User Account

All Pages

Explain any major risk in the IT systems components

Assignment Help Other Subject
Reference no: EM132345372 , Length: 1500 Words

Risk Management Assignment -

Learning outcomes -

  • be able to justify the goals and various key terms used in risk management and assess IT risk in business terms;
  • be able to apply both quantitative and qualitative risk management approaches and to compare and contrast the advantages of each approach;
  • be able to critically analyse the various approaches for mitigating security risk, including when to use insurance to transfer IT risk;
  • be able to critically evaluate IT security risks in terms of vulnerabilities targeted by hackers and the benefits of using intrusion detection systems, firewalls and vulnerability scanners to reduce risk.

Assessment Item 1 -

Task - Assignment is comprised of two parts and your report should be no more than 5 pages excluding the cover page, table of contents and references.

Part One - Plan, Develop and Manage a Security Policy

Background: Consider that the Commonwealth Government of Australia is planning to launch 'My Health Record' a secure online summary of an individual's health information. The system is available to all Australians, My Health Record is an electronic summary of an individual's key health information, drawn from their existing records and is designed to be integrated into existing local clinical systems.

The 'My Health Record' is driven by the need for the Health Industry to continue a process of reform to drive efficiencies into the health care system, improve the quality of patient care, whilst reducing several issues that were apparent from the lack of important information that is shared about patients e.g. reducing the rate of hospital admissions due to issues with prescribed medications. This reform is critical to address the escalating costs of healthcare that become unsustainable in the medium to long term.

Individuals will control what goes into their My Health Record, and who is allowed to access it. An individual's My Health Record allows them and their doctors, hospitals and other healthcare providers to view and share the individual's health information to provide the best possible care.

The 'My Health Record' is used by various staff such as System Administrator, Doctor, Nurse, Pathologist and Patient. In order to convey and demonstrate the rules and regulations to the users of this system, Commonwealth Government of Australia needs a security policy. You are employed as the Security Advisor for the organisation. The task that is handed to you by the Chief Information Officer now is to create, develop and manage "System Access Security Policy" for atleast any 3 users of the system.

Complete the following in your security policy:

  • Plan System Access Security Policy.
  • Develop System Access Security Policy.
  • Manage System Access Security Policy.

Part Two - Conducting a Risk Assessment

You will be given a list of organisation in week 3 by your lecturer and you can select any one organisation from them. The organisation uses various IT systems for its daily operations.

Assume that you are appointed as an IT Systems Auditor for the chosen organisation and you are asked to provide a risk register must come up for the IT systems in the organisation.

  • A brief introduction of the organisation and the IT systems.
  • Identify and explain any major risk in the IT systems components.
  • Discuss the consequences of the risk.
  • Inherent risk assessment, that is the assessed, raw/ untreated risk inherent in a process or activity without doing anything to reduce the likelihood or consequence.
  • Mitigate the risk.
  • Residual risk assessment, that is the assessed, risk in a process or activity in terms of likelihood and consequence after controls are applied to mitigate the risk.
  • Create a Risk Register based on the risks identified in the IT systems and prioritise of the risk using a standardised framework such as the ANSI B11.0.TR3 Risk Assessment Matrix.

Given the fact there is no clear prioritisation framework NOR risk appetite framework, the risk register is your professional assessment of the likelihood and consequence of the risks you identify. When preparing your risk register you should think carefully about the assets the chosen organisation may have and how these may be compromised from the perspective of Information Security.

Rationale - This assessment task will assess the following learning outcome/s:

  • be able to justify the goals and various key terms used in risk management and assess IT risk in business terms.
  • be able to apply both quantitative and qualitative risk management approaches and to compare and contrast the advantages of each approach.
  • be able to critically analyse the various approaches for mitigating security risk, including when to use insurance to transfer IT risk.
  • be able to critically evaluate IT security risks in terms of vulnerabilities targeted by hackers and the benefits of using intrusion detection systems, firewalls and vulnerability scanners to reduce risk.

Assessment Item 2 -

Task - The assignment involves you producing a comprehensive risk report for ABC Fitness Gym given a particular scenario as below. You will be required to offer professional views based on a well established research.

Technical Risk Analysis -

Consider you have been hired by the ABC Fitness Gym to analyse the technology environment and conduct a technical risk analysis. You are to prepare a management report applying everything you learnt in the subject. The report should include at a minimum:

  • An Executive Summary at the beginning of the report which provides a clear statement of the technology project that is being assessed, and an overview of your recommendations to management as to the merits of the project based on your risk assessment.
  • A risk assessment based on assets, threats, vulnerabilities and consequences derived from an IT control framework and any existing industry risk recommendations for the project. Identify and discuss the key threats. What could be done to mitigate the risks and their impact on the organisation?
  • Provide a brief summary of the protection mechanisms you would employ whether they be people, culture or technology.
  • Identify any gaps which you believe require further analysis and offer a rationale as to why.

Your report should be no more than 6 pages.

Rationale - This assessment task will assess the following learning outcome/s:

  • be able to justify the goals and various key terms used in risk management and assess IT risk in business terms.
  • be able to apply both quantitative and qualitative risk management approaches and to compare and contrast the advantages of each approach.
  • be able to critically analyse the various approaches for mitigating security risk, including when to use insurance to transfer IT risk.
  • be able to critically evaluate IT security risks in terms of vulnerabilities targeted by hackers and the benefits of using intrusion detection systems, firewalls and vulnerability scanners to reduce risk.

Attachment:- IT Risk Management Assignment File.rar

Reference no: EM132345372

Questions Cloud

What is relevant range and two examples of costs : What is relevant range and two examples of costs that are variable costs and two examples of fixed costs? Please explain
Opportunities for a startup sneaker company : What are the potential strengths, weakness, threats, and opportunities for a startup sneaker company?
How far should a manager go in following the crowd : How far should a manager go in following the crowd or in standing alone?". Address this question with details and supporting/opposing opinions.
Goal of triple bottom line is to encourage companies : The goal of Triple Bottom Line is to encourage companies to focus on metrics other than profits.
Explain any major risk in the IT systems components : ITC596 IT Risk Management Assignment, Charles Sturt University, Australia. Identify and explain any major risk in the IT systems components
What steps could you take to develop more resilience : Change is part of our daily healthcare environment. Clinical nursing judgments based on quality and safety, as well as protocols and standards.
Quantitative and qualitative research : What is the advantages and disadvantages of quantitative and qualitative research.
What are the income tax expense and income tax payable : On consolidated financial statements for 2018, what are the income tax expense and income tax currently payable if they choose to file separate returns?
Identical to a product already in the market : You are a product manager planning to launch a new product. For this part of the project, you will select the product you want to focus

Reviews

len2345372

7/24/2019 11:36:21 PM

Essential requirements to pass this subject - You must obtain at least 50% in both the total mark and the examination mark in order to pass this subject. If you marginally fail these pass criteria you are entitled to a second chance in the following circumstances: I. You are eligible for an Additional Assignment (AA) if you submitted all assessment items, passed the exam (e.g. you scored 50% or above) but received an overall mark between 45 and 49; or II. You are eligible for an Additional Examination (AE) if you submitted all assessment items (including the final exam) but failed the exam (e.g. you scored less than 50%) and received an overall mark 45 or above.

len2345372

7/24/2019 11:36:14 PM

Marking criteria and standards - Assessment 1 - All parts in this assessment task will be evaluated against the following criteria: Part One: Plan, Develop and Manage a Security Policy (10 marks) - Well planned and well documented for system access security policy. Demonstrates breadth and depth of understanding and has insights and awareness of deeper more subtle aspects of the topic content. Evidence of having researched/ read more widely beyond the core materials. Well developed and well documented for system access security policy.

len2345372

7/24/2019 11:36:04 PM

Demonstrates breadth and depth of understanding and has insights and awareness of deeper more subtle aspects of the topic content. Evidence of having researched/ read more widely beyond the core materials. Well managed and well documented for system access security policy. Demonstrates breadth and depth of understanding and has insights and awareness of deeper more subtle aspects of the topic content. Evidence of having researched/ read more widely beyond the core materials. Highly developed skills in expression and presentation of response. Fluent writing style appropriate to assessment task. Grammar and spelling accurate. Well organised.

len2345372

7/24/2019 11:35:12 PM

Part Two: Conducting a Risk Assessment (10 marks) Well identified and well explained the Major Risks. Demonstrates breadth and depth of understanding and has insights and awareness of deeper more subtle aspects of the topic content. Evidence of having researched/ read more widely beyond the core materials. Well documented with consequences, mitigate and reduce likelihood of risks. Demonstrates breadth and depth of understanding and has insights and awareness of deeper more subtle aspects of the topic content. Evidence of having researched/ read more widely beyond the core materials. Created a very good risk register with all the required components. Evidence of having researched/ read more widely beyond the core materials. Highly developed skills in expression and presentation of response. Fluent writing style appropriate to assessment task. Grammar and spelling accurate. Well organised.

len2345372

7/24/2019 11:35:01 PM

Assessment 2 - Marking criteria and standards All parts in this assessment task will be evaluated against the following criteria: Well created executive summary with the technology project, recommendations to management and merits of the project based on risk assessment. Demonstrates breadth and depth of understanding and has insights and awareness of deeper more subtle aspects of the topic content. Evidence of having researched/read more widely beyond the core materials. Well identified key assets, threats, vulnerabilities and consequences based on IT control framework, provided existing industry risk recommendations for the project and mitigated the risks and impact on the organisation.

len2345372

7/24/2019 11:34:50 PM

Demonstrates breadth and depth of understanding and has insights and awareness of deeper more subtle aspects of the topic content. Evidence of having researched/read more widely beyond the core materials. Well identified protection mechanisms you would employ with people, culture or technology. Demonstrates breadth and depth of understanding and has insights and awareness of deeper more subtle aspects of the topic content. Evidence of having researched/read more widely beyond the core materials. Well identified the gaps which require further analysis and offer a rationale. Demonstrates breadth and depth of understanding and has insights and awareness of deeper more subtle aspects of the topic content. Evidence of having researched/read more widely beyond the core materials. Highly developed skills in expression and presentation of response. Fluent writing style appropriate to assessment task. Grammar and spelling accurate. Well organised.

len2345372

7/24/2019 11:34:31 PM

When submitting your assignment be sure to meet the following presentation requirements: Only Word format (.doc, or .docx) must be submitted as a single document. Assignment should be typed using Font Style: Arial/Times New Roman, Size: 12, Spacing: 1.5. Please use APA referencing style where appropriate. All diagrams that are required should be inserted into the document in the appropriate position. Grammar and spell check are important. The first page (cover page) of the document file should have the following information clearly mentioned: Your Full Name, Your Student ID, Subject Code and Assessment Item Number and Name. Each page should have page number in “page x of y” format.

Write a Review

Other Subject Questions & Answers

  What are the implications of sharing confidential material

HC2121 Comparative Business Ethics and Social Responsibility Case Study Assignment. What are the implications of sharing confidential material information

  Ghs-based requirements for information on safety

Compare and contrast the newly revised GHS-based requirements for information on Safety Data Sheets (SDS) in 29 CFR 1910.1200 with the previous HazCom Standard requirements for information on Material Safety Data Sheets (MSDS) that are discussed o..

  What are socrates views on leadership

What are Socrates views on Leadership? Does his excessive questioning prevent action? Is he too self-righteous?

  Describe how multiple intelligences theory can be applied

Write a 500-750 word essay on connecting science concepts to other content areas. Explain how integrating science across other content areas will affect student

  Sampling strategy and sample size for a qualitative research

As you continue to work on your qualitative research plan- HIV among African Teen, you will have to address the size and diversity of your sample population. Different kinds of studies require different sample sizes, and you should select a size t..

  Challenges the us intelligence community will face

Need help with the following question, What do you believe are the greatest challenges the U.S. Intelligence Community will face in the next decade?

  How has america been affected

How does the fact that imports vary directly with GDP affect the stability of the domestic economy? How has America been affected by this?

  Biological origin of its principle

Most people know Velcro. Few, however, know the biological origin of its principle. What is it? Be specific and provide a credible reference source. Name and describe another principle from nature that influenced design. Provide a design example. Be ..

  Write one or more pages summarizing the interview

Write one or more pages summarizing the interview. Describe the background of the person you interviewed and his or her experiences as an educator working with young children, as a speech pathologist, or as a parent of a young child with a speech del..

  What are the associated drivers and barriers with the style

What were your results? What are the associated drivers and barriers with this style? How can you work best with other internals, as well as externals?

  Compare the four paradigms of organization theory

Are there any combinations among two or more of these paradigms that you find particularly compelling as a way to understand organizations?

  Evaluate the policys strengths and weaknesses

Evaluate the policy's strengths and weaknesses. What is working What is not working

Free Assignment Quote

Assured A++ Grade

Get guaranteed satisfaction & time on delivery in every assignment order you paid with us! We ensure premium quality solution document along with free turntin report!

Submit Assignment

Academics

Major Subjects

Majors

Get In Touch

whatsapp: +1-415-670-9521

Phone: +1-415-670-9521

Email: [email protected]

TERMS & POLICIES

HELP & SUPPORT

All rights reserved! Copyrights ©2019-2020 ExpertsMind IT Educational Pvt Ltd