Information Governance: Risk Assessment, Business Continuity, and Security Enhancement
Added on 2023-01-17
26 Pages5829 Words25 Views
Running head: INFORMATION GOVERANCE
Private-Match (PM)
Name of the Student
Name of the University
Author’s Note
Private-Match (PM)
Name of the Student
Name of the University
Author’s Note
INFORMATION GOVERANCE
1
Table of Contents
Introduction......................................................................................................................................2
1.1 Risk assessment relating to IT services and data security with proper recommendations....2
1.2 Business continuity plan........................................................................................................8
1.3 Steps for enhancing operational and environmental security................................................9
2. Guide for the staff concerning ethical, legal and regulatory compliance..................................11
2.1 Potential financial as well as reputational loss that would occur due to breach..................11
2.2 Responsibilities of the involved stakeholders......................................................................12
2.3 Training facility to the staffs................................................................................................13
2.4 Steps for reporting any suspicious incident.........................................................................14
2.5 Clear information about the laws and industry best practices.............................................16
3. A4 electronic poster for Disaster Recovery...............................................................................18
Conclusion.....................................................................................................................................19
References......................................................................................................................................20
1
Table of Contents
Introduction......................................................................................................................................2
1.1 Risk assessment relating to IT services and data security with proper recommendations....2
1.2 Business continuity plan........................................................................................................8
1.3 Steps for enhancing operational and environmental security................................................9
2. Guide for the staff concerning ethical, legal and regulatory compliance..................................11
2.1 Potential financial as well as reputational loss that would occur due to breach..................11
2.2 Responsibilities of the involved stakeholders......................................................................12
2.3 Training facility to the staffs................................................................................................13
2.4 Steps for reporting any suspicious incident.........................................................................14
2.5 Clear information about the laws and industry best practices.............................................16
3. A4 electronic poster for Disaster Recovery...............................................................................18
Conclusion.....................................................................................................................................19
References......................................................................................................................................20
INFORMATION GOVERANCE
2
Introduction
The paper mainly reflects on the organization “Private Match” which is a national dating
agency. It is found that currently the company has six offices within the country with one head
office. The PM administer their matching services with the help of websites as well as mobile
applications and matching is generally done with the help of AI algorithms. In order to make
matching, lots of personal data of the customers are asked and therefore data protection is one of
the keys for the entire company. Presently, the organization is facing a number of struggles in
order to properly understand the complexities for implementing new data as well as protection
regulations properly. In order to avoid such issues, the company generally decided to implement
a full risk assessment for the IT services as well as different types of related data, proper disaster
management and recovery plan. In addition to this, the company also wants to set proper
enhanced IT policies that generally include data protection, backup policy as well as staff
training policies effectively for maintaining proper operational as well as environmental security
of the company.
1. Proposal to the board of directors
1.1 Risk assessment relating to IT services and data security with proper recommendations
The risk assessment that is done on the IT services as well as data security mainly
determines the hazard, risk factors and analyzes proper ways for eliminating the risks that are
associated with the IT services as well as data security.
Risk Description Impact Probability Mitigation
/recommendation
Malicious use Cyberhacking High High It is found that
2
Introduction
The paper mainly reflects on the organization “Private Match” which is a national dating
agency. It is found that currently the company has six offices within the country with one head
office. The PM administer their matching services with the help of websites as well as mobile
applications and matching is generally done with the help of AI algorithms. In order to make
matching, lots of personal data of the customers are asked and therefore data protection is one of
the keys for the entire company. Presently, the organization is facing a number of struggles in
order to properly understand the complexities for implementing new data as well as protection
regulations properly. In order to avoid such issues, the company generally decided to implement
a full risk assessment for the IT services as well as different types of related data, proper disaster
management and recovery plan. In addition to this, the company also wants to set proper
enhanced IT policies that generally include data protection, backup policy as well as staff
training policies effectively for maintaining proper operational as well as environmental security
of the company.
1. Proposal to the board of directors
1.1 Risk assessment relating to IT services and data security with proper recommendations
The risk assessment that is done on the IT services as well as data security mainly
determines the hazard, risk factors and analyzes proper ways for eliminating the risks that are
associated with the IT services as well as data security.
Risk Description Impact Probability Mitigation
/recommendation
Malicious use Cyberhacking High High It is found that
INFORMATION GOVERANCE
3
of AI methods or
techniques such
as spear phishing
are very much
common but due
to the utilization
of AI, the entire
methods become
much more
powerful. It is
found that due to
the use of AI,
hackers will
generally be able
to attack the
entire network at
a very much
faster rate by
successfully
manipulating the
entire AI
systems
(McNeil, Frey
hybrid human
machine approach
is generally
needed and will
generally be
needed in various
areas including
the model
buildings as well
as proper
categorization that
is generally
dependent on
proper screening
as well as proper
even analysis of
cybersecurity
literature for
properly
determining the
present threats.
This is generally
helpful in
3
of AI methods or
techniques such
as spear phishing
are very much
common but due
to the utilization
of AI, the entire
methods become
much more
powerful. It is
found that due to
the use of AI,
hackers will
generally be able
to attack the
entire network at
a very much
faster rate by
successfully
manipulating the
entire AI
systems
(McNeil, Frey
hybrid human
machine approach
is generally
needed and will
generally be
needed in various
areas including
the model
buildings as well
as proper
categorization that
is generally
dependent on
proper screening
as well as proper
even analysis of
cybersecurity
literature for
properly
determining the
present threats.
This is generally
helpful in
INFORMATION GOVERANCE
4
and Embrechts
2015). Thus, due
to the expansion
of the present AI
technologies,
hackers
generally carry
out some of the
complex tasks
very much
efficiently at a
very much lower
cost and thus
these advanced
cyberattacks will
be much more
difficult to
notice and quite
difficult to stop.
identifying the
threats at the
initial stage so
that they can be
mitigated by
taking proper
steps.
Lack of
cybersecurity
policy
Security
standards are
considered as
quite important
High High It is quite
important to
prioritize the
cybersecurity
4
and Embrechts
2015). Thus, due
to the expansion
of the present AI
technologies,
hackers
generally carry
out some of the
complex tasks
very much
efficiently at a
very much lower
cost and thus
these advanced
cyberattacks will
be much more
difficult to
notice and quite
difficult to stop.
identifying the
threats at the
initial stage so
that they can be
mitigated by
taking proper
steps.
Lack of
cybersecurity
policy
Security
standards are
considered as
quite important
High High It is quite
important to
prioritize the
cybersecurity
INFORMATION GOVERANCE
5
for the company
and if proper
cybersecurity
policy is not
present then the
cyber criminals
generally does
not target
companies in the
tech sectors but
they are
generally
threatening
every single
company (Ho et
al. 2015).
policies
successfully. In
addition to this,
proper
implementation of
cyber security
policies are
important for
resolving the
problems that
occur due to lack
of cybersecurity
policy.
Data theft It is found that
the data as well
as information of
the customers
can be targeted
that generally
can cause initial
High High The problem of
data theft can be
reduced by
strengthening the
security system by
utilizing firewall
so that hacking of
5
for the company
and if proper
cybersecurity
policy is not
present then the
cyber criminals
generally does
not target
companies in the
tech sectors but
they are
generally
threatening
every single
company (Ho et
al. 2015).
policies
successfully. In
addition to this,
proper
implementation of
cyber security
policies are
important for
resolving the
problems that
occur due to lack
of cybersecurity
policy.
Data theft It is found that
the data as well
as information of
the customers
can be targeted
that generally
can cause initial
High High The problem of
data theft can be
reduced by
strengthening the
security system by
utilizing firewall
so that hacking of
End of preview
Want to access all the pages? Upload your documents or become a member.
Related Documents
Job Management in PM Assessment 2022lg...
|22
|5805
|27
IT Security Risks and Measures for Protectionlg...
|12
|2907
|91
Information Governancelg...
|23
|5882
|443
Regional Gardens Case Study PDFlg...
|13
|2647
|14
Disaster Recovery Poster Assignment 2022lg...
|1
|978
|43
IT Security in an Organization - Risk Assessment and Disaster Managementlg...
|14
|3006
|309