IT RISK MANAGEMENT
Examine the following case study:
- Use a diagram (produced by the means of using Rationale, Visio or any other relevant software application of your choice) to illustrate current security risks and concerns considered by the NSW government.
- Provide detailed explanation of the diagram and identify the areas of: high, medium, medium-low, and low risk exposure.
- Carry out comparative analysis of the Deliberate and Accidental Threats and rank those threats in order of importance. Justify your rankings not only on the basis of the case study but also by the means of doing further research and drawing upon other relevant case studies (e.g. Security guidelines for other private and public organizations) that you can identify.
- While drawing upon theories, tools and patterns covered in the subject as well as your own research, explain the challenges that the NSW government is going to face while deciding on whether security/risk management should be carried out internally or externally (e.g. via outsourcing).
- Explain the difference between the concepts of ‘’Risk’’ and ‘’Uncertainty’’ (make sure that your discussion is linked to the case considered).
- Discuss and evaluate (with examples) different approaches available to the NSW government for risk control and mitigation.
This assignment is for students to meet the following learning outcomes.
- be able to critically analyse the various approaches for mitigating security risk, including when to use insurance to transfer IT risk;
- be able to critically evaluate IT security risks in terms of vulnerabilities targeted by hackers and the benefits of using intrusion detection systems, firewalls and vulnerability scanners to reduce risk