Task
Examine the following case study:
https://www.finance.nsw.gov.au/ict/resources/nsw-government-digital-information-security-policy
- Use a diagram (produced by the means of using Rationale, Visio or any other relevant software application of your choice) to illustrate current security risks and concerns considered by the NSW government.
- Provide detailed explanation of the diagram and identify the areas of: high, medium, medium-low, and low risk exposure.
- Carry out comparative analysis of the Deliberate and Accidental Threats and rank those threats in order of importance. Justify your rankings not only on the basis of the case study but also by the means of doing further research and drawing upon other relevant case studies (e.g. Security guidelines for other private and public organizations) that you can identify.
- While drawing upon theories, tools and patterns covered in the subject (e.g. ''thinking in zones'' concept) as well as your own research, explain the challenges that the NSW government is going to face while deciding on whether security/risk management should be carried out internally or externally (e.g. via outsourcing).
- Explain the difference between the concepts of ''Risk'' and ''Uncertainty'' (make sure that your discussion is linked to the case considered).
- Discuss and evaluate (with examples) different approaches available to the NSW government for risk control and mitigation.
Rationale
To demonstrate your understanding of:
- The principles of information security management;
- The eight rules of security;
- The application of security management principles to real-world examples;
- The principles of security risk management.