IT Risk Management in Victorian Government-Samples for Students

Question: Discuss about the IT Risk Management and Security in Victorian Government. Answer: Introduction The application of applying principles of risk management in an IT organization that provides management for the risks and security associated with the IT field is the process called the IT risk management process. It is combination of culture system and processes that has been undertaken by the organizations that identifies and coordinates management of risk. This risk management to achieve the objectives they aim and to prevent the harm should spread awareness and evidence that explains the need of risk management for the further decision making process in the organizations (Chance Brooks 2015). The methodology of risk management should identify and characterize the threats, determine the general impact of the risk, identify the way to reduce the risks and hence prioritize the risk reduction based on the planned strategy in IT sectors. The risks are managed in the sectors of ownership, involvement, adoption, influence and the use of IT in a larger enterprise. The several numbers o f standards provides general guidance on the practice of risk management. There are much benefits of using intrusion detection system, firewalls and vulnerability scanner to reduce the risk and can be used by common people very easily. In this report we are going to discuss the current security risks and concerns in VIC government using a diagram. Further explaining the areas of risk exposure in the organization and analyzing the accidental threats. Justifying the threats and ranking accordingly focusing on the importance. Explaining and analyzing the security guideline of the private and public organization. Moreover discussing about the challenges faced by the by the VIC government during risk management as well as evaluating the available approach of VIC government for risk control and mitigation with relatable examples. Hence, critically analyzing approaches for mitigating security risks and evaluating the risks management in terms of vulnerabilities targeted by hackers. Identifying the security risks and concerns in VIC government Risk is basically the effect of uncertainty over the objectives. But there is a prior difference between risks and uncertainty (will be discussing later in this report). The risk management process hence implies: 1. The analysis, assessment, identification and prioritizing the risk for the achievement of the organizational objectives, 2. Allocating the resources to monitor, communicate, minimize and control risk impact that minimizes the realization of opportunities, 3. Coordinating to the activities (Chance Brooks 2015). The VIC government deals with several processes as mentioned above. The platform the government mainly concerns about are: Archives and Record management Ethical Decision making Information Risk Management Security Management Safety Response Using the Social Media Here we are going to discuss about the Risk Management in the Victorian Government and its impact on the private and public sector of the country (Daly, Cooper Ma 2014). Figure 1: VGPB strategic overview plan 2016-2021 (Source: By the Author) The current security risk in the Victorian Government is mainly the transport operators. This area can be seriously affected by the security risks. Normal level of services can be more cost effective and quicker if the organization prepares and anticipate for the risks (Davies, 2014). The VIC government has worked on this transport sector and produced a Security Risk Assessment Guide, which explains methodology for the small to large transportation operator and the security risk assessment that focuses on the current practices. Identifying areas of Risk Exposure The Victorian Government Purchasing Board (VGPB) was found under the Finance Management Act (FMA) 1994 (Dollard Gordon, 2014). The Victorian Protective Data Security Framework was established under the Privacy and Data Protection Act in 2014 that provides data security obligations to the agencies of Victorian public sector (Glendon, Clarke McKenna, 2016). It builds the security risk management maturity as well as capabilities by using the principles and guidelines that already exists; this reflects the unique operating requirements of the sector. The Victorian government developed the Victorian Protective Data Security Framework (VPDSF) to monitor, establish and assure the security of information within the boundaries of Victorian government. The current security risks and concerns of the VIC government are: to determine the ownership and identify information assess the value of information identifying and managing the data security risks applying needed security measures creating positive security culture maturing the capability of protective data security Across four protective security domains and governance, VPDSF provides the organization data security protection. The Victorian government takes care of the national interest, it remains mandatory for the Protective Security Policy Framework requirements (Hopkin, 2017). On the basis of the above diagram we can note that there are five major levels of VGPB strategy: Vision: This provides leadership of goods and services that delivers value-for-money in government procurement outcomes for Victorian government (Howes et al., 2015). Mission: This level ensures the government the ability to minimize risks and develop the procurement capabilities and enables the accessibility to these procurement opportunities for all business. This also delivers the value-for-money and fit-for opportunity. This policy framework changed the tactics of Victorian Government procure services and goods after being introduced by VGPB: 1. Enhanced and embed VGPB supply policy, 2. Implementation and development of a procurement capability strategy across process, people as well as system, 3. Engaging with suppliers and the market such that to improve business with the public sector of Victorian government, 4. Enlarging the impact of VGPBs on the Victorian public sector procurement, and 5. Measuring the importance and benefits of the framework of VGPB procurement. Directives: This section manages the Value-of-money, Accountability, Probity and Scalability of the framework. The Assurance model aims to enhance the maturity of the protective data security practice of an organization and ensures the protection of information against security breaches. There is a difference between Risk analysis and Risk Exposure. The areas of risk exposure can be part of any and every activity (Jaeger et al., 2013). Risk Exposure provides a measure to the upcoming possibility of losses that may occurs form an activity or event. In IT business risk exposure often use ranks like low, medium-low, medium and high risk exposure depending on the different kind of losses either it is acceptable or unacceptable. This may include legal liability, damaged or loss of property, employees unexpected turnover or in the change in demand of the customers (Kaine et al., 2017). In the Figure 1, the area of higher risk exposure is the Accountability since the accountancy part is risky and can be data breaches by penetrating the security system. The area of low-medium risk is the value of money (Lam, 2014). The third position for medium risk is the scalability and the lowest is the probity since it deals with the public sector. Analysis of Deliberate and Accidental Threats An example of a common threat in VIC: Threats to damage and destroy property- A person can be determined as a threat for another person on not having lawful excuse (Lane et al., 2017) To damage and destroy a property that may belong to himself or any third person To damage and destroy ones own property in complete sense of knowing or believing that the property can endanger the life of others. Threats to kill- A person can be determined as a threat for another person who threatens to kill the other person The other person is intended to fear the threat and hence would be carried out forward Being reckless about the persons intension of fearing the threat can be carried out further The current security risk in the Victorian Government is mainly the transport operators. This area can be seriously affected by the security risks (Liu et al., 2016). Normal level of services can be more cost effective and quicker if the organization prepares and anticipate for the risks. The VIC government has worked on this transport sector and produced a Security Risk Assessment Guide, which explains methodology for the small to large transportation operator and the security risk assessment that focuses on the current practices (McNeil, Frey Embrechts, 2015). The methodology of risk management should identify and characterize the threats, determine the general impact of the risk, identify the way to reduce the risks and hence prioritize the risk reduction based on the planned strategy in IT sectors. On the case study of NSW Government Disaster Recovery, the risks are managed in the sectors of ownership, involvement, adoption, influence and the use of IT in a larger enterprise. Th e several numbers of standards provides general guidance on the practice of risk management. There are much benefits of using intrusion detection system, firewalls and vulnerability scanner to reduce the risk and can be used by common people very easily. Challenges in VIC government The main challenges are faced by the public sector in the VIC government (Nicholson et al., 2015). Hence there are several principle based on which the VIC government should carry forward the risk management via outsourcing: Risk Management Applying technique Importance 1. Creating and protecting the value Mainly incorporated in governance framework Part of organizational culture should be considered Improvement of performance Achievement of the objective 2. Integral part of the agency planning and management process Maintaining the strategic and business planning Part of change management process Avoids delicacy Guides the prioritization Classifies responsibilities 3. Part of Decision making Explicitly incorporated into system design, changes and projects resources allocation Part of staff recruitment and employment arrangement Assist prioritize actions Distinguished alternative course of actions 4. Transparency and Inclusive Scope and methods should be identified for risk monitoring and reporting stakeholders Role of stakeholders within the process of risk management Promotes the line of sight and risk appetite Vulnerabilities identification 5. Tailoring the risk framework is designed and operated to fit with the agencys capabilities and context adequate resources are allocated aligns with agencys external and internal context and risk profile 6. Continual facility improvement risk management system is incorporated in continual improvement systems stakeholder feedback is sought to influence the ongoing development of the risk framework improves agency risk maturity addresses stakeholder expectations to protect community interests Difference between Risk and Uncertainty The main difference between the risk and uncertainty is that risk is an unplanned event and occurrence of risk may affect of the objectives in management (Paschen Beilin, 2017). It may either affect the project positively or negatively hence risk can both be a positive risk as well as a negative risk. The main objective is to minimize the negative strategy impact of risks and to maximize the positive risk responseis the chances of happening positive risks. Risks have been identified during the risk identifying process (Potts, Rajabifard Bennett, 2017). The Unknown risks are those risks which cannot be identified during the risk identification processes. Lack of certainty is known as the uncertainty. The outcome of any event is said to be completely unknown in uncertainty, and it cannot be guessed or measured thus we dont get any background information on certain event. In uncertainty, one completely lacks the information of the event even though it has been identified earlier (Slovic, 2016). In case of such unknown risks, although having the information background, people simply ignores it during the identify risks process. The following are a few differences between risk and uncertainty: The possibility of future outcome cannot be predicted while being in uncertainty Uncertainty is uncontrollable but risk can still be managed Uncertainty cannot be measures and quantified while risk can be One can assign the probability of risk events but with uncertainty one cannot In the considered case study of VIC government the risk and uncertainty are governance and the sector of market approach respectively. Evaluating the availability of VIC government for Risk Control and Mitigation The VIC government has principles of risk management that controls the risk and mitigation of the country IT sector. Cresting and protecting the values Integral part must be created of the agency procession Is the part of the decision making processes Explicitly addresses the uncertainty A systematic, structures and timely maintained operation Based on the best available information Created and developed by the agency Takes the cultural and human factor in account The transparency and inclusiveness Is iterative, dynamic and accessible to the changes Continual improvement facilitates the agency This provides protection against data breaches and cyber crimes occurrence. The application of an integrated risk management information system is quite important for the approach to safety (Sweeting, 2017). The risk exposures in potential business are a measurement against the risk that involves significant priorities. The concept of risk management is to determine the agencys possible risk appetite and the medium of communication, the implementation of agencys risk management framework and its allocation as well as the roles and responsibilities for managing the individual risk. For enhancing the performance of the risk management and decision making of the VIC government the agency applies the following approaches: The continual improvement of risk management techniques and the enhancement of the organizational production Risks, controls and risk treatments on full accountability Risk management application in every decision making process, independent of the level of significance and importance (Warmerdam et al., 2017) Having stakeholders consultation and continual communication risk management of full integration in the agencys governance structure Conclusion An effective management of risk gives rise to some significant improvement in operational profitability and operational effectiveness. An approach to risk management is required in each sector of industry for the better security management and safety process in the near future. This provides protection against data breaches and cyber crimes occurrence. The application of an integrated risk management information system is quite important for the approach to safety. The risk exposures in potential business are a measurement against the risk that involves significant priorities. The concept of risk management is to determine the agencys possible risk appetite and the medium of communication, the implementation of agencys risk management framework and its allocation as well as the roles and responsibilities for managing the individual risk. The approach of effective risk management for corporate and business planning process enables better decision making, establish clear accountability , improves the performances and the outcomes and build confidence in the new opportunity that considers the risk approach. The Victorian Protective Data Security Standards (VPDSS) developed high level mandatory requirements such that to secure the public sector data and to provide the governance across the domains like ICT, physical security, personnel and information. The standard as discussed is durable and hence takes the risk management approach empowering the government business to function safety, security and effectiveness. It also encourages the decision making of the organization and proritiz4e the security effort. A risk management approach requires your organization to ensure information is always adequately protected, by continually assessing security measures against any new or updated threats and vulnerabilities. The adoption of a risk-based approach consistent with the Victorian Government Risk Management Framework (VGRMF) is the fundamental principle of the VPDSF. A flexible approach to implementation of security measures provides your organization with the autonomy to interpret your business needs and articulate your risk tolerance within your operating environment. References Chance, D. M., Brooks, R. (2015).Introduction to derivatives and risk management. Cengage Learning. Daly, D., Cooper, P., Ma, Z. (2014). Understanding the risks and uncertainties introduced by common assumptions in energy simulations for Australian commercial buildings.Energy and Buildings,75, 382-393. Davies, J. C. (2014).Comparing environmental risks: tools for setting government priorities. Routledge. Dollard, M. F., Gordon, J. A. (2014).Evaluation of a participatory risk management work stress intervention(Vol. 21, No. 1, p. 27). Educational Publishing Foundation. Glendon, A. I., Clarke, S., McKenna, E. (2016).Human safety and risk management. Crc Press. Goode, N., Salmon, P. M., Spencer, C., McArdle, D., Archer, F. (2017). Defining disaster resilience: comparisons from key stakeholders involved in emergency management in Victoria, Australia.Disasters,41(1), 171-193. Hopkin, P. (2017).Fundamentals of risk management: understanding, evaluating and implementing effective risk management. Kogan Page Publishers. Howes, M., Tangney, P., Reis, K., Grant-Smith, D., Heazle, M., Bosomworth, K., Burton, P. (2015). Towards networked governance: improving interagency communication and collaboration for disaster risk management and climate change adaptation in Australia.Journal of Environmental Planning and Management,58(5), 757-776. Jaeger, C. C., Webler, T., Rosa, E. A., Renn, O. (2013).Risk, uncertainty and rational action. Routledge. Kaine, G., Young, J., Lourey, R., Greenhalgh, S. (2017). Policy choice framework: guiding policy makers in changing farmer behavior.Ecology and Society,22(2). Lam, J. (2014).Enterprise risk management: from incentives to controls. John Wiley Sons. Lane, R., Bettini, Y., McCallum, T., Head, B. W. (2017). The interaction of risk allocation and governance arrangements in innovative urban stormwater and recycling projects.Landscape and Urban Planning,164, 37-48. Liu, L. C., Li, Q., Zhang, J. T., Cao, D. (2016). Toward a framework of environmental risk management for CO2 geological storage in China: gaps and suggestions for future regulations.Mitigation and adaptation strategies for global change,21(2), 191-207. McNeil, A. J., Frey, R., Embrechts, P. (2015).Quantitative risk management: Concepts, techniques and tools. Princeton university press. Nicholson, E., Regan, T. J., Auld, T. D., Burns, E. L., Chisholm, L. A., English, V., ... Metcalfe, D. J. (2015). Towards consistency, rigour and compatibility of risk assessments for ecosystems and ecological communities.Austral Ecology,40(4), 347-363. Paschen, J. A., Beilin, R. (2017). How a risk focus in emergency management can restrict community resiliencea case study from Victoria, Australia.International Journal of Wildland Fire,26(1), 1-9. Potts, K. E., Rajabifard, A., Bennett, R. M. (2017). Supporting the risk management process with land information: a case study of Australia.Disasters,41(2), 352-364. Slovic, P. (2016).The perception of risk. Routledge. Sweeting, P. (2017).Financial enterprise risk management. Cambridge University Press. Warmerdam, A., Newnam, S., Sheppard, D., Griffin, M., Stevenson, M. (2017). Workplace road safety risk management: an investigation into Australian practices.Accident Analysis Prevention,98, 64-73.