Question

A large, independent statutory agency, whose focus is to provide services and support to Australians living with disability, seek the experience of a Cyber Security Risk & Governance Manager for a long 12+12-month contract, based in Greenway, South Canberra.

The primary duties of the Cyber Security Risk & Governance Manager will include but not be limited to: ‘Undertake an agency-wide Cyber Security risk assessment and maintain its currency on an ongoing basis.’

To assess the cyber risk, the Cyber Security Risk & Governance Manager must follow several dynamic steps.

Using your own words, summarise 5 (five) of the steps that YOU will apply to undertake the agency-wide Cyber Security risk assessment if you were to become the Cyber Security Risk & Governance Manager of this large, independent statutory agency.

Answer 1

Cyber Security Risk Assessment is something that helps to track all the resources such as software, hardware components, gadgets which are treated to a cyber attack. Due to which high risk of data misuse and financial condition can suffer. And in the case of the Government utility, the risk is even higher as it cyber world targets large chunks of data related to the database that is stored in it.

Five steps to summarize the whole scenario for Cyber Security and Governance as a Manager are as follows :

1. The first step is to determine the information value that is stored in the system. Which is one of the most important factors to deal with. It helps to determine the value of the data which are stored as a financial entity. Deals which are helpful to the competitor, reputation damage when the data will get leaked. This kind of information should be kept in mind.
2. We have to identify and prioritize the assets as per the value and information stored in it. We can determine while working together with a business that is involved, a contractor who have won the bids and are working on a particular project.
3. Treats and vulnerabilities should to identify in advance and have a dynamic range of the dataset which are get changed in a daily basis and audit is done on the overall assets as well as the data stored in it. With this, we can identify the treats in advance and provide a fruitful precautionary step in advance.
4. Analyzing the control of how it has been implemented before and provide better solutions to deal with it. Controls deal with the overall technical solution such as encryptions of data, providing firewall, advance data leak detections.
5. Always document the results in a proper way, so for any cause of treats detected proper management can be done and block a different kind of vulnerabilities.

---------------------------------------------------------------------------------------------------------------------------------------------------------

Hope you got it!! Thank you