Get Instant Help From 5000+ Experts For
question

Writing: Get your essay and assignment written from scratch by PhD expert

Rewriting: Paraphrase or rewrite your friend's essay with similar meaning at reduced cost

Editing:Proofread your work by experts and improve grade at Lowest cost

And Improve Your Grades
myassignmenthelp.com
loader
Phone no. Missing!

Enter phone no. to receive critical updates and urgent messages !

Attach file

Error goes here

Files Missing!

Please upload all relevant files for quick & complete assistance.

Guaranteed Higher Grade!
Free Quote
wave

Diagram describing current security risks and concerns of VIC government

The CPDP, known as Commissioner for Privacy and Data Protection has developed the Victorian Protective Data Security Framework (VPDSF). This framework was developed for the security of data and management of data in Victoria by Privacy and Data Protection Act, 2014 (Clarke, 2014). The Victorian Protective Data Security Framework first came into act on 28th of June in 2016. In Victoria, the data security risks are protected and managed by Victorian Protective Data Security Framework (VPDSF). There are many processes that the framework consists of: the standards that are required for Protective Data Security of Victoria, guides that deal with supplementary and resources for the security and also the assurance model that deals with the security framework.

The detailed instructions that are needed to protect the data of the Victoria are compiled in the framework. It also states all the way that are possible to instruct the agencies who deals with the security system of a company and the system. The agency follows a number of documents and policies that are stated in VPDSF (Adams & Lee?Jones, 2017). This consists of a security management framework and also the procedures that are connected in handling business practices, an governing access management government that decides who can actually access and handle the data. It also prepares program and training for the employees and the staffs, who have duties to handle the data, manage the plans of the government that are mostly formal. It also provides a guarantee to the third party to the suppliers.

This paper sheds light on the current security risks and concerns that VIC government deals. This paper illustrates a diagram showing security risks. A comparative study between the types of risks is elaborately discussed. The types of risks are deliberate risks and accidental risks. Comparison between Risk and uncertainty is discussed and the challenges that are faced by the VIC Government, consequent approaches are also discussed describing the Risk Mitigation approaches and the Risk Control approaches.

VIC government has analyzed risk development methods that are used by organization and enterprises of Victoria. The risk approaches and their consecutive mitigation methods are described in the diagram (Alcorn, A.M., Good, J. and Pain, 2017). The diagram is made by using the Microsoft Visio software. The components that are shown in the diagram are types of risk that an information system may come across and their guidelines that are followed by the VIC Government.

Explanation of the diagram and the areas of risks exposure

Fig: Current security risks of VIC Government

Source (Created by Microsoft Visio)

Description of the diagram

VIC Government: To secure the risk and the safety of the customer, VIC government plays an important role in securing the data. The primary thing of the VIC Government is to maintain the risk assessment. To carry out the smart implementation of the system, the implementation of having a security regarding the information system is needed. For smart and effective information of processing the data, storing the data is needed and for that security is provided by the VIC Government.

Risks that are related to information security:

Accidental Risks: The operation that creates an issue in an organization suddenly is known as accidental threats. These threats are not predicted from before. This comes accidentally to the organization. The threats that are accidental do not create much problem to the enterprise. To safely doing an operation to implement an information system is done by proper planning. The accidental threats that come in an organization are much not dangerous to the enterprise. The accidental threats that occur in an organization are the programming error, staff errors, communications that fails, operations that fails and the information loss of the organization.

Deliberate Risks: The most dangerous threat that comes to the organization is the deliberate threats. This leads to most crucial impact for the operations that are related to information security. The threat that purposely harms the operation of the enterprise or organization is known as the deliberate threats. The deliberate threats are the most crucial one and are counted as the highest among all the threats that an organization faces. These have the highest priority of all the risks in an organization. The threats that are deliberate are industrial action, software piracy, harmful software that are unauthorized, issues that are related to social engineering, denial of the services, industrial action and eavesdropping.

Framework of Victorian Protective Data Security

Standards of Victorian Protective Data Security: To give a protection to the information or data of the public and 18 high level requirements that are mandatory are published. The standards also provide governance for four main sectors of ICT, physical security, information and personnel (Borgman, Mubarak & Choo, 2015). The standard of VPDS is followed by four protocols. The improvement steps of the plan, act, check and do are the followed by this standard. These standards help the organization to maintain any security or threats that are newly updated. The standards that are followed by Victorian Protective Data Security are:

  • The operational and the policy of the government of Victoria are taken into consideration.
  • To give a respect to the work that organization of the public sector of Victoria does in supplying the critical services.
  • The international and the national approaches that are related to security are reflected.
  • Instead of focusing on all other official assets, the focus should be only on the information security.
  • The domain of security of the ICT and identify security information as a individual problem.
  • The service providers that are directly or indirectly required for the access of the information are required.

Risks that are related to information security

The standards that are followed by the VIC Government are durable and are also considered to provide a approach of risk management that helps business government to perform its function safely, securely and effectively.

Assurance Model: For implementing Victorian Protective Data Security Standard, to measure the organization’s maturity Assurance model is required.

The aim of the assurance model is to increase the practices of the protective data security of the organization and also give assurance to the enterprise to securing the information that are related to the organization.

Responsibilities and roles of Commissioner for Privacy and Data Protection and organizations: The powers and the functions of Commissioner for Privacy and Data Protection are assured and monitored by the PDPA. The responsibilities includes to establish the framework for assuring and monitoring the data of the public sector and also to promote the security practices for the protection of data in public sector (Covello et al., 2013). To ascertain the compliance regarded to standards of the security are assured and monitored that includes the audits are the also in the responsibilities of the Commissioner for Privacy and Data Protection. Recommendation and formal reporting that are regarded to the security of data are also regarded. The data security that are related to public sector of Victoria are researches an analyzed.  The functions that are discussed help the Commissioner for Privacy and Data Protection to provide the organization of public sector of Victoria an assurance for the protection. With the help of these responsibilities, the objectives and the goals of the organization are accomplished economically and efficiently.

Guiding Principles: To give a safeguard to the data that are related to the organization, protective security measures are implemented (Healey, 2016). To calculate the security practices that are prospective and current, the guiding principles are required.

Governance: The governance arrangements that are needed to protect the data security of the organization planning are needed.

Risk management: To make the decisions informed and to give priority to the security effort is the work of the risk management.

Information Value: To give a protection to the data or information, to understand the value of information is needed.

Security Culture: To provide a support to the services that are provided by the government, a security culture is needed to mature and account the understanding the risk management.

Improvement Life Cycle: To give a maturity to the practices of the data security, there is a continuous need of improving the lifecycle model of the organization.

Framework of Victorian Protective Data Security

Objectives: The objective of the organization should be made clear so that they are able to achieve the goal that is needed by the business organization in an economic, efficient and effective manner. 

Areas of Risk Exposure

Description

Examples

Areas that are in high risk exposure

The operation of the project is altered and creates a critical and high impact on the VIC Government information system.

Data theft, phishing, Malware, Intrusion

Areas that have medium risk

The impact of operation on the project is medium and moderately impacts on the VIC Government.

Software issues, data misinterpretation, Issues of design.

Areas that have medium low risks  

This has a medium low capacity on the project that it is dealing with.

Integration issue, Data incompatibility and wrong data entry.

Areas that are in low risk exposure

Does not affect much on the project that is working upon and rarely impacts the Government of VIC

Issues of Social engineering  and Errors that are generated by users.

The most dangerous threat that comes to the organization is the deliberate threats. This leads to most crucial impact for the operations that are related to information security (Johnson et al., 2015). The threat that purposely harms the operation of the enterprise or organization is known as the deliberate threats. The deliberate threats are the most crucial one and are counted as the highest among all the threats that an organization faces. These have the highest priority of all the risks in an organization. The threats that are deliberate are industrial action, software piracy, harmful software that are unauthorized, issues that are related to social engineering, denial of the services, industrial action and eavesdropping.

According to Fernandez (2015), the operation that creates an issue in an organization suddenly is known as accidental threats. These threats are not predicted from before (Lam, 2014). This comes accidentally to the organization. The threats that are accidental do not create much problem to the enterprise. To safely doing an operation to implement an information system is done by proper planning. The accidental threats that come in an organization are much not dangerous to the enterprise (Nieles, Dempsey & Pillitteri, 2017). The accidental threats that occur in an organization are the programming error, staff errors, communications that fails, operations that fails and the information loss of the organization.

1st- The deliberate risks have high risks on the organizations that deals with the security of the information or data. The threat that purposely harms the operation of the enterprise or organization is known as the deliberate threats. The deliberate threats are the most crucial one and are counted as the highest among all the threats that an organization faces.

2nd- The risks that are accidental are less harmful than the deliberate risks. This comes accidentally to the organization. The threats that are accidental do not create much problem to the enterprise. To safely doing an operation to implement an information system is done by proper planning.

For unsuccessful implied and effective operations that are held in organization, risk is the main factor for not accomplishing the goal (Nowak, 2013). The hindrance that are caused by the risks of the organization and results in building the issues of the operation that is dealt with are involved in the organization. The risks that are included in implementing the staff errors, transmission errors, fraud and theft that are caused, malwares, eavesdropping and errors related to industries.

Assurance Model

The doubts or factors that effects in developing the information system are known as uncertainty. The outcomes that are estimated that comes from the uncertainties are ensured by the operation of the development. The factors of uncertainties are website intrusion, access that are unauthorized, loss of data, communication failure, software privacy and the software.

To form the development those are effective for the operations of the organization are implemented by the information system of VIC (Mans et al., 2013). Some challenges are faced by the VIC government to maintain the risk of the information security. There are mainly two types of challenges that are faced by the VIC Government: Security Challenges and Operational Challenges.

Security Challenges: The most dangerous challenge that comes to the organization is the operations that are made purposely in an enterprise or business organization. This leads to most crucial impact for the operations that are related to information security. The threat that purposely harms the operation of the enterprise or organization is known as the deliberate threats (Perera & Nand, 2015). The deliberate threats are the most crucial one and are counted as the highest among all the threats that an organization faces. These have the highest priority of all the risks in an organization. The threats that are deliberate are industrial action, software piracy, harmful software that are unauthorized, issues that are related to social engineering, denial of the services, industrial action and eavesdropping.

Operational Challenges: The operation that creates an issue in an organization suddenly is the operational challenges of an organization. These threats are not predicted from before. This comes accidentally to the organization. The threats that are accidental do not create much problem to the enterprise (Rakow, Heard & Newell, 2015). To safely doing an operation to implement an information system is done by proper planning. The accidental threats that come in an organization are much not dangerous to the enterprise. The accidental threats that occur in an organization are the programming error, staff errors, communications that fails in the enterprise, operations that fails and the information loss of the organization.

a. Risk Control Approaches

Avoidance: Avoidance is the best approach that is used to control the risk that comes in an organization (Rasmussen, 2013). To avoid the risk that comes in an organization, vital separation is done. This method is used to discard the risk.

Loss Prevention: The slaughters are solved instead of the containment in loss prevention strategy. To keep up a vital separation from threat the risk are identified in this control strategy method.

Responsibilities and roles of Commissioner for Privacy and Data Protection and organizations

Loss Reduction: The loss reduction control helps to control the risks and also the hardship of the risk that arises from the threat of an information security.

Separation: The primary resources are disseminated by the separation control approaches of risk control (Silbey, 2013). If something unwanted comes to the organization it is been separated from the organization before its arrival.

b. Risk Mitigation Approaches

Risk Acceptance: Risk acceptance is considered to be a strategy of risk mitigation. To handle the risk that arrives in many of the organization, first of all the risk must be accepted (Spring, 2014). This strategy of risk acceptance is only used of the risk that arrives is not much severe.

Risk Avoidance: Opposite to risk acceptance there is a strategy of risk avoidance. The risks that are faced by the information security of the VIC Government are always avoided (Steinberg, 2016). The processes that are involved in the risk avoidance mitigation technique are the most expansive one.

Risk Limitation: Risk limitations are used by all types of organizations which includes large organization to small organizations (Von Solms & Van Niekerk, 2013). This mitigation technique states that the organization must lessen its risk limit exposure for the process they are involving.

Risk Transference: Risk transference is a method in which the tasks are over handed to third parties who are able to deal with the task. It should be kept in mind that the third party to whom the task is handed over is also willing taking the task.

Conclusion

The report deals with the case study of the VIC Government that deals with the security risk of the information security. The case study involves the risk assessment techniques that are used by the VIC Government to control and mitigate the risk that comes to the organization of Victoria. Certain principles and standards are used by the VIC Government to fight with the risk that comes to the information security risks.

In this report, detailed information is given about the current security risks and concerns that VIC government deals. This paper illustrates a diagram showing security risks. A comparative study between the types of risks is elaborately discussed. The types of risks are deliberate risks and accidental risks. Comparison between Risk and uncertainty is discussed and the challenges that are faced by the VIC Government, consequent approaches are also discussed describing the Risk Mitigation approaches and the Risk Control approaches.

Guiding Principles

References

Alcorn, A.M., Good, J. and Pain, H., (2013, July). Deliberate system-side errors as a potential pedagogic strategy for exploratory virtual learning environments. In International Conference on Artificial Intelligence in Education (pp. 483-492). Springer Berlin Heidelberg

Adams, C., & Lee?Jones, K. (2017). Sharing personal information in the child protection context: Impediments in the Australian legal framework. Child & Family Social Work.

Borgman, B., Mubarak, S., & Choo, K. K. R. (2015). Cyber security readiness in the South Australian Government. Computer Standards & Interfaces, 37, 1-8.

Bommer, J. J., Crowley, H., & Pinho, R. (2015). A risk-mitigation approach to the management of induced seismicity. Journal of Seismology, 19(2), 623-646.

Clarke, R. (2014). The regulation of civilian drones' impacts on behavioural privacy. Computer Law & Security Review, 30(3), 286-305.

Covello, V. T., Lave, L. B., Moghissi, A. A., & Uppuluri, V. R. R. (Eds.). (2013). Uncertainty in risk assessment, risk management, and decision making (Vol. 4). Springer Science & Business Media.

Fernandez, A., Lopez, V., del Jesus, M. J., & Herrera, F. (2015). Revisiting evolutionary fuzzy systems: Taxonomy, applications, new trends and challenges. Knowledge-Based Systems, 80, 109-121.

Healey, A. N. (2016). The insider threat to nuclear safety and security. Security Journal, 29(1), 23-38. 

Johnson, L., Adams Becker, S., Estrada, V., & Freeman, A. (2015). The NMC Horizon Report: 2015 Museum Edition. New Media Consortium. 6101 West Courtyard Drive Building One Suite 100, Austin, TX 78730.

Lam, J. (2014). Enterprise risk management: from incentives to controls. John Wiley & Sons.

Mans, R. S., van der Aalst, W. M., Vanwersch, R. J., & Moleman, A. J. (2013). Process mining in healthcare: Data challenges when answering frequently posed questions. In Process Support and Knowledge Representation in Health Care (pp. 140-153). Springer Berlin Heidelberg.

Nieles, M., Dempsey, K., & Pillitteri, V. Y. (2017). An Introduction to Information Security. NIST Special Publication, 800, 12.

Nowak, B. (2013). A 5-step strategy for harnessing global information growth.Information Management, 47(4), 42.

Perera, R., & Nand, P. (2015, April). A multi-strategy approach for lexicalizing linked open data. In International Conference on Intelligent Text Processing and Computational Linguistics (pp. 348-363). Springer International Publishing.

Rakow, T., Heard, C. L., & Newell, B. R. (2015). Meeting Three Challenges in Risk Communication Phenomena, Numbers, and Emotions. Policy Insights from the Behavioral and Brain Sciences, 2(1), 147-156.

Rasmussen, S. (2013). Risk and uncertainty. In Production Economics (pp. 163-180). Springer Berlin Heidelberg.

Silbey, S. S. (2013). Organizational Challenges to Regulatory Enforcement and Compliance A New Common Sense about Regulation. The Annals of the American Academy of Political and Social Science, 649(1), 6-20.

Spring, J. (2014). Fall 2014 SEI Research Review: Malware Analysis. CARNEGIE-MELLON UNIV PITTSBURGH PA SOFTWARE ENGINEERING INST.

Steinberg, A. N. (2016). A model for threat assessment. In Fusion Methodologies in Crisis Management (pp. 313-340). Springer International Publishing.

Von Solms, R., & Van Niekerk, J. (2013). From information security to cyber security. computers & security, 38, 97-102.

Cite This Work

To export a reference to this article please select a referencing stye below:

My Assignment Help. (2022). Understanding The VPDSF Essay And VIC Government's Security Risks. (70 Characters). Retrieved from https://myassignmenthelp.com/free-samples/itc596-it-risk-managemnet/risk-management-of-information-technology-of-vic-file-E95350.html.

"Understanding The VPDSF Essay And VIC Government's Security Risks. (70 Characters)." My Assignment Help, 2022, https://myassignmenthelp.com/free-samples/itc596-it-risk-managemnet/risk-management-of-information-technology-of-vic-file-E95350.html.

My Assignment Help (2022) Understanding The VPDSF Essay And VIC Government's Security Risks. (70 Characters) [Online]. Available from: https://myassignmenthelp.com/free-samples/itc596-it-risk-managemnet/risk-management-of-information-technology-of-vic-file-E95350.html
[Accessed 15 April 2024].

My Assignment Help. 'Understanding The VPDSF Essay And VIC Government's Security Risks. (70 Characters)' (My Assignment Help, 2022) <https://myassignmenthelp.com/free-samples/itc596-it-risk-managemnet/risk-management-of-information-technology-of-vic-file-E95350.html> accessed 15 April 2024.

My Assignment Help. Understanding The VPDSF Essay And VIC Government's Security Risks. (70 Characters) [Internet]. My Assignment Help. 2022 [cited 15 April 2024]. Available from: https://myassignmenthelp.com/free-samples/itc596-it-risk-managemnet/risk-management-of-information-technology-of-vic-file-E95350.html.

Get instant help from 5000+ experts for
question

Writing: Get your essay and assignment written from scratch by PhD expert

Rewriting: Paraphrase or rewrite your friend's essay with similar meaning at reduced cost

Editing: Proofread your work by experts and improve grade at Lowest cost

loader
250 words
Phone no. Missing!

Enter phone no. to receive critical updates and urgent messages !

Attach file

Error goes here

Files Missing!

Please upload all relevant files for quick & complete assistance.

Plagiarism checker
Verify originality of an essay
essay
Generate unique essays in a jiffy
Plagiarism checker
Cite sources with ease
support
Whatsapp
callback
sales
sales chat
Whatsapp
callback
sales chat
close