Reference no: EM133919145 , Length: word count:2500

IS Governance and Risk

Objectives

This assessment item relates to the unit learning outcomes as in the unit descriptor. This assessment is designed to improve student learning skills and to give students experience in researching literature on a topic relevant to the Unit of Study subject matter, critically analyzing current academic papers then presenting idea or questions and expected outcomes with clarity and definition in a referenced.

To enhance your ability to analyse governance frameworks within an organizational context.

To develop practical risk management strategies using industry-standard methodologies.

To critically evaluate the impact of governance and risk management on information systems operations.

Assignment Details:
Case Study Analysis: You can choose a case study, from the provided list, that describes a business scenario involving governance and risk issues from the last 5 years Journals or conferences paper. Carefully read and analyse the case to understand the underlying governance challenges and risks. Get expert-level assignment help in any subject.

Governance Framework Assessment:

Prepare a Governance Framework using one of the appropriate IS Governance frameworks (e.g., COBIT, ITIL, ISO/IEC 38500).

Analysis: Critically assess the prepared framework's ability to address the governance challenges identified in the case study.

Implementation Plan: Propose a plan for implementing the framework within the organization, including key roles, responsibilities, and processes.
Risk Management Strategy:
Risk Identification: Identify the key risks associated with the IS operations described in the case study.
Risk Assessment: Evaluate the likelihood and impact of these risks using a recognized risk assessment methodology.
Mitigation Plan: Develop a risk mitigation plan that includes preventive, detective, and corrective controls.

Expected Outcomes:

Discuss the expected outcomes of implementing your governance and risk management strategies, including potential benefits, challenges, and impacts on organizational performance.

Key Elements of the Assessment:

Introduction: Provide a synopsis of the case study and explain the background on the governance and risk issues, including an identification of gaps in the current approach.

Governance Framework: Prepare a governance framework, including its strengths, weaknesses, and applicability to the case study.

Risk Management: Present a comprehensive risk management strategy, detailing the identification, assessment, and mitigation of risks.

Implementation: Discuss the practical steps for implementing your governance and risk management strategies within the organization.

Conclusion: Summarize your findings and suggest areas for further improvement of the governance framework and Risk Management framework.

Case Studies on Governance & Risk (2019-2024)

1. Optus Data Breach (Australia, 2022)
Major telecommunications company suffered a breach affecting millions. Exposed governance lapses in data protection and customer privacy.
2. Colonial Pipeline Ransomware Attack (USA, 2021)
Cyberattack halted fuel distribution; showed lack of robust incident response and risk planning.
3. Toll Group Cyberattacks (Australia, 2020)
Hit by two major ransomware incidents in quick succession: governance concerns in patch management and system resilience.
4. SolarWinds Supply Chain Attack (Global, 2020)
Attackers compromised Orion software updates; highlighted vendor governance and third-party risk.
5. Medibank Private Health Data Breach (Australia, 2022)
Exposed poor governance in securing personal health information and responding to data extortion.
6. Facebook (Meta) Whistleblower Revelations (USA, 2021)
Internal governance failures around data ethics and algorithmic impact on public wellbeing.
7. Twitter Insider Breach (USA, 2020)
Insider threat involving social engineering and poor access control, affecting account security.
8. NSW Government Service Data Exposure (Australia, 2020)
Government agency mistakenly exposed data due to misconfigured systems.
9. Desjardins Group Insider Data Leak (Canada, 2019)
Personal data of 4.2 million customers leaked by an employee; raised concerns over internal controls and identity access governance.
10. Uber 2016 Breach Concealment (Revealed in 2022)
Governance scandal involving failure to disclose breach and poor ethical risk decisions.
11. Latitude Financial Cyberattack (Australia, 2023)
Hackers accessed over 14 million customer records. Exposed systemic governance failures in third-party vendor relationships.
12. Capita Data Breach (UK, 2023)
Supplier for public services had data exfiltrated, emphasizing weak outsourcing governance.
13. Accellion FTA Software Exploit (Global, 2021)
Many organizations affected due to a flaw in a legacy file transfer tool-critical third-party risk.
14. Australian Broadcasting Corporation (ABC) Cloud Data Leak (2019)
Publicly exposed backup files in S3 bucket due to poor cloud governance settings.
15. British Airways GDPR Fine (UK, 2019)
Massive fine for data breach caused by poor web app security; compliance and audit failures.
16. Canva Data Breach (Australia, 2019)
Hacker accessed 139 million user records; issues with user data encryption and incident response.
17. Equifax Data Breach Fallout (USA, ongoing 2017-2023)
Continued litigation and compliance reform discussions-reference for legacy governance failure.
18. Travelex Ransomware Incident (UK, 2020)
Financial services company taken offline for weeks; lacked preparedness and resilience.
19. ANU (Australian National University) 19-Year Data Breach (2019)
Sophisticated attack exploited weak detection and governance structures in academic IT systems.
20. Kaseya VSA Ransomware Supply Chain Attack (Global, 2021)
Affected hundreds of downstream clients; governance challenge in securing IT management platforms.