Regulatory Enforcement and Compliance †Free Samples to Students

Question: Discuss about the Regulatory Enforcement and Compliance. Answer: Introduction The case study of VIC Government had been selected for analysing the effective development of the risk assessment report. The inclusion of the effective and smart development methodology would be helpful for developing the operations of VIC government. According to Steinberg (2016), the development of the operations would be helpful for integrating the operations of the organization and it would be helpful for forming the integration of the smart operations in the organization. The development of the systematic flow of operations would help the organization for forming the accurate and systematic development of the operations. The following assignment had been developed for integrating the risk assessment in the operations of the information system development for VIC government. The report had considered the evaluation issues and threats by implementation of the effective analysis method. The evaluation of the security risks and threats in the VIC government had considered the development of a diagram using Microsoft Visio and it had pointed out the various threats and risks of implementing information system in the organization. Illustration of Security Risks and Threats in VIC Government The risk analysis for the development of the information system in VIC government had been employed for forming the accurate and smart tools for analyzing the development of the information system of VIC government. The diagram had been constructed in the Microsoft Visio and it represents the components of the risk and threats acting on the information system that is being implemented in the VIC government. The following diagram has been constructed for representing the various threats and risk factors, As opined by Perera, R., Nand, P. (2015), the components of the diagram made for the analysis of the risk factor and develops the effective and smart risk assessment. The implementation of the developed processes would help in forming the accurate and effective operations for the development of the organization. The system integration would be helpful for realizing the impact of the operational development of the operations. The components of diagram are VIC Government, Information Management System, Codes of Practices, Risk and Threats, Accidental and Deliberate Threats, and External and Internal Threats. Component Description VIC Government According to Von Solms and Van Niekerk (2013), the information of the customers and the members of VIC government are the primary component of the risk assessment for the information system implementation. The implementation of the information system would be helpful for forming the eventful development of the operations and carrying out the activities of the smart system implementation. The storage of the data and information would comprise of developing the effective and smart processing of the information. Information Management System The information management system would be helpful for forming the improved facilities of the operation. The implementation of the operations would comprise of forming the VIC system implementation. According to Bommer, Crowley and Pinho (2015), the development of the storage and system database would be possible due to the implementation of the effective and smart processing of the information system. The implementation had been largely implied for developing the effective processing of the information at VIC government. The management of the information would form the effective deployment of the faster and improved services in the operations. Codes of Practices ISO/IEC.AC/AZS 17799:2001 is the ACS code of ethic developed for implementing the effective and smart processing of the operations in the VIC government organization. The codes of practices would be implied for forming the effective and improved processes of the organization. The development of the code of practices would be implied for keeping the concerns of the operations intact for the implementation of the operations. The code of practices would be implied by Australian Computer Society. Risk and Threats Alcorn, Good and Pain (2013) have defined risk as the primary factor that can cause the development of the effective and implied operations unsuccessful. The risk consists of some hindrances that would form the impact on the operations and it would result in forming the issues of the operation. The risks of VIC information system implementation are staff errors, denial of service, industrial action, transmission errors, programming errors, theft and fraud, technical failures, eavesdropping, social engineering issue, and malwares. Bommer, Crowley and Pinho (2015) have defined threat as the factors of unsure that can affect the development of the information system development. The implication of the effective and employed development of the operations would form the integration of the functions. The development of the operations would not be ensured for forming the estimated outcome from the operations due to threats. The factors of threats in the information system implementation are unauthorized software, website intrusion, unauthorized access, piracy of software, loss of information, and failure of communication. Accidental and Deliberate Threats Von Solms and Van Niekerk (2013) have defined the accidental threats as the sudden issues of the operations of the organization. The accidental threat would not be intended for occurrence and hence it would not be of much critical impact on the operations of the system. Proper planning would be implied for forming the safety of operations with the organization for implementing the information system. The accidental threats are technical failures, transmission errors, programming errors, loss of information, failure of outsourced operations, failure of communication, and staff errors. On the contrary, Perera and Nand (2015) have developed the analysis of the deliberate threat to be the most crucial in impacting the operations of the organization. The deliberate threats are implied for harming the operations of the organization purposely. It is the most critical hindrance and have highest priority of harming the operations of the organization. The deliberate threats are eavesdropping, industrial action, denial of service, website intrusion, piracy of software, theft and fraud, unauthorized access, malwares, unauthorized software, and social engineering issue. External and Internal Threats Man et al. (2014) have stated that the external threats are a result of outside interference on the information system and its operations. The external threats are classified for forming the major issues in the development of the operations as they cause critical hindrance and have highest priority of harming the operations of the organization. The external threats for VIC information system implementation are technical failures, eavesdropping, programming errors, unauthorized access, denial of service, transmission errors, malwares, and website intrusion. As opined by Lam (2014), the internal threats are some inbuilt issues and problems that the development of the information system faces due to the interior faults and errors. The internal errors consist of some sudden issues of the operations of the organization. The internal threats for VIC information system implementation are unauthorized software, piracy of software, industrial action, failure of communication, loss of information, failure of outsourced operations, social engineering issue, and staff errors. Table 1: Explanation of the Diagram developed for Risk Analysis Classification of Risk Exposure Areas Man et al. (2014) has classified risk in terms of the risk exposure areas and they are namely high, medium, medium-low, and low risk exposure areas. The explanation and example of the risk exposure areas are given in the table below, Risk Exposure Areas Description Examples High Risk Exposure Areas Have high capacity of impact on the operations of the project and it would form the major and critical impact on the information system of VIC government a) Intrusion b) Phishing c) Malware d) Data theft Medium Risk Exposure Areas Have medium capacity of impact on the operations of the project and it would form the moderate impact on the information system of VIC government a) Issues of design b) Data misinterpretation c) Software issues Medium Low Risk Exposure Areas Have Low capacity of impact on the operations of the project and it would form the minor impact on the information system of VIC government a) Wrong data entry b) Data incompatibility c) Integration issue Low Risk Exposure Areas Have least capacity of impact on the operations of the project and it would form no impact on the information system of VIC government a) Social engineering issues b) Errors generated by the users Table 2: Explanation of the Risk Exposure Areas Comparison and Ranking of Accidental and Deliberate Threats Rank Description Examples Justification of ranking 1st Perera and Nand (2015) have developed the analysis of the deliberate threat to be the most crucial in impacting the operations of the organization. The deliberate threats are implied for harming the operations of the organization purposely. Eavesdropping, industrial action, denial of service, website intrusion, piracy of software, theft and fraud, unauthorized access, malwares, unauthorized software, and social engineering issue It is the most critical hindrance and has highest priority of harming the operations of the organization. Hence it has been ranked first. 2nd Von Solms and Van Niekerk (2013) have defined the accidental threats as the sudden issues of the operations of the organization. The accidental threat would not be intended for occurrence and hence it would not be of much critical impact on the operations of the system. Technical failures, transmission errors, programming errors, loss of information, failure of outsourced operations, failure of communication, and staff errors. Proper planning would be implied for forming the safety of operations with the organization for implementing the information system. Hence it has been ranked second. Table 3: Comparison of Accidental and Deliberate Threats for VIC government Security and Risk Management Challenges for VIC government The VIC information system implementation had been implied for forming the effective development of the operations of the organization. However the organization had to face some issues of security challenges and operational challenges that has been explained below, Security Challenges: The security challenges are implied for harming the operations of the organization purposely (Rasmussen, 2013). The security challenges are the most crucial in impacting the operations of the organization and it results in forming major hindrance in the operations of the organization. The security challenges include eavesdropping, industrial action, denial of service, website intrusion, piracy of software, theft and fraud, unauthorized access, malwares, unauthorized software, and social engineering issue. Operational Challenges: The operational challenges are the sudden issues of the operations of the organization (Healey, 2016). The operational challenges would not be intended for occurrence and hence it would not be of much critical impact on the operations of the system. The operational challenges include technical failures, transmission errors, programming errors, loss of information, failure of outsourced operations, failure of communication, and staff errors. Comparing Risk and Uncertainty Silbey (2013) considers risk as the primary factor that can cause the development of the effective and implied operations unsuccessful. The risk consists of some hindrances that would form the impact on the operations and it would result in forming the issues of the operation. The risks of VIC information system implementation are staff errors, denial of service, industrial action, transmission errors, programming errors, theft and fraud, technical failures, eavesdropping, social engineering issue, and malwares. Covello et al. (2013) considers uncertainty as the factors of doubt that can affect the development of the information system development. The implication of the effective and employed development of the operations would form the integration of the functions. The development of the operations would not be ensured for forming the estimated outcome from the operations due to uncertainties. The factors of uncertainties in the information system implementation are unauthorized software, website intrusion, unauthorized access, piracy of software, loss of information, and failure of communication. Risk Mitigation and Management The risk consists of some hindrances that would form the impact on the operations and it would result in forming the issues of the operation of VIC information system implementation. Hence it is crucial for developing a risk mitigation and management plan for forming the effective solution to the development of the operations in the organization. The risk mitigation and management consists of four steps namely identification of the risk, analysis of the risk, mitigation of the risk, and evaluation of the risk. Step Description Identification of the risk The identification of the risk factor is helpful for identifying the factors of risk in the operations. It is the first step in the development of risk assessment and management. Analysis of the risk The analysis of the risk is formed for the development of the risk mitigation and management plan and it would prioritize them. It is the second step in the development of risk assessment and management. Mitigation of the risk The mitigation of the risk forms an effective risk mitigation strategy to be implemented for the effective deployment of the risk mitigation and management plan operations. It is the third step in the development of risk assessment and management. Evaluation of the risk The evaluation of the risk forms the accurate and improved processes for the operations of risk mitigation and management plan. It is the last step in the development of risk assessment and management. Table 4: Steps of Risk Mitigation and Management Plan Conclusion The report had been developed on two factors and they are risk assessment and case study of implementing information system in VIC government. The case study of VIC Government had been analysed for integrating the risk assessment in the operations of the information system development. The evaluation of the security risks and threats in the VIC government had pointed out the various threats and risks of implementing information system in the organization. The components of diagram VIC Government, information management system, codes of practices, risk and threats, accidental and deliberate threats, and external and internal threats were evaluated for forming the analysis of the risk analysis process. The classification of the risk in terms of the risk exposure areas and they are namely high, medium, medium-low, and low risk exposure areas had helped in forming a deep analysis of the comparison and ranking of accidental and deliberate threats. The VIC information system implementation had to face some issues of security challenges and operational challenges that had been explained in the report. The completion of the report had helped in forming the inference that risk is the primary factor that can cause the development of the effective and implied operations unsuccessful and uncertainty is the factors of doubt that can affect the development of the information system development. The risk mitigation and management consisted of four steps namely identification of the risk, analysis of the risk, mitigation of the risk, and evaluation of the risk. References Alcorn, A.M., Good, J. and Pain, H., (2013, July). Deliberate system-side errors as a potential pedagogic strategy for exploratory virtual learning environments. InInternational Conference on Artificial Intelligence in Education(pp. 483-492). Springer Berlin Heidelberg Ali, E., Denis, A. F., Kujur, F. E., Chaudhary, M. (2014). Risk Management Strategies for Accidental Risk Occurrence on Construction SitesA Case Study of Allahabad.Journal of Academia and Industrial Research (JAIR),3(2), 89. Bommer, J. J., Crowley, H., Pinho, R. (2015). A risk-mitigation approach to the management of induced seismicity.Journal of Seismology,19(2), 623-646. Covello, V. T., Lave, L. B., Moghissi, A. A., Uppuluri, V. R. R. (Eds.). (2013).Uncertainty in risk assessment, risk management, and decision making(Vol. 4). Springer Science Business Media. Healey, A. N. (2016). The insider threat to nuclear safety and security.Security Journal,29(1), 23-38. Lam, J. (2014).Enterprise risk management: from incentives to controls. John Wiley Sons. Mans, R. S., van der Aalst, W. M., Vanwersch, R. J., Moleman, A. J. (2013). Process mining in healthcare: Data challenges when answering frequently posed questions. InProcess Support and Knowledge Representation in Health Care(pp. 140-153). Springer Berlin Heidelberg. Nowak, B. (2013). A 5-step strategy for harnessing global information growth.Information Management,47(4), 42. Perera, R., Nand, P. (2015, April). A multi-strategy approach for lexicalizing linked open data. InInternational Conference on Intelligent Text Processing and Computational Linguistics(pp. 348-363). Springer International Publishing. Rakow, T., Heard, C. L., Newell, B. R. (2015). Meeting Three Challenges in Risk Communication Phenomena, Numbers, and Emotions.Policy Insights from the Behavioral and Brain Sciences,2(1), 147-156. Rasmussen, S. (2013). Risk and uncertainty. InProduction Economics(pp. 163-180). Springer Berlin Heidelberg. Silbey, S. S. (2013). Organizational Challenges to Regulatory Enforcement and Compliance A New Common Sense about Regulation.The Annals of the American Academy of Political and Social Science,649(1), 6-20. Spring, J. (2014).Fall 2014 SEI Research Review: Malware Analysis. CARNEGIE-MELLON UNIV PITTSBURGH PA SOFTWARE ENGINEERING INST. Steinberg, A. N. (2016). A model for threat assessment. InFusion Methodologies in Crisis Management(pp. 313-340). Springer International Publishing. Von Solms, R., Van Niekerk, J. (2013). From information security to cyber security.computers security,38, 97-102.