Your All-in-One AI-Powered Toolkit for Academic Success.

+13062052269

info@desklib.com

Available 24*7 on WhatsApp / Email

Company

Tools

Support

Information Security Management: A Review

Verified

Added on 2020/05/16

AI Summary

This assignment delves into the multifaceted field of information security management. It requires a comprehensive review and analysis of scholarly articles focusing on various aspects of information security, including behavioral aspects, policy compliance, organizational culture, and risk management strategies. The assignment encourages students to synthesize insights from different perspectives and understand the evolving landscape of information security in today's digital world.

Contribute Materials

Your contribution can guide someone’s learning journey. Share your documents today.

Running head: INFORMATION SECURITY MANAGEMENT
Information Security Management
Name of the Student
Name of the University
Author’s Note:

Secure Best Marks with AI Grader

Need help grading? Try our AI Grader for instant feedback on your assignments.

💎 Get Pro

1
INFORMATION SECURITY MANAGEMENT
Executive Summary
The main aim of this report is to understand the entire case study for the organization known
as Academics for Academics. It is a NGO that runs on public funding for helping various
small colleges or universities in South East Asia and Australia. The information or the data of
this organization is not protected since they do not have their security policies or guidelines.
This report discusses about the various security threats or risks of A4A. Moreover, it helps to
find mitigation plans for these identified security threats for the information security system
of A4A. The final part of the report discusses about the significant assumptions of the case
study of A4A.

2
INFORMATION SECURITY MANAGEMENT
Table of Contents
Introduction................................................................................................................................3
Discussion..................................................................................................................................4
Case Study..............................................................................................................................4
Information Security Risks....................................................................................................5
Guidelines for Managing the Information Security Risks.....................................................7
Assumptions.............................................................................................................................10
Conclusion................................................................................................................................12
References................................................................................................................................14

3
INFORMATION SECURITY MANAGEMENT
Introduction
Information security control or management is the significant collection of certain
specific procedures or policies for the systematic management of an organization’s
confidential data (Stallings et al. 2012). The major goal of information security management
is the reduction of the risk in any information system and make sure that the organization
would reach to the objectives and goals without having any type of security breaches. These
security issues or breaches are extremely harmful for any organization or business. The
information security management or simply ISM provides a brief description about the
management that any particular organization requires for the successful implementation
(Peltier 2016). The security risks that are analyzed by information security management are
the threats or risks to the assets, the vulnerabilities and the impact.
This report provides a brief discussion on the entire case study for the organization of
A4A. A specific NGO or non-governmental organization, which helps all the smaller public
or private universities or colleges situated in South East Asia and even Australia. This
particular organization does not have their own guidelines or policies for the proper
protection of the organization’s resources (Disterer 2013). This report helps to recognize all
the various kinds of security threats or risks that the organization of Academics for
Academics or A4A can have for their resources. Moreover, the proper mitigation techniques
or plans from securing the data or resources from those threats are also given here. The report
suggests some of the most important guidelines for preventing the data or resources from the
insider threats and the outsider attacks. Proper assumptions about the case study are also
given in this report.

Paraphrase This Document

Need a fresh take? Get an instant paraphrase of this document with our AI Paraphraser

💎 Try AI Paraphraser

4
INFORMATION SECURITY MANAGEMENT
Discussion
Case Study
Academics for Academics or simply A4A is a typical NGO with the head office
located in Sydney, Australia whereas the branch office of this NGO is located in Singapore.
This particular organization of Academics for Academics or A4A is mainly run by the
donations from public. They do not have their own funding system since they are an NGO.
Altogether, the total number of the Academics for Academics or A4A members is ten. Within
the ten members, six of them work in the office of Sydney whereas the remaining four
members work in Singapore office. This particular NGO of Academics for Academics or
A4A was established for the purpose of helping out each and every small private and public
universities and colleges, which are situated in Australia and South East Asia. The private
universities or the colleges, who are solely interested in receiving the services of Academics
for Academics or A4A, would have to register themselves and become the successful
member universities or colleges of Academics for Academics. Furthermore, the experienced
experts or professionals, who are interested in providing any type of voluntary service to any
of the member university or college can also register with Academics for Academics. These
specific voluntary services mainly involve the supervising of any of the research project or
paper or the progress of the set of courses or providing lecture on any stream to the respective
learners. This organization would even appoint these individuals and they would turn into the
constituents of Academics for Academics or A4A. Next, the organization would be giving
interim or short term assignments for a specific period of time. These members would get
various benefits or advantages from this organization such as medical expenses,
accommodation, meals and travel expenses. All the members get equal benefits, as this is a
globally identified organization. The moment, these members are hired by the organization;
they would be staring to work under Academics for Academics. In spite of these advantages

5
INFORMATION SECURITY MANAGEMENT
or benefits, there is an important and unavoidable condition for this particular job. The
confidential data or information that would exclude the marked assignments, examinations or
the personal electronic mails would be the sole property of Academics for Academics and the
member institutions. These members would not have any right on this data or information.
The information security system of Academics for Academics or A4A would be storing and
managing all the confidential data. The location of the members does not matter in this case.
The verification of the information is done completely.
Information Security Risks
The ISS or information security system of the organization of Academics for
Academics or A4A is responsible for storing all the important and confidential information or
data about the activities or project (Soomro, Shah and Ahmed 2016). This security of
information is the procedure of the detection and prevention of every unsanctioned or
unauthorized access, changing, utilization, modification, disclosure, destruction and
recording of confidential information. The information stored within the security system of
information is about the constituents of the organization or regarding the member colleges or
universities. Thus, it is extremely important for the organization cannot be lost at any cost
(Hu et al. 2012). However, there is always a high chance of data loss in any information
system. The security threats or risks to the security system of information for the NGO of
Academics for Academics are given below:
i) Malicious Software or Code: Malicious software or code is the most significant
security risk in any information system. This type of threat occurs when a malicious software
or code is being infected in the system by any hacker or intruder (Rhodes-Ousley 2013). The
purpose of this infection is to hack the system or slow down the system. This software or
code is generally malicious and has the capability to replicate itself. The moment it enters any
system, it starts replicating itself. The common name for this malicious software or code is

6
INFORMATION SECURITY MANAGEMENT
virus. The most degrading and harmful fact of this typical infected code or software is that
this virus absolutely changes the configuration of the system and all the important data is
misplaced and cannot be recovered (Von Solms and Van Niekerk 2013). This type of
software or code should be checked on a daily basis so that any organization does not suffer
any data loss due to this.
ii) Denial of Service Attacks: The Denial or Service or DoS attacks are again
extremely important security threats in any particular security system of information
(Crossler et al. 2013). DoS attacks take place when any intruder or hacker hacks or intrudes
in any system and bluntly denies the service. The most dangerous issue with this attack is that
the legitimate user is unaware of the intrusion and thus, the intruder faces no problem in
intruding into the system. The attacker gets complete access to the system and when the user
attempts for entering into his or her system, that service is denied. Moreover, the denial of
service attack slows down the system or the server (Bang et al. 2012). When this type of
attacks occurs in several numbers of computers, it is called as a distributed denial of service
or DDoS attack.
iii) Leakage of Information: Information or data are the most significant and
confidential resources of all organizations. This confidential information should not be
intercepted or lost by any means (Siponen, Mahmood and Pahnila 2014). Nevertheless, there
exists a major risk of information or data leakage in an information security system. There are
two distinct ways for information leakage in an organization. The first way is when any type
of technical problems occur within the system and the second way is from an employee. The
first way can be solved by implementing various mitigation techniques or plans. However,
there is no such measure for the second way (Yang, Shieh and Tzeng 2013). The employee of
the organization can leak any confidential information either intentionally or unintentionally.

Secure Best Marks with AI Grader

Need help grading? Try our AI Grader for instant feedback on your assignments.

💎 Get Pro

7
INFORMATION SECURITY MANAGEMENT
iv) Receiving Unsolicited Emails: The fourth security risk or threat of any
information system is the receiving of unsolicited emails. The legitimate user receives a fake
email from any false electronic mail IDs, claiming to be belonging to an authenticated
organization (Chander, Jain and Shankar 2013). As soon as the victim clicks on the email to
read it, the entire information system is intruded or hacked and there is absolutely no cure.
v) Identity Theft: This is again one of the most dangerous security threats in any
information system. The intruder or the hacker steals the identity of a legitimate user so that
he gets the access of all confidential information or data.
vi) Unintentional Damage: It is not necessary that all the security threats are caused
intentionally (Peltier 2013). It has been observed that in many organizations, the employees
cause damage to the information system due to lack of training given to them.
vii) Phishing: Phishing occurs when the intruder gets all the confidential information
from the system by sending hoax emails. Eradication of phishing is almost impossible.
These above mentioned information security risks are extremely dangerous for any
information system. Thus, Academics For Academics or A4A should check their information
system on a regular basis (Fielder et al. 2014). However, these can be reduced or mitigated.
The guidelines for mitigation or managing these security risks of information are given
below.
Guidelines for Managing the Information Security Risks
The security system of information of the organization of A4A has a chance or
tendency to have various significant risks that are very dangerous for the confidential
information (Bell, Ndje and Lele 2013). However, few of the guidelines or techniques for the

8
INFORMATION SECURITY MANAGEMENT
successful mitigation or eradication of security threats or risks is present. These mitigation
techniques or plans for the security threats of an information system are as follows:
i) Antivirus: This is the simplest and the most basic method for the mitigation of any
malicious software or code from a system. Antivirus is a software that detects and prevents
the attacks of virus or any such malicious software and code (Cavusoglu et al. 2015). This
software is installed in an information security system and thus the entry of all dangerous
attacks is stopped. Academics for Academics or A4A should implement an antivirus software
in their information system.
ii) Firewalls: This is the second most efficient and effective method for the
prevention of security threats or risks. Firewalls are similar to antivirus as these are also
installed in an information system. Just like the name, firewalls act as the security system in
any system and also helps in detecting and preventing all types of information security risks
(Alexander, Finch. and Sutton 2013). The main advantage of firewall is that it is extremely
safe, secured and cost effective. Academics for Academics or A4A should implement a
firewall software in their information system.
iii) Encryption: The third basic method for the protection of any confidential
information is by the simple process of encryption (Tu and Yuan 2014). This is the procedure
of encoding or encrypting any confidential message or information in an encoded text, known
as cipher text. The encryption is done in a typical method that the legitimate users only have
the ability to access any information. The procedure of encryption is recommendable for all
organizations for reducing the message interception. There are two distinct algorithms in
encryption, namely, symmetric key and asymmetric key (Chen, Ramamurthy and Wen 2012).
The algorithm of symmetric key comprises of only one specific for both encoding and
decoding of a message. This eventually means the both the sender and the receiver of this

9
INFORMATION SECURITY MANAGEMENT
message utilizes only one key for the purpose of encryption and decryption (Baskerville,
Spagnoletti and Kim 2014). The major advantage of this symmetric key algorithm is that it
can be implemented and utilized very easily. The next encrypting algorithm is known as the
algorithm of asymmetric key. This particular algorithm is just the opposite of the algorithm of
symmetric key. The specific keys for the encryption and decryption of the message are
separate and thus the algorithm is much complex (Vacca 2012). Academics for Academics
should secure their information by the processes of encryption and decryption.
iv) Digital Authentication: The fourth popular way for the security purpose of
information system is digital authentication. It is the simple and significant procedure of
authenticating and sanctioning any particular person or individual digitally (Ifinedo 2012).
The most important examples of this process of digital authentication mainly include voice
recognition, fingerprint recognition, digital signatures and face recognition. The successful
implementation of this particular policy of security is completed by means of implementing
biometric attendance to all organizations or all information systems (Kayworth and Whitten
2012). Only the sanctioned, authenticated and the authorized users have the access to this
information security system. Academics for Academics should only provide access to the
authenticated users.
v) Passwords: The final method of securing confidential data or information in the
information system for the organization of Academics for Academics or A4A is passwords.
The security risk of identity theft is reduced or mitigated by this particular process (Guo and
Yuan 2012). The presence of password in any information system helps to protect the
complete system and no intruder or hacker has the ability to enter into a password-protected
system easily. The biometric password is the most effective solution for all security related
issues since; this type of password only allows authenticated and authorized employees for

Paraphrase This Document

Need a fresh take? Get an instant paraphrase of this document with our AI Paraphraser

💎 Try AI Paraphraser

10
INFORMATION SECURITY MANAGEMENT
acceding the confidential information (Baskerville, Spagnoletti and Kim 2014). A4A should
keep passwords in their organization and they should change the passwords periodically.
These above mentioned five guidelines would be helping Academics For Academics
or A4A to manage their possible security related threats or risks present within their
information system. The security threats might not be stopped, however, when these
guidelines would be followed, these risks could be reduced to a controllable limit.
Assumptions
Assumptions are made on any particular case study or situation by considering proper
justifications and discussions. The significant assumptions for managing the security threats
or risks in the organization of A4A are given below:
i) A4A is the specific NGO, which helps out more or less every smaller public and
private university or college located in Australia and South East Asia.
ii) The colleges or universities that are private and solely interested in receiving the
services of Academics for Academics or A4A, would have to register themselves and become
the successful member universities or colleges of Academics for Academics.
iii) The experts or professionals, who wishes to give several voluntary services within
the field of research and teaching could simply register themselves in this organization of
Academics For Academics, and this would be an awesome option for them.
iv) A4A is recruiting several trained individuals in several streams and is enabling
cultural diversification within this NGO.

11
INFORMATION SECURITY MANAGEMENT
v) As soon as these trained individuals would be a part of this NGO, the professionals
would be solely enjoying various advantages such as expenses for medical, charges for
accommodation and meals and also the travel expenses.
vi) This particular organization has put only one basic condition for the employment
of the members that the confidential information and the resources would be the properties of
A4A and the members do not have any right on them.
vii) All the confidential data and information is kept in the secured and systematic
security system of information by this NGO, namely, A4A.
viii) Several and various security threats can easily enter into any information system.
The security threats are extremely dangerous and harmful.
ix) The major security risk or threats for any particular security system of information
are harmful software, harmful code, attacks of denial of service, leakage of information,
phishing, messages interception, spoofing, unintentional destruction of important assets or
information and many more.
x) These security threats can be easily eradicated or mitigated by simply following
some of the major stages and by applying various measures.
xi) The most basic methods of eradicating these types of security threats or risks are
encryption, antivirus, passwords, firewalls and digital authentication.
xii) Academics For Academics or A4A is assumed to get each and every
organizational objective and goal by their pioneering strategies of organization.

12
INFORMATION SECURITY MANAGEMENT
Conclusion
Therefore, from this above report conclusion can be drawn that A4A is a typical
NGO, which eventually helps each and every smaller public and also private schools,
universities and colleges and in Australia as well as South East Asia. This specific
organization of Academics for Academics does not contain their own policies or guidelines
for the purpose of providing perfect protection to all the resources of this organization. The
lack of guidelines or policies can be extremely dangerous for the security of the important
and confidential data or resources of this particular organization. Information security
management is the procedure of managing all the confidential information or data of an
organization and thus providing extreme security to those resources or information. The
secured management of information can be simply defined as the compilation of various
typical processes and even policies for the methodical management of any company’s
confidential information and data. The major goal of the secured management of information
is to minimize the overall risk or threat of the system of information and to make sure or to be
ensured that the particular company reaches all the organizational goals and objectives
without having all types of security breaching. These security breaches or issues are very
dangerous for all organizations or businesses. The information security management or the
ISM gives a detailed description regarding the management of any specific organization that
is required for the flawless implementation. The risks related to the security, which are solely
analyzed by the information security management or ISM are the risks or threats to the assets,
the vulnerabilities and the impact. The above report has discussed about the case study of
A4A. This particular report has helped in the recognition of all the several types of security
risks or threats, which the company of Academics for Academics or A4A could have for the
data and resources. Furthermore, the significant techniques and plans for mitigation of the
security of the resources or data from the above mentioned identified risks are also provided

Secure Best Marks with AI Grader

Need help grading? Try our AI Grader for instant feedback on your assignments.

💎 Get Pro

13
INFORMATION SECURITY MANAGEMENT
here. This report has suggested few of the major and important guidelines for the prevention
of the resources and data from the outsider attacks and the insider threats. Perfect
assumptions regarding this case study are also provided in the report.

14
INFORMATION SECURITY MANAGEMENT
References
Alexander, D., Finch, A. and Sutton, D., 2013, June. Information security management
principles. BCS.
Bang, Y., Lee, D.J., Bae, Y.S. and Ahn, J.H., 2012. Improving information security
management: An analysis of ID–password usage and a new login vulnerability
measure. international journal of information management, 32(5), pp.409-418.
Baskerville, R., Spagnoletti, P. and Kim, J., 2014. Incident-centered information security:
Managing a strategic balance between prevention and response. Information &
Management, 51(1), pp.138-151.
Bell, B.G., Ndje, Y.J. and Lele, C., 2013. Information systems security management:
optimized model for strategy, organization, operations. American Journal of Control Systems
an Information Technology, (1), p.22.
Cavusoglu, H., Cavusoglu, H., Son, J.Y. and Benbasat, I., 2015. Institutional pressures in
security management: Direct and indirect influences on organizational investment in
information security control resources. Information & management, 52(4), pp.385-400.
Chander, M., Jain, S.K. and Shankar, R., 2013. Modeling of information security
management parameters in Indian organizations using ISM and MICMAC approach. Journal
of Modelling in Management, 8(2), pp.171-189.
Chen, Y., Ramamurthy, K. and Wen, K.W., 2012. Organizations' information security policy
compliance: Stick or carrot approach?. Journal of Management Information Systems, 29(3),
pp.157-188.

15
INFORMATION SECURITY MANAGEMENT
Crossler, R.E., Johnston, A.C., Lowry, P.B., Hu, Q., Warkentin, M. and Baskerville, R.,
2013. Future directions for behavioral information security research. computers &
security, 32, pp.90-101.
Disterer, G., 2013. ISO/IEC 27000, 27001 and 27002 for information security
management. Journal of Information Security, 4(02), p.92.
Fielder, A., Panaousis, E., Malacaria, P., Hankin, C. and Smeraldi, F., 2014, June. Game
theory meets information security management. In IFIP International Information Security
Conference (pp. 15-29). Springer, Berlin, Heidelberg.
Guo, K.H. and Yuan, Y., 2012. The effects of multilevel sanctions on information security
violations: A mediating model. Information & Management, 49(6), pp.320-326.
Hu, Q., Dinev, T., Hart, P. and Cooke, D., 2012. Managing employee compliance with
information security policies: The critical role of top management and organizational
culture. Decision Sciences, 43(4), pp.615-660.
Ifinedo, P., 2012. Understanding information systems security policy compliance: An
integration of the theory of planned behavior and the protection motivation
theory. Computers & Security, 31(1), pp.83-95.
Kayworth, T. and Whitten, D., 2012. Effective information security requires a balance of
social and technology factors.
Peltier, T.R., 2013. Information security fundamentals. CRC Press.
Peltier, T.R., 2016. Information Security Policies, Procedures, and Standards: guidelines for
effective information security management. CRC Press.

Paraphrase This Document

Need a fresh take? Get an instant paraphrase of this document with our AI Paraphraser

💎 Try AI Paraphraser

16
INFORMATION SECURITY MANAGEMENT
Rhodes-Ousley, M., 2013. Information security: the complete reference. McGraw Hill
Education.
Siponen, M., Mahmood, M.A. and Pahnila, S., 2014. Employees’ adherence to information
security policies: An exploratory field study. Information & management, 51(2), pp.217-224.
Soomro, Z.A., Shah, M.H. and Ahmed, J., 2016. Information security management needs
more holistic approach: A literature review. International Journal of Information
Management, 36(2), pp.215-225.
Stallings, W., Brown, L., Bauer, M.D. and Bhattacharjee, A.K., 2012. Computer security:
principles and practice (pp. 978-0). Pearson Education.
Tu, Z. and Yuan, Y., 2014. Critical success factors analysis on effective information security
management: A literature review.
Vacca, J.R., 2012. Computer and information security handbook. Newnes.
Von Solms, R. and Van Niekerk, J., 2013. From information security to cyber
security. computers & security, 38, pp.97-102.
Yang, Y.P.O., Shieh, H.M. and Tzeng, G.H., 2013. A VIKOR technique based on
DEMATEL and ANP for information security risk control assessment. Information
Sciences, 232, pp.482-500.

1 out of 17

+13062052269

info@desklib.com

Information Security Management: A Review

Contribute Materials

Secure Best Marks with AI Grader

Paraphrase This Document

Secure Best Marks with AI Grader

Paraphrase This Document

Secure Best Marks with AI Grader

Paraphrase This Document

Related Documents

Information Security Policy Compliance

Cloud Computing Security Risks and Mitigation

Information Security in Healthcare Cloud

Policy Compliance and Legal Implications

Information Security Management - A Case Study of Academics for Academics (A4A)

Guidelines for Managing Information Security Risks for Cosmos Organization