Question? Call Us  +1 (817) 546-4770

BIT361 Security Management And Governance

Academic Anxiety?

Get an original paper within hours and nail the task

156 experts online

Free Samples

BIT361 Security Management And Governance

.cms-body-content table{width:100%!important;} #subhidecontent{ position: relative;
overflow-x: auto;
width: 100%;}

BIT361 Security Management And Governance

0 Download11 Pages / 2,623 Words

Course Code: BIT361
University: Royal Melbourne Institute Of Technology is not sponsored or endorsed by this college or university

Country: Australia

Assignment (Part A Report Body) – Report for a security management and governance program
Discuss the benefits derived from seeing Security Management as an ongoing process and the reasons for having a policy
Discuss the development of a Security Policy and Security Management Plan.Identify and present a description of the functions, tasks, roles and responsibilities that need to be defined for the Security Management Program for GUMC. Discuss the roles of different individuals/groups would play in terms of governance ingeneral.Identify any models or methods that may be relevant for the development of a Security Management ProgramDiscuss the implications of legal and statutory requirements and the benefits your formal approach would bring
Risk Assessment/Management – Patient InformationBriefly explain the benefits a Risk Management Plan can bring to a company and the steps necessary to build one. Include a discussion on the importance of Contingency Planning to GUMC, as well as the risk analysis and CBA mentioned aboveFor the Patient Information area, list the threats, vulnerabilities, and attacks that your formal plan would manage. This should not be an exhaustive, detailed list. Keep the focus on GUMC’s contextWork on this aspect and draw up a Risk Management Plan for it and include a  recommendation based on a Cost-Benefit Analysis.Where does the responsibility for the user and the vendor beg‌in?

Purpose of the Report: 
The purpose of the report is to put forward the need and requirement for the implementation of Information and communications technology (ICT) security system for the Griffith University Medical Centre (GUMC) in Tasmania.
Structure of the Report:
The report consists of two parts. The first part discusses about the benefits of Security Management and the importance of the policies. There is also discussion about the security policy and the security management plan. This portion of the report also provides a descriptive analysis of tasks, roles, responsibilities and functions. There is also discussion about the individual roles in governance, models relevant for developing security management program along with an implication of the statutory and legal requirements. The second part of the report talks about the process of risk assessment along with explanation of the benefits of risk management plan. In this portion the report helps in the identification of the assets, vulnerabilities, threats, suggested controls and the priority sets.
Part A 
1. Benefits of an Ongoing Security Management Process and Reasons for Having a Policy 
The benefits an ongoing Security Management process is as follows (Soomro, Shah and Ahmed 2016):

It helps in securing all forms of information:A Security Management process ensures protecting all kinds of paper based and digital information, company related secrets, intellectual property, data on cloud and on services along with personal information and hard copies.
Enhances the Resilience Towards Cyber Attacks:A Security Management process will enhance the organization’s resilience towards the cyber attacks
Represents a Centrally Managed Framework:  An ongoing Security Management process helps in keeping the information of the organization safe and thereby manage it from a single place.
Protection to the Organization: The presence of Security Management system not only protects the organization from technology-based risks but common threats like ineffective procedures and poorly informed staffs.
Ensures Responding to the Evolving Security Related Threats: The Security Management process  helps in continuously adapting to the changes of the environment and  within the organization thereby reducing threats of the continuously evolving risk.
Reduction of Cost in terms of Information Security: The risk assessment and analysis approach of Security Management process allows organizations in reducing the cost indiscriminately spent on adding the layers of the defensive technology that may not work.   
Allows Protection, Integration and Availability of Data: The SecurityManagement process offers set of procedures, policies, physical and technical control for protecting the availability, confidentiality and the integrity of the information
Leads to Improvement in the Culture of the Company:This helps the employees in readily understanding the risk and in embracing the security controls as the day-to-day working practice. .

2. Development of Security Policy and Security Management Plan
The security policy represents a document explaining the procedures intended for protecting resources and the physical assets related to the information technology (Safa, Von Solms and Furnell 2016). The policy is designed with much flexibility for making amendments whenever necessary.
Thus, the successful development a Security Policy involves (Ifinedo 2014):

Identification of the risks
Learning the Security Policy Implemented by the Others  
Ensuring the conformation of the policy with the legal requirements

Security Management Plan helps in setting out security measures for implementation by the Griffith University Medical Centre (GUMC) of Tasmania. Such implementation depends on all the aspects of services and the processes associated with service delivery (Weaver et al. 2016). This also depends on the compliance with the security procedures and measures that are sufficient for ensuring that the services comply with the provision of the schedule. In other words, the Security Management Plan sets out plans for transitioning all the security responsibilities and arrangements from the ones in place to the one’s incorporated on a specific date for meeting the security requirements and full obligations. 
The objectives and the purpose of the Security Management Plan lines in (Peltier 2016):

The establishment, support and maintenance of a plan based on the evaluation and monitoring of the potential and actual hazards that makes use of the organizational experience, accepted practices and  the applicable regulation and law.
Security Management Plan helps in reducing the risk of the patients, physicians, staffs, vendors/contractors and the visitors while they are inside a hospital or any other property through assurance of a hazard free physical environment.
It also provides a secure, safe and a comfortable physical environment.
This also ensures that the training and education of the staffs on the methods of preventing injuries, incidents and thereby provide a quicker response for recognizing, reporting and reacting to accidents that seems inappropriate.

3. a. Functions, Tasks, Roles and Responsibilities for Security Management Program of GUMC 
Functions of Security Management program include (Sennewald and Baillie 2015):

Monitoring all infrastructure and operations 
Maintaining all the security technology and tools
Monitoring the compliance of theinternal and external policy 
Monitoring the compliance of  regulation
Working with the different departments within the organization for reducing risk.
Implementing newer  technologies
Auditing policies and controls on a continuous basis

Tasks Included in Security Management Program are as follows (Peltier 2013):
The Security Management Program holds the responsibility of monitoring security operations of GUMC. The tasks primarily include:

Implementation of the security policies
Implementation of rules and regulations
Implementation of norms
Ensuring a safe environment for the employers and the patient

Roles and responsibilities of a Security Management Program are as follows (Rittinghouse and Ransome 2016):
Security Management Program acts as a control function of GUMC and is responsible for verifying and implementing the enterprise protection intended for meeting the duty for protection through the adequate protection of the things that has already been protected.

Roles of Different Individuals / Groups in Terms of Governance.
Chief Information Security Office: This person holds the responsibility of defining the entire security posture of the organization and will have an idea about and understanding of the systems and information they are responsible for protecting (Harkins 2013).
Security Manager: The role involves the creation of a vision for building processes, hiring and the development of technology stack (Ahmad, Maynard and Park 2014). He must also possess a significant experience and background in running of a security tea and therefore should provide both managerial oversight and technical guidance
Security Engineer: They are responsible for building the engineering security systems and the security architecture thereby ensuring speed and continuity(Bhatt, Manadhata and Zomlot 2014).
Security Analyst: They hold the responsibility of recommending newer technologies and installing them along with providing required training to the other teams (Hilary and Shen 2013).

4. Identify of Models for the development of a Security Management Program
The Bell-LaPadula Confidentiality Model might find relevance in the development of the Security Management Program (Younis,  Kifayat and Merabti 2014). The model helps in ensuring the confidentiality of the information system since it makes use of mandatory access controls (MACs), security clearances and data classification. This model is secure since it depends on a conceptual approach where the state of content of a system undergoing modeling always remains in a secured condition. The model represents a system that acts as reference monitor that compares the classification level of data with clearance from entity requesting an access.
5. Implications of Legal and Statutory Requirements of Security Management Program
The legal and statutory requirements of the Security Management Program help in the prevention of legal misbehavior and in dealing with complex programs that extend to the areas involving the clients (Nemeth 2017). Besides, a Security Management Program depends on three key principles often guaranteed by fulfilling the legal and the statutory requirements. This includes confidentiality, integrity and the availability.
Part B
1. a. Benefits of Risk Management Plan
These include (Sadgrove 2016):

Observing Non Apparent Risk: This enables in leveraging a team of experts for identification and providing deeper understanding of all risks
Provides Support and Insight to Board of Directors: The members of the board might find difficult in identifying risk beyond their experience and expertise. Therefore, it helps in providing advisory services and resources to the Board for discharging the duties.
Helps in Reducing Business Liability: This involves the reduction of the upfront litigation risk that makes a company more attractive.
Helps in Framing Regulatory Issues: Risk management program helps in providing a greater insight for insurance, liability and indemnity issues thereby allowing the company to focus.

b. Steps Necessary for Building a Risk Management Plan 
This includes (Hopkin 2018):

Step 1: Identification of the e risk
Step 2: Analysis of the risk
Step 3: Evaluating and treating the risk
Step 4: Treatment of the risk
Step 5: Monitoring and reviewing the risk

c. Importance of Contingency Plan and Risk Analysis and Cost Benefit Analysis 
A contingency plan for GUMC will enable the firm in returning to the daily operations as soon as possible post the occurrence of an unforeseen event (Talluri et al. 2013). The presence of a contingency plan helps in protection of resources, minimization of inconvenience of the customers along with identification of key staff.
Risk analysis refers to the examinations of how the outcomes and objectives of a project may change due to impact of risk event (Kou, Peng and Wang 2014). After the identification of risk, analysis is done for the identifying the qualitative and quantitative impacts of the risk on projects for undertaking appropriate steps for mitigating them.
  A cost benefit analysis involves evaluation of rewards and risks of the projects under the consideration (Muennig and Bounthavong 2016). It is often used for projecting potential benefits of the investment in product development, marketing ideas, enhancements of infrastructure and the operational changes.
2. Threats, Vulnerabilities, and Attacks that Formal Risk Management Plan Manages

Threats related to the breach of security and hacking of the health 
Threats of infiltration into the system by gaining access of the health information of patients.
Threats  related to the unintentional actions or mistakes
Threats related to supply chain from transactions with the vendors to the pharmaceutical shipments.


Theft of medical information by simply stealing desktop computers
Usage of the mobile devices does not have the same level of security as the computer systems
Leakage of data while dissemination from the patients to the third parties.
Outsourcing to the third party vendors or business associates that has become a norm in the healthcare industry.
Employment of cloud computing services for maintaining the protected health information exposed health organization to breaches.


Negligent behavior of the employees acted as the biggest worry in healthcare organizations
Criminal threats as the cybercriminals are changing their tactics on regular basis.
of Insufficient security the Electronic Medical Records (EMR), has raised the risk of exposure of the personal information of the patients (Park, Parwani and Pantanowitz 2014).

3. Risk Management Plan and Recommendations based on Cost Benefit Analysis.
The Plan can act as the model for the development of patient safety and the risk management program for meeting the needs of the organization.


The purpose of the Risk Management Plan lies in supporting the vision and mission of Griffith University Medical Centre (GUMC) since it deals with the patient safety and the clinical risk along with visitor, volunteer, third party and employee safety

Guiding Principles

The Risk Management Plan represents a conceptual and overarching framework that leads to the development of a risk management program along with the activities and initiatives related to patient safety.

3. Governing Body

The governing board is committed to the promotion of safety of all the patients, visitors, volunteers, employees and individuals who are involved in the organizational operations.

Programs, Objectives and Goals

Continuous improvement of the patient safety and minimizing and preventing occurrence of the errors
Minimizing the adverse impacts of the errors, system breakdowns and events as and when they occur.
Minimizing the overall organizational losses by proactively analyzing, identifying, , controlling and preventing clinical business  and  the operational risks.
Facilitating compliance with the legal and regulatory authority thereby accrediting the requirements of the agency
Protection of  intangible and  human resources

Risk Management Program Functions  
Development of systems for reporting and overseeing the potentially unsafe conditions and the adverse events.
Collection and analysis of the data for monitoring performance processes involving risk or other adverse events.
Overseeing GUMC for collection of data and processing, analysis of information and the generation of the statistical trend reports for the monitoring and identification of the adverse event.
Ensuring the compliance with reporting requirements and data collection for the governmental, accrediting and regulatory agencies
Facilitating the implementation of improved tracking systems for the diagnostic test, preventive screenings and medication related safety systems.
Facilitating the participation of the staff and the provider in the educational programs of risk and safety management.
Monitoring and Continuous Improvement

The Patient Risk Management Committee undertakes a risk management activity on regular basis. The risk manager usually reports the outcomes and the activities to the governing board on a regular basis.


The documents and records of the patients are confidential and privileged to extent provided by the state and the federal law.


By using a risk informed instead of a risk based approach towards the management of risk
By incorporating qualitative assessment of risk
By focusing on the management of the risk instead of measuring the risk

4. Responsibility of the User and Vendor
They hold the responsibility of developing the risk consciousness amongst all the contractors, owners and suppliers by making them understand the explicit consideration of the risk.  
Ahmad, A., Maynard, S.B. and Park, S., 2014. Information security strategies: towards an organizational multi-strategy perspective. Journal of Intelligent Manufacturing, 25(2), pp.357-370.
Bhatt, S., Manadhata, P.K. and Zomlot, L., 2014. The operational role of security information and event management systems. IEEE security & Privacy, (5), pp.35-41.
Harkins, M., 2013. Managing risk and information security: protect to enable. Apress.
Hilary, G. and Shen, R., 2013. The role of analysts in intra-industry information transfer. The Accounting Review, 88(4), pp.1265-1287.
Hopkin, P., 2018. Fundamentals of risk management: understanding, evaluating and implementing effective risk management. Kogan Page Publishers.
Ifinedo, P., 2014. Information systems security policy compliance: An empirical study of the effects of socialisation, influence, and cognition. Information & Management, 51(1), pp.69-79.
Kou, G., Peng, Y. and Wang, G., 2014. Evaluation of clustering algorithms for financial risk analysis using MCDM methods. Information Sciences, 275, pp.1-12.
Muennig, P. and Bounthavong, M., 2016. Cost-effectiveness analysis in health: a practical approach. John Wiley & Sons.
Nemeth, C.P., 2017. Private security and the law. CRC Press.
Park, S.L., Parwani, A.V. and Pantanowitz, L., 2014. Electronic medical records. In Practical Informatics for Cytopathology (pp. 121-127). Springer, New York, NY.
Peltier, T.R., 2013. Information security fundamentals. CRC Press.
Peltier, T.R., 2016. Information Security Policies, Procedures, and Standards: guidelines for effective information security management. Auerbach Publications.
Rittinghouse, J.W. and Ransome, J.F., 2016. Cloud computing: implementation, management, and security. CRC press.
Sadgrove, K., 2016. The complete guide to business risk management. Routledge.
Safa, N.S., Von Solms, R. and Furnell, S., 2016. Information security policy compliance model in organizations. Computers & Security, 56, pp.70-82.
Sennewald, C.A. and Baillie, C., 2015. Effective security management. Butterworth-Heinemann.
Soomro, Z.A., Shah, M.H. and Ahmed, J., 2016. Information security management needs more holistic approach: A literature review. International Journal of Information Management, 36(2), pp.215-225.
Talluri, S., Kull, T.J., Yildiz, H. and Yoon, J., 2013. Assessing the efficiency of risk mitigation strategies in supply chains. Journal of Business Logistics, 34(4), pp.253-269.
Weaver, C.A., Ball, M.J., Kim, G.R. and Kiel, J.M., 2016. Healthcare information management systems. Cham: Springer International Publishing.
Younis, Y.A., Kifayat, K. and Merabti, M., 2014. An access control model for cloud computing. Journal of Information Security and Applications, 19(1), pp.45-60.

Free Membership to World’s Largest Sample Bank

To View this & another 50000+ free samples. Please put
your valid email id.


Yes, alert me for offers and important updates


Download Sample Now

Earn back the money you have spent on the downloaded sample by uploading a unique assignment/study material/research material you have. After we assess the authenticity of the uploaded content, you will get 100% money back in your wallet within 7 days.

UploadUnique Document

DocumentUnder Evaluation

Get Moneyinto Your Wallet

Total 11 pages


*The content must not be available online or in our existing Database to qualify as

Cite This Work
To export a reference to this article please select a referencing stye below:


My Assignment Help. (2021). Security Management And Governance. Retrieved from

“Security Management And Governance.” My Assignment Help, 2021,

My Assignment Help (2021) Security Management And Governance [Online]. Available from:[Accessed 18 December 2021].

My Assignment Help. ‘Security Management And Governance’ (My Assignment Help, 2021) accessed 18 December 2021.

My Assignment Help. Security Management And Governance [Internet]. My Assignment Help. 2021 [cited 18 December 2021]. Available from:

.close{position: absolute;right: 5px;z-index: 999;opacity: 1;color: #ff8b00;}


Thank you for your interest
The respective sample has been mail to your register email id


$20 Credited
successfully in your wallet.
* $5 to be used on order value more than $50. Valid for
only 1

Account created successfully!
We have sent login details on your registered email.



Your dream of finding a place in the best college will become true when you avail our services for your personal statement writing. The writers at follow the appropriate personal statement template. They know how to start or conclude a personal statement perfectly. The efficiency of our writers is reflected in the personal statement examples or samples. The writers will customize your personal statement as per your requirements. If you have any doubts about what is a personal statement, you can reach out to our experts. Hire us today to prepare your personal statement for admission in colleges.

Latest Management Samples

div#loaddata .card img {max-width: 100%;

MPM755 Building Success In Commerce
Download :
0 | Pages :

Course Code: MPM755
University: Deakin University is not sponsored or endorsed by this college or university

Country: Australia

The process of developing a successful business entity requires a multidimensional analysis of several factors that relate to the internal and external environment in commerce. The areas covered in this current unit are essential in transforming the business perspective regarding the key commerce factors such as ethics, technology, culture, entrepreneurship, leadership, culture, and globalization (Nzelibe, 1996; Barza, 2…

SNM660 Evidence Based Practice
Download :
0 | Pages :

Course Code: SNM660
University: The University Of Sheffield is not sponsored or endorsed by this college or university

Country: United Kingdom

Critical reflection on the objective, design, methodology and outcome of the research undertaken Assessment-I
Smoking and tobacco addiction is one of the few among the most basic general restorative issues, particularly to developed nations such as the UK. It has been represented that among all risk segments smoking is the fourth driving purpose behind infections and other several ailments like asthma, breathing and problems in the l…
Australia Maidstone Management Business management with marketing University of New South Wales Masters in Business Administration 

BSBHRM513 Manage Workforce Planning
Download :
0 | Pages :

Course Code: BSBHRM513
University: Tafe NSW is not sponsored or endorsed by this college or university

Country: Australia

Task 1
1.0 Data on staff turnover and demographics
That includes the staffing information of JKL industries for the fiscal year of 2014-15, it can be said that the company is having problems related to employee turnover. For the role of Senior Manager in Sydney, the organization needs 4 managers; however, one manager is exiting. It will make one empty position which might hurt the decision making process. On the other hand, In Brisba…

MKT2031 Issues In Small Business And Entrepreneurship
Download :
0 | Pages :

Course Code: MKT2031
University: University Of Northampton is not sponsored or endorsed by this college or university

Country: United Kingdom

Entrepreneurial ventures
Entrepreneurship is the capacity and willingness to develop, manage, and put in order operations of any business venture with an intention to make profits despite the risks that may be involved in such venture. Small and large businesses have a vital role to play in the overall performance of the economy. It is, therefore, necessary to consider the difference between entrepreneurial ventures, individual, and c…
Turkey Istanbul Management University of Employee Masters in Business Administration 

MN506 System Management
Download :
0 | Pages :

Course Code: MN506
University: Melbourne Institute Of Technology is not sponsored or endorsed by this college or university

Country: Australia

An operating system (OS) is defined as a system software that is installed in the systems for the management of the hardware along with the other software resources. Every computer system and mobile device requires an operating system for functioning and execution of operations. There is a great use of mobile devices such as tablets and Smartphones that has increased. One of the widely used and implemented operating syste…
Australia Cheltenham Computer Science Litigation and Dispute Management University of New South Wales Information Technology 


Need an essay written specifically to meet your requirements?

Choose skilled experts on your subject and get an original paper within your deadline

156 experts online

Your time is important. Let us write you an essay from scratch

Tips and Tricks from our Blog

PROJ6016 Employer Based Project

Free Samples PROJ6016 Employer Based Project .cms-body-content table{width:100%!important;} #subhidecontent{ position: relative; overflow-x: auto; width: 100%;} PROJ6016 Employer

Read More »

PPMP20009 Marking Rubric

Free Samples PPMP20009 Marking Rubric .cms-body-content table{width:100%!important;} #subhidecontent{ position: relative; overflow-x: auto; width: 100%;} PPMP20009 Marking Rubric

Read More »