Question? Call Us  +1 (817) 546-4770

ICT596 IT Risk Management

Academic Anxiety?

Get an original paper within hours and nail the task

156 experts online

Free Samples

ICT596 IT Risk Management

.cms-body-content table{width:100%!important;} #subhidecontent{ position: relative;
overflow-x: auto;
width: 100%;}

ICT596 IT Risk Management

0 Download14 Pages / 3,478 Words

Course Code: ICT596
University: Charles Sturt University is not sponsored or endorsed by this college or university

Country: Australia


Students are expected to research and discuss and submit report in this format:
Provides a clear statement of the technology project that is being assessed
       Outline on your company
       Outline on your role and responsibility
       Outline on the technology currently used in the company for assessment (choose the technology based on your research)
An overview of your recommendations to management as to the merits of the project based on your risk assessment 
       Discuss on the Security architecture
       Discuss on the strategic,  tactical and contingency planning(refer to lec 2)
       Discuss on the  financial (asset value and loss expectancy)
Risk assessment based on threats, vulnerabilities and consequences
These are must be derived from an IT control framework and any existing industry risk recommendations for the project. 
       Policy and procedures
       Best recommended practice
       Provide current evidences supporting your discussion
Identify and discuss the key threat agents. 
       List threat agents (12 threat agents)
       Include pictures, images, tables, analysis
What could be done to mitigate the risks and their impact on the system
Provide a brief summary (literature review)
Protection mechanisms you could employ for the information security.
       Safe guards
       Other measurements Security mechanisms
       like change in key principle of information security


Technology is an always changing field. It is accompanied by new adjustments and knowledge. This new knowledge is critical is the numerous opportunities which emerge in the technological industry thus in line with the possibilities, there must be developments which are witnessed in technology. With this trend, technical projects evolve frequently and often, therefore, make it more challenging to select a technological plan. 
Executive Summary
The cloud computing service is a useful and significant advancement in the motor vehicle registration online system. This is a project that is considered an investment plan. The vital goals of the assessment are to identify and evaluate the leading technologies and risks associated it the project. The motor vehicle registration systems architecture study is vital in the acknowledgment and evaluation. The results are obtained through a robust and professional analysis. The recommendations for the project include the schedule, the program allocation where the development of technologies is required.
This section summarizes the assessment done on the technological project whereby the extent to which the cloud-based service is assessed is detrimental in the knowledge of some of the risks and threats that can be faced in the sector. This is a technological project by a renowned company in the United States of America known as Metro X (Juliadotter & Choo, 2015). This is a company that is detrimental in the online registration of motor vehicles in the always changing technology world.  The assessment of this technology is very vital in the identification of the technology which is essential to support the evaluation. The primary roles of this assessment are to identify the whole types of technological adjustments required in the new architecture and the availability of the technologies to avail support (Chou, 2015).
To ensure that a particular and more objective technology is developed and put into action, to enable the development of more research and the project recommendations under which the technological projects are usually established. However for the project assessment to be of success, there must be appropriate guidelines which are vital to the process of the evaluation. All technology developments shall be directly traceable to architecture requirements.
The MVROS is composed of various elements. This involves the customer interface whereby the user can easily input the data and receive all the information from the application due to the web pages in series form. The application used was built by Microsoft internet information server. It also has an interface which holds the motor vehicle registration database with pay link which is an e-commerce system Ali, Khan & Vasilakos, 2015).
My key roles in the company as the project manager is to ensure that all the soft wares in the IT company work in line with the project of the company. The project is reliant on the soft wares run by the same company. It’s my sole duty to ensure that I do monitor the staff, execute responsibilities and controlling the operations in Metro X.
Recommendations for the management
The technology assessment which was completed is essential to specific sectors of the company Metro X. However the key recommendations of the evaluation are

The motor vehicle registration online system mission directorate has to spread risks and share the risks.
The motor vehicle registration online system should ensure that the directorate level institution receives the analysis and development activities of the system analysis
The appropriate staff involved in the online registration of motor vehicles should strive to ensure that implementation is successful
The motor vehicle registration online system mission directorate should develop a close interconnection that connects the architecture and the system and the technology advancements projects.

The motor vehicle registration online system mission directorate should facilitate a platform for a smooth transition the technologies to the registration element development programs.
Security Architecture
This involves the services that are the reusable and unifying framework which will enable the company Metro X to develop the operations team and the team responsible for development to bring together the efforts. The software used by the company might not be able to make a business entity to buy an XML security gateway for enhanced web services security. However, at the architectural level, the architectures can equally identify the different projects that leverage such a particular reusable service. In this case, the security architecture details deliver improved web services security which is a simple programming model used by developers and is critical in saving costs
The stakeholders in the company. This involves all the available players in the field of the motor vehicle registration online registration system. These are the users, the legal fraternity and the clients. The particular players usually push or system security (Potter & McGraw, 2014). The main difficulties generally present in company security is the acknowledgment of the stakeholders who directly a role in the safety of the system and educating the stakeholders on the real risks and the mitigations. The business analysts can be impacted with the skills for the steps of specifying the issues in the user accounts; the quality group is trained on the security testing tools such as vulnerability scanners and fuzzes. The architecture from this can learn how to effectively deign security services that are reusable which will ease the process of developers build security for their systems. The general load is on the information security team due to the definition of the demand for protection.
 The strategically, tactical and contingency planning.
The strategically, tactical and contingency planning is affected by exogenous elements such as the current business and the economic status surrounding the operational region, the tastes of the staff concerning specific software and hardware in Metro X, the nature and traits of the technology used and the level of possibility into the entry of the companies into the field (Jacobsson Boldt & Carlsson, 2016).
The strategic planning is essential in the mission statement of the company thus necessary to be aligned with the tactical plan to achieve the company goals using the shortest way possible. Contingency planning is critical in that the company can cater to the uncertainties at any time be it in present or in future. A contingency planning involves the assessment of:

The company’s IT infrastructure including the software used, the data and  hardware
Ranking the risks faced by the IT company in the order of their probability occurring
Taking a plan of action which entails the processed involved in the elimination or mitigation of risk.
Establishing the contingency policy document and testing the contingency plan in the company.

The financial status of the risk
The investment in the security of the risk in the firm is crucial in that the expectation of the firm will be to get a return on the investment. However the understanding of the value of assets that are used in the security is essential. The investment on the security gadgets does not however imply a sure profit. The company Metro X might pick have made the decision to use the particular technological instruments to save money. However due to inefficiency, there might be financial losses which might be realized due to the heavy costs of funds which are used on the security of the company technological instruments. The asset value of the security gadgets is the most overrated expense in the operations of the firm. The return on the security investment is key in the evaluation of the loss expectancy as it is obtained by considering the security expenditure that is expected then subtract the annual loss that is expected in the IT firm.
Risk assessment on threats, vulnerability, and consequences
This involves the generation of a formal judgment on the consequence and probability of risk. Risk assessment is based on the risk identification, risk analysis which entails the likelihood of the threat and its impacts, its estimation ad the addressing of the risk in the company
The probability of risk involves the likelihood of the risk occurring whereas the cost is the impact. However, risk assessment and management requires a risk matrix. The tool is essential to the definition of the level of the acknowledged risks by the risk occurring against the impact of the risk. The risk matrix tool is critical in the visibility of the dangers thus the sect for the management to make and enhance dependable decisions which depend on the probability of the risk (Almorsy, Grundy & Müller, 2016).
Risk assessment in Metro X is done in five major stages. This involves the identification and acknowledging of the risks, the determination of the parties which are exposed to the risk, the risk question, and the evaluation of risk and the implementation of the mitigation measures in the risk.
As the project manager, it is vital to ensure betterment in the predicting the likelihood of their projects success. Metro X Company as the company that deals with IT quantity’s risks of the new infrastructure on risk management rather than just going forward with the project. This is due to the IT failures in the past.
The risks associated with the motor vehicle registration online system uses the model of
Risk= the treat likelihood multiplied by the intensity of the impact of the threat (Engström & Blom, 2018).
Threats agents and vulnerability



XXS Attacks

The application in the web server can be used to access the system of the user. This is achieved by the user being fooled by spoofing

Unnecessary services

The application server has superfluous facilities in progress such as SNMP (Boehm, 2018).

Password strength

The passwords on the server are very simple hence can be guessed by attackers

Inappropriate documentation.

This includes the operating processes of the documents and their design in the documentation.

The threat agents that are identified as applying to the motor vehicle registration online system include
Data loss; the data or information regarding the company which is stored in the order of the MVROS could be lost as per the failure of the hard drive. The content security policy could delete the data by accident. Thus the attacker has the chance of data modification Data loss has dire consequences for the company and thus backing up data is key in the company (Laplante, 2017).
Insecure Application programming interfaces. Malicious attackers tend to interfere with the integrity and the confidential nature of the company set up. This is because the application programming interfaces are usually accessible from anywhere on the internet. This can be used to manipulate the details and information of the customer. Thus it is important for a provision of a secure application programming interface which will curb such attacks (Furuncu & Sogukpinar, 2015).
Hackers. These characters usually attack the website of the MVROS and change it into a different appearance rather than the usual appearance. They usually tamper with the website by breaking into the web server or can decide to replace the site with one of their own. They can intrude the system and its functionality and unauthorized access into the system
Computer criminal. This is common in the IT field. Various threat actions occur due to computer criminal. Spoofing is dominant whereby one exaggerates the characteristics and traits of the MVROS in the sending of the communication to other parties. Identity theft is also common whereby an individual uses the username of MVROS to acquire his desires and system intrusion whereby there is illegal access to the systems of the MVROS (Jacobsson, Boldt & Carlsson, 2016).
User awareness. The users of the systems of the company have to be taught on the various attacks which may be faced in the company. There are various social engineering threats which manipulates a user into logging into a malicious web server. The system of the company will thus be accessed (Grigorescu, Chitescu & Diaconeasa, 2016). This happens as the user steals the victim’s data and sensitive information regarding the company.
The denial of service: This threat agent is key in the company field as an attacker of the company’s system may issue a denial of service attack against the cloud service thus making it very inaccessible and difficult to penetrate into. Thus this interferes with the cloud service. This occurs through the usage of CPU, RAM and disk space (Boehm, 2018).
The insiders in the IT Company. These involve the staff in the company who are not appropriately trained; they tend to be dishonest, negligent and very uncouth behavior. The threat actions by these insiders include the accessing of the system yet unauthorized, the browsing of the personally identifiable information which may lead to leakage of sensitive data and there are instances of malicious codes such as viruses in the company system (Li, 2014). 
Unknown risk profile: When moving to the cloud service, all the security implications have to be considered such as the updates for the software security, log monitoring and the interrogation of security information and event management into the network. These threats might have been enclosed and not seen but will be faced in the future.
The environment is also a key threat agent. This entails natural disasters such as heavy rains which might interfere with the working of the company systems.
Malicious programs, these are very common to the computer systems. This attacks the system and may lead to its failure. Due to the current artificial intelligence capacitance, malicious programs are developed for the striking of the system. These malicious programs usually are of two types, i.e., some do not need a host program to run whereby they are platform independent whereas they can mutate with them regarding the internal and external stimuli (Rittinghouse & Ransome, 2016).
Secure data transmission: Data transmission in the company has to be done using encrypted secure communication channels such as SSL. This highly curbs attacks such as MITM attacks whereby the information and sensitive data could be elapsed by the attacker by accessing the communication lines.
Data breach in the cloud service: This occurs when a virtual machine is used to access the system’s data from another computer which is just in the same host. This mostly happens in cases where there are two different customers (Haimes, 2015).
Impact and mitigation of threat agents

Impact (Score)


High (100)

The confidentiality nature of the system being interfered with will lead to adverse effects on the processes and operations of the organizational procedures and services.


Examples: there will be difficulty in the objective of the position that the company won’t be able to complete its primary roles (Djemame, Guitart & Macias, 2016)


There will be the severe financial loss
Staff getting harmed or injured (Ite, 2016)

Medium( 50)

The confidentiality loss leads to significant destruction to company property
The significant difficulty in achieving the company goals
Significant harm to staff and does not cause death (Bahr, 2014). 

Low (10)

Minor destructions to the company property.
Minor harm to staff
Less financial loss

Mitigating the risks is very crucial in the company. There is the need for ensuring the end to end encryption is enabled. The database in the cloud service will facilitate the option to encrypt data stored on a database as a service. This is vital in reducing the risk of leak aging of data in the company.
The company should keenly review the compliance requirements. This is regarding the business associate agreement, and the standards of the regulation are met.
The company could also mitigate against the risk by risk transference. This involves the motor vehicle registration online system handling of the risk to a third party, e.g., payroll services in the company are outsourced.
The risk assessment is due to the hazards brought by IT disorders in the recent and past times. The requirements thus have to be addressed keenly using risk assessment and management technique (Mahdevari, Shahriar & Esfahanipour, 2014).Top of Form
There is a need of coming up with incentives aimed at minimizing the levels of risks. This is key after the identification of the risk, the analysis of the risk, the control of the risk appropriately, it’s financing of the loss by the risk and the management of the risk.
There is need to ensure that the MVROS is safeguarded against the risks. This is achievable by making the company more interdependent on other firms by outsourcing some services and being interconnected in its operations. Frequently ensuring that the in-house software is updated. This is because if the in-house software is outdated, operating systems such as the Windows XP could be at risk.
To ensure information security, it is vital to ensure that the company system is coded with highly efficient passwords and codes for accessing the system. However, these passwords should only be shared among the trusted staff who will ensure that sensitive data is not leaked to the outside world (Latif, Abbas, Assar & Ali, 2014). Information security is key in any IT related firm. However the information security usually aligns itself to three primary principles. Metro X Company usually bases its security configurations on the following key principles.

Confidentiality which entails the data in the system of the company being accessed to the only few authorized individuals.
This principle is based on the fact that the information and data in the system of the firm should always be available and easily accessible when needed.
This principle is based on the company Metro X tracking down the unauthorized access into its systems.

IT security is a very challenging task which requires maximum attention in order to cope up with the complexity structure of the IT setting. However, IT can be made easier by breaking it down into manageable standards in order to make task easier. Thus the IT professionals have to put in more efforts in ensuring that everything is in order.
It is detrimental to understand the threats which are common in the IT industry. It is the responsibility of the motor vehicle registration online system to ensure communication with the CSP and determine how the risks are addressed rather than relying on the cloud service provider to facilitate the security.
Ali, M., Khan, S. U., & Vasilakos, A. V. (2015). Security in cloud computing: Opportunities and challenges. Information sciences, 305, 357-383.
Almorsy, M., Grundy, J., & Müller, I. (2016). An analysis of the cloud computing security problem. arXiv preprint arXiv:1609.01107.
Bahr, N. J. (2014). System safety engineering and risk assessment: a practical approach. CRC Press.
Boehm, B. W. (2018). A spiral model of software development and enhancement. Computer, 21(5), 61-72.
Chou, D. C. (2015). Cloud computing: A value creation model. Computer Standards & Interfaces, 38, 72-77.
Djemame, K., Guitart, J., & Macias, M. (2016). A risk assessment framework for cloud computing. IEEE Transactions on Cloud Computing, (1), 1-1.
Engström, H., & Blom, N. (2018). Assessment and mitigation of supply risk: A single case study at a global EMS company.
Furuncu, E., & Sogukpinar, I. (2015). Scalable risk assessment method for cloud computing using game theory (CCRAM). Computer Standards & Interfaces, 38, 44-50.
Grigorescu, A., Chitescu, R. I., & Diaconeasa, A. A. (2016). Risks Management of IT Smart Software and Hardware Controlling Daily Activities. Imperial Journal of Interdisciplinary Research, 2(11).
Haimes, Y. Y. (2015). Risk modeling, assessment, and management. John Wiley & Sons.
Ite, U. E. (2016, August). Non-Technical Risks Management: A Framework for Sustainable Energy Security and Stability. In SPE Nigeria Annual International Conference and Exhibition. Society of Petroleum Engineers.
Jacobsson, A., Boldt, M., & Carlsson, B. (2016). A risk analysis of a smart home automation system. Future Generation Computer Systems, 56, 719-733.
Juliadotter, N. V., & Choo, K. K. R. (2015). Cloud attack and risk assessment taxonomy. IEEE Cloud Computing, (1), 14-20.
Laplante, P. A. (2017). Requirements engineering for software and systems. Auerbach Publications.
Latif, R., Abbas, H., Assar, S., & Ali, Q. (2014). Cloud computing risk assessment: a systematic literature review. Future information technology (pp. 285-295). Springer, Berlin, Heidelberg.
Li, W. (2014). Risk assessment of power systems: models, methods, and applications. John Wiley & Sons.
Mahdevari, S., Shahriar, K., & Esfahanipour, A. (2014). Human health and safety risks management in underground coal mines using fuzzy TOPSIS. Science of the Total Environment, 488, 85-99.
Nechaev, A. S., Antipina, O. V., & Prokopyeva, A. V. (2014). The risks of innovation activities in enterprises. Life Science Journal, 11(11), 574-575.
Niazi, M., Mahmood, S., Alshayeb, M., Riaz, M. R., Faisal, K., Cerpa, N., … & Richardson, I. (2016). Challenges of project management in global software development: A client-vendor analysis. Information and Software Technology, 80, 1-19.
Potter, B., & McGraw, G. (2014). Software security testing. IEEE Security & Privacy, 2(5), 81-85.
Rittinghouse, J. W., & Ransome, J. F. (2016). Cloud computing: implementation, management, and security. CRC press.
Yin, S., & Kaynak, O. (2015). Big data for modern industry: challenges and trends [point of view]. Proceedings of the IEEE, 103(2), 143-146.

Free Membership to World’s Largest Sample Bank

To View this & another 50000+ free samples. Please put
your valid email id.


Yes, alert me for offers and important updates


Download Sample Now

Earn back the money you have spent on the downloaded sample by uploading a unique assignment/study material/research material you have. After we assess the authenticity of the uploaded content, you will get 100% money back in your wallet within 7 days.

UploadUnique Document

DocumentUnder Evaluation

Get Moneyinto Your Wallet

Total 14 pages


*The content must not be available online or in our existing Database to qualify as

Cite This Work
To export a reference to this article please select a referencing stye below:


My Assignment Help. (2021). IT Risk Management. Retrieved from

“IT Risk Management.” My Assignment Help, 2021,

My Assignment Help (2021) IT Risk Management [Online]. Available from:[Accessed 18 December 2021].

My Assignment Help. ‘IT Risk Management’ (My Assignment Help, 2021) accessed 18 December 2021.

My Assignment Help. IT Risk Management [Internet]. My Assignment Help. 2021 [cited 18 December 2021]. Available from:

.close{position: absolute;right: 5px;z-index: 999;opacity: 1;color: #ff8b00;}


Thank you for your interest
The respective sample has been mail to your register email id


$20 Credited
successfully in your wallet.
* $5 to be used on order value more than $50. Valid for
only 1

Account created successfully!
We have sent login details on your registered email.



Human resource management is an important subject matter for the students pursuing an M.B.A. degree. However, do you know the proper essay outline to complete the assignment? For instance, your task requires you to choose compare and contrast essay topics, will you be able to write the assignment? If you are finding it difficult to complete the assignment, you can bestow your faith on the assignment makers at to provide optimum assistance. Moreover, the website is renowned for its attractive offers at an economical price to make itself one of the cheap essay writing service today.

Latest Management Samples

div#loaddata .card img {max-width: 100%;

MPM755 Building Success In Commerce
Download :
0 | Pages :

Course Code: MPM755
University: Deakin University is not sponsored or endorsed by this college or university

Country: Australia

The process of developing a successful business entity requires a multidimensional analysis of several factors that relate to the internal and external environment in commerce. The areas covered in this current unit are essential in transforming the business perspective regarding the key commerce factors such as ethics, technology, culture, entrepreneurship, leadership, culture, and globalization (Nzelibe, 1996; Barza, 2…

SNM660 Evidence Based Practice
Download :
0 | Pages :

Course Code: SNM660
University: The University Of Sheffield is not sponsored or endorsed by this college or university

Country: United Kingdom

Critical reflection on the objective, design, methodology and outcome of the research undertaken Assessment-I
Smoking and tobacco addiction is one of the few among the most basic general restorative issues, particularly to developed nations such as the UK. It has been represented that among all risk segments smoking is the fourth driving purpose behind infections and other several ailments like asthma, breathing and problems in the l…
Australia Maidstone Management Business management with marketing University of New South Wales Masters in Business Administration 

BSBHRM513 Manage Workforce Planning
Download :
0 | Pages :

Course Code: BSBHRM513
University: Tafe NSW is not sponsored or endorsed by this college or university

Country: Australia

Task 1
1.0 Data on staff turnover and demographics
That includes the staffing information of JKL industries for the fiscal year of 2014-15, it can be said that the company is having problems related to employee turnover. For the role of Senior Manager in Sydney, the organization needs 4 managers; however, one manager is exiting. It will make one empty position which might hurt the decision making process. On the other hand, In Brisba…

MKT2031 Issues In Small Business And Entrepreneurship
Download :
0 | Pages :

Course Code: MKT2031
University: University Of Northampton is not sponsored or endorsed by this college or university

Country: United Kingdom

Entrepreneurial ventures
Entrepreneurship is the capacity and willingness to develop, manage, and put in order operations of any business venture with an intention to make profits despite the risks that may be involved in such venture. Small and large businesses have a vital role to play in the overall performance of the economy. It is, therefore, necessary to consider the difference between entrepreneurial ventures, individual, and c…
Turkey Istanbul Management University of Employee Masters in Business Administration 

MN506 System Management
Download :
0 | Pages :

Course Code: MN506
University: Melbourne Institute Of Technology is not sponsored or endorsed by this college or university

Country: Australia

An operating system (OS) is defined as a system software that is installed in the systems for the management of the hardware along with the other software resources. Every computer system and mobile device requires an operating system for functioning and execution of operations. There is a great use of mobile devices such as tablets and Smartphones that has increased. One of the widely used and implemented operating syste…
Australia Cheltenham Computer Science Litigation and Dispute Management University of New South Wales Information Technology 


Need an essay written specifically to meet your requirements?

Choose skilled experts on your subject and get an original paper within your deadline

156 experts online

Your time is important. Let us write you an essay from scratch

Tips and Tricks from our Blog

PROJ6016 Employer Based Project

Free Samples PROJ6016 Employer Based Project .cms-body-content table{width:100%!important;} #subhidecontent{ position: relative; overflow-x: auto; width: 100%;} PROJ6016 Employer

Read More »

PPMP20009 Marking Rubric

Free Samples PPMP20009 Marking Rubric .cms-body-content table{width:100%!important;} #subhidecontent{ position: relative; overflow-x: auto; width: 100%;} PPMP20009 Marking Rubric

Read More »