Your All-in-One AI-Powered Toolkit for Academic Success.

+13062052269

info@desklib.com

Available 24*7 on WhatsApp / Email

Company

Tools

Support

Information Governance: Risk Assessment, Business Continuity, and Security Enhancement

Verified

Added on 2023/01/17

AI Summary

This document discusses the importance of information governance in organizations, focusing on risk assessment, business continuity planning, and steps for enhancing operational and environmental security. It also provides a guide for staff on ethical, legal, and regulatory compliance.

Contribute Materials

Your contribution can guide someone’s learning journey. Share your documents today.

Running head: INFORMATION GOVERANCE
Private-Match (PM)
Name of the Student
Name of the University
Author’s Note

Secure Best Marks with AI Grader

Need help grading? Try our AI Grader for instant feedback on your assignments.

💎 Get Pro

1
INFORMATION GOVERANCE
Table of Contents
Introduction......................................................................................................................................2
1.1 Risk assessment relating to IT services and data security with proper recommendations....2
1.2 Business continuity plan........................................................................................................8
1.3 Steps for enhancing operational and environmental security................................................9
2. Guide for the staff concerning ethical, legal and regulatory compliance..................................11
2.1 Potential financial as well as reputational loss that would occur due to breach..................11
2.2 Responsibilities of the involved stakeholders......................................................................12
2.3 Training facility to the staffs................................................................................................13
2.4 Steps for reporting any suspicious incident.........................................................................14
2.5 Clear information about the laws and industry best practices.............................................16
3. A4 electronic poster for Disaster Recovery...............................................................................18
Conclusion.....................................................................................................................................19
References......................................................................................................................................20

2
INFORMATION GOVERANCE
Introduction
The paper mainly reflects on the organization “Private Match” which is a national dating
agency. It is found that currently the company has six offices within the country with one head
office. The PM administer their matching services with the help of websites as well as mobile
applications and matching is generally done with the help of AI algorithms. In order to make
matching, lots of personal data of the customers are asked and therefore data protection is one of
the keys for the entire company. Presently, the organization is facing a number of struggles in
order to properly understand the complexities for implementing new data as well as protection
regulations properly. In order to avoid such issues, the company generally decided to implement
a full risk assessment for the IT services as well as different types of related data, proper disaster
management and recovery plan. In addition to this, the company also wants to set proper
enhanced IT policies that generally include data protection, backup policy as well as staff
training policies effectively for maintaining proper operational as well as environmental security
of the company.
1. Proposal to the board of directors
1.1 Risk assessment relating to IT services and data security with proper recommendations
The risk assessment that is done on the IT services as well as data security mainly
determines the hazard, risk factors and analyzes proper ways for eliminating the risks that are
associated with the IT services as well as data security.
Risk Description Impact Probability Mitigation
/recommendation
Malicious use Cyberhacking High High It is found that

3
INFORMATION GOVERANCE
of AI methods or
techniques such
as spear phishing
are very much
common but due
to the utilization
of AI, the entire
methods become
much more
powerful. It is
found that due to
the use of AI,
hackers will
generally be able
to attack the
entire network at
a very much
faster rate by
successfully
manipulating the
entire AI
systems
(McNeil, Frey
hybrid human
machine approach
is generally
needed and will
generally be
needed in various
areas including
the model
buildings as well
as proper
categorization that
is generally
dependent on
proper screening
as well as proper
even analysis of
cybersecurity
literature for
properly
determining the
present threats.
This is generally
helpful in

Paraphrase This Document

Need a fresh take? Get an instant paraphrase of this document with our AI Paraphraser

💎 Try AI Paraphraser

4
INFORMATION GOVERANCE
and Embrechts
2015). Thus, due
to the expansion
of the present AI
technologies,
hackers
generally carry
out some of the
complex tasks
very much
efficiently at a
very much lower
cost and thus
these advanced
cyberattacks will
be much more
difficult to
notice and quite
difficult to stop.
identifying the
threats at the
initial stage so
that they can be
mitigated by
taking proper
steps.
Lack of
cybersecurity
policy
Security
standards are
considered as
quite important
High High It is quite
important to
prioritize the
cybersecurity

5
INFORMATION GOVERANCE
for the company
and if proper
cybersecurity
policy is not
present then the
cyber criminals
generally does
not target
companies in the
tech sectors but
they are
generally
threatening
every single
company (Ho et
al. 2015).
policies
successfully. In
addition to this,
proper
implementation of
cyber security
policies are
important for
resolving the
problems that
occur due to lack
of cybersecurity
policy.
Data theft It is found that
the data as well
as information of
the customers
can be targeted
that generally
can cause initial
High High The problem of
data theft can be
reduced by
strengthening the
security system by
utilizing firewall
so that hacking of

6
INFORMATION GOVERANCE
cyber attack
which further
can cause loss of
important as
well as
confidential data
of the customers
(Bromiley et al.
2015).
confidential data
as well as
information of the
customers will be
tough.
Improper
security
training
Employee
training as well
as awareness are
very much
crucial for the
safety of the
company and as
the staffs of the
organization are
not properly
trained about the
security training
therefore, they
face issues in
High Medium It is quite
important to
provide proper
security training
to both the new as
well as current
employees of the
organization
effectively so that
they can be able to
handle the
security
challenges quite
effectively.

Secure Best Marks with AI Grader

Need help grading? Try our AI Grader for instant feedback on your assignments.

💎 Get Pro

7
INFORMATION GOVERANCE
determining the
issues as well as
resolving them
(Wiengarten et
al. 2016).
Lack of proper
recovery plan
It is found that
proper planning
for the security
attack is only
possible with the
help of a plan for
preventing the
cyberattack and
as the
organization
does not have a
proper recovery
plan therefore,
they face a lot of
cybersecurity
related incidents
(Cole, Gine and
Vickery 2017).
Medium Medium Implementation
of proper recovery
plan is generally
important for
dealing different
types of critical
situations that are
generally
associated with
the cyberattack.

8
INFORMATION GOVERANCE
1.2 Business continuity plan
The organization “Private Match” uses a proper business continuity plan in order to give
overview about the operation of the business if something generally goes wrong. According to
Wallace and Webber (2017) business continuity is defined as one of the abilities of an
organization for maintaining the proper functions during or after the occurrence of the disaster. It
is found that the business continuity planning generally helps in establishing proper risk
management processes as well as procedures that generally aims to properly prevent
interruptions as well as proper re-establishment of full function to the entire organization as
quickly as possible. The three key elements of the business continuity plan that is prepared is
generally reflected below:
Resilience
The company “private match” generally increases its resilience by successfully designing
the various critical functions as well as infrastructures with different types of disaster-based
possibilities in mind including proper staff rotations, data redundancy as well as effective
maintenance of surplus of capacity (Kato and Charoenrat 2018). It is found that proper insurance
of resilience against the various types of scenarios generally helps the business for properly
maintaining the proper services on off-site as well as location without effective interruption.
Recovery
In context to business continuity plan, the organization utilizes rapid recovery for
restoring the business functions after a disaster or risk occurrence. It is identified that setting
proper time of recovery for the different types of systems, networks as well as applications are
generally considered to be helpful in properly prioritizing the elements that requires to be

9
INFORMATION GOVERANCE
recovered first. Moreover, the various types of recovery strategies generally include different
types of resource inventories agreements as well as third parties within a company for various
types of mission- based functions.
Contingency
After then, a contingency plan is used that is considered as one of the procedures that
generally uses different varieties of external scenarios which further include chain of command
which further distributes different types of responsibilities within the entire organization
(Sahebjamnia, Torabi and Mansouri 2015). The various types of responsibilities generally
include proper hardware replacement, leasing the office spaces, damage assessment as well as
proper contracting with the third-party vendors in order to get effective help from them.
1.3 Steps for enhancing operational and environmental security
The organization “Private Match” can be able to achieve both operational as well as
environmental security with the help of proper policies as well as procedures that further assists
in guiding the user’s interaction with the help of data as well as effective data processing systems
(Blos, Hoeflich and Miyagi 2015). It is found that development as well as alignment of the
efforts with the goals of the business is considered as one of the crucial parts for the development
of proper operational as well as environmental security programs. The steps that are needed to be
followed are generally elaborated below:
Development of security policies: Security policies are generally defined as high level
statements that is generally produced by the senior management that generally outlines both what
is generally security meant for the organization and the organization’s goals for providing proper
security. The main security policy can generally be broken into number of policies that are linked
with security. In addition to this, the policies are generally related with the access control, the

Paraphrase This Document

Need a fresh take? Get an instant paraphrase of this document with our AI Paraphraser

💎 Try AI Paraphraser

10
INFORMATION GOVERANCE
organizations security policy which must include proper policies and all policies should be
effectively reviewed on proper basis as per requirement.
Change management policy: The main purpose of the change management is to make
sure that effective procedures are generally followed when effective modifications are generally
needed within the IT infrastructures. The modifications should be properly prompted with the
help of a number of events including proper legislation, updated hardware as well as software as
well as effective improvements within the infrastructure (Graham and Kaye 2015). It is found
that proper change management procedures should include different stages including the method
of requesting to the change within the infrastructure as well as review as well as approval
procedure for the request.
Data policies: Proper system integration within third parties generally involves with the
data sharing. It is found that the data can generally be shared for the effective purpose of
processing. Effective control over data is important for avoiding challenges as well as issues
related with unauthorized data sharing (Fisher, Norman and Klett 2017). In addition to this, data
ownership requirements generally need proper backup responsibilities that generally includes
proper determination of the backup responsibilities as well as development of effective
operational procedures for making sure that proper backup generally occur as they are generally
important for various security elements.
Security awareness and training: Security awareness as well as training programs are
generally helpful in properly enhancing the security of the programs. It is quite important to train
the employees with proper objectives so that they can be capable of handling the security
challenges effectively. As the security policies are considered as very much high-level directive
which further helps in setting the entire support as well as proper execution of the direction with

11
INFORMATION GOVERANCE
respect to proper security. In addition to this, second level policies including policies, access as
well as information handling generally utilizes proper policies that needs to be effectively
designed as well as understood.
Fire suppressions: Fires are generally considered as one of the disasters that generally
can create negative impact on the organizational environment by using proper equipment. It is
found that proper fire detection as well as fire suppression are generally considered as two
important devices for successfully addressing the threat. Proper suppression system generally
come in different varieties including the gas-based system as well as sprinkler-based system
(Conti, Dargahi and Dehghantanha 2018).
2. Guide for the staff concerning ethical, legal and regulatory compliance
2.1 Potential financial as well as reputational loss that would occur due to breach
It is found that if any data breach or security issue occur within the organization “Private
Match” then it would generally create negative impact on the financial as well as reputational
status of the organization. As the organization “PM” generally administers their matching
services with the help of either website or with the help of mobile applications. It is found that
the customers generally need to sign off by utilizing their personal details, information related
with debit and credit card as well as with the help of proper text-based information (Samtani et
al. 2017). However, if any type of security breach occurs within the organization then the
confidential or personal information related with the customers gets leaked that causes a number
of ethical as well as financial issues. If the details of the credit or debit card get hacked then it
will generally create a huge financial impact on both the organization as well as on the customers
that further creates negative impact on the reputation of the organization (Williams et al. 2018).
Thus, it is found that both the financial as well as reputational status of the organization gets

12
INFORMATION GOVERANCE
hampered due to data theft and therefore, it is quite important to utilize effective strategies for
resolving the security issues and challenges properly.
2.2 Responsibilities of the involved stakeholders
Data breaches generally happen due to a number of reasons including targeted attacks
which generally lead to the compromise of the identity, money theft or it generally happens
accidentally (Shackleford 2015). Data breach are considered as constant threat for the different
organizations and in order to recover from the loss, the stakeholders who are associated with the
breach needs to follow the following steps effectively. The steps are elaborated below:
Stop the breach: After the stakeholder notices the breach, it is very much important to
stop the breach that occurs as quickly as possible. The ways by using which the stakeholders
who are associated with the breach will generally stop the breach generally depends on the attack
nature as well as on the system that is affected (Lee et al. 2018). It is quite important to isolate
the entire system that is generally accessed with the help of the attacker properly for effectively
preventing the breach quite effectively from spreading within the entire network. It is identified
that disconnection from the breach accounts of the users are generally done with the help of
effective methods. If proper complex infrastructure for security is generally present then they
generally help in locating as well as isolating the entire attack quite efficiently as well as quickly
(Tosh et al. 2015). After the threat is stopped then, it is very much important to eliminate the
threat quite effectively for preventing ay type of damages quite effectively.
Assess the damage: Once the attack generally gets stopped as well as eliminated then the
next step is to undertake proper investigation about the damage that generally occurs within the
entire organization. After knowing how then entire procedure of attack has generally been
happened in order to successfully percent the attackers from the tactics as well as succeeding. It

Secure Best Marks with AI Grader

Need help grading? Try our AI Grader for instant feedback on your assignments.

💎 Get Pro

13
INFORMATION GOVERANCE
is quite important to properly prevent the attackers in the coming future from the tactics of
attack. Thus, it is very much important to properly engage in investigation of the entire affected
system so that the malware can be possibly left by the various attacker.
Notify those affected: While undertaking investigation of the data breach, the
organizations needs to discover those who are generally affected. After undertaking
investigation, the next step is to properly notify the various authorities as well as different types
of third-party organizations who are generally affected (Mavroeidis and Bromander 2017). As
regulations generally helps in governing within the timeframe such that the entire breach requires
to be effectively reported. The notifications are generally reported with the help of either email,
phone calls or with the help of other medium of communication.
Security audit: After undertaking all the steps, the stakeholders who are associated with
the security or data breach generally undertakes proper security audit for properly assessing the
current security system of the entire organization in order to help them within the preparation of
the future recovery plans so that the security challenges as well as issues can be easily mitigated
with the assistance of the stakeholders (Dionísio et al. 2019).
2.3 Training facility to the staffs
In order to make the training to be very much effective, it is very much necessary to
target the user with regard with their role in the subject of the training. It is found that as the
employees generally require security awareness training, it is very much necessary to provide
specific training in the areas in which they are generally responsible. Proper role-based training
in context to the information security responsibilities is considered as one of the important parts
of the information security-based training (Vinayakumar, Poornachandran and Soman 2018). It
is found that if a person generally has proper job responsibilities then it generally may create

14
INFORMATION GOVERANCE
impact on the information security then effective role-based training is generally required for
making sure that the individual must understand the responsibilities that is generally related with
the information security. The employees of the organization should be trained on the following
so that they can handle the security challenges as well as issues quite effectively.
SANS Training: The organization generally helps in providing proper funding for SANS
training. It generally offers technical training on different areas that generally include system
administration, cyber defence, courses of management, digital forensic investigations as well as
secure software development (Surma 2019).
Cybersecurity training: Online cybersecurity training should be provided to the
employees with the help of virtual training environment so that the staffs of the organization can
be able to handle cybersecurity related issues as well as challenges quite effectively.
Information security training: The information security training is generally based on
the roles of the individuals and all the facility of training should be provided to the employees
online effectively (Gentile 2018).
2.4 Steps for reporting any suspicious incident
The steps that are generally followed in order to report any of the suspicious incident are
generally elaborated below:
Information security reporting procedures: The computer incident reporting procedure
generally helps in providing proper series of channels with the help of which the incidents can be
reported, tracked as well as investigated effectively (Stalcup 2015). It is identified that the
department of the information security will generally be the primary responder to various
incidents. With the help of information security procedure of reporting, different types of

15
INFORMATION GOVERANCE
incidents like any of the suspected hacking, suspicion about the password compromise as well as
harassment by email.
Reporting critical issues: Proper reporting procedure should be followed for reporting
about the various critical issues immediately and the reporting can be done after getting
confirmation from the management. The critical issues involving notification from an intrusion
detection system generally helps in providing facilities that generally helps in brining attention to
the various department of the information security department.
Reporting non-critical issues: The non-critical challenges should be properly reported to
the various department with the help of either an email, telephone or with the help of proper
system (Chatzigeorgiou et al. 2017). It is found that the help desk will generally refer to the
information technology personnel with the help of TUhelp system and on the other hand, it is
found that in context to the non-technical issues, the help desk will generally refer to the
information security office person by using proper TUhelp system.
Handling procedures for security and privacy incident: The procedures related with
privacy as well as security incident should be reported by using steps that are generally
elaborated below:
 The office of the chief information security officer should activate as well as lead its
incident response team on the actual breach or suspicion that is generally determined.
 After providing proper notification to the information security officer, it is quite
important to follow proper instructions related with the response team (Gentile 2018).
 The team of incident repose should properly assess the scope as well as nature of the
incident by determining the personal information that is generally misused or accessed.

Paraphrase This Document

Need a fresh take? Get an instant paraphrase of this document with our AI Paraphraser

💎 Try AI Paraphraser

16
INFORMATION GOVERANCE
 Proper contact should be made with the incident response coordinator for reviewing the
breach declaration.
 Proper resources should be provided to the system owners who generally work with
proper cooperation with the incident response team for successfully controlling the
incident for preventing unauthorized access including suspending as well as monitoring
of access.
 Proper incident report should be developed about the various factors that generally
surrounds the incident which further includes steps for mitigating the threat and for
ascertaining the scope as well as nature of the breach successfully (Stalcup 2015).
 The chief information security officer must properly consult with the chief information
officer for determining the security incident as well as privacy incident.
 The breach declaration team must properly evaluate the report that generally helps in
determining the breach related with the personal information which has occurred
(Chatzigeorgiou et al. 2017).
 The officer of the chief information security depends on the outcome of the breach
declaration team that further lead to an effort that further formulate a proper plan for
preventing the recurrence of the entire incident.
2.5 Clear information about the laws and industry best practices
It is found that clear information related with law and industry is generally required for
managing the security issues as well as challenges successfully. In order to ensure compliance
within the organization, it is quite necessary to have a methodical approach for successfully
implementing the solutions to legislation (Laughlin 2015). For managing the situation, it is quite
important to determine the relevant legislation for identifying the best practices. In addition to

17
INFORMATION GOVERANCE
this, undertaking proper risk assessment as well as effective design of the policies are important.
The laws that needs to be followed are listed below:
Data protection Act 1998: The personal data must be kept accurate when necessary in
order to keep the information up to date. Moreover, 5th data protection principle should be used
for processing the personal data for any purpose whereas the 7th data protection principle
generally uses proper technical as well as organizational measures against the unauthorized
processing of personal data against the accidental loss or because of the damage of the
confidential information (Randall and Kroll 2016).
Regulation and investigatory power Act 2000: It is identified that with the help of the
act, proper regulation of the interception, acquisition as well as disclosure of the information can
be done quite effectively. It is considered as unlawful for intercepting proper
telecommunications. It is found that some of the interceptions of the emails are generally
permitted based on the telecoms system.
Privacy and electronic communication regulation 2003: This act generally refer to
direct marketing emails that generally aims at reducing spam. It is generally considered as n
offence for sending direct marketing email to the various individuals without providing their
explicit consent (Brenner 2016).
Copyright and licencing: The copyright law of the united states is generally intended for
encouraging the development of proper art and culture by providing proper reward to the authors
as well as artists for setting proper exclusive rights (Henry and Brantly 2018). It is found that
copyright law generally helps in training the author as well as artists about the exclusive right for

18
INFORMATION GOVERANCE
selling their copies of the work. On the other hand, it is found that proper license on Federation
against software theft.
SARBOX: AUS Act generally protest against the investors for improving the reliability
as well as accuracy of various corporate disclosures that are generally made pursuant for various
types of securities laws as well as different types of other purposes (Laughlin 2015).
Best Practice for ISO standard: International Organization for standardisation
generally produces international standards such as information security standard which is
generally adopted over time from an original British standard (Henry and Brantly 2018). It is
found that some of the guide are generally accessible and are generally helpful in elaborating to
keep the entire information secure.
3. A4 electronic poster for Disaster Recovery
The steps that are generally needed to be taken by the staffs of the organization “Private
Match” during disaster recovery are generally reflected in the form of electronic poster that is
generally provided below.

Secure Best Marks with AI Grader

Need help grading? Try our AI Grader for instant feedback on your assignments.

💎 Get Pro

19
INFORMATION GOVERANCE
Conclusion
It can be concluded from the entire paper that proper operational and environmental
security to the organization is generally necessary for mitigating the security risks that occurs
due to data theft or security challenges. The paper implements proper risk assessments for the IR
services as well as related data with the help of proper disaster management as well as recovery
plan for resolving the risks and challenges. It is found that the paper also provides proper guide
to the staffs concerning ethical, legal as well as various types of regulatory compliance that
generally pertains to this situation that generally includes proper information that are generally
applicable laws as well as practices. In addition to this, the paper also states proper steps that are
generally helpful in reporting any of the suspicious incident that occurs within the organization.
Moreover, the guide that is utilized by the organization will generally be helpful in providing
training to the staffs and also act as one of the reminders for those who generally attended the
training.

20
INFORMATION GOVERANCE
References
Antão, P., Calderón, M., Puig, M., Michail, A., Wooldridge, C. and Darbra, R.M., 2016.
Identification of occupational health, safety, security (OHSS) and environmental performance
indicators in port areas. Safety science, 85, pp.266-275.
Awan, J.H., Memon, S. and Burfat, F.M., 2019. Role of Cyber Law and Mitigation Strategies in
Perspective of Pakistan to Cope Cyber Threats. International Journal of Cyber Warfare and
Terrorism (IJCWT), 9(2), pp.29-38.
Blos, M.F., Hoeflich, S.L. and Miyagi, P.E., 2015. A general supply chain continuity
management framework. Procedia Computer Science, 55, pp.1160-1164.
Blos, M.F., Hoeflich, S.L. and Miyagi, P.E., 2015. A general supply chain continuity
management framework. Procedia Computer Science, 55, pp.1160-1164.
Brenner, S.W., 2016. Cyberthreats and the Posse Comitatus Act: Speculations. Journal of
International and Comparative Law, 4(1), p.2.
Bromiley, P., McShane, M., Nair, A. and Rustambekov, E., 2015. Enterprise risk management:
Review, critique, and research directions. Long range planning, 48(4), pp.265-276.
Chatzigeorgiou, C., Toumanidis, L., Kogias, D., Patrikakis, C. and Jacksch, E., 2017, June. A
communication gateway architecture for ensuring privacy and confidentiality in incident
reporting. In 2017 IEEE 15th International Conference on Software Engineering Research,
Management and Applications (SERA) (pp. 407-411). IEEE.
Chatzigeorgiou, C., Toumanidis, L., Kogias, D., Patrikakis, C. and Jacksch, E., 2017, June. A
communication gateway architecture for ensuring privacy and confidentiality in incident

21
INFORMATION GOVERANCE
reporting. In 2017 IEEE 15th International Conference on Software Engineering Research,
Management and Applications (SERA) (pp. 407-411). IEEE.
Cole, S., Giné, X. and Vickery, J., 2017. How does risk management influence production
decisions? Evidence from a field experiment. The Review of Financial Studies, 30(6), pp.1935-
1970.
Conti, M., Dargahi, T. and Dehghantanha, A., 2018. Cyber threat intelligence: challenges and
opportunities (pp. 1-6). Springer International Publishing.
Dionísio, N., Alves, F., Ferreira, P.M. and Bessani, A., 2019. Cyberthreat Detection from Twitter
using Deep Neural Networks. arXiv preprint arXiv:1904.01127.
Fisher, R., Norman, M. and Klett, M., 2017. Enhancing infrastructure resilience through business
continuity planning. Journal of business continuity & emergency planning, 11(2), pp.163-173.
Gentile, D.G., 2018. Course# 10922 Incident Reporting and Protective Actions (No. LA-UR-18-
23206). Los Alamos National Lab.(LANL), Los Alamos, NM (United States).
Graham, J. and Kaye, D., 2015. A Risk Management Approach to Business Continuity: Aligning
Business Continuity and Corporate Governance. Rothstein Publishing.
Henry, S. and Brantly, A.F., 2018. Countering the Cyber Threat. The Cyber Defense
Review, 3(1), pp.47-56.
Ho, W., Zheng, T., Yildiz, H. and Talluri, S., 2015. Supply chain risk management: a literature
review. International Journal of Production Research, 53(16), pp.5031-5069.

Paraphrase This Document

Need a fresh take? Get an instant paraphrase of this document with our AI Paraphraser

💎 Try AI Paraphraser

22
INFORMATION GOVERANCE
Kato, M. and Charoenrat, T., 2018. Business continuity management of small and medium sized
enterprises: Evidence from Thailand. International journal of disaster risk reduction, 27, pp.577-
587.
Kato, M. and Charoenrat, T., 2018. Business continuity management of small and medium sized
enterprises: Evidence from Thailand. International journal of disaster risk reduction, 27, pp.577-
587.
Laughlin, C., 2015. Cybersecurity in Critical Infrastructure Sectors: A Proactive Approach to
Ensure Inevitable Laws and Regulations are Effective. Colo. Tech. LJ, 14, p.345.
Lee, S., Cho, H., Kim, N., Kim, B. and Park, J., 2018, January. Managing Cyber Threat
Intelligence in a Graph Database: Methods of Analyzing Intrusion Sets, Threat Actors, and
Campaigns. In 2018 International Conference on Platform Technology and Service
(PlatCon) (pp. 1-6). IEEE.
Mavroeidis, V. and Bromander, S., 2017, September. Cyber threat intelligence model: an
evaluation of taxonomies, sharing standards, and ontologies within cyber threat intelligence.
In 2017 European Intelligence and Security Informatics Conference (EISIC) (pp. 91-98). IEEE.
McNeil, A.J., Frey, R. and Embrechts, P., 2015. Quantitative Risk Management: Concepts,
Techniques and Tools-revised edition. Princeton university press.
Randall, K.P. and Kroll, S.A., 2016. Getting Serious about Law Firm Cybersecurity. NEW
JERSEY LAWYER, p.55.

23
INFORMATION GOVERANCE
Sahebjamnia, N., Torabi, S.A. and Mansouri, S.A., 2015. Integrated business continuity and
disaster recovery planning: Towards organizational resilience. European Journal of Operational
Research, 242(1), pp.261-273.
Samtani, S., Chinn, R., Chen, H. and Nunamaker Jr, J.F., 2017. Exploring emerging hacker
assets and key hackers for proactive cyber threat intelligence. Journal of Management
Information Systems, 34(4), pp.1023-1053.
Shackleford, D., 2015. Who’s using Cyberthreat Intelligence and how?. SANS Institute.
Retrieved January, 24, p.2018.
Stalcup, M., 2015. Policing uncertainty: On suspicious activity reporting. Modes of Uncertainty:
Anthropological Cases, pp.69-87.
Surma, J., 2019. Cyber Threat Intelligence Systems: problems and challenges. Collegium of
Economic Analysis Annals, (54), pp.267-274.
Tosh, D., Sengupta, S., Kamhoua, C., Kwiat, K. and Martin, A., 2015, June. An evolutionary
game-theoretic framework for cyber-threat information sharing. In 2015 IEEE International
Conference on Communications (ICC) (pp. 7341-7346). IEEE.
Vinayakumar, R., Poornachandran, P. and Soman, K.P., 2018. Scalable framework for cyber
threat situational awareness based on domain name systems data analysis. In Big Data in
Engineering Applications (pp. 113-142). Springer, Singapore.
Wallace, M. and Webber, L., 2017. The disaster recovery handbook: A step-by-step plan to
ensure business continuity and protect vital operations, facilities, and assets. Amacom.

24
INFORMATION GOVERANCE
Wiengarten, F., Humphreys, P., Gimenez, C. and McIvor, R., 2016. Risk, risk management
practices, and the success of supply chain integration. International Journal of Production
Economics, 171, pp.361-370.
Williams, R., Samtani, S., Patton, M. and Chen, H., 2018, November. Incremental Hacker Forum
Exploit Collection and Classification for Proactive Cyber Threat Intelligence: An Exploratory
Study. In 2018 IEEE International Conference on Intelligence and Security Informatics (ISI) (pp.
94-99). IEEE

Secure Best Marks with AI Grader

Need help grading? Try our AI Grader for instant feedback on your assignments.

💎 Get Pro

25
INFORMATION GOVERANCE
Reflection
I have analyzed that the risk assessment for the IT services as well as data security is
identified to be the most important option for resolving the issues that the organization “Private
Match” faces. The business continuity plan which is developed helps in providing proper
overview about the business if something wrong happens. I have analyzed that development of
security policies as well as change management policies are identified to be effective within the
IT infrastructures. Moreover, proper guidance is provided to the staff that concerns about the
ethical, legal and regulatory compliance. In addition to this, proper information about the laws as
well as industry related best practices are important.

1 out of 26

+13062052269

info@desklib.com

Information Governance: Risk Assessment, Business Continuity, and Security Enhancement

Contribute Materials

Secure Best Marks with AI Grader

Paraphrase This Document

Secure Best Marks with AI Grader

Paraphrase This Document

Secure Best Marks with AI Grader

Paraphrase This Document

Secure Best Marks with AI Grader

Paraphrase This Document

Secure Best Marks with AI Grader

Related Documents

Job Management in PM Assessment 2022

IT Security Risks and Measures for Protection

Information Governance

Regional Gardens Case Study PDF

Disaster Recovery Poster Assignment 2022

IT Security in an Organization - Risk Assessment and Disaster Management