Mobilising Flood Risk Management Services †Assignmenthelp.com

Question: Discuss about the Mobilising Flood Risk Management Services. Answer: Introduction: The Government of Victoria (VIC) is termed as the democratic and administrative authorities that are used to manage the risks and threats involved in Victoria, which is a state of Australia. The constitution of the VIC government shows the year of formation of the framework in the year 1851. Victoria is considered as the commonwealth resource of Australia since the year 1901. Due to the presence of commonwealth, Victorian government got their rights of legislature and judiciary supremacy included under the Australian constitution. To address the risks and threats in the public sector organization of Victoria, the governing body known as the Victorian Protective Data Security Framework (VPDSF) was formed. The organizational framework comprising of the Victorian Protective Data Security Framework (VPDSF) includes the Assurance Model, guides for security, supporting resources and the Victorian Protective Data Security Standards (VPDSS). The resources used here are used to help the gover nment involved take effective decisions in ensuring the right allotment of access to the right people involved. The following report discusses about the risks and threats that are currently present in the Victorian government. The analysis of these risks in terms of high, low and medium is also included in the report to be discussed. The challenges that can be faced in the public sector organization are also included in the report. In addition, the uncertainties involved and the mitigation of the risks are also included in the report. The standards and protocols maintained in the Victorian Protective Data Security Framework (VPDSF) are present to help the government make right decision when access to certain information is given to a people. It ensures that the right of access to certain sensitive information is not exploited in the name of unauthorized access (Toohey, 2016). The standards and protocols that are being followed comply with the national and international laws of policies and standards. The operations and processing of the public sector organizations and the public agencies involved with the Victorian government are identified by the Victorian Protective Data Security Framework (VPDSF). The Assurance model followed by the VPDSF is used to follow and monitor the activities that are currently undertaken in the various involved organization and agencies (Redley Raggatt, 2017). Moreover, the economic benefits and the security in operation are also maintained by the assurance model. The VPDSF also promot es the need for cultural changes in an organization by strengthening and upgrading the security protocols in the organization. This facilitates the organization involved in doing their operations while complying with the various standards and policies. Risks and concerns: The presence of various risks and concerns as identified by the government of Victoria is being discussed in this section. The respective fields of the risks and threats involved are to be addressed to provide solutions to each of them. The steps for addressing the identified risks and threats, various steps are to be followed. However, the threats and risks are different for two different governing bodies ("VICTORIAN PROTECTIVE DATA SECURITY FRAMEWORK", 2017). The Commissioner for privacy and protection of data (CPPD) needs to establish the framework needed to monitor the operations of the organization of the public sector. The presence of promotion of security standards and policies are to be emphasized by the CPPD and the need for formal reporting of the security assessment profiles are also to be emphasized. For the process followed by the public sector organizations, the need for developing and assessing the security profile and the security plan development is emphasized. The annual attestation of CPPD is also emphasized by the process followed in the public sector organizations (Peltier, 2013). The VPDSF has made successful analysis that notifies the presence of 18 requirements for emphasizing the protection of the information associated with the public sector organization. This data analysis has made the presence of four specific domains to address, which consists of information, physical security, ICT and personnel. The CIA triangle corresponds to the confidentiality, integrity and availability. The model is used to provide guidelines addressing the policies for security of information in the organization involved (Sadgrove, 2016). Confidentiality in the model refers to the limit of access to the resource present. Integrity is the presence of accuracy and trust in the information present. Availability is the presence of guaranteed access to the information. The diagram of risks and threats presented in the diagram of the above topic clearly depicts the awareness of such concerns. The different aspects depicted in the diagram are the physical security, personnel, information and ICT. These are the main aspects that are addressed by the standards and policies followed by the VPDSF. The risks and concerns are depicted as: High-risk areas Medium-risk areas Medium-Low risk areas Low-risk areas Security in information ICT Policies and responsibilities of the organization Public sector organizationsNational and international securities Compliance with standards The analysis of the diagram is made in respect to the areas depicted in the table. These include the high-risk areas, medium-risk areas, medium low and low-risk areas. The high-risk aspects are present in the Information securities and securities in national or international standards. However, the problems that are present in the information securities includes the disclosure of information in organizations involved, unauthorized access and data destruction, which can affect the operation on a large scale (Sadgrove, 2016). The security related to the computer and its associated aspects are included in the information security. The assurance of information is termed as the assurance of trust in the information regarding the CIA model discussed above. In addition, the security of national and international standards is used to refer to the protection of assets, which is directly related to the protection of national and international standards. This portion is also of high importance, as the measures to analyze the importance in compliance to their standards should be followed. The ICT security is included in the areas of medium risk and concerns. The ICT security is used to define the security provided in the information shared via communications. This aspect of ICT is same as that of the information security but the direct emphasis is given to the security on communications (Almeida, Hankins Williams, 2016). The telecommunication aspect gives the people the advantage to communicate with each other without the requirement of any problems. The medium low risk areas include the policies and responsibilities of the various public sector organization involved with the VIC government. The need for compliance with the government standards is also a place of medium low risk. The policies and responsibilities of the various public sector organizations are to be addressed so that the threats and risks in their assessment are minimized. In addition, the need for compliance to the standards and protocols are to be maintained as the risks and threats involved in the assessment of the standards are to be followed. This is the reason of placement of the risks in the medium low zone. The low risk aspects include the public sector organization. These organizations are intended to serve the public and protection of their assets is required (Almeida, Hankins Williams, 2016). These places are prone to risk by the outsiders as the present of certain individual may try to get information that jeopardizes the activity of the affected individual. This is the reason of implementation of enhanced security protocols to help address them. Deliberate and accidental threats: The provided document reference the need for applying enhanced security protocols in the public sector organization for protecting the assets present. The risks for security are to be identified and analyzed to follow the risk management standards. The public sector organization needs the acquisition of data from the public to facilitate effective operation. The users of this organization provide the information as the need to access is acquired from it. This in turn requires the organization involved with the public services to assure the effectiveness of their work and the security in their information content (Cole, Gin Vickery, 2017). Although, the presence of public information like the user credentials including the name, address and other aspects, the company or organization involved must provide assurance in not exploiting the acquired resource as this may lead to problems in trust and ethics if hampered with. This is the basic threat that is a place for concern among all or ganizations dealing with pubic services. Deliberate threats are those types of threats that are done with the sole intent of getting unauthorized information or access to a system. With respect to an organization, the deliberate threats are those that involve trespassing in the system to get access, sabotage of system, extortion and software attack. These types of attacks are those one, which involves the misuse of security standards followed by the organization to get the required information or access in an unethical way. This is a major concern that is present in all the organizations and the need for enhanced and strong security protocols for addressing such concerns are required to be present or else the operation of the organization can be hampered leading to extreme loss of business (Nurse et al., 2014). However, the sabotage in system and the software attacks are the most important place of concern in the system as they can affect the system in an extreme way and the security standards must address them to ensure th e operations of the organization involved. The information security and the ICT are the main places where these deliberate threats can take place. The reason for effective security standards are the threats to these aspects. Another place where the deliberate threats are possible is the compliance of the service providers. The service providers may not comply with the government standards due to the presence of discrepancies and the provision of unsuccessful products to the public sector organization will take place. This can lead to risks to the public sector sensitivity. However, the first level of importance are to be given to the information security and ICT security as the problems faced in these sectors can lead to major effects in the system (Pritchard PMP, 2014). An example for an attack that was supposed to be deliberate is the civilian attack in Catalonia. The main suspect is a van, which was made to go through the crowded places that led to major injuries of the affected individuals. The attacks that are supposed to be accidental are those attacks that do not follow a pattern and control of these attacks is not possible. However, the impacts of these attacks can be lessened. These attacks are not intentional. The natural disasters, human errors in working or technical issues are the accidental threats. These threats cannot be controlled but if present, the operation can be impacted in some extreme cases. However, the technical errors and human errors can be significantly reduced (Luiijf, 2012). As these problems, involve the threats occurring due to human problems, the presence of such errors can be minimized. The technical errors occur due to the negligence of employees or the public individuals and the faulty management of the devices like lack of internet access. The presence of such threats can be reduced by efficient and regular training and presence of personnel to help address the issues. However, the natural disasters cannot be controlled or reduced at al l. Nevertheless, the impact it creates can be reduced. The need for backup of the acquired data both internally and externally is required. Internal backup means saving up the recent work in the device to roll back the changes once affected. External backup means the presence of cloud to store the backed up information. After the passage of the disaster, the changes that were saved can be rolled back and the operation can continue without any grievances. The organizational polices as well as the standards of national and international level are a place where the accidental problems are eminent. The policies may not always comply with the set standards due to many accidental reasons. One such example of an accidental threat is the ransomware attack on an oil company in Russia. The company is a very well known one operating in Russia (Davies, 2014). Due to such attacks in the system, the company faced grave threats and the need to secure the system was implemented by halting the opera tions in information technology department. The ransomware attacks made by the hackers did not target the organization, which makes this a possibility for an accidental attack. During the conduction of risks and threats internal assessment, the public sector organization need to determine the already set standards and policies present in the policies but during the external assessment of the risks or threats involved, the assessment reports conducted by the public sector organization are to be submitted to the Commissioner for privacy and Data Protection (CPDP). During the internal assessment, the organization to be involved is to carry out the required assessment (Jouini, Rabai Aissa, 2014). The accountability and responsibility for assessment are given to the public sector organization. The CPDP is responsible to help the organizations involved to carry out the assessments. In addition, during the conduction of external assessment, the accountability and responsibility for the execution of the assessment is present with the CPDP itself. The public sector organizations are then consulted for carrying out the assessment effectively. The assessment is then reported to the organizations involved. The CPDP is considered responsible for establishing the framework necessary to maintain and monitor the activities of the information and data in the public sector organization. The promotion of security related parameters are also done by the CPDP itself. The maintenance and audits of assessment are made to see the impact of compliance to the set standards. The recommendation to the system and the formal reporting in terms of the security of the system is also maintained by the CPDP (Heazle et al., 2013). Moreover, the research for upgrading the policies and security protocols are also conducted by the CPDP itself. For assessment of the required responsibilities, the presence of certain procedures in the step is required to carry out the report. They are also required to make and maintain the Protective data Security Plan (PDSP) and Security Risk Profile Assessment (SRPA). The organizations are also required to provide the resources needed for carrying out the assessment by the CPDP (Paschen Beilin, 2017). Moreover, the compliance of the standards is to be followed as ensuring the protection of government assets are to be maintained. The internal formal reporting mechanism and audit process are followed by the organization to do their operation effectively. The VIC government is required to implement the technology adopted by the digital innovation in the system. The protocols, which define such digital activities, are required for performing and maintaining the smooth operation in the system involved. To implement this, the present security protocols are to be upgraded and constantly reviewed to ensure effective performance in terms of operation (DeAngelo Stulz, 2015). This will help the organization involved to conduct better assessment of the risks or threats and help in understanding the concepts more. Risks and uncertainties: Risks are defined as a state of condition where loss or profit pertaining to a decision is present. Risks can also be associated with an interaction of uncertainty (Howes et al., 2015). In financial aspect, the deduction of loss in the business is a risk. The uncertainties in the system are termed as the complete absence of information about a certain parameter form the system. Uncertainty is the presence of a situation without the presence of the description (Glendon, Clarke McKenna, 2016). It is seen in future analysis predictions where the descriptions are totally missing. The various risks included in this section are the ICT and the information security. The national and international policies are not always constant and thus risks in operational requirement are always evident. The service compliance are the uncertainties as the presence of compliance can be present or not at all (Hopkin, 2017). The security of information and ICT are a place where risks are evident as the presence of any implications can jeopardize a large prospect in the system. In addition, information in a public sector organization is always subjected to risks as unauthorized access and breach is always a mechanism that is affecting the system constantly. However, the national and international standards are an aspect where uncertainties are present due to their constant change in nature(Loke et al., 2016). Thus, the factor of uncertainty always shows in the compliance of the international and national standards. Risks and mitigation: The risks and the mitigation techniques followed by VIC government is done to address the threats and the risks faced by them. The use of security protocols are done to assess the presence of security in the system involved. The risk management techniques are included in the public sector organizations to maintain the risks and security involved (Howes et al., 2015). The VPDSF are used to address the risks involved in doing their operations and the approach for mitigation is included in the standards of the VPDSF. This helps in safe business operation of the organization involved. To ensure the mitigation of risks is addressed, the presence of four protocols in the system is evident in the VIC government. The first protocol of the mitigation procedure claims that the sponsorship for risk management should be present in the constitutional framework ("VICTORIAN PROTECTIVE DATA SECURITY FRAMEWORK", 2017). The second protocol defines the need for analyzing and registering the risks that are evident in the organization involved. The third protocol requires the assessment of monitoring of risks involved and their addressing to meet the analyzed risks. The last protocol refers to application of improvement in the present security protocol by the organization. Conclusion: The VIC government needs the operating presence of the VPDSF to help in identification of the risks and threats involved in the security of the four major domains identified in the public sector organization. The following report concludes by showing the usefulness and effectiveness of various standards involved for the public sector organizations to address the various risks or uncertainties identified. References: Almeida, H., Hankins, K. W., Williams, R. (2016). Risk management with supply contracts.The Review of Financial Studies. Cash, C. E., Securities, M. (2014). Risks and Uncertainties. Cole, S., Gin, X., Vickery, J. (2017). How does risk management influence production decisions? Evidence from a field experiment.The Review of Financial Studies,30(6), 1935-1970. Davies, J. C. (2014).Comparing environmental risks: tools for setting government priorities. Routledge. DeAngelo, H., Stulz, R. M. (2015). Liquid-claim production, risk management, and bank capital structure: Why high leverage is optimal for banks.Journal of Financial Economics,116(2), 219-236. Glendon, A. I., Clarke, S., McKenna, E. (2016).Human safety and risk management. Crc Press. Heazle, M., Tangney, P., Burton, P., Howes, M., Grant-Smith, D., Reis, K., Bosomworth, K. (2013). Mainstreaming climate change adaptation: An incremental approach to disaster risk management in Australia.Environmental Science Policy,33, 162-170. Hopkin, P. (2017).Fundamentals of risk management: understanding, evaluating and implementing effective risk management. Kogan Page Publishers. Howes, M., Tangney, P., Reis, K., Grant-Smith, D., Heazle, M., Bosomworth, K., Burton, P. (2015). Towards networked governance: improving interagency communication and collaboration for disaster risk management and climate change adaptation in Australia.Journal of Environmental Planning and Management,58(5), 757-776. Hsu, W. K., Tseng, C. P., Chiang, W. L., Chen, C. W. (2012). Risk and uncertainty analysis in the planning stages of a risk decision-making process.Natural Hazards,61(3), 1355-1365. Jouini, M., Rabai, L. B. A., Aissa, A. B. (2014). Classification of security threats in information systems.Procedia Computer Science,32, 489-496. Lam, J. (2014).Enterprise risk management: from incentives to controls. John Wiley Sons. Loke, P., Koplin, J., Beck, C., Field, M., Dharmage, S. C., Tang, M. L., Allen, K. J. (2016). Statewide prevalence of school children at risk of anaphylaxis and rate of adrenaline autoinjector activation in Victorian government schools, Australia.Journal of Allergy and Clinical Immunology,138(2), 529-535. Luiijf, E. (2012). Understanding cyber threats and vulnerabilities. InCritical Infrastructure Protection(pp. 52-67). Springer Berlin Heidelberg. McNeil, A. J., Frey, R., Embrechts, P. (2015).Quantitative risk management: Concepts, techniques and tools. Princeton university press. Morris, J., Beedell, J., Hess, T. M. (2016). Mobilising flood risk management services from rural land: principles and practice.Journal of Flood Risk Management,9(1), 50-68. Nurse, J. R., Buckley, O., Legg, P. A., Goldsmith, M., Creese, S., Wright, G. R., Whitty, M. (2014, May). Understanding insider threat: A framework for characterising attacks. InSecurity and Privacy Workshops (SPW), 2014 IEEE(pp. 214-228). IEEE. Paschen, J. A., Beilin, R. (2017). How a risk focus in emergency management can restrict community resiliencea case study from Victoria, Australia.International Journal of Wildland Fire,26(1), 1-9. Peltier, T. R. (2013).Information security fundamentals. CRC Press. Pritchard, C. L., PMP, P. R. (2014).Risk management: concepts and guidance. CRC Press. Redley, B., Raggatt, M. (2017). Use of standard risk screening and assessment forms to prevent harm to older people in Australian hospitals: a mixed methods study.BMJ Qual Saf, bmjqs-2016. Sadgrove, K. (2016).The complete guide to business risk management. Routledge. Toohey, A. (2016). New Victorian protective data security standards roll-out: Will you be at the table?.IQ: The RIM Quarterly,32(2), 16. VICTORIAN PROTECTIVE DATA SECURITY FRAMEWORK. (2017). Retrieved 18 August 2017, from https://www.cpdp.vic.gov.au/images/content/pdf/data_security/20160628%20VPDSF%20Framework%20June%202016%20v1.0.pdf