Tutor Quora

ITC596 IT Risk Management

Academic Anxiety?

Get an original paper within hours and nail the task

156 experts online

Free Samples

ITC596 IT Risk Management

.cms-body-content table{width:100%!important;} #subhidecontent{ position: relative;
overflow-x: auto;
width: 100%;}

ITC596 IT Risk Management

0 Download14 Pages / 3,259 Words

Course Code: ITC596
University: Charles Sturt University

MyAssignmentHelp.com is not sponsored or endorsed by this college or university

Country: Australia


Your deliverable for IT Risk Assessment report, written for the intended audience of management providing a risk assessment of a project. The project can be in any of the following areas:
Internet of ThingsCloud securityMobile health devicesBring Your Own DeviceSmart vehicles


There were significant topics that emerged from the workshop. The topics were of basic significance and ought to be considered inside the setting of the association structure. Albeit spoke to in discrete topics, the line between the subjects and their suggestions ought not to be seen an unbending limit. The subjects and their related proposals ought to be considered as covering inside the wide setting of cyber security mindfulness and training. According to (Bhagat, B. 2012). Suggestions from the discoveries are:
Specialized controls, a focal part in a company’s cyber security program, are exceedingly dependent upon firms’ individual circumstances. Since the quantity of potential control measures is huge and circumstance needy, just a couple of delegate controls here. In any case, at a more broad level, a safeguard top to bottom procedure can give a powerful way to deal with conceptualize control usage.
Firms should create, actualize and test episode reaction designs. Key components of such plans incorporate regulation and relief, destruction and recuperation, examination, notice and making clients entirety.
Representative merchants commonly utilize sellers for administrations that furnish the seller with access to delicate firm or customer data or access to firm frameworks. Firms have the responsibilities to oversee cyber security chances of exposures that may arise from these connections by practicing definite perseverance over the existence cycle of their seller connections.
An all-around prepared staff is an essential protection against cyber-assaults. Indeed, even all around well-structured staff can end up coincidentally end up as victims of fruitful cyber-assaults. For instance, accidental downloading of malware. Proper training will result to a positive counter to such assaults, (Byres, & Lowe,2014).
Firms should exploit insight sharing chances to shield themselves from cyber dangers. The IT group accepts there are noteworthy open doors for specialist merchants to take part in communitarian self-preservation through such sharing.
A well stipulated administration structure with solid initiative is very important. Various firms pointed out that management units commitment on cyber security issues is the basic to the accomplishment of firms’ cyber security program.
Risk appraisals fill in as establishment device for firms to comprehend the cyber security dangers they look over the scope of the company’s exercises and resources—regardless of the association’s size or plan of action, (Von Solms  & Van Niekerk,2013).
Risk of Cyber Security
A cyber security chance assessment is an evaluated system that firms complete to recognize and dismember potential hazards or threats to an affiliation’s business that could develop through its information advancement structures. By virtue of middle person shippers, such risks could join the deal of customer or firm grouped information.
The mishandling of customer resources or securities may lead to potential financial disasters for the firm or its clients, and the theft of selective trading figures and furthermore opposing reputation about the firm, (Cherdantseva et al, 2016).
Asset Inventories and Critical Assets
Resource inventories are a major segment of  risk evaluation. With a specific end goal to survey dangers, firms need to comprehend what resources they have, what resources are approved to be on their system and what resources are most essential to ensure.
Firms may utilize an assortment of criteria to characterize basic resources. A successful resource stock process will characterize proportions of significance and catch this data for their benefits, (Ericsson, G. N. 2010). For specialist merchants, one thought in recognizing basic resources is firms’ commitments under Regulation S-P to ensure clients’ by and by identifiable data (PII).
Consequently, databases containing individual customer information and business applications containing this information would ordinarily be viewed as basic resources. What’s more, firms may build up an assortment of other criteria to organize resources, for instance, their significance to the company’s business tasks, (for example, exchanging frameworks), regardless of whether customers or others have online access to start exchanges, whether there is an effect to arrange steering, for example, arrange administration frameworks, whether the benefit could enable customer explanations to be adjusted, whether the advantage considers conveyance of securities or money for example wired exchanges and whether this benefit is intended to fill a basic administrative goal or objective, (Gatzlaff, K. M. 2012).
Observations from Firm Practices
Referring to (Haas,  & Hofmann, 2013), the IT group portrayed a scope of ways to deal with creating and keeping up their inventories secure. Here we presented perceptions on those practices. For the most part, the advantage stock process includes a mix of business ways and brought together risk evaluation of the staff. A few firms began on their stock improvement process with the specialty units finishing a troll in which they distinguish all advantages with in the specialized field. On the other hand, a firm may set a critical or risk limit and request that the specialist to distinguish resources that may meet or surpass that edge. In different scenarios, a unified group gives a rundown of advantages that the specialist will approve.
Numerous organizations expressed they keep up solid strategies to guarantee that all benefits are liable to brought together survey and control. A case of this would be those organizations where specialty units may create or gain their own particular programming. These organizations normally set up approaches requiring all applications experience a concentrated control procedure before proceeding into creation as a feature of the framework advancement life cycle, (Hansen, & Nissenbaum, 2009).
Building up and maintaining a Risk Assessment Program
Through the risk evaluations the association comprehends the cyber security risk to hierarchical activities (counting mission, capacities, picture, or notoriety), authoritative resources, and people. IT consultants identify the risk assessment process as a key driver in an association’s risk on administration based on the cyber security program. Referring to (Hofmann,  & Ramaj, 2011), it is likewise a conceivably helpful beginning stage for firms setting out on the foundation of a cyber-security program. For instance, the distinguished arrangements of risk appraisal exercises or results are:
Identifying and documenting asset vulnerabilities.
Surveying dangerous data and identifying weakness of data from data sharing discussions and sources.
Recognize and record interior and outside threats;
Distinguish potential business effects and probabilities.
Utilize dangers, vulnerabilities, probabilities and effects to decide on approach of threat
Recognize and organize chance reactions.
At last, the risk appraisal process should prompt the changes within a company’s controls to prevent distinguished threats. The administration involves several structures:
Preventive—these are controls to prevent or keep hurt from occurring in any case; these incorporate, for instance, against malware, hostile to infection programming and benefit administration apparatuses, (Hahn et al, 2013).
Investigators—these are the administrators in a firm who are used to recognize potential dangers that may have happened or that may happen in the future, for instance, through the discovery of information spillage from email content.
Restorative—these are functionalities that reestablish a framework or process to its previous state, for instance, a business recuperation process that could reestablish a framework into its unique state after the systems has crashed or went offline.
Occasion prescient—these are controls that would anticipate a negative occasion occurring, for example, notice that a particular sort of hack has been happening at comparative firms. Models of regions in which a firm may add or roll out improvements to its controls to decrease cyber danger introduction include: Data stockpiling at sellers, benefit administration, merchant get to control, representative preparing, Wi-Fi assurance, Web/URL separating, information encryption, email content sifting, staff range of abilities coordinating, worker get to control, client get to control, fix and programs updates, (Lewis, J. A. 2012). 
Assessing Threats and possible Vulnerabilities
The IT experts utilized an assortment of contributions to their risk appraisal process. Regarding dangers, these data sources incorporate past cyber security episodes either at the firm or noted in the business, risk insight distinguished from different associations or through security associations. These dangers included both inner dangers e.g., dangers from workers or outside dangers, for example, hacktivists or sorted out wrongdoing gatherings.
Risk Assessment Governance
This starts by utilizing specialist level risk groups to perform risk and control assessments over their innovation resources. At corporate level, an innovation risk assessment work carries out specialized assessment of the risks of benefits with an emphasis on top risks, including cyber security. This capacity additionally joins forces with the specialty units during the time to help the specialized surveys of the specialty unit’s most basic capacities. The yield from this procedure is accounted for, followed and re-intervened through the association’s venture risk administration following framework, (Liu, Xiao, Liang  & Chen 2012).
Technical Controls
The determination of particular controls is exceptionally reliant on an individual company’s conditions. An order of all conceivable cyber security controls, or even the proposal of a particular control choice procedure, is outside the extent of this record. In any case, given ongoing cyber security occasions influencing firms, there is an incentive in featuring a general way to deal with cyber security controls that organizations have discovered viable and also a couple of, illustrative, basic cyber security rehearses, (Shin, Son  & Heo, (2015).
Management of vendor
Firms crosswise over numerous industry areas depend on outsider suppliers for a scope of administrations. As late occurrences have appeared, these same suppliers can likewise be a critical wellspring of cyber security risk. These risks can emerge in various courses, for instance, if a seller or one of its workers abuses firm information or frameworks, if the merchant itself is liable to a cyber-assault that bargains seller frameworks or firm information, or if an assault on a seller turns into a vector for an assault on an association’s frameworks. Firms require a compelling seller administration program set up to help prepare for these risks, (Metke  & Ekl, 2010).
Suppliers and Risk Assessment are apart from continuous due constancy, merchant frameworks and procedures ought to be incorporated into an association’s general risk appraisal process.. The company’s administration procedure should apply to these seller frameworks and any distinguished risks would be required to be alleviated either by the information proprietor or merchant as coordinated from the information proprietor.
Staff Training
Workers are one of the significant wellsprings of Cyber Security risk for firms. It was discovered that huge numbers of the Cyber Security assaults that organizations recognized were effective decisively on the grounds that workers committed errors, for example, incidentally downloading malware or reacting to a phishing assault. Thus, Cyber Security preparing is a fundamental segment of any Cyber Security program. Indeed, even the best specialized controls on a company’s frameworks can be quickly undermined by workers who are absent to Cyber Security risks. The significance of preparing is generally perceived, (Mukhopadhyay et al  2013).
Most firms underscore the significance of staff preparing. Commonly, this incorporates a mix of required general mindfulness preparing for all staff and focused on preparing for particular staff gatherings.
Firms that have created and conveyed Cyber Security preparing, have a wide level of cover in the subjects. A portion of the major points are distinguished in the table beneath:
Generalized preparing involves Recognizing Risks, Social Engineering methodologies and Phishing, and handling classified information.
IT administration preparing: Application life-cycle, benefit administration, programming vulnerabilities, (Shackelford, S. J. 2012).
Cyber Intelligence and Information Sharing
The centrality of Cyber Security threat understanding and data sharing is extending as Cyber Security risks increase and advance in multifaceted nature. Firms that can take in and research digital understanding enough can proactively realize measures to diminish their shortcoming to Cyber Security perils and thusly improve their ability to guarantee both customer and firm data, (O’Connell 2012). Besides, firms can help diverse people from the work locale Cyber Security risks simply more effectively by sharing data about attacks. To propel the knowledge and sharing of Cyber Security data among firms, the U.S. national government was instrumental in setting up various industry-based data sharing and examination focuses (ISACs) agreeable with Presidential Decision Directive on Critical Infrastructure Protection: Sector Coordinators. The significant target of the ISACs is to reveal security vulnerabilities and perceive answers for help make inside establishments to turn away, distinguish and change security cracks as quick as could sensibly be normal. The FS-ISAC gives a setting to the money related organizations industry to share threat understanding, subtly if so needed, and the ability to change hazard data into “imperative learning.” Numerous greater firms have set up gave peril information focuses that get and explore chance knowledge from a grouping of sources.
 These focuses outfit their associations with the ability to perform start to finish examination of Cyber Security understanding data, and furthermore the ability to respond rapidly to risks. Likewise, immense firms as frequently as conceivable supplement their in-house digital knowledge program with outsourced organizations, (Pearson, I. L. 2011). In the effort of identifying the approach to Cyber Security the corporation has directed a team of IT Risk Assessment consultants to conduct a study on the matters pertaining cyber security. The purpose of this study was to gather a team of expertise in the field to examine the situation in order to provide mutual beneficial approaches to handle cyber security affairs. Frameworks as a general rule use various copies of the same or tantamount programming, with a copy on each one of a couple of machines in the framework, (Amin et al 2013). This equivalence, joined with accessibility, suggests that any fault in one copy of a program can make vulnerabilities spread transversely over various machines. Mass market programming every now and again has flaws, and each deformity can be considered and abused by an assailant. In tremendous frameworks, a huge number of potential aggressors can test the item broadly; the result is that a framework every now and again joins many recognized imperfections and programming patches to counter them.
Cyber Insurance
In evaluating their cyber protection alternatives, firms might need to think about the accompanying inquiries:
Does the current protection approach cover any parts of Cyber Security occasions?
Which occasions are insurable?
Does the association’s risk administration approaches enough cover the money related risks related with cyber security occasions?
What inclusion will another or upgraded cyber protection approach give and what will it cost?
Overview Summary
Digital security is a key hazard that the vendor business faces today and that will likely create in methodicalness in the coming years. The firm should make the change and execution of measures to address digital security challenges which is one of the establishments of a sound business structure. The guidelines and great practices portrayed in this report can help firms in that effort. A hazard organization based approach to manage digital security licenses firms to tailor their approach to manage the individual conditions and the changing threats each firm faces. The structure and models discussed can enlighten firms’ thinking at a programmed and moreover solitary control level, (Pfleeger & Caputo, 2012).
Systems are inescapable in all parts of life: natural, physical, and social. They are fundamental to the workings of a worldwide economy and to the guard of the United States against both ordinary military dangers and the risk of psychological oppression.
Central information about the forecast of the properties of complex systems is crude.
Current financing arrangements and needs are probably not going to give satisfactory crucial learning about substantial complex systems.
Much thought has been fixated on bleeding edge perils that associations stand up to, and those unquestionably present basic dangers. Be that as it may, significant attacks misuse truly basic control inadequacies. While the firm needs to stay alert, they can in like manner take some comfort from this, (Ralston, Graham & Hieb, 2007).
Without a doubt, digital security is attempting to address, yet it is emphatically not plausible. What is required is intensive careful attention and execution. Hazard appraisals can empower firms to recognize and compose those implies that are most squeezing to endeavor. Data sharing can empower firms to comprehend the sorts of perils they may go up against and available balance measures. Looking forward, the longing is that the firm will review this response to assess what parts of the gauges and great practices tended to along these lines could empower them to gather or upgrade their digital security readiness, (Yan et al, 2012).
This report is just a single of various resources the associations ought to draw in upon to light up their digital security program. It is typical that firm organization will make digital security a need and that it will submit satisfactory resources both to comprehend the present and creating digital security threats to which the firm may sensibly plan to be exhibited and to execute measures imperative to achieve the desired hazard present.
Amin, S., Litrico, X., Sastry, S., & Bayen, A. M. (2013). Cyber security of water SCADA systems—Part I: Analysis and experimentation of stealthy deception attacks. IEEE Transactions on Control Systems Technology, 21(5), 1963-1970.
Bhagat, B. C. (2012). U.S. Patent Application No. 13/016,999.
Byres, E., & Lowe, J. (2014, October). The myths and facts behind cyber security risks for industrial control systems. In Proceedings of the VDE Kongress (Vol. 116, pp. 213-218).
Cherdantseva, Y., Burnap, P., Blyth, A., Eden, P., Jones, K., Soulsby, H., & Stoddart, K. (2016). A review of cyber security risk assessment methods for SCADA systems. Computers & security, 56, 1-27.
Ericsson, G. N. (2010). Cyber security and power system communication—essential parts of a smart grid infrastructure. IEEE Transactions on Power Delivery, 25(3), 1501-1507.
Gatzlaff, K. M. (2012). Implications of privacy breaches for insurers. Journal of Insurance Regulation, 31(1), 197.
Haas, A., & Hofmann, A. (2013). Risiken aus Cloud-Computing-Services: Fragen des Risikomanagements und Aspekte der Versicherbarkeit (No. 74-2013 [rev.]). FZID Discussion Paper.
Hansen, L., & Nissenbaum, H. (2009). Digital disaster, cyber security, and the Copenhagen School. International studies quarterly, 53(4), 1155-1175.
Hofmann, A., & Ramaj, H. (2011). Interdependent risk networks: The threat of cyber attack. International Journal of Management and Decision Making, 11(5-6), 312-323.
Hahn, A., Ashok, A., Sridhar, S., & Govindarasu, M. (2013). Cyber-physical security testbeds: Architecture, application, and evaluation for smart grid. IEEE Transactions on Smart Grid, 4(2), 847-855.
Lewis, J. A. (2012). Assessing the risks of cyber terrorism, cyber war and other cyber threats. Washington, DC: Center for Strategic & International Studies.
Liu, J., Xiao, Y., Li, S., Liang, W., & Chen, C. P. (2012). Cyber security and privacy issues in smart grids. IEEE Communications Surveys & Tutorials, 14(4), 981-997.
Metke, A. R., & Ekl, R. L. (2010). Security technology for smart grid networks. IEEE Transactions on Smart Grid, 1(1), 99-107.
Mukhopadhyay, A., Chatterjee, S., Saha, D., Mahanti, A., & Sadhukhan, S. K. (2013). Cyber-risk decision models: To insure IT or not?. Decision Support Systems, 56, 11-26.
O’Connell, M. E. (2012). Cyber security without cyber war. Journal of Conflict and Security Law, 17(2), 187-209.
Pearson, I. L. (2011). Smart grid cyber security for Europe. Energy Policy, 39(9), 5211-5218.
Pfleeger, S. L., & Caputo, D. D. (2012). Leveraging behavioral science to mitigate cyber security risk. Computers & security, 31(4), 597-611.
Ralston, P. A., Graham, J. H., & Hieb, J. L. (2007). Cyber security risk assessment for SCADA and DCS networks. ISA transactions, 46(4), 583-594.
Shackelford, S. J. (2012). Should your firm invest in cyber risk insurance?. Business Horizons, 55(4), 349-356.
Shin, J., Son, H., & Heo, G. (2015). Development of a cyber security risk model using Bayesian networks. Reliability Engineering & System Safety, 134, 208-217.
Von Solms, R., & Van Niekerk, J. (2013). From information security to cyber security. computers & security, 38, 97-102.
Yan, Y., Qian, Y., Sharif, H., & Tipper, D. (2012). A survey on cyber security for smart grid communications. IEEE Communications Surveys and tutorials, 14(4), 998-1010.

Free Membership to World’s Largest Sample Bank

To View this & another 50000+ free samples. Please put
your valid email id.


Yes, alert me for offers and important updates


Download Sample Now

Earn back the money you have spent on the downloaded sample by uploading a unique assignment/study material/research material you have. After we assess the authenticity of the uploaded content, you will get 100% money back in your wallet within 7 days.

UploadUnique Document

DocumentUnder Evaluation

Get Moneyinto Your Wallet

Total 14 pages


*The content must not be available online or in our existing Database to qualify as

Cite This Work
To export a reference to this article please select a referencing stye below:


My Assignment Help. (2021). IT Risk Management. Retrieved from https://myassignmenthelp.com/free-samples/itc596-it-risk-managemnet/cyber-security-program.html.

“IT Risk Management.” My Assignment Help, 2021, https://myassignmenthelp.com/free-samples/itc596-it-risk-managemnet/cyber-security-program.html.

My Assignment Help (2021) IT Risk Management [Online]. Available from: https://myassignmenthelp.com/free-samples/itc596-it-risk-managemnet/cyber-security-program.html[Accessed 18 December 2021].

My Assignment Help. ‘IT Risk Management’ (My Assignment Help, 2021) accessed 18 December 2021.

My Assignment Help. IT Risk Management [Internet]. My Assignment Help. 2021 [cited 18 December 2021]. Available from: https://myassignmenthelp.com/free-samples/itc596-it-risk-managemnet/cyber-security-program.html.

.close{position: absolute;right: 5px;z-index: 999;opacity: 1;color: #ff8b00;}


Thank you for your interest
The respective sample has been mail to your register email id


$20 Credited
successfully in your wallet.
* $5 to be used on order value more than $50. Valid for
only 1

Account created successfully!
We have sent login details on your registered email.



Struggling to get hold of interesting persuasive speech topics? Confused with plenty of options for your informative speech topics? Get in touch with us and our PhD qualified writers will choose the best topics for your paper. Whether you need good research topics or you need impressive essay topics, our experts are right here at your immediate assistance. All you have to do is place your order with us and we will take care of your paper with the utmost precision. Our team will not only choose a good topic but also write the best paper for you.

Latest Management Samples

div#loaddata .card img {max-width: 100%;

MPM755 Building Success In Commerce
Download :
0 | Pages :

Course Code: MPM755
University: Deakin University

MyAssignmentHelp.com is not sponsored or endorsed by this college or university

Country: Australia

The process of developing a successful business entity requires a multidimensional analysis of several factors that relate to the internal and external environment in commerce. The areas covered in this current unit are essential in transforming the business perspective regarding the key commerce factors such as ethics, technology, culture, entrepreneurship, leadership, culture, and globalization (Nzelibe, 1996; Barza, 2…

SNM660 Evidence Based Practice
Download :
0 | Pages :

Course Code: SNM660
University: The University Of Sheffield

MyAssignmentHelp.com is not sponsored or endorsed by this college or university

Country: United Kingdom

Critical reflection on the objective, design, methodology and outcome of the research undertaken Assessment-I
Smoking and tobacco addiction is one of the few among the most basic general restorative issues, particularly to developed nations such as the UK. It has been represented that among all risk segments smoking is the fourth driving purpose behind infections and other several ailments like asthma, breathing and problems in the l…
Australia Maidstone Management Business management with marketing University of New South Wales Masters in Business Administration 

BSBHRM513 Manage Workforce Planning
Download :
0 | Pages :

Course Code: BSBHRM513
University: Tafe NSW

MyAssignmentHelp.com is not sponsored or endorsed by this college or university

Country: Australia

Task 1
1.0 Data on staff turnover and demographics
That includes the staffing information of JKL industries for the fiscal year of 2014-15, it can be said that the company is having problems related to employee turnover. For the role of Senior Manager in Sydney, the organization needs 4 managers; however, one manager is exiting. It will make one empty position which might hurt the decision making process. On the other hand, In Brisba…

MKT2031 Issues In Small Business And Entrepreneurship
Download :
0 | Pages :

Course Code: MKT2031
University: University Of Northampton

MyAssignmentHelp.com is not sponsored or endorsed by this college or university

Country: United Kingdom

Entrepreneurial ventures
Entrepreneurship is the capacity and willingness to develop, manage, and put in order operations of any business venture with an intention to make profits despite the risks that may be involved in such venture. Small and large businesses have a vital role to play in the overall performance of the economy. It is, therefore, necessary to consider the difference between entrepreneurial ventures, individual, and c…
Turkey Istanbul Management University of Employee Masters in Business Administration 

MN506 System Management
Download :
0 | Pages :

Course Code: MN506
University: Melbourne Institute Of Technology

MyAssignmentHelp.com is not sponsored or endorsed by this college or university

Country: Australia

An operating system (OS) is defined as a system software that is installed in the systems for the management of the hardware along with the other software resources. Every computer system and mobile device requires an operating system for functioning and execution of operations. There is a great use of mobile devices such as tablets and Smartphones that has increased. One of the widely used and implemented operating syste…
Australia Cheltenham Computer Science Litigation and Dispute Management University of New South Wales Information Technology 


Need an essay written specifically to meet your requirements?

Choose skilled experts on your subject and get an original paper within your deadline

156 experts online

Your time is important. Let us write you an essay from scratch

Tips and Tricks from our Blog

11174 Introduction To Management

Free Samples 11174 Introduction To Management .cms-body-content table{width:100%!important;} #subhidecontent{ position: relative; overflow-x: auto; width: 100%;} 11174 Introduction

Read More »