IT Risk Management in NSW Government Information System
Question:
Discuss about the IT Risk Management in NSW Government Information System.
Answer:
Details Regarding the Risk and Concern Diagram:
The risk and concern diagram in terms of information security of NSW government consist of all the possible descriptions. The most focused factor in the implementation of the information system is the ISMS or Information Security Management System has been properly presented in the diagram. The diagram also includes the crucial entities regarding the development of the IS. In addition to that, through the diagram it can be stated that the accidental and deliberate threats management is crucial for maintaining the system functions properly. The diagram also explains that the link among the various factors that are associated with the risks. The link has to be established through the effective investigation of the different threats. The construction of the IS security measures must be through various efficient practices.
NSW Government’s Accidental and Deliberate Threats and Comparative Analysis on Those:
Several industries consist of a number of systems in terms of managing the security. The security measures assist the organization to avoid external threats. Great number of threats gets invited in a information system while the system is not properly protected (Singh and Kishor 2016). These threats can harm as well as theft the crucial information from the system. The presence of the threats in the system can affect the entire environmental structure of the information and communication technology organizations.
The software as well as hardware of the information system can be affected by the activities of the deliberate threats. In addition to that, the deliberate threats are capable of altering information. The staff, hackers, suppliers, criminals, contractors and consultants can be the cause of the presence of the accidental threats. Several errors and faults from the end of the actors are connected with the existence of the accidental threats. It refers that the accidental threats are artificial or manmade (Duarte et al. 2014). The staffs that are responsible for carrying out the crucial tasks in the system must do their duties by following proper security measures. Otherwise the lack in the responsibility can be the source of the accidental threats. The gaps in the security of the information system are highlighted more through the accidental threats. On the other hand, the deliberate threats are linked with the cryptography within which privacy is the main focus. Confidentiality, accessibility and dependency are the aspects of the deliberate threats (Singh and Kishor 2016). The outcome of the deliberate threat can be loss of fund, public and organization information, private images and many more. These thefts lead the organization toward a lower position in the market and recovery from these types of threats are very hard as well as time consuming. The threats are capable of disrupting the business process of the organization which affects their business mainly financially (French 2015). Outdated security measures can invite hacker to carry out deliberate threats. Insufficient decision making, additional funding, disturbance in the daily activities of the business and many more are the outcomes of the accidental threats. In addition to that, the lawful accountability gets destroyed for the presence of the threats. Name of some of the deliberate threats are denial of service attack, inappropriate business activities, malicious destroy and many more. The private data of the user of the system can be affected by the active and passive attacks of the accidental threats (Schell 2013). In terms of active attacks, the hacking of the data is carried out on the basis of alteration in the sources instead of component of the messages. On the other hand, the passive attacks refers to the reason of initiation of attack component of the messages does not modified from its core.
From the above comparative investigation it can be stated that the accidental threats as well as deliberate threats are harmful to the IS or information system. In addition to that, in terms of both the attack, huge challenges have to be faced by the user and the developers to eliminate the threats (French 2015). The table 2 provides the knowledge of the importance of the threats.
|
Name |
Environmental threat |
Deliberate threat |
Accidental threat |
|
Rank |
1 |
2 |
3 |
|
Impact |
Regarding security, quality, integrity, liability and authenticity are not present though the availability actors is existed in all entities. So it can be said that it is the most important threats. |
In terms of the security, the potential of the frequency is very high. Confidentiality, security, quality, integrity, liability and authenticity are existed in system but not in the entire factors. |
Regarding the security aspects, the accidental threat is the less effective than others. |
Challenged Faced by NSW Government in Security Risk Management:
Different challenges and risks have to deal by the NSW Government in terms of protecting data in the information system. The following are the challenges and risks
Digital information safety society: Adoption of the security community practices is carried out by the NSW government. In terms of the system, the development of the several policies is get assisted by the security community practices (Galliers and Leidner 2014). The practices are also shared in the intra and inter organizations. The prime security challenge is the digital security and information.
Distribution of events: The NSW government has seen various dissemination and incidents of events that are associated to the safety of the information system (Crossler et al. 2013).
Integrity: The integrity can be stated as the one of the most relevant and important issues in the information security policy of the NSW government. The integrity regarding the information as well as the authorization to users is causes of security issues (Zissis and Lekkas 2012). In addition to that, the activities of the management are another source of the threats.
Contrast among the Uncertainty and Risk:
|
Basis for the comparison |
Uncertainty
|
Risks |
|
Meaning |
The future situation can be referred to the uncertainty which is not currently in the knowledge of everyone. |
The possibility of losing or getting some valuable entity or factor which is satisfactory in terms of the information system’s aspect (Bekaert, Hoerova and Duca 2013). |
|
Outcome |
Unidentified |
Identified |
|
Control system |
Uncertainty is not manageable |
It can be managed |
|
probabilities |
Not allocated presently |
Presently allocated |
|
Minimization |
NO |
YES |
|
Ascertainment |
Cannot be measured |
It can be measured |
Distinct Approach Present in the NSW Government regarding Risk Management and Mitigation:
Various approaches have been appraised by the NSW government regarding the security management as well as risk management system. These approaches have been discussed in the following manner.
Responsive investigation: For handling the issues that occurs within the IS, NSW evaluated maintenance and operational models (Brender and Markov 2013).
Structure investigation: In order to eliminate the security issues that arise within the NSW government, practicability studies and economic appraisals have been applied by them.
Analysis on decision: The best option is selected from the choices raised by the management. The choices are made from the gathered knowledge from the bottom line of the organizations (Pearlson, Saunders and Galletta 2016).
Failure approaches: The issues can be created within the IS by the mode of failure and budget risk.
References:
Bekaert, G., Hoerova, M. and Duca, M.L., 2013. Risk, uncertainty and monetary policy. Journal of Monetary Economics, 60(7), pp.771-788.
Brender, N. and Markov, I., 2013. Risk perception and risk management in cloud computing: Results from a case study of Swiss companies.International journal of information management, 33(5), pp.726-733.
Crossler, R.E., Johnston, A.C., Lowry, P.B., Hu, Q., Warkentin, M. and Baskerville, R., 2013. Future directions for behavioral information security research. computers & security, 32, pp.90-101.
Duarte-Davidson, R., Orford, R., Wyke, S., Griffiths, M., Amlôt, R. and Chilcott, R., 2014. Recent advances to address European Union Health Security from cross border chemical health threats. Environment international, 72, pp.3-14.
French, A.M., 2015. A Case Study on E-Banking Security? When Security Becomes Too Sophisticated for the User to Access Their Information. The Journal of Internet Banking and Commerce, 2012.
Galliers, R.D. and Leidner, D.E., 2014. Strategic information management: challenges and strategies in managing information systems. Routledge.
Pearlson, K.E., Saunders, C.S. and Galletta, D.F., 2016. Managing and Using Information Systems, Binder Ready Version: A Strategic Approach. John Wiley & Sons.
Schell, R.R., 2013. Computer Security. Air & Space Power Journal, 27(1), p.158.
Singh, R.D. and Kishor, S.B., 2016. SBKRDS (Systematic Benchmark for Risk Documentation of System): Risk Assessment to Explore Threats and Vulnerability in Database Security. Global Journal For Research Analysis,4(6).
Zissis, D. and Lekkas, D., 2012. Addressing cloud computing security issues. Future Generation computer systems, 28(3), pp.583-592.
BoomGrades.com has been providing exceptional thesis help to students for the last eight years. We offer our thesis writing services for undergraduate, postgraduate as well as PhD levels. Only PhD qualified writers work on the student’s thesis. We ensure that each thesis is plagiarism-free and fully customizable.
