Information Technology Risk Management Case Study of NSW Government

Question: Discuss about the Case Study for Information Technology Risk Management of NSW Government. Answer: Illustrated diagram of current security risks and concerns considered by NSW government Explanation of the diagram The diagram consists of Risk assessment, Information security management system and information security risk. NSW government is concern of the information security system in order to reduce the security based risks (Gladstone 2014). The components of Information security risks are as followed: Malware infection, theft, social engineering and eavesdropping. The NSW government follows the codes in terms of treating the risks. During risk assessment NSW government considers certain terms such as risk identification, risk analysis, evaluation of the risks and documentation of the risks. The information security management system of NSW government manages the deliberate threats and accidental and environmental threats (Sadgrove 2016). Deliberate threat is again consists of internal threats such as Industrial action, social engineering and pirated software and external threats consists of Denial of services, web site intrusion, unauthenticated access, unauthorized access of data etc. On the other hand, accidental threat consists of internal threats such as faulty communication, user error, operational staff error etc and external threats such as software error and transmission level error (Sadgrove 2016). The access risk method serves at both code and ISMS. Threats Risks Rate Deliberate 1. DOS 2. Unauthorized denial of access 3. Industrial action 4. Website intrusion 5. Pirated software High Medium Medium low Low Low Accidental 1. Software error 2. Technical fault 3. User errors High Medium low Low Comparative analysis of deliberate threats and accidental threats Organizations all over the world are getting aware of the requirement to run a security management program in order to increase the information security system. Risk and security management includes merged activities that give direction and enough control to the risks occurring within the organizations (Gladstone 2014). Any asset that is valuable to the organization needs protection but threat is a potential that creates unwanted harm to the systems of the organizations (NSW Government Digital Information Security Policy | NSW ICT STRATEGY 2016). The most favorable targets of the hackers are government websites. Deliberate threat is also referred to as manmade threat, as most of the cases in generates due to different manmade actions. This threat can destruct and manipulate the content of the instances such as software, hardware and other data storages. None of the outsiders rather disgruntled employees, consultants, agents, and even consumers can also resultant to deliberate threats. Davies, Bergami and Miah (2016) stated that, deliberate threat misbalances the core security structure of an organization by leading loss of availability, authenticity, reliability, confidentiality, accountability and integrity. Deliberate threats includes snooping, spoofing, DOS (Denial of Services), eavesdropping, malicious codes etc. Lack of physical security, logical access security, and communication between the ICT groups leads to deliberate attack. According to Sadgrove (2016), virus attack has been identified as the biggest security concern in ICT management. The rate of consequences of Website intrusio n is increasing rapidly due to the development of VPN (Virtual Public Network) and electronic business. One of the most common form of attack is known as accidental threat that generally causes by intentional or unintentional mistakes of the employees working for IS management system. According to Gladstone (2014), by system malfunction, different operational mistakes and software bugging accidental threats to the security system can be generated. Maintenance errors, installation errors also contribute direct or indirect security errors to the system. Threats might also create vulnerabilities that are related to errors and omissions (Galliers and Leidner 2014). Accidental threat can affect the availability of data or information whereas; faulty communication may also lead to loss of data confidentiality. Inadequate data redundancy, network management system, planning and implementation and unclear agreements outsourcing are other vital examples of accidental threats (Klaic and Golub 2013). In accidental threat confidential or secured data can be hacked without the permission of the int ended person. Huge number of factors can cause certain critical provision of services. Technical error, transmission errors and configuration error are the reason of accidental threat. According to importance ranking of threats From the comparative analysis, it can be said that, deliberate threat and accidental threat both are destructive in nature but still threat ranking may help to evaluate and determine when and where how to act on a particular target (NSW Government Digital Information Security Policy | NSW ICT STRATEGY 2016 ). From the impact of the threats the ranking can be defined. Ranking of the threats based on the importance On the basis of importance or concern, it has been found that the most important or high level threats occur from deliberate threat than accidental as accidental threat cannot sill be controlled but control on deliberate threat is not easy (Davies, Bergami and Miah 2016). From a comparative analysis it is determined that, the target proportion can be reasonably affect the threat within coming ten years whereas, in case of deliberate, accidental and environmental threats the impact of the threats in the security management system are as followed: Threats name Impact of the threats Ranking based on importance Deliberate In deliberate threat it has been found to be pervasive in its scope and it is capable to affect the target around most of the oat of its occurrences and population (Beatty and Shou 2015). Not only this but also the threat it can destroy or eliminate the target accordingly. Very high Accidental Accidental threat can degrade or reduce the target of the generations not only this but also with technical support target can be restored or retrieved, though practical afford is not possible. High Justification on ranking of the threats The analytical experiment on threat explained that, the method mainly discovered degree of direct or active and indirect or passive threats in terms of biodiversity target on the website of NSW government (Vaheed, Tahir and Burhanuddin 2015). It also includes set of criteria to define the systematic conservation of the threats. Deliberate threat is ranked as very high as it cannot be easily controlled by the NSW government and retrieval of data and target is also difficult whereas, in case of accidental threat data and target can be retrieved with certain technical support. Explanation of different challenges that NSW government is going to face during decision making on security or risk management Several risks are occurring in NSW government due to lack of security management system. These are as followed: Planning priorities: From the demographic perspective NSW government needs to put higher concentration on planning framework appropriately for economic growth but NSW government is lacking it (Sadgrove 2016). Data integrity: This is another major issue faces by NSW government due to lack of data security. As the level of security is not up to the mark therefore, acceleration of data is highly possible. Infrastructure of NSW: The security infrastructure of NSW government is not up to dated therefore, up gradation on specific sector is needed to be introduced to improve the IS system of NSW government (Galliers and Leidner 2014). Conceptual difference between Risk and uncertainty Risk Uncertainty It is referred to as situation with known probabilities. The number of size and possible outcome is also not pre determined. This is a situation with unknown probability (Peltier 2016). The number of problem size and possible outcome is either be pre determined or may not be. The amount of risk can be minimized by adopting different precautions (Gladstone 2014). Uncertainty cannot be minimized as per the requirement. Measurement is not possible. The measurement is possible It can be controlled It cannot be controlled Various approaches evaluated by NSW government for Risk management and mitigation In order to mitigate different kinds of risks that are occurring in NSW government they are adopting some mitigation processes. These are as followed: Sensitivity analysis: It contains a wide range of application for economical and financial feasibility (Gladstone 2014). It also helps to module operation and different maintenance frameworks. Risk survey: Whatever risks are occurring within NSW government, in order to mitigate that, risk survey is needed to be adopted. Probability analysis: Risk can be measured with the help of the probability assessment. The probability analysis can combat the issues (Davies, Bergami and Miah 2016). Event tree analysis: It is capable to identify the consequences of an initiating event. Thus NSW has implemented this. References Beatty, A. and Shou, M., 2015. Property:'Rebuilding NSW'on private land: Who has compensation rights?.LSJ: Law Society of NSW Journal,2(6), p.92. Davies, A., Bergami, R. and Miah, S.J., 2016. Implications of managing health related records and relevant information systems within intergovernmental agencies.arXiv preprint arXiv:1606.00882. Galliers, R.D. and Leidner, D.E., 2014.Strategic information management: challenges and strategies in managing information systems. Routledge. Gladstone, W., 2014. Criticisms of science, social impacts, opinion leaders, and targets for noà ¢Ã¢â€š ¬Ã‚ take zones led to cuts in New South Wales'(Australia) system of marine protected areas.Aquatic Conservation: Marine and Freshwater Ecosystems,24(3), pp.287-296. Klaic, A. and Golub, M., 2013. Conceptual modeling of information systems within the information security policies.J Econ Bus Manage,1(4), pp.371-376. NSW Government Digital Information Security Policy | NSW ICT STRATEGY. (2016). Finance.nsw.gov.au. Retrieved 16 August 2016, from https://www.finance.nsw.gov.au/ict/resources/nsw-government-digital-information-security-policy Pearce, M., Zeadally, S., Hunt, R. (2013). Virtualization: Issues, security threats, and solutions. ACM Computing Surveys (CSUR), 45(2), 17. Peltier, T. R. (2016). Information Security Policies, Procedures, and Standards: guidelines for effective information security management. CRC Press. Sadgrove, K., 2016.The complete guide to business risk management. Routledge. Vaheed, M.M., Tahir, M.N.H. and Burhanuddin, M.A., 2015. ICT Project Failure in Government Sectors: Factors from Vendors Perspective.Middle-East Journal of Scientific Research,23(11), pp.2706-2712.