Task 2 Objectives: 1. To explore and apply the concept of “risk” and “risk elements”; 2. To explore the relevance of organisational assets in risk and risk assessment; 3. To critically analyse the importance of standards, particularly in a risk management activity We are going to discuss Exercise 1-2 in the tutorial. However, you are also required to provide a summary of the response to Exercise 1-2 in the “Tasks & Assignments Submission” area before the start of Week 3. Read the following paper: Onwubiko C. and Lenaghan AP (2007). Managing Security Threats and Vulnerabilities for Small to Medium Enterprises. In IEEE International Conference on Intelligence and Security Informatics 2007. (http://www.research-series.com/cyril/IEEE-ISI07.pdf) Pay particular attention to section III. Exercise 1. Based on the Onwubiko & Lenaghan's Security Conceptual Framework (i.e., Table 1), identify & discuss the security concepts (e.g., owner, vulnerabilities, assets, etc) in the The Age's article: http://www.theage.com.au/news/national/20000-pages-leaked-in-new-police-bungle/2005/08/16/1123958033738.html# ). Exercise 2. Use the Onwubiko & Lenaghan's Asset Classification model to classify the information asset mentioned in the The Age's article and discuss the implication of the classification to the Information/Information Systems Security (in general) of Victoria Police (refer to the following article - http://www.theage.com.au/news/national/20000-pages-leaked-in-new-police-bungle/2005/08/16/1123958033738.html# ). INF80043 Tutorial Exercise 2 Refer to Lecture 1 slide p.24 on the “Component relationships (ISO/IEC 13335)”. Think about a couple of simple facts of life such as: #1 Identify and articulate the threat, vulnerability, likelihood, and the risk. #2 Identify and articulate the threat, vulnerability, likelihood, and the risk. After the exercise, do a bit of quiet reflection: was it as easy as you thought? what & why was it challenging (or not)?