INF30020 Information Systems Risk & Security Assignment Help
1. Develop a risk mitigation plan for nine (9) prioritised risks for CoM
2. Provide a risk treatment approach for the risks identified, including a suitable and clearly expressed approach to internal control
3. Provide recommendations on how CoM's risk management practices can be improved and developed. including a suitable approach to governance for the management of risks,
4. Identify further opportunities of work in the risk management and information security management area, prioritising business continuity and disaster recovery associated with the 9 risks you have identified.
Get guaranteed satisfaction or money back under INF30020 Information Systems Risk & Security assignment help services of Expertsminds.com – order today new copy of this assignment!
Recommendations to improve risk management practices
The officers of CoM are associated with the use of short range communication devices like smart phones that are distributed to the employees working at local or remote areas. However, the employees are more comfortable in using their own devices rather than the one meant for official purpose, as there is no difference in the nature and use of the devices. This has resulted in the involvement of malicious codes.
There is no need for CoM to provide the employees with smart phones or laptops. The official work can be done in devices that would not be moved from the office area. This would prevent the system from being affected by malicious codes. Moreover, avoiding paying for devices for every employee would also be a great way to reduce cost.
Divulge information and disrupt confidentiality
Since the operations of CoM is spread across many countries, there is a risk of divulging information from the host country to other countries.
Apart from being clear about the terms and conditions about the level of confidentiality required to be maintained between the countries, there is need for the adoption of modern technologies that would not allow anyone to use such information, without the host being aware of the identity of log in and giving permission to do so (Peltier, 2016).
High competition for funding
Nonprofit organizations are recognized with a high level of competition for funds. With the little funding opportunities that the organizations have, there is a high competition for reaching out the donors first. Adverse economic situations make the situations even worse.
CoM can deal with this issue through the adoption of crowd funding. It is a process through which large amount of fund can be gathered through the collection small amounts of donations from a large number of individuals, so that none of the donors are potentially affected because of paying (Ahlers et al., 2015). The biggest advantage of crowd funding is the potential for the enterprise to reach out to a large donor base that other methods do not allow.
High cost of living
The residents of Melbourne are facing a situation of high cost of living that is becoming a risk factor for depending on the population for funding opportunities. Because if this situation, it is not possible for increasing the level of funding by convincing the donors and pressurizing them to pay.
Since the people are already facing a lot of problem maintain the costs of living, it is not wise for the Government to completely depend on them but source the funds from other government revenue (Ahlers et al., 2015). Moreover, the government does not have to gather all the funds from within the boundaries of Melbourne itself. Well wishing countries can be approached to be a part of the funding process through crowd funding and tourists visiting Australia could be encourage donating towards the process.
Dependence on a start up for data storage
For the purpose of storing the huge amount of data, CoM is buying data backup storage services from a start up. Though the company has promised good facilities, its lack of experience cannot be ignored.
Just to enjoy cost effective operations, it would be unwise to be give the complete responsibility of data storage to an inexperienced start up. Hence, it would be wise to employ another company that would provide similar facility at a low cost in order to back up the storage back up or CoM could employ a dependable and renowned firm for the responsibility.
Accountability and transparency
While collecting a huge amount of funds from the public, any organization would run the risk of reduced accountability or transparency.
The donors must always be informed about the purpose of the raising of the funds, otherwise they might feel cheated. The donors have the right to know the portion of their money that has been used, which for CoM is quite costly and challenging at the same time.
Since the number of donors could now be increased even more, it is important for CoM to adopt digital technologies that would enable accountability and transparency. CoM could upload all the information on the Government website and the supply of information could be a part of e-government services that would be delivered free to the public. Security of information would be maintained by maintaining a secured log in procedure (Dwivedi et al., 2015).
The human resource team of CoM is currently running the risk of getting involved with a cloud based Software as a Service (SaaS) provider, where the company is situated in the US. The service might definitely be of high quality when it comes to the functionality.
However, if something goes wrong, it would be very difficult for the HR team to connect to the US.
The HR team should reconsider this idea and look for more local organizations offering similar services. The government could take up the initiative and develop a similar platform providing such services.
Social media is definitely very powerful when it comes to web marketing strategy, but it could also ruin the reputation of organizations or individuals associated with the same (Jayaram et al., 2015).
In order to prevent rumors from spreading, it is important to be very careful about the choice of contents and words while uploading advertisements or promotional contents.
The responsible individuals of CoM were not very particular about giving importance to Information Systems or Information Technology.
Adopting CCOIP and rejecting CoM-ONE would not be of any help if there is no increased importance on the IS and IT departments and their respective developments.
Risk governance: Standard based approach
The risk governance approach for CoM is appropriate with the ISO 27005 standard for risk management. This standard is related with the risk management for information security. The approach identifies the contexts of risk management and the obligations associated with them. CoM should be able to decipher the degree of risk that could be tolerated and the strategies that must be rejected because of lack of matching with the appetite. The risks mentioned above must be evaluated quantitatively and qualitatively (Iso27001security.com, 2019). The government must be aware of the vulnerability that it is being exposed to because of the risks. Determining the level of risk is a very important step towards risk mitigation.
The risks could be absolutely avoided, treated or transferred to third parties, like insurance agencies and the costs of bearing the risks should not be more than the benefits of mitigation. One of the most important criteria towards an effective risk management is to keep the stakeholders informed about the updates throughout the process, which would maintain the level of transparency and accountability.
The concerned management must be responsible for continuously reviewing the progress of risk treatments and keep responding to the changes in the micro and macro environment, hence ensuring business continuity.
Getting Stuck with Similar INF30020 Information Systems Risk & Security Assignment? Enrol with Expertsminds’s assignment help services and Get distressed with your assignment worries!