Information Security Management Government â€Myassignmenthelp.Com

Question: Discuss About The Information Security Management Government? Answer: Introducation The above diagram illustrates the issues along with the risks associated with the VIC government information security. Within the figure 1, certain entities has been presented that are highly recommended by VIC government for the establishment of ISMS or Information Security Risk Management System. There is single block in the diagram that several cyber security threats like Malware infections, Eavesdropping, DDoS and Theft. The information security threats that has been presented within the diagram are categorized into two sections, deliberate and accidental. These two types of threats further can be divided into two sections called internal and external. The information security guidelines of the VIC government entails that on the basis of the risk assessment the implementation of the ISMS and code of practice in order to choose security configuration (ISO/IEC.AS/NZS 17799:2001) must be done. Therefore, in the figure 1, the risk assessment procedure has been described as way of dea ling with the risks with the stages like Risk Recognition, Investigation, Evaluation and Documentation. Analysis of the Deliberate and Accidental Threats: Accidental threats are generated because of the mistakes and negligence. The issues in the working behavior of the internal stakeholders can be the reason behind the occurrence of data security risk (Jouini, Rabai Aissa, 2014). The mistakes, can be considered as risks such as programming error leads to system crash, may also lead to vulnerability such as a PC screen left unattended might be abused by an unapproved client. It is specifically a significant threat that occurs due to the weekly configured security features and configurations and exploit the gaps in the programming. Taken as an example, the running systems and databases that are not updated or patched with current version are vulnerable to new security threats. Such threats may be the result of double dealing yet are well while in transit to be accidental errors or rejections (Kaaniche, 2015). The threats can affect in the following way: Improper decision making process; Harming the business capability; The possibility of losing the open picture; Financial misfortune (Jouini, Rabai Aissa, 2014) Legal liabilities; Fall of Considerations obligation ; The cost of business maintenance will rise tremendously. Deliberate Threats: These kinds of threats incorporate the continuous extermination or control over the data or application. The possible sources of this threat is consisting of improper staff or predetermined staff, coders, experts, consumers, cyber attackers, mobile operators and many more (Jouini, Rabai Aissa, 2014). Deliberate threats can result into the loss of privacy, unauthorized access, loss of loyalty between organization and third party, dependability, loss of information and many more. The following list represents the types of outcome of deliberate threats: Financial breakdown; The possibility of losing the open picture; Improper decision making process (Pettit, Croxton Fiksel, 2013); Legal liabilities; Fall of consideration's obligation ; Death or Injury toll; Unauthorized access to the SLA to the Government of Public sector; Losing the ability to perform the regular tasks. Ranking of threats in order of importance The impact of the deliberate threats are much higher than the accidental threats. This makes the deliberate threat more significant to consider. The deliberate threats are uncontrollable and these threats cannot be identified before its occurrence (Huth et al., 2013). It has been recognized after conducting an analysis that the aim level can reasonably guide the risk within the upcoming ten years span. The outcome of the impact on the ISMS for the occurrence of the threats like deliberate and accidental has been presented in the following manner. Very High: In case of deliberate threat, it is being closely observed that it is international in its level. Moreover, it has the capability of affecting the objective that are associated with major occasions and people. It is also able to employ the risk that can destroy the risk and position as needed. High: Accidental threats are able of harming or weaken the objective of the collections along with specific assisting point may be re-constructed up or convalesced. However, the cost of mitigating the threats are irrational. Justification of the rankings The analysis that has been done about the threats made it clear that the method of mitigating the threats must be able to protecting the VIC website as it is the source of communication between the government and users. It categorizes a collection of criteria and includes it into the security configuration to protect the ISMS from the threats. Deliberate threats is located as high as it can be positioned for naturally controlling by the VIC government and information recovery. Moreover, target is worrying as if there must be an event of accompanying threat as well as target may be recuperated with particular expertise support. Challenges of Security/Risk Management Internally or Externally: There are various issues that the VIC government has to face for selecting whether the risk management approach must be carried out from internally or externally (Webb et al., 2014). The primary reason behind this challenge is the nonexistence of any Information Security Management System. The risk management has proved itself as a high recommendable approach even for the most consolidated government organization. Irrespective of being able to handle most of the risks through the risk management, the enterprises are working continuously to improve this approach. The threat filtering option provides the visibility within the possible regions of the system that are needed to be improved. The challenges are presented in the following section. Arranging Requirements: Considering the demographic perspective, the VIC government requires to assign higher effort for positioning the structure appropriately for the financial enhancement (Pachauri, Srivastava Trivedi, 2014). However, the government is not able to do so adequately. Information Propriety: It can be considered as another issue that the VIC government come across due to nonexistence of information security management. The security level in the government is not up to appropriate degree thus accelerating information is possible. Foundation of VIC: The VIC does not use security that is updated properly as per present situation. The difference between Risk and Uncertainty: In general, the risk can be considered as the outcome of activity done or not done, within a particular situation that might be able to bring harm to the information framework (Beck et al., 2016). The risk is also known as the outcome of threats. Threats can occur from various situations such as internal and external and can be handled with proper risks management technique. Within the financial term, the significance of risk is not a unique entity. In another word the risk can be considered as the result of a particular event that is arising (Park et al., 2013). The outcome of the risks is dependent upon the frequency and likelihood of the event occurs within a particular span of time. Through the identification of impact of the risk, how serious the risk is determined. Most of the time the risk matrix is used for identifying the severity of the risk. The information risk is mainly associated with cyber threats. The internal threats are cyber hacks, DDoS and much more (Dixit Skeath, 2015). The internal risks are a physical attack, virus and much more. Both the types of risks are very crucial to identify and mitigate. The process of handling cyber threats are different for different risks. Through the uncertainty phrase the absence of something that is unknown to the organizations and users. It implies the existence of several alternatives in a particular situation that achieve a particular result. However, the probability of occurrence and result cannot be identified. This is considered to the outcome of low data presence or inability of recognizing the current situation. This makes it hard to forecast the result of future occurrences (Heckmann, Comes Nickel, 2015). Ineffectiveness is calculable through quantitative conditions via the previous models. Simultaneously, possibilities may not be linked with the possible results as the probability of occurrence is not clear. The essential differences between the risk and vulnerability are as follows. The risk is distinguished as the situation of gaining or losing profit. The uncertainty is the situation when a person has no clue regarding the occurrences of the future. The hypothetical models are utilized by the responsible personnel for identifying, calculating and analyzing the risks. There is no sense in measuring the uncertainty quantitatively. It is because the forecasting the future incidents are not measurable (Pinchoff et al., 2016). The negative result of an event is considered as risk, and the source of the uncertainty is not identifiable The risks are controlled through various techniques that are based on the theories (Chiu et al., 2014). It is possible because tracking the source of the risk is possible. Moreover, the most severe risks are already known. However, the uncertainty cannot be controlled in some predefined way. It is best to improvise the control method as per the situation. Minimization of risk should be possible, by avoiding potential risk. Instead of the instability that cannot be limited. Discuss, and Evaluation of Different Approaches Available to the VIC for Risk Control and Mitigation: Risk Control Approaches: Avoidance: Avoidance is among best strategies for setback control. This is by, as the name recommends, associations are avoiding the risk altogether. In case your attempts at keeping up a vital separation from the hardship have been productive, by then there is a no probability that associations will encounter the evil impacts of that particular threat factor, at any rate (Yang, Shieh Tzeng, 2013). This is the reason avoidance is the initial of the threat control approaches that are focused upon. This is a method for systematically discarding a risk. Loss Prevention: This control strategy is a framework that resolves of containment, instead of slaughters. As opposed to keeping up a vital separation from a threat absolutely, this framework identifies a risk but tries to restrict the threat as an outcome. Taken as an example, securing stock within a scattering focus concludes that it is feeble to theft (Laudon Laudon, 2016). Regardless, since there genuinely is no genuine approach to keep up a vital separation from it, a disaster neutralizing activity application is configured for restricting the threat. This application may join monitoring security ensures, safeguarded storerooms and camcorders. Loss Reduction: This is a control strategy that recognizes risk, and in addition recognizes the way that hardship may happen due to the threat. This framework will attempt to constrain the setback if there should be an occurrence or something to that effect of a threat. For example, an association may need to store ignitable material in a dispersion focus (Pinchoff et al., 2015). Association organization comprehends this is a basic threat and presents best manufactured water sprinklers within the movement effort. In case of a fire occurs, measure of the event will be compelled. Separation: This is a control approach that includes disseminating primary resources. It makes sure that if anything irrelevant happens at a region, the influence to the organization is restricted to the benefits particularly at that area. Alternatively, in case of all advantages would present in that area, by then the organization would escalate in contradiction of a liberally better test (Laudon Laudon, 2016). An instance of this is the time when an association uses a geologically upgraded staff. Duplication: This risk control approach fundamentally includes the creation of a provision plan. It is as frequently as possible basic with implementation. A disaster within an information systems server ought not to pass on the whole business to a stop. Or maybe, a fortification over server should be instantly available for getting to if the fundamental server crashes and burns. Another duplication example as a threat control method is the time while an organization utilizes the benefits of a disaster recovery strategy. Diversification: This threat control approach that apportions business assets regarding different make lines of business that offer various things and additionally organizations in diverse endeavours (Yang, Shieh Tzeng, 2013). With expanding, a tremendous wage threat from one line of business would not make miserable devilishness the association's essential concern. Risk Mitigation Approaches: Risk Acceptance: The risk acceptance does not lead to a reduction in the impact of the risk though it is considered as a strategy of mitigating risk. Within various projects, this strategy can be seen as a regular option as the charge of the risk handling preferences such as limitation or avoidance be greater than the risk (Pinchoff et al., 2015). The risk acceptance strategy will be used by VIC if the impact of the risk is not severe. Risk Avoidance: Risk avoidance can be considered as the opposite process of risk acceptance. VIC will be using the risk avoidance strategy to avoid any coverage of the risk from its information security. Among all the risk mitigation strategy, the risk avoidance is the most expensive mitigation strategy. Risk Limitation: Various business uses this risk limitation strategy in terms of most of the cases. This implies that organizations must limit its exposure to taking some actions. Both the risk acceptance and avoidance strategies (Flanagin et al., 2014). Taken as an example, the risk limitation strategy which VIC will use for accepting that the magnetic tape that holds data may fail and evade an extended span of failure through having backups Risk Transference: The risk transference is considered to be processed which hands the task over to a third party, willing to manage risk. Taken as an example, various organizations outsource particular activities such as payroll services, customer services and much more. This may be advantageous regarding an organization on the basis of the fact that the risk not associated with the core aspects of the organization. Reference List: Beck, N. B., Becker, R. A., Erraguntla, N., Farland, W. H., Grant, R. L., Gray, G., ... Pottenger, L. H. (2016). Approaches for describing and communicating overall uncertainty in toxicity characterizations: US Environmental Protection Agency's Integrated Risk Information System (IRIS) as a case study. Environment international, 89, 110-128. Chiu, C. M., Wang, E. T., Fang, Y. H., Huang, H. Y. (2014). Understanding customers' repeat purchase intentions in B2C e?commerce: the roles of utilitarian value, hedonic value and perceived risk. Information Systems Journal, 24(1), 85-114. Dixit, A. K., Skeath, S. (2015). Games of Strategy: Fourth International Student Edition. WW Norton Company. Flanagin, A. J., Metzger, M. J., Pure, R., Markov, A., Hartsell, E. (2014). Mitigating risk in ecommerce transactions: perceptions of information credibility and the role of user-generated ratings in product quality and purchase intention. Electronic Commerce Research, 14(1), 1-23. Heckmann, I., Comes, T., Nickel, S. (2015). A critical review on supply chain riskDefinition, measure and modeling. Omega, 52, 119-132. Huth, C. L., Chadwick, D. W., Claycomb, W. R., You, I. (2013). Guest editorial: A brief overview of data leakage and insider threats. Information Systems Frontiers, 15(1), 1-4. Jouini, M., Rabai, L. B. A., Aissa, A. B. (2014). Classification of security threats in information systems. Procedia Computer Science, 32, 489-496. Kaaniche, M. (2015). Resilience Assessment: Accidental and Malicious Threats. In VECoS (p. 9). Laudon, K. C., Laudon, J. P. (2016). Management information system. Pearson Education India. Pachauri, S., Srivastava, R., Trivedi, U. B. (2014). Cloud-computing: Challenges, Security and Solutions Using, SaaS. Park, J., Seager, T. P., Rao, P. S. C., Convertino, M., Linkov, I. (2013). Integrating risk and resilience approaches to catastrophe management in engineering systems. Risk Analysis, 33(3), 356-367. Pettit, T. J., Croxton, K. L., Fiksel, J. (2013). Ensuring supply chain resilience: development and implementation of an assessment tool. Journal of Business Logistics, 34(1), 46-76. Pinchoff, J., Chaponda, M., Shields, T., Lupiya, J., Kobayashi, T., Mulenga, M., ... Curriero, F. C. (2015). Predictive malaria risk and uncertainty mapping in Nchelenge District, Zambia: Evidence of widespread, persistent risk and implications for targeted interventions. The American journal of tropical medicine and hygiene, 93(6), 1260-1267. Webb, J., Ahmad, A., Maynard, S. B., Shanks, G. (2014). A situation awareness model for information security risk management. Computers security, 44, 1-15. Yang, Y. P. O., Shieh, H. M., Tzeng, G. H. (2013). A VIKOR technique based on DEMATEL and ANP for information security risk control assessment. Information Sciences, 232, 482-500.