Thursday, December 12, 2019
Case Study NSW Government
Question: Discuss about theCase Studyfor NSW Government. Answer: Diagram for Security Risks Faced by NSW Government Figure 1: Diagram for Security Risks and Concerns (Source: Created by Author) Explanation of the Diagram The diagram above illustrate that there are number of factors, which are related with the information security risk of NSW government. From the diagram, it is analyzed that NSW government faces both the internal as well as external risks, which are categorized as Deliberate and Accidental threats. The interrelationships between different elements, which are associated with the security risks and control, are provided by the concept of risk. The development of Information Security Management System is dependent on the concept of risk relationship. The other important factor is ISMS as well as code of practice, which are used for selecting the control of information security. The risk assessment processes are quite important for selecting proper and effective method of control. It also helps in mitigating the issues that NSW governments are facing. Identification of the Areas of Risk Exposure Threats High Medium Medium-Low Low Risk Internal Risks Deliberate Fraud as well as Theft Actions of the organization Social Engineering Changes in the software that are not authorized Utilization of Pirated Software Sabotage Accidental Communication services Failures Outsourced Operations failures Absence of various key personnel Rerouting or misrouting of messages Error generated by the user or Operational Staff External Risks Deliberate Data access by using unauthorized procedure Denial of different services Malicious destruction of various data and facilities Repudiation Masquerade Intrusion in website Dial in access is unauthorized Accidental Errors in software programming Technical Failures ----- Transmission errors Comparative Analysis of Accidental and Deliberate Threats The NSW government is guided by the information security framework for reducing the risks and threats. The management security as well as information system of NSW government faces lot of threats and challenges in context to accessibility as well as reliability. The users who are not authorized can fetch or hack the personal information when the domain of ICT government changes. Different types of destruction and manipulation of hardware as well as software leads to the occurrence of deliberate threats. It is analyzed by Behnia, Rashid and Chaudhry (2012) that deliberate attacks generally target the website of various organizations for hacking the financial as well as personal information of the employees without proper information. There is several organizations including CNN. America online is attacked by using the denial type of services where the hackers does not needs much skills or perquisite tool. The attacks led to loss of business creditability (Digital Information Security Policy | NSW ICT STRATEGY., 2016). There are different types of worms like virus, Trojan horse and they generate destruction in the database of the system. It resulted to loss of financial data, loss of confidentiality and many more. Accidental threats are referred to as omission, which helps in exploiting the information security system. These types of problems as well as omission are generally created with the help of human actions. The accidental threats resulted into sabotage, which are generally accidental errors. The organization also faces loss in finances, loss of public confidentiality and various types disruption in the commercial system (Bernardo 2012). Failure in the communication system leads to loss of availability of information and their accessibility by using various services of the organization. Software as well as different types of programming errors are developed by any user can help in corrupting an information system and the data are difficult to retrieve which is an important before the government of NSW. Ranking of Threats in Terms of Importance Different types of threats are analyzed in the organizations and after proper analyzing, it is found that among the three different threats, deliberate threat is the most effective. The threats are generated due to the various activities of humans but the positions of various threats are very much dependent on the difficulties, which the organization generally faces. Threats Impact Ranking Deliberate After proper analysis, it is analyzed that different types of typical threats as well as privacy concerns are quite active. There are number of factors that are present in this threat including industrial action, unauthorized access of different data and information, DOS, theft as well as fraud. Security of data, their flexibility as well as reliability are not present (NSW Government Digital Information Security Policy | NSW ICT STRATEGY., 2016). Very High Accidental After analyzing in detail, it is analyzed that security, honesty, consistency as well as elasticity are present in accidental threats but in context to data security, it is not feasible in the framework (Nassimbeni Sartor and Dus 2012). High Justification of the Ranking Based on real life implementation, different types of ranks are provided. The case study illustrates that as per the to the rank of commercial loss the ranking include very high, high, medium, low and very low. The case study is fully dependent on deliberate as well as accidental threats that are faced by NSW government therefore, rankings are provided depending on the threats. The table above reflects that the ranking is too high in context with the deliberate threat as it is concerned with data security and privacy. The data including that is accumulated in the database including financial and personal, can be fetched without proper and effective authorization. The NSW government is affected by the threat and thus it the rank provided is too high. It is analyzed that the accidental threats are ranked high as this type of threat has negative impact on the information system. The actions of human can be unintentional or intentional during effective as well as proper control of risk management.. Challenges Faced by NSW Government in Security Risk Management There are number of challenges that the NSW government faces in context with the security risk management. The risks include: Community associated digital information security: The NSW government adopts various security communities for reducing the information-based issue (Peltier 2016). This policy practices helps the organizations to perform effectively in the secured platform as major data security problems or challenges are faced by the government. Integrity and accessibility: This is also considered as an important issue in which content of the information changes due to the passive as well as active attacks from the hackers (Pearce, Zeadally and Hunt 2013). Therefore, it is quite important to have flexibility as well as reliability within the information system for removing the security issues. Events disseminations: The NSW government faced different types of dissemination as well as data security issues. The NSW government also faces many challenges due to the problems that are associated with the information security. Differentiation Between Uncertainty and Risks It is analyzed that there are certain risks as well as uncertainty, which are present in NSW government. These are as follows: Risk: From the perspective of Information security of NSW government, risk are defined as the possibility of losing benefit or advantages (Lo and Chen 2012).The result is defined with the help of feasibility study and the risks which are associated with it are uncontrollable. Uncertainty: Uncertainty re generally defined as future prediction which are very much unknown to the IS management. They are neither controllable nor they can be managed. Various types of Risk Control and Risk Mitigation Approaches There are number of approaches, which must be evaluated by the NSW government in the risk management as well as risk control frameworks. These are as follows: Assessment of the Scenario: In order to resolve the security issues regarding various control management system, feasibility study as well as economic appraisal are required to be incorporated (Klaic and Golub 2013). Analysis of the decision: Proper and effective selection of various organizational decisions is considered as one of the important approach for mitigating the management related risks (Nassimbeni, Sartor and Dus 2012). Sensitivity analysis: For mitigating the sensitivity issues, the government incorporated different application models in order to maintain the various operations. References Behnia, A., Rashid, R. A., and Chaudhry, J. A., 2012. A survey of information security risk analysis methods. SmartCR, 2(1), 79-94. Bernardo, D. V., 2012. Security risk assessment: toward a comprehensive practical risk management. International Journal of Information and Computer Security, 5(2), 77-104. Burdon, M., Siganto, J., and Coles-Kemp, L., 2016. The regulatory challenges of Australian information security practice. Computer Law Security Review. Digital Information Security Policy | NSW ICT STRATEGY., 2016. Finance.nsw.gov.au. Retrieved 16 August 2016, from https://www.finance.nsw.gov.au/ict/priorities/managing-information-better-services/information-security Klaic, A., and Golub, M., 2013. Conceptual modeling of information systems within the information security policies. J Econ Bus Manage, 1(4), 371-376. Lo, C. C., and Chen, W. J., 2012. A hybrid information security risk assessment procedure considering interdependences between controls. Expert Systems with Applications, 39(1), 247-257. Nassimbeni, G., Sartor, M., and Dus, D., 2012. Security risks in service offshoring and outsourcing. Industrial Management Data Systems, 112(3), 405-440. NSW Government Digital Information Security Policy | NSW ICT STRATEGY., 2016. Finance.nsw.gov.au. Retrieved 16 August 2016, from https://www.finance.nsw.gov.au/ict/resources/nsw-government-digital-information-security-policy Pearce, M., Zeadally, S., and Hunt, R., 2013. Virtualization: Issues, security threats, and solutions. ACM Computing Surveys (CSUR), 45(2), 17. Peltier, T. R., 2016. Information Security Policies, Procedures, and Standards: guidelines for effective information security management. CRC Press.