In Proceedings of the 15th Annual International Conference on Digital Government Research (dg.o 2014) (pp. 9199). https://doi.org/10.1145/2612733.2612756 Collier, S. J., Lakoff, A. (2015). Vital Systems Security: Reflexive Biopolitics and the Government of Emergency. Theory, Culture Society, 32(2), 1951. https://doi.org/10.1177/0263276413510050 Demski, C., Poortinga, W., Pidgeon, N. (2014). Exploring public perceptions of energy security risks in the UK. Energy Policy, 66, 369378. https://doi.org/10.1016/j.enpol.2013.10.079 Fan, J., Zhang, P., Yen, D. C. (2014). G2G information sharing among government agencies. Information and Management, 51(1), 120128. https://doi.org/10.1016/j.im.2013.11.001 Garrick, D., Hall, J. W. (2014). Water security and society: Risks, metrics, and Pathways. Annual Review of Environment and Resources, 39, 611639. https://doi.org/10.1146/annurev-environ-013012-093817 Garrick, D., Hall, J. W. (2014). Water security and society: Risks, metrics, and Pathways. Annual Review of Environment and Resources, 39, 611639. https://doi.org/10.1146/annurev-environ-013012-093817 Jain, A. K., Shanbhag, D. (2012). Addressing security and privacy risks in mobile applications. IT Professional, 14(5), 2833. https://doi.org/10.1109/MITP.2012.72 Jain, A. K., Shanbhag, D. (2012). Addressing security and privacy risks in mobile applications. IT Professional, 14(5), 2833. https://doi.org/10.1109/MITP.2012.72 Joseph, R. C. (2012). E-Government meets social media: Realities and risks. IT Professional, 14(6), 915. https://doi.org/10.1109/MITP.2012.89 Karokola, G., Kowalski, S., Yngstrm, L. (2013). Evaluating a framework for securing e-government services - A case of Tanzania. In Proceedings of the Annual Hawaii International Conference on System Sciences (pp. 17921801). https://doi.org/10.1109/HICSS.2013.208 Karokola, G., Kowalski, S., Yngstrm, L. (2013). Evaluating a framework for securing e-government services - A case of Tanzania. In Proceedings of the Annual Hawaii International Conference on System Sciences (pp. 17921801). https://doi.org/10.1109/HICSS.2013.208 Ofgem. (2012). Gas Security of Supply Report. Ofgem report to Government. Ofgem Report to Government. Retrieved from https://www.ofgem.gov.uk/ofgem-publications/40204/gas-sos-report.pdf Sitaram, D., Manjunath, G. (2012). Chapter 7 - Designing Cloud Security. In Moving To The Cloud (pp. 307328). https://doi.org/10.1016/B978-1-59749-725-1.00007-X United Nations. (2012). E-Government Survey 2012. United Nations E-Government Survey 2012. https://doi.org/e-ISBN: 978-92-1-055353-7 van Deursen, N., Buchanan, W. J., Duff, A. (2013). Monitoring information security risks within health care. Computers Security, 37, 3145. https://doi.org/10.1016/j.cose.2013.04.005 Wangwe, C. K., Eloff, M. M., Venter, L. (2012). A sustainable information security framework for e-Government case of Tanzania. Technological and Economic Development of Economy, 18(1), 117131. https://doi.org/10.3846/20294913.2012.661196 Xu, H., Dinev, T. (2012). The security-liberty balance: individuals attitudes towards internet government surveillance. Electronic Government, an International Journal, 9(1), 4663. https://doi.org/10.1504/EG.2012.044778 Zhao, X., Xue, L., Whinston, A. B. (2013). Managing Interdependent Information Security Risks: Cyberinsurance, Managed Security Services, and Risk Pooling Arrangements. Journal of Management Information Systems, 30(1), 123152. https://doi.org/10.2753/MIS0742-1222300104