Challenges Faced By VIC -Free-Samples for Students-Myassignment

Questions: 1.Use a diagram (produced by the means of using Rationale, Visio or any other relevant software application of your choice) to illustrate current security risks and concerns considered by the VIC government. 2.Provide detailed explanation of the diagram and identify the areas of: high, medium, medium-low, and low risk exposure. 3.Carry out comparative analysis of the Deliberate and Accidental Threats and rank those threats in order of importance. Justify your rankings not only on the basis of the case study but also by the means of doing further research and drawing upon other relevant case studies (e.g. Security guidelines for other private and public organizations) that you can identify. 4.While drawing upon theories, tools and patterns covered in the subject as well as your own research, explain the challenges that the VIC government is going to face while deciding on whether security/risk management should be carried out internally or externally (e.g. via outsourcing). 5.Explain the difference between the concepts of Risk and Uncertainty (make sure that your discussion is linked to the case considered). 6.Discuss and evaluate (with examples) different approaches available to the VIC government for risk control and mitigation. Answers: Introduction: The VPDSF or the Victorian Protective Data Security Framework has been the overall scheme to manage the protective risks of data security at the public sector of Victoria. The framework has been encouraging the cultural transformation in the sector through the promotion of protective security of data as the part of daily business ("CPDP - Home", 2017). The following report used diagram and theoretical explanations about the areas of risk. It has covered the comparative analysis on accidental and deliberate threats and the challenges faced by VIC or Victoria government to implement the risk management. Further, it has compared the ideas of risk and uncertainty and lastly discussed with examples the process to control and mitigate risks. 1.Diagram illustrating the current security risks and concerns considered by VIC government: Figure 1: Current security risks and concerns considered by the VIC government (Source: Created by Author) 2.Explanation of the diagram: The risks have been lying on the foundation of certain basic features. The event risk is the possibility that could negatively affect the VPDSF by any unforeseen event. The recurrent risks have been originating as an insufficient reporting format on the capacity and the inventory. The emerging risks has been perceived to be significant but are not been understood fully (McNeil, Frey Embrechts, 2015). There have been the creeping risks also. They have been originating from the present non-planning. These are done by various jurisdictions of the rising demographic changes in the workplace. The risks are identified below, according to the very high, high, medium, medium-low and the low risk areas of exposure. The level of risks The identified risks Description High The state significance risk These are the risks where the potential impacts or the consequences of the risk on the private sectors, community and the government have been large as the state significance. It could be the extension of the current agency risk that beyond any particular threshold turns serious enough having wide implications. This could also be the assimilation of various agency specific risks. Medium The primary systematic risks for VPS These risks have the implications for every parts of the government operations. This has needed the high level of the coordination and management between the agencies (Hopkin, 2017). As with the state significant and the inter agency risks the agencies have been responsible regarding the contrition of the management and recognition of the system risks as the proper one. Medium-low The primary interagency risks These risks have been the shared risks by the two or more than two agencies. These agencies require the coordinated management through more than a single agency. This might include the systemic risks. The role to control the inter-agency risk has been shared by every related agency and takes advantages from the coordinated responses. Here one of the agencies has been taking the lead role. Low The agency specific risks These risks could be managed completely under one operation of the agency (Davies, 2014). It could be well understood generally and managed effectively with the simple process of risk management. 3.Comparative analysis of the Deliberate and Accidental Threats: The deliberate threats: These types of threats are arranged according to their order of importance. The trespass or espionage: This has been taking place as any unauthorized people try to have illegal access. The information extortion: This has been happening as the attackers threatened by the conditions commit any theft or they possess their individual intention in committing theft of the data under VPDSF. The vandalism or sabotage: This has also been taking place which id the international act involving the destruction of the website of VPDSF. The theft of the information or equipment: As the storage devices or the computers experience the decrease in size and the rise in strength the devices could be stolen easily. The cost of the loss of the electronic devices like the laptops has been including the loss of intellectual property, data, productivity and new laptop replacement. Compromising to the intellectual property: This has been created by various people and organizations. They are protected by the copyright laws, patent and trade secret. The software attack: This has been rising in the age of computerization as the attackers have been using the malicious software infecting more companies worldwide (Haimes, 2015). The accidental threats: The accidental threats have been happening as the staffs have not been vigilant or alert. They have been moreover unaware of the consequences or risks of the cyber attacks and are unaware of the security policies. These threats have been regarding the following. The social engineering: This has been occurring as the staffs fall victim to the phishing attacks where the attackers retrieve the sensitive data through impersonating anyone trusted. The poor security of password: This take place as the staff sets weak passwords or possesses poor behavior such as wiring or sharing them down anywhere. This has been thus permitting the access to the unauthorized people. The unauthorized download of the damaged applications and software: This has been taking place without the department of IT knowing about that. These downloads could have the malware spread around the entire network (Mcube, Gerber Von Solms, 2016). 4.Challenges that VIC government might face: The message stating that the security should be the essential component of outsourcing is not new in the market. Similarly the requirement of setting particular criteria, to select the suppliers as the tool, for managing the outsourcing security risks is also documented. Despite that, the taking in account of the patterns, of lesser time frames, is often associated with the outsourcing decisions. The security risk analysis might also be conducted at the proper time and with the needed granularity. In few cases, the challenges for the risks might not be taken into consideration (Lam, 2014). For instance, this take place where the very preliminary theory of Lift and shift attitude has been applied in the outsourcing of the activities of business. Also as the security necessities are agreed, the challenges could also take place with the current responsibility ownership and the security controls. This happens especially as the amount of vendors is included with the deliveries of the simi lar service or product. The stakeholders or the customers have turned out to be more concerned regarding the information and privacy confidentiality. This is due to the rise of the abuse of personal information via identity theft and fraud. The other challenges from the threat levels have also been occurring. The VICs prominent position under the ICT sector has been pointing to the target for the agent of threats. They have been finding the comprising of availability, integrity and confidentiality of the data or the operational capability. Additional concerns have been lying under the global extension of the IT infrastructures of the country external to the conventional protection domains (Sadgrove, 2016). The selection of the lesser supplier numbers for the critical processes of business have been resulting in the aggregation of data. This might not take place under the own infrastructure of IT of VIC. The changes have been delivering new scopes for the agents of identity information vulnerabilities and as sets. This has been in the geographical sectors that might have been more susceptible to the targeting attacks. 5.Difference between the Risk and Uncertainty: There has been a saying that without any risk there has been no gain. As the VIC government needs to survive in the long term, they require taking the measured risks where the losing probability has been less comparatively. Moreover the changes of benefits have been higher here. The difference between the concepts of risk and uncertainty is described below: The basis Risk Uncertainty Meaning It has been the probability to loose or win anything worthy. This has been implying to the case where the future vents have been unknown. Outcome The changes of the outcome are already known. Here, the chances of the outcomes are not known. Control This is controllable. This has been uncontrollable. Ascertainment It could be measured It could never be measured. Minimization Here the minimization take place Here no minimization take place Probabilities Here the probabilities are assigned Here no probabilities are assigned. Distinction in nature The risk has been the measured uncertainty. The uncertainty has been the unknown risk. Insurance and the insurability There have been particular risks fully covered by taking the insurance policies like the robbery, theft, draught, flood and fire (Pritchard PMP, 2014). In the uncertainty the insurance has not been possible. Transferability The risks could be transferred into other risks However, the uncertainty could not be transferred. Elements of costs The cost of production also includes the risk bearing costs. The entrepreneur never gets any benefit for bearing the risks. The uncertainty has not been involved in the production cost. The profit has been the reward of entrepreneur to bear the uncertainty. Subjectivity and objectivity The risk has been objective. The uncertainty has been subjective. The knowledge of the alternatives Every possible alternative to the challenges have been known by the economists from before. Here the prior knowledge has not been possible. Nature of decisions The decisions taken in risks situations are of lesser importance. The decision undertaken under the uncertainty situations have been more vital that the risk decisions taken under the risk situations (Webster, 2014). This has been due to the measuring of the alternatives has not been possible in the condition of uncertainty. 6.Discussion and evaluation of different approaches available for risk control and mitigation: The various approaches to control and mitigate the risks are as follows. Approaches Discussion Evaluation with examples Establishing the context This indicates the understanding of the objectives and defining the internal and external factors that could be the uncertainty source. This helps in identification of risk and setting scope and the risk criteria regarding the residual process of risk management at VIC. Risk identification This determines why, hoe, when, where and what risks could arise. The various industry and government resources could be employed for assisting the recognition if risks (Brindley, 2017). The risk analysis This indicates the level of risk against the risk criteria through the understanding of how fast the risk could take place (Libich Mach?ek, 2017). The analysis are considered at VIC regarding the effectively of the current controls. It has been following the typical process of risk analysis to apply the likelihood and consequence matrix. The risk treatment This has been involving the selection and assessment of one or more scopes to modify risks. In VIC this is done by altering the likelihood or outcomes and implementation of the chosen options by the treatment plan. Consultation and communication This has been taking place around the process of risk management with the stakeholders identified. At VIC this is done by ensuring the accountable to implement the process of risk management. The stakeholders must know the basis over which the decisions have been made (Webster, 2014). Monitoring and review This confirms that the risks of the risk and control treatments have been monitored (Webster, 2014). AT VIC this could be reported for assuring that the altering priorities and context have been managed and the rising risks are identified. Conclusion: The risks have been involving the short and long terms effects. They are recurrent, event based, creeping or the emerging features. With the emerging risks, the VPDSF have developed the understanding of the scopes of the threats. Keeping these potential effects in mind, the report has helped to understand the monitoring of the risks with further investigation. The stakeholders of VIC government have been consistently aware of the dependability of the electronic information and the risks. These are seen or otherwise presented not only by the malicious activities but also by the accidental exposure. The uncertainty has been inherent in VIC. This could not be avoided. However, in order to complete the projects successfully, VIC must be very proactive, cautious and free minded in managing the uncertainty and risks References: Brindley, C. (Ed.). (2017).Supply chain risk. Taylor Francis. CPDP - Home. (2017).Cpdp.vic.gov.au. Retrieved 21 August 2017, from https://www.cpdp.vic.gov.au/10-data-security Davies, J. C. (2014).Comparing environmental risks: tools for setting government priorities. Routledge. Drennan, L. T., McConnell, A., Stark, A. (2014).Risk and crisis management in the public sector. Routledge. Haimes, Y. Y. (2015).Risk modeling, assessment, and management. John Wiley Sons. Hopkin, P. (2017).Fundamentals of risk management: understanding, evaluating and implementing effective risk management. Kogan Page Publishers. Lam, J. (2014).Enterprise risk management: from incentives to controls. John Wiley Sons. Libich, J., Mach?ek, M. (2017). Insurance by government or against government? Overview of public risk management policies.Journal of Economic Surveys,31(2), 436-462. McNeil, A. J., Frey, R., Embrechts, P. (2015).Quantitative risk management: Concepts, techniques and tools. Princeton university press. Mcube, U., Gerber, M., Von Solms, R. (2016, May). Scenario-based IT risk assessment in local government. InIST-Africa Week Conference, 2016(pp. 1-9). IEEE. MetaAuthor:, M. (2017).Victorian Government Risk Management Framework.Vmia.vic.gov.au. Retrieved 21 August 2017, from https://www.vmia.vic.gov.au/risk/victorian-government-risk-management-framework Olson, D. L., Wu, D. D. (2015).Enterprise risk management(Vol. 3). World Scientific Publishing Co Inc. Pritchard, C. L., PMP, P. R. (2014).Risk management: concepts and guidance. CRC Press. Sadgrove, K. (2016).The complete guide to business risk management. Routledge. Webster, D. (2014). Effective Enterprise Risk Management: Mapping the Path Forward.Managing Risk and Performance: A Guide for Government Decision Makers, 267-292. Webster, D. W. (2014). Introduction to Enterprise Risk Management for Government Managers.Managing Risk and Performance: A Guide for Government Decision Makers, 113-136.