Security Threats And Ranking Of VIC Government

Illustration of Security Risks and Threats in VIC Government

Discuss About The Security Threats And Its Ranking According?

In this era of information and communication technology, security is an essential requirement for any type of organization whether private or public. Government is responsible for tackling different types of data and must be taken care of without any problem. Data breach of any type of sensitive data can cause problems.  VIC government is the government of the state Victoria in Australia. It deals with different types of data and must be taken care of in a proper manner.

This report discusses about the types of security threats that VIC government faces and it also ranks the various category of risks based on their degree of exposure. This report also points out the various types of exposure in high, low, medium risk exposure category. There are several types of risk under which the deliberate and accidental risks are mainly important. This report compares and contrasts both the risk in a comprehensive manner.  This report also discusses about the several challenges that VIC government faces while deciding about the internal and external risk advisors. A brief difference between risk and uncertainty is also mentions in this report. The risk management and assessment of the VIC government is also discussed in this report.

The diagram below shows the risks and threats of the VIC Government.

                                                  Figure 1: Factors of Risk and Threats in information system of VIC Government

                                                                           (Source: Created by the author in Ms-Visio)

The diagram given above shows the different security threats faced by the VIC governments. The diagram shows that the VIC government has a code of practice along with the information system. There are four main categories of risks shown in the diagram. They are accidental, deliberate, internal and external risks or threats. This diagram also shows the risk management and assessment system of the VIC government.

VIC Government: VIC or the Victoria Government is the state government of the state of Victoria in Australia. This government has several type of information in the system of the government. The information is sensitive in nature and if these data are lost or manipulated then this can lead to severe trouble for the entire state and even the country (Von Solms & Van Niekerk, 2013). This government has the control and rights over the information of the user. The members of the VIC government are the users of the information system of the government.

Explanation of the Diagram and Categorization of Risk Factors

Information System: The information system in the government is the information management system that consists of the software and database that stores several sensitive data of the members of the government. The VIC government is responsible for the handling the data and information present in the system of the government (Bommer, Crowley & Pinho, 2015). Only authorized users are not able to access the VIC government data. Effective and efficient management of the system allows the government to work in a proper and well planned manner.

Code of Practices: A set of norms that is followed in order to maintain a proper working of the government is called the code of practices. This code of practices is well integrated and complies with ISO, IEC.AC, and AZS 17799:2001 that is declared by the code of ethics. This code of ethics states and tells the only authorized people will be able to access information in the database and information system present in the organization. This would not allow the non users of the organizations to access information that are sensitive in nature. Unauthorized access can lead to misuse as well as deletion of information.

Threats and Risks: Threats are very severe issue for an organization as well as the government. Government is responsible for managing a state. In this case study the VIC state government of the Victoria state of Australia is responsible for managing the entire state of Victoria (Bommer, Crowley & Pinho, 2015). The risks and threats of the government are discussed in this report in details. The risks and threats are the most important factors that affect the information flow of the organization.

Accidental Threats: These are the types of threats that do not have any wrong motive. These threats take place in an accidental manner (Alcorn, Good & Pain, 2013). It does not affect the information flow in the system due to accidental flow. There can be failure of communication due to this type of threat. There can be technical error and unseen situations that can take place in the future. There can also be transmission errors. Deletion of information due to some mistake of the employees is a good example of accidental threat. Accidental threats are not much harmful because this can be rectified after identification.

Deliberate Threats: These are the types of threats that are dangerous in nature. These deliberate threats are done purposely by any hacker or malicious software (Von Solms & Van Niekerk, 2013). These are done for the purpose of harming the organization or government. These threats do affect the operation of the government. It is very difficult to rectify these types of problems.  These types of threats take place due to theft and fraud. Eavesdropping, unauthorized access, malwares, software piracy and denial of services are some of the type of deliberate threats.

Description of the components of diagram

External Threats: These are the types of threats that are not under the control of the government. These are external to the government (Lam, 2014). These threats take place due to external forces like political instability and environmental policies. There are other main types of external threats like competition among the several organizations and parties. These threats cannot be controlled by the government as these are extrinsic in nature.

Internal Threats: These are the types of threats that are intrinsic in nature. There are several types of internal threats like problem among the employees, technological obsolescence, lack of resources and financial limitations. These threats are under the control of the government and they can take necessary steps to overcome such threats (Man et al., 2013). There will not be much harm due to these types of threat as the employees are quiet aware of the situation and then the employees can find a method of rectifying the issues (Alcorn, Good & Pain, 2013).  Internal threats are the cause of internal combustion. There can be failure of communication due to these types of threats.

Risks can be classified in terms of various exposures due to its impact on the government. These types of exposures are classified according to the degree of impact into high risk exposure area, medium low risk area, medium risk area and low risk area (Lam, 2014).

High Risk Exposure: This is a type of threat that has great impact on the operations of the government. This is a type of threat where the government will be affected in a serious manner and that cannot be rectified. This type of risk cannot be controlled by the government. The external and deliberate risks are under this category.  These are the types of threats that are not under the control of the government. These are external to the government (Lam, 2014). These threats take place due to external forces like political instability and environmental policies. These threats cannot be controlled by the government as these are extrinsic in nature.  There are other main types of external threats like competition among the several organizations and parties. . The deliberate threats are done purposely by any hacker or malicious software (Von Solms & Van Niekerk, 2013). These are done for the purpose of harming the organization or government. Eavesdropping, unauthorized access, malwares, software piracy and denial of services are some of the type of deliberate threats (Zargar, Joshi & Tipper, 2013). These threats do affect the operation of the government. It is very difficult to rectify these types of problems.  These types of threats take place due to theft and fraud.

Accidental Threats:

Medium Risk Exposure: The medium risk exposure means that the impact is moderate on the government. These types of threats affect the operation and flow of information in the government in a moderate manner. These are generally the internal type of risks. The technical errors that take place are rectifiable in nature and can be classified under this category (Bommer, Crowley & Pinho, 2015). These are the types of threats that are intrinsic in nature. These threats are under the control of the government and they can take necessary steps to overcome such threats (Man et al., 2013).  There are several types of internal threats like problem among the employees, technological obsolescence, lack of resources and financial limitations. Internal threats are the cause of internal combustion. There can be failure of communication due to these types of threats. There will not be much harm due to these types of threat as the employees are quiet aware of the situation and then the employees can find a method of rectifying the issues (Alcorn, Good & Pain, 2013). 

Medium Low Risk Exposure: These are the types of threat whose impact is medium to low in nature. Consider a situation of spamming that goes on in the environment. They can take place at any time.

Low Risk Exposure: These types of threats do not have any great impact on the flow of operations and information of the government. These types of threats are not deliberate in nature. They are accidental threats. These are the types of threats that do not have any wrong motive. These threats take place in an accidental manner (Alcorn, Good & Pain, 2013). It does not affect the information flow in the system due to accidental flow. There can also be transmission errors. Deletion of information due to some mistake of the employees is a good example of accidental threat. Accidental threats are not much harmful because this can be rectified after identification. There harmfulness degree is less.

Accidental Threats: These are those kinds of threats that occur because of unwanted errors committed by the employees. There are no malicious intentions behind such types of risks (Man et al., 2013). The exposure level of this threat is low as this does not affect the government in a severe manner. These threats take place in an accidental manner (Alcorn, Good & Pain, 2013). It does not affect the information flow in the system due to accidental flow. There can be failure of communication due to this type of threat. There can be technical error and unseen situations that can take place in the future. There can also be transmission errors. These are the types of threats that do not have any wrong motive.

Deliberate Threats:

Rank: This threat is given 2^nd position.

Example: Wrong entry of data by the employees, deletion or modification of data due to some mistake.

Reason for the rank 2: This type of threat does not have any specific wrong motive behind the act. Here the employees are unmindful and careless and does some mistake by their own fault.

Deliberate Threat:  These threats take place due to hacking or other malware that have wrong intention in harming the operation and information of the entire organization or the government. It is very difficult to rectify these types of problems. The deliberate threats are done purposely by any hacker or malicious software (Von Solms & Van Niekerk, 2013). These are done for the purpose of harming the organization or government.

Example: Malicious software or malware (Green, Payne & Wood, 2013), hacking, denial of service attack, virus, Trojan horses.

Reason for Rank 1:  There are specific wrong motives behind this type of threat. It attacks and harms the government in a dangerous way. The problems faced b y the government due to this type of threat is extremely in nature. 

Several challenges are faced by the government in deciding and selecting a risk management method among the two.

Internal Security Management: These types of management techniques involve the employees or members of the government to participate in the organization in order to manage security related issues (Lam, 2014). The benefit of this plan is that the money spent will be less. The challenges will be conflict of roles. There will be competition among the employees as to who is powerful and this will indirectly affect the productivity of the organization.

External Security Management: The benefits of hiring external agents for managing risk will help the government in many ways. They will be able to gather satisfactory information and solve the problem in a proper way (Ali et al., 2014). There can be issues related to loss of control and misunderstandings leading to more chaos (Rakow, Heard & Newell, 2015). There can be problems like mislead also.

Risk is known to be the winning or losing probability of anything that is worthy of consideration.  It has an extremely uncertain nature (Rasmussen, 2013). VIC considers the security related threats to be the risks that are associated with the government. Risks can be controlled by taking specific procedures (Silbey, 2013). Risk can never be eliminated but it can be minimized to some extent.

External Threats:

Any situation whose future happenings are not known can be considered to be uncertain. The future of any event will not be visible to the VIC government leading to tremendous risk of the operations (Covello et al., 2013). Uncertainties cannot be controlled by the government of Victoria. Uncertainty is the base of risk.

The VIC government can take massive steps to mitigate risks. They need to select the right people for the right task (Perera & Nand, 2015). The analysis approach of risk management chooses the best option among several options. The strategy approach on the other hand makes up various strategies to overcome the risks. The investigation approach examines and scrutinizes various ways to find out the best way to deal with risk in the government. The initial step involves planning followed by risk assessment and handling (Nowak, 2013). Proper identification needs to be done before the analysis phase. Then is the procedure of risk mitigation and risk evaluation (Cheng, Liu & Yao, 2017). These types of approaches can be used by the VIC government in order to overcome and prevent any breach of security.

Conclusion

This report concludes that the several threats of security that are faced by the VIC government can be resolved by a procedural risk management approach. The risks are categorized into several categories of high risk, medium, medium low and low risk exposure area depending on their impact on the government of Victoria, Australia. This report also described the challenges of the internal and external risk advisors along with their benefits and challenges. Risks and uncertainty are two different things and these are also explained in a brief manner. The report finally concludes that risks can be mitigated by following certain approaches that are well suited for the government.

References

Alcorn, A.M., Good, J. and Pain, H., (2013, July). Deliberate system-side errors as a potential pedagogic strategy for exploratory virtual learning environments. In International Conference on Artificial Intelligence in Education (pp. 483-492). Springer Berlin Heidelberg

Ali, E., Denis, A. F., Kujur, F. E., & Chaudhary, M. (2014). Risk Management Strategies for Accidental Risk Occurrence on Construction Sites–A Case Study of Allahabad. Journal of Academia and Industrial Research (JAIR),3(2), 89.

Bommer, J. J., Crowley, H., & Pinho, R. (2015). A risk-mitigation approach to the management of induced seismicity. Journal of Seismology, 19(2), 623-646.

Cheng, L., Liu, F., & Yao, D. D. (2017). Enterprise data breach: causes, challenges, prevention, and future directions. Wiley Interdisciplinary Reviews: Data Mining and Knowledge Discovery, 7(5).

Covello, V. T., Lave, L. B., Moghissi, A. A., & Uppuluri, V. R. R. (Eds.). (2013). Uncertainty in risk assessment, risk management, and decision making (Vol. 4). Springer Science & Business Media.

Green, D. E., Payne, R., & Wood, T. (2013). U.S. Patent No. 8,402,529. Washington, DC: U.S. Patent and Trademark Office.

Healey, A. N. (2016). The insider threat to nuclear safety and security. Security Journal, 29(1), 23-38.

Lam, J. (2014). Enterprise risk management: from incentives to controls. John Wiley & Sons.

Mans, R. S., van der Aalst, W. M., Vanwersch, R. J., & Moleman, A. J. (2013). Process mining in healthcare: Data challenges when answering frequently posed questions. In Process Support and Knowledge Representation in Health Care (pp. 140-153). Springer Berlin Heidelberg.

Nowak, B. (2013). A 5-step strategy for harnessing global information growth.Information Management, 47(4), 42.

Perera, R., & Nand, P. (2015, April). A multi-strategy approach for lexicalizing linked open data. In International Conference on Intelligent Text Processing and Computational Linguistics (pp. 348-363). Springer International Publishing.

Rakow, T., Heard, C. L., & Newell, B. R. (2015). Meeting Three Challenges in Risk Communication Phenomena, Numbers, and Emotions. Policy Insights from the Behavioral and Brain Sciences, 2(1), 147-156.

Rasmussen, S. (2013). Risk and uncertainty. In Production Economics (pp. 163-180). Springer Berlin Heidelberg.

Silbey, S. S. (2013). Organizational Challenges to Regulatory Enforcement and Compliance A New Common Sense about Regulation. The Annals of the American Academy of Political and Social Science, 649(1), 6-20.

Spring, J. (2014). Fall 2014 SEI Research Review: Malware Analysis. CARNEGIE-MELLON UNIV PITTSBURGH PA SOFTWARE ENGINEERING INST.

Steinberg, A. N. (2016). A model for threat assessment. In Fusion Methodologies in Crisis Management (pp. 313-340). Springer International Publishing.

Von Solms, R., & Van Niekerk, J. (2013). From information security to cyber security. computers & security, 38, 97-102.

Zargar, S. T., Joshi, J., & Tipper, D. (2013). A survey of defense mechanisms against distributed denial of service (DDoS) flooding attacks. IEEE communications surveys & tutorials, 15(4), 2046-2069.