Get Assured Top-Notch Grades INF30020 - Information Systems Risk and Security Assignment Help Service..!!

Home   Course   Swinburne University of Technology Assignment Help
Previous << || >> Next

GET BENEFITTED WITH QUALITY INF30020 - INFORMATION SYSTEMS RISK AND SECURITY ASSIGNMENT HELP SERVICE OF EXPERTSMINDS.COM!

INF30020 - Information Systems Risk and Security Assignment - Swinburne University of Technology, Australia

The CoM Case Study for Assignment

Project: Risk Assessment Report

Section 1: Introduction

City of Melbourne is a non-profit organization that is involved in various activities as distribution of the CCOIP products to the CCOIP communities, collecting funds from the agencies and individuals and using those funds for a cause, promoting the vision of the COM on social media and website to increase the number of potential donors, to gain competitive advantage, to secure the data of the COM information system. It has its headquarters in Melbourne, Australia. There are various risks involved in its procedures such as network attacks, loss of data, unauthorized access to data, maintaining accountability and transparency, finding the potential donors and others. This report will highlight the value creation activities of the COM and its strategic context to purpose risk appetite and risk tolerance level, key roles and responsibilities, most important information systems of the COM that must be accounted for risk management, identifying the risks that can destroy the important information system of the COM, impact analysis of the risk and prioritizing the various risks and there are a number of standards and guidelines that should be followed by COM for the protection of its information system. The important business information and information systems of the COM that must be considered while assessing the risk management plan for the organization. Important business information includes CCOIP sales data, transactional data of the communities, list of the donors, information of the donors, information related to the project.

Question - Clearly and concisely assesses CoMs value creation activities and strategic context in order to propose a target risk appetite and risk tolerance level for the Council.

Section 2: Value Creation activities of City of Melbourne

City of Melbourne assists CCOIP in their key processes such as logistics, purchase of different material and maintenance. It helps in co-ordination of different activities involved in buying and selling of CCOIP products. COM partners are involved in selling, distributing and exporting of the CCOIP products globally (Rohrbeck, 2012). They negotiate with CCOIP communities for the sales of the CCOIP sponsored products and assists in transactions between CCOIP and CCOIP communities. A part of the CCOIP sales revenue is used in improvement of the CCOIP communities by providing basic facilities, funding education of children. This activity is also done by the COM partners. COM collects funds for a cause from the various agencies and individuals disburse the funds to the needful persons. It keeps track of usage of the funds to keep accountability and transparency. The representatives of the COM are sent to various places such as public places, schools and households to collect funds. COM is also involved in various marketing activities to expand the number of donors for the organization and serve more people than before.

ORDER NEW INF30020 - INFORMATION SYSTEMS RISK AND SECURITY ASSIGNMENT AT NOMINAL PRICE!

In strategic context, COM has to compete with large number of the other non-profit organizations. Growing rate of inflation, GFC, uncertainty in the interest rate, increase in cost of living day by day, uncertainty in jobs and higher cost of education discourage people to make donations to the charity organization. For this, COM convinces the donors to donate funds by ensuring transparency in the disbursement of the funds and supporting a genuine cause. It ensures accountability and transparency by illustrating the buyers the usage of the each and every penny they have donated is spent for some severe cause. To beat the competitors, COM markets its activities through social media and its website. It makes appeals to the potential donors these platforms. The funds are also collected by sending the representatives of the COM to the various places. The website of the COM is managed by the web companies free of cost.

Question - Identify the key roles and responsibilities of individuals and departments within the council as they pertain to risk assessment.

Section 3: Key roles and responsibilities of individuals and departments

This section will highlight the important individuals and department that are responsible for the critical processes of the COM and they must be considered while making the risk management plan for the organization.

1) COM staff

COM staff is responsible for performing various operations of the COM in different countries. It is the staff who follows the laws and regulations of the host country as well as headquarters of the COM which are located in Australia. if the staff does not follow all the rules and regulations then, the operations of the COM can be declared as illegal by the government of the host country. Staff also reports to the CDA, team and communities to provide updates on various projects.

2) COM officers

The officers of the COM are responsible for distributing different mobile communication devices such as smart phone, satellite phone and laptop to the local staff of the COM. All the communication equipments are there with the officers of the COM.

3) Manager

Manager of the COM is responsible for managing all the operations of the COM such as what software are used in the COM, managing sales of CCOIP products, controlling cost of the operations of the COM.

4) CFO

Chief financial officer keeps track of the amount of the funds collected and amount of the funds disbursed. He maintains record of the each and every penny contributed by the donors. If any funds are to be spent for the operations of the COM then, the funds are to be approved from the CFO. He sees whether it is worth to spend money on particular activity or not.

ORDER NEW COPY OF INF30020 - INFORMATION SYSTEMS RISK AND SECURITY ASSIGNMENT & GET HIGH QUALITY SOLUTIONS FROM SUBJECT'S TUTORS!

5) COM volunteers and representatives

COM volunteers and representatives are responsible for collecting the funds by going to various places such as schools, households and public places. They appeal the concerned persons to donate for a particular cause.

6) Web Marketing company

This is responsible for marketing activities of the COM such as making appeals on the website of the COM and advertising on the various social networking sites such as google+, facebook, twitter, instagram and snapchat. Advertising through these platforms mat increase the potential donors of the COM. Web marketing company provides at cost services to the COM without keeping any profit margins.

7) Web development /hosting agency

This company is responsible for creating the website of the COM, handling various operations of the website such as updating events, images and other content and hosting the website of the COM on internet. This company provided no cost services to the COM. The website maintenance is also provided free of cost.

8) CEO

CEO keeps an eye on the various operations of the COM and gives various updates to the directors of the COM on various projects.

9) HR

HR is responsible for handling the employees working in the COM and sourcing various materials for the COM such infrastructure material, software for operations at the cheaper costs.

10) Software Vendors

They provide at cost services to the COM for making extensions and patches to the software of the COM.

11) Data backup company

This is responsible for taking monthly backups of the data of the COM. The corporate data of the COM such as CCOIP sales data, transactional data of the donors, lists of the donors, information of the donors, card information of the donors and project information of the COM is backed up monthly which will support recovery of the data in case of the loss of the data in various events.

SAVE TOP GRADE USING INF30020 - INFORMATION SYSTEMS RISK AND SECURITY ASSIGNMENT HELP SERVICE OF EXPERTSMINDS.COM!

Question - Carefully audit the case evidence, undertake an inventory and identify information assets that includes both, CoM's most significant business information and the information systems that must be accounted for in any approach to risk management.

Section 4: Significant business information and the information systems of the COM

This section describes about the important business information and information systems of the COM that must be considered while assessing the risk management plan for the organization. Important business information includes CCOIP sales data, transactional data of the communities, list of the donors, information of the donors, information related to the project. Information contained in the sales data is crucial as the on the basis of this data it is calculated that what percentage of revenue to be spent on the communities for improving basic facilities and providing educational facilities to the children (YANG, 2008). Transactional data of the communities is important as it facilitates buying and selling of CCOIP sponsored products to the communities. List of the donors is important as on the basis of this list donations are collected. If this list is not maintained then, required donations may not be collected. The information of the donors such as credit card information, debit card information and other bank account information should be stored with care as if it is leaked then, it may have serious consequences. The project related information such as team, tasks of the project, resources involved in the project must be stored with care as losing this information may delay any project. Website of the COM also contains important information as donations are accepted from websites also. The website also has traffic of the potential donors. COM one is important information system of the COM as it has all the data related to the COM. This needs to be maintained carefully as this is major attack point for intruders.

Question - Identify risks: provide an analysis of the threats and vulnerabilities that pose the greatest risks to CoM's most important information assets.

Section 5: Analysis of threats and vulnerabilities to the information system of the COM

The information system of the COM suffers from various threats and vulnerabilities that can hamper the day to day operations of the COM. The threats and vulnerabilities related to the system must be assessed so that required security and risk management approach can be framed to protect the system. Vulnerabilities of the system can be identified by finding the weaknesses and flaws in the information system of the organization and vulnerabilities help in finding the threats to the system. There is threat of the loss of confidentiality, loss of integrity, loss of privacy of data as data can be accessed by the unauthorized users (LI, FAN, QING & LIU, 2009). The information systems of the COM are not equipped with strong passwords and the authentication controls which can make the system accessed by the unauthorized users. If the system is accessed by the unauthorized users then, integrity of the data may be lost as intruder may manipulate the data as per his requirements. The credit and debit card information of the donors can be stolen by the intruder. There is provision of the monthly backups in COM but there is vulnerability of loss of data of the whole month. There is wide range of data of COM such as CCOIP sales data, transactional data of the donors, lists of the donors, information of the donors, card information of the donors and project information which if lost become difficult to recover. Data stored in the database of the COM is not encrypted therefore, the information can be read by any intruder easily (????????, ???????, ????????? & ??????????, 2017). There is threat of viruses and malware entering the system and disrupting the whole data of the COM. This also leads to degradation in the performance of the system. Viruses and malwares make the system prone to attacks such as wanna cry and petya attack (Nikolic & Ruzic-Dimitrijevic, 2010). Lack of authentication in the system makes the system vulnerable to spoofing, masquerading, eavesdropping and denial of service attacks. Phishing attack can be there due to unauthorized access of the information. There is vulnerability of disclosure of the information to the competitors such as list of donors and COM may loss securing funds from those donors. These risks should be properly assessed and proper risk management approach must be framed to protect the key information systems of the COM.

DO YOU WANT TO EXCEL IN INF30020 - INFORMATION SYSTEMS RISK AND SECURITY ASSIGNMENT - ORDER AT EXPERTSMINDS!

Question - Present a likelihood and impact analyses for the most significant risks you have identified, in doing so, prioritise the most significant risks for CoM and provide details in a risk assessment table.

Section 6: Likelihood and Impact analysis of the risks

This section presents the likelihood of the risk identified in the above section and impact analysis of those risks. Risks are also prioritized based on the degree of the impact they have.

Description of risk

Impact of Risk

Likelihood of Risk

Priority

Solution

Risk of loss of Integrity of information

COM operations will get affected as this lead to generation of the wrong report

Highly likely

High

The data should be protected from unauthorized access

Risk of loss of privacy of data

The information of the COM database can be exposed to competitors and this may affect donations of the company.

Likely

Medium

The data should be encrypted using the various encryption techniques

Risk of loss of data

The list of donors and sales data of CCOIP products will be lost and this will lead to loss of collection

Likely

High

The data should be backed up  weekly not monthly

Risk of ransomware

All the files of the COM will be locked and staff will be unable to access any of the files. All the files will be encrypted using password. The company has to pay high amount of ransom to gain access

Likely

High

The data backup should be there to be used in such cases

Risk of unauthorized access

Systems of the Com are not protected with passwords so, it may lead to unauthorized access which may cause non repudiation and manipulation of information

Highly likely

High

The systems should be protected will strong passwords and there should be proper risk control mechanisms.

Risk of Denial of service attack

Intended users will not be able to access the information systems of the COM (Nikolic & Ruzic-Dimitrijevic, 2010)

Less likely

Medium

The system should be protected with devices such as firewalls and opmanager and intrusion detection system

DON'T MISS YOUR CHANCE TO EXCEL IN INF30020 - INFORMATION SYSTEMS RISK AND SECURITY ASSIGNMENT! HIRE TUTOR OF EXPERTSMINDS.COM FOR PERFECTLY WRITTEN INF30020 - INFORMATION SYSTEMS RISK AND SECURITY ASSIGNMENT SOLUTIONS!

Question - Preparing a risk assessment report you are NOT TO extend beyond this brief or prepare any other components of a risk management plan. Following the completion of the risk assessment report, CoM will evaluate the next steps for your consultancy.

Section 7: Security standards and Guidelines followed

There are a number of standards and guidelines that should be followed by COM for the protection of its information system. COM should follow ISO/IEC 27000 which ensures the security of the information systems of the COM (Chenoweth, 2005). COM should also follow ISO 27001 which helps in improvement of the information systems of the COM. The code of practice for security of the information system is laid down by ISO 27002 so, this standard should also be adopted by COM (Chenoweth, 2005). There should be weekly backups of the information of the system. The data stored in the database should be protected with encryption techniques. The systems should be protected with strong passwords and passwords should not be easy to guess. Virus protection software should be installed in every system to protect the system from viruses and malware. Access control mechanisms should be implemented to protect the system from unauthorized modification. Firewalls and intrusion detection system must be used to protect the system from the attacks of the intruders. New patches should be detected automatically. Least privileges should be provided to different users and each user should be authenticated before entering the system. The PCIDSS controls should be implemented with care. The passwords of the different users accounts should be changed periodically by the administrator of the system.

Section 8: Conclusion

This report presents the risk assessment of the COM which is a charity organization in Australia. The company operates in countries and follows the rules and regulations laid down by the headquarter everywhere. The value creation activities of the COM are useful for the society and community. COM also implements strategic planning to gain competitive advantage. The important roles and responsibilities of the various concerned persons are described. The threats and vulnerabilities of the COM are also assessed which can affect the smooth working of the COM. Table is provided to describe the impact and likelihood of each risks. COM should follow required standards and guideline to ensure the security of its information systems.

WORK TOGETHER WITH EXPERTSMIND'S TUTOR TO ACHIEVE SUCCESS IN INF30020 - INFORMATION SYSTEMS RISK AND SECURITY ASSIGNMENT!

Get our Swinburne University of Technology, Australia Assignment Help services for below mentioned courses like:-

  • INF30002 Configuring Business Information Systems Solutions Assignment Help
  • INF30003 Business Information Systems Analysis Assignment Help
  • INF30005 Business Process Management Assignment Help
  • INF30009 Professional Reading and Writing in Information Systems Strategy Assignment Help
  • INF30018 Information Systems Management Assignment Help
  • INF30027 Business Information Systems Industry Project Assignment Help
  • INF30029 Information Technology Project Management Assignment Help
  • INF40001 Advanced Topics in Information Systems Management Assignment Help
  • INF40002 Information Systems Research Foundations Assignment Help
  • INF60007 Business Information Systems Assignment Help
  • INF80005 Business Information Systems Internship Project Assignment Help
  • INF80019 Information Technology Strategies for Business Assignment Help
Tag This :- MWS75ASH924INF INF30020 - Information Systems Risk and Security Assignment Help

get assignment Quote

Assignment Samples

    Network Design System Assignment Help

    network design system- implementation of testing plan to exaggerate the design to ensure requirements of bandwidth and cost infrastructure as per specifications

Get Academic Excellence with Best Skilled Tutor! Order Assignment Now! Submit Assignment