Attain A++ Grades with SBM4304 IS Security and Risk Management Assignment Help Service!

Home   Course  
Previous << || >> Next

SBM4304 IS Security and Risk Management, Asia Pacific International College, Australia

Write an essay to answer the followings related to the selected sector:

Question 1. Introduction to identify the selected sector and outline the essay.

Answer - Introduction


The education sector is a broad segment of an economy consisting of educational institutions of varied levels and forms and ancillary education services provided by teaching and non-teaching personnel. The objective of this sector is to make sure that there are inclusive and equitable learning opportunities for all which will have a certain quality and will promote lifelong scope for exploring knowledge. The essay is aiming at assessingthe security and risk management proceduresmandatory to ensure the reliability, confidentiality, availability, integrity, and security of institutes under the education sector.  The study will also revealin what way the auditing can support data quality.

Question 2. Literature review on three current or possible future potential security issues related to the selected sector. These issues should be taken from the current state of the art literature. This section must be supported by at least three (3) references.

Answer - Literature Review

Education sector has been tremendously benefited from technology. Be it universities or primary schools technology has updated education and its delivery to the zenith.However, as the saying goes: with great power comes great responsibility, the technological power has brought along itself many threats of which education institutes must be accountable for. The education sector thus faces the risk of protecting themselves from the growing cyber crimes especially from insider agencies (Graves 2019).

The three most current security threats related to the sector are high frequency cyberattacks, limited IT resources and building cyber aware culture (Biddle 2017).The educational institutes are witnessing very frequent cyberattacks which are aimed at stealing their personal information, extorting data for money, and disrupting the school’s ability to function. The varied types of cyberattacks are phishing, ransomware, and DDoS.

Using phishing emails cybercriminals are posing as companies offering student loans and are asking for information of employees. Ransomware is the most commonly used malware against educational institutions that encrypts files unless they are paid the desired amount. Distributed denial of service attacks or DDoS are employed to stall the operation. This service floodsthe bandwidth of the school with requests thatslows down their systems or makethemcrash. As a result, students, staff, and faculty cannot access the network. Since institutes are increasingly dependent on their digital offerings with students mostly relying on connected devices, DDoS attacks can potentially damage every segment of the operation of these institutes (Biddle 2017).


Educational institutions suffer from lack of IT resources that will protect their networks from attacks. This cybersecurity skills gap arises from the shortage of available professionals with knowledge and expertise to counter the threat scenario.The problem is getting worse with wide range of devices requiring access to network and each devise carrying applications that need varying degree of security.As the digital transformation is moving the infrastructure and resources to the cloud, the pressure on IT teams will mount to update the security system so that they can keep pace with cybercriminals. The demand will be tointegrate security solutions that will ensure network visibility throughout distributed environments along with automation. Legacy IT infrastructure can put these instates at risk of an attack. The IT teams must ensure that the older hardware and solutions have the most recent updates.Another cybersecurity issue related to paucity of IT resources that bothers the educational institutions is protection of personal information as both students and faculties bring in their devices inside the campus, it is almost impossible to detect which devises are safe and secure (Roscorla 2016).

The last issue is lack of awareness about cyber threats amongst students and staff members. The absence of or the inadequacy of understanding about cyber risks, especially phishing and ransomware can cause havoc in the network of the institute. There is a need for crating awareness among all those who are involved in the operation of the schools that they should think twice before clicking on any unknown link or opening any unknown attachment(Biddle 2017).

Question 3. Propose a possible solution for one of the threats identified in section-2. In this part you need to choose one of the issues identified in the previous section and propose a possible solution to the particular security issue.

Answer - Threat Mitigation

Threat Mitigation is the process of lowering the extent of a problem or attack by segregating or comprehending a threat and resolving the problem.Threat mitigation of education institutions can be considered in light of the ensuingaspects: information sharing, culture, resilience, priorities, speed, threat environment, and cyber hygiene (Tobar 2018).The leadership of the educational institutes need to spread awareness about the cyber security through training and other programs. A culture of cybersecurity and risk mitigation can go a long way to develop accountability and expertise to deal with the risks.

Information sharing is another crucial method of threat mitigation. Informing the right stakeholder about the risks will enable correct decision making and create right kind of involvement.Cyber security must be made one of the priorities of institutions with their limited budget and staff. Following a policy of strict risk management and planning can help in lowering the risk of cybercrime and attacks. To make cybersecurity a priority the schools need to have information about trends over a period of time, potential impact of the threats, time horizon for impact, and the approximate time when a risk islikely tomaterialize.


There is no guarantee that all threats can be mitigated by the cyber security system. Hence, there must be provisions so that the network can continue operating despite being attacked.Schools can useCERT Resilience Management Model (CERT-RMM) to refianing and cultivating their operational resilience.

The speed with which the threat is addressed makes a lot of difference in minimizing its impact. How fast the threat is identifies and how quickly counter measures were initiated are factors that decides the impact of the risk exposure on the system.

Educational institutions need to be aware of the threat environment to protect themselves from any impending attack. Knowing about the adversary capabilities also help identify the source of risks -third party of insider threat.Encouraging hygienic cyber practices further reduces the risk of attacks.

Question 4. Discuss the ways the organizations in the selected sector can protect their functionality against threats. Illustrate with examples the general and application management controls can be adapted by the organizations.

Answer - General And Application Management Controls

Controls includesmethods, policies, and procedures that work towards protectingthe assets, accuracy, and reliability of the records of the organization, and its operativeobservanceof management standards. General controls create a framework that controls the design, security, and use of computer programs across an institution. General controls include implementation process,controls over the system, physical hardware controls,software controls, data security controls,computer operations controls, and administrative controls (Linford 2017).

Application controls are specific controls exclusive to each computerized applicationsuch as payroll, order processing, and accounts receivable.(Linford 2017).The objectives of application controls are numerous. First, to providecompleteness of input and update. That is, all current business dealings must pass through the computer and be documented on computer files. Second, to maintain accurateness of input and update. The computer must capture data correctly and record properlyon computer files. Thirdly, to ensure validity. Data must be checked or authorized for appropriateness of the transaction. Fourthly, to keep up maintenance. Data on computer files should not get corrupted and remain in correct and current format.


Application controls has three parts, namely input controls, processing controls, and output controls.Input controls procedures carry out data check for correctness and comprehensiveness when they pass in the system.  This stage also includes input authorization, edit checks, and data conversion.Processing controls are practices for ensuring that data are complete and correctthroughout updating. Output controls confirm that the outcomes of computer processing are complete,accurate, and properly distributed.

Schools can use all of the control mechanisms exhaustively in their Information systems. However, theyare usually tooexpensive to build and very complicated to apply. That is why the educational institutions need to perform some cost-benefit analysis to decide on which control mechanism will provide the most effective safety measurewithin their limited budget.

Question 5. Illustrate the security techniques the organizations in the selected sector can be used to achieve the CIA requirements.

Answer - Security Techniques To Archive CIA

The CIA requirement for security technique also known as CIA triad are confidentiality, integrity, and availability (Chia 2012).These three principles are considered the core of forming an IT security system and solving any IT related issues.

When formulating information security policies, the schools must clearly define the confidentiality aspect of the CIA triad. They must classify the data according to their need to be protected, the measures to protect them, and managing access levels.Not all data will come under stringent protection levels. This classification should be made based on the sensitivity, appropriate security, and access controls of the data (Ismail 2016).

The principle of integrity refers to protection from unauthorised usage of data by third party individuals and their undue modification or deletion. This principle also makes room for situations where authorised changes mistakenly made can be undone by individualsthereby protecting the integrity of the data.The IT network of an educational institute will thus allow certain users to only view data and not modify them and there will be some data that cannot be modified at all. In addition, there will be a recovery system which will take back up of data and restorethe correct data when anywrongfulchange has been made.


Finally, data must be easily available to the students, the faculty members, and the administrative staff whenever needed.However, it must also be ensured that the data are not   available for unauthorised users or cyber criminals.For this said purpose, information security measures should not block access to data by authorized users. The authentication tools and access channels of the authentication system must work effectively.The principle of availability of data must also apply during the time when IT teams are making measures to keep the channels work in the even when the system is under an attack by DDoS or any other untoward incident like power outages.

Question 6. Auditing is the process of reviewing of systems used to determine if misuse has occurred at any business process of the organization. Critique the audit process can be used by the organizations in the selected sector.

Answer - Audit Process

Auditing is the process of revising of systems used to regulate if mismanagement has occurred at any business process of the organization. The role of the audit committee is to represent the board in supervising all material aspects of the schools financial reporting, accounting policies and internal control.

While auditing an education institute, the auditor mustread the Trust deeds and University Act and should take understand the rules and regulations pertaining to accounts. Going through the copy of minutes books the auditor will know about the resolutions passed by governing body at different time in respect to accounts. Auditor should ask for a duplicate of financial statements to analyse and scrutinize different heads under which income and expenditure are made in detail(Thornron 2016). The auditor should further study the balance sheet to check the assets and liability status of the institute. The audits can help the institute realize its focus of expenditures and their consequent outcomes. The institute can understand whether the measures taken for IT security are working for their school or not. They can ponder over any improvement if necessary and assess the budget expenditure needed for that. Audits are also a great way to identify any kind of wastefulexpenditure ormismanagement of funds which can directly affect the financial health of the school. Lastly and most importantly, auditinghelping in detecting the vulnerability of the college or university to breach of technology or cybercrime from outside.


In the final analysis it can be said that the security risk management of an educational institution is no longer an easy or simple task. With introduction of technology, these institutions have gained advantage of spreading knowledge to a larger base of people often transcending geographical barriers, but at the same time these technologicaladvancements have generated severe threat like cybercrime and unauthorized intrusion. The resultant process has taken a mammoth shape and assumed an intensely complex nature. Dealing with new sets of challenges the institutes need to formulate strategies that address the changing requirements of technology and its uses, grow a team of experts with knowledge and experience of setting up a security network and handling any crisis if they occur. There is also a need for spreading awareness regarding the cyberthreats so that students, faculties and administrative staffs can be careful while operating devises within the network. For establishing the IT security network, the institutes may use both general management controls and application controls but must carry out a cost/benefit analysis before investing in these processes which often becomes heavy on the budget of the institute. They need to make the investment as per their requirements. The IT security system must conform to the CIA requirements. Lastly, the auditing process will show the effectiveness of the security risk management system.


Listed below some of the major courses and academic units cover under our University of Southern Queensland, Australia Assignment Help Service:-

  • SBM1101 Project Management Fundamentals Assignment Help
  • SBM1103 Project and Program Information & Communication Systems Assignment Help
  • SBM1201 Project Scope, Time and Cost Management Assignment Help
  • SBM1202 Project Quality, Risk & Procurement Management Assignment Help
  • SBM1203 Venture/Project Economics and Finance Assignment Help
  • SBM1204 Project Delivery Systems Assignment Help
  • SBM1300 Research Project Assignment Help
  • SBM2101 Operations Management Assignment Help
  • SBM2102 Marketing and Business Communications Assignment Help
  • SBM2103 Financial Management Assignment Help
  • SBM2104 Human Resources Management Assignment Help
  • SBM2105 International Business and Competitive Strategy Assignment Help
  • SBM2106 Organisation Behaviour and Internal Communication Assignment Help
  • SBM2301 Supply Chain Management Fundamentals Assignment Help
  • SBM2302 Advanced Supply Chain Management Assignment Help
Tag This :- EM201923DHA427PM SBM4304 IS Security and Risk Management Assignment Help

get assignment Quote

Assignment Samples

    Cyber Security Assignment Help

    cyber security assignment help - The following assignment talks about the cybersecurity of supply chains and discusses the various risks associated with it.

    The Concept Of Family Assignment Help

    the concept of family assignment help and assessment help - What is a definition of family that encompasses the different family structures prevalent today?

    System Thinking Assignment Help

    system thinking assignment help - Apply Fundamental principles of system thinking to project, program and portfolio management.

    Innovation Strategies Assignment Help

    innovation strategies assignment help, Central Queensland University, Australia - Succinctly introduce the selected organisation and selected innovation trend.

Get Academic Excellence with Best Skilled Tutor! Order Assignment Now! Submit Assignment