Your All-in-One AI-Powered Toolkit for Academic Success.

+13062052269

info@desklib.com

Available 24*7 on WhatsApp / Email

Company

Tools

Support

Information Governance and Cyber Security: Risks and Mitigation Strategies

Verified

Added on 2023/06/18

AI Summary

This report discusses the development of information governance policy for UEH along with risk assessment methodologies and strategy in order to implement strong information governance for Blackbaud. It also highlights cyber security threats and steps to evade them, information security management system, information assets to be considered for risk analysis, and importance of information system in organization.

Contribute Materials

Your contribution can guide someone’s learning journey. Share your documents today.

INFORMATION
GOVERNANCE AND CYBER
SECURITY

Secure Best Marks with AI Grader

Need help grading? Try our AI Grader for instant feedback on your assignments.

💎 Get Pro

TABLE OF CONTENTS
INTRODUCTION...........................................................................................................................3
TASK 1............................................................................................................................................3
TASK 2............................................................................................................................................6
TASK 3............................................................................................................................................8
CONCLUSION..............................................................................................................................11
REFERENCES..............................................................................................................................12
2

INTRODUCTION
Information governance refers to the technologies adopted by the establishments with
certain policies, procedures, control and strategies working in order to optimize information in
order to meet its business requirements along with legal and industry regulations while
minimising risks (Alhassan and Adjei-Quaye, 2017). This report will highlight the development
of information governance policy for UEH along with risk assessment methodologies and
strategy in order to implement strong information governance for Blackbaud.
TASK 1
Cyber security threats and steps to evade them by Information Governance
The cyber security threats latest are:
a) Ransomware: It is a malware form which attempt for encrypting data and extorting a
ransom for releasing a code for unlocking. The ransomware gets delivered through emails
which are malicious (Humayun and et.al., 2020). The key steps for protecting the
company by information system governance are:
o Awareness in staff, the staff has to be aware of emails which are unsolicited, in
particular those that need a quick response.
o Protection of malware, installing and maintaining an anti-virus which is good and
protection software from malware.
o Software update, keeping application up to date.
o Data backup, series of data back ups which is well managed and allow for
recovering from version unencrypted of file.
b) Phishing: It is an attempt for gaining information that is sensitive of posing a contact like
a trustworthy one, for example online or bank service. A form known as spear phishing is
a targeted attempt to gain information about individuals. Phishing mails may appear to be
true, with no mistakes and errors and using genuine logos. This form is of spear phishing,
3

where a fake mail of a top management executive may pressurise another one down the
hierarchy to give information about some relevant financials which is kept confidential
otherwise (Gunduz and Das, 2020). They are worth considering ways for adding
safeguards that are additional for protection identity of top management executives for
preventing impersonation. Information assets governance have to follow these measures
for protection:
 Creating awareness among people that companies do not ask information which is
confidential.
 Making use of software of anti-malware.
 Issuing guidelines for being suspicious of mails that are unexpected.
 Making sure that filters of spam are kept on in systems. Checking regularly in
case any e-mail has been trapped in it.
Data leakage
As cyber security seems tough in office, it has to be noted that security extension is
beyond office also. Usage of tablets and smartphones has been widely spread. Through
storage devices which are portable they can be made useful for transportation and data
backup (Humayun and et.al., 2020). These features can be stolen and thus information
assets have to follow steps for preventing data leakage of the organisation like:
A) It has to be made sure that mobiles used in offices have password locks.
B) GPS tracker and option of removing data has to be present if the device is lost.
C) Use of software for encryption is recommended highly while using storage devices
that are portable.
D) Keeping a watch over mobile and manual paper work. This is a way of monitoring to
avoid crimes that are opportunistic.
Hacking
For gaining access to IT from organisation’s outside has been attempted to gain financial
information. Intellectual property is a value source. Through tricks, information can be
gained of passwords and username. Information assets governance has to use primary
methods of awareness of user and training, installing of network firewalls and data access
4

Paraphrase This Document

Need a fresh take? Get an instant paraphrase of this document with our AI Paraphraser

💎 Try AI Paraphraser

security for the safeguard. There is also a hacking however, which is done by technical
people just to portray the lack in software system of the company and not misuse
information (Gunduz. and Das, 2020).
The best practices as per following the social, ethical and legal framework of
information security advisors are:
 The activities have to be governed based on requirements of the organisational
policies and laws and regulations.
 Senior managers have to be involved actively in information establishment of
framework security governance and governing act of implementation of
information security.
 Information security responsibility can be assigned and carried by individuals
who are trained appropriately.
 Individuals who are responsible for information security have to be held
accountable for the actions or inaction.
 Communication to stakeholders at all levels have to be done by information
security priorities for all levels for ensuring implementation successfully of
information program of security.
 The security activities of the information have to be integrated with management
activities of enterprise with inclusion of planning strategically, capital planning
and architecture enterprise.
 Information security structure has to be suitable for the organisation it is
supporting and evolving with organisation, if organisation is undergoing change.
 Information security have to do monitoring of the security program’s performance
of which they are responsible with use of information and available tools (Berry
and Berry, 2018).
 Information found through monitoring has to be used as input in decisions of
management about funding priorities and disbursement for security features
improvement and the organisation’s performance.
5

 Information Security and administration have to work together for meeting
security and compliance requirements. Cooperation lack in departments can lead
to errors in configuration. There has to be risk assessment by identification of
risks to be reduced (Evans and Price, 2020).
 The other objectives of Information Security is to keep data confidential where
individuals with authority only can use data, keep integrity of data being intact,
complete and accurate and IT systems have to be operational. The users
availability for gaining information should be there as per need for the
organisation.
TASK 2
An information security management system is a structure of policies and controls that
manage the security measures and risks in systematic manner across the entire establishment. It
ensures the availability, confidentiality and truthfulness of resources from helplessness. The
ISMS is a systematic approach consisting of certain procedures, technology and people in it in
order to protect and manage company’s information through proper risk management. There are
three key aspects of the information security management system such as confidentiality,
availability and integrity along with the security needs in order to protect the data that are stored
by the firm Blackbaud (Miloslavskaya and Tolstoy, 2019). This kind of appropriate system
ensures the proper security of the personal data of parents, students as well as staff members in
unquestionable manner. For this purpose it has been evaluated that the data be secured and safe
according to all aspects. For this reason, the Blackbaud requires the safety primarily rather than
any other information security management system attributes. As per the given case study, it has
been analysed that the Blackbaud highly impacts due to threats and openness like hacking,
internal security problems for system that cannot compare with general information systems and
has impacted drastically that brings out severe social dislocation of the University within the
competitive market place.
However, it has been evaluated that the requirements of the firm are completely based on
safety whereas the control and requirements are based on the basis of confidentiality, availability
and integrity. Thus, various researches suggest that safety should be the new concept and
considered as a part of the new ISMS along with integrity, confidentiality and availability.
6

When it comes to the approach of safety, it is just a part of the availability. The benefits of
utilising the concept of safety states that the information of the Blackbaud or significant data
could be uncovered squeezed or leaked if the internal safety for the system is not guaranteed for
unanticipated cyber security changes. The benefits acquired by the firm with the involvement of
safety approach of ISMS within the firm is that it helps to provide complete security to all the
necessary information that includes all the relevant data and details, with this implementation it
provides defence against cyber attacks, improves university work culture as it enables the
employees to understand security risks and security controls, safeguard all other approaches of
data, provides the whole firm complete protection along with centrally managed the entire
framework of the Blackbaud (Castilho and et.al., 2017). However, as all other concepts this also
includes certain drawbacks as well such as it includes strict rules and regulations, difficult to
work with non skilled people as it requires extremely skilled employees and restrictions of
resources also affects the functioning of this approach in most effectual manner.
Although the fundamental principles of information security management system are
confidentiality, availability and integrity as above stated safety approach is the newly introduced
approach within the system of ISMS. Although, it has been evaluate that every element of the
information security program should be designed in proper manner to achieve one or more of
these principles appropriately.
Information governance framework is a complete structure that provides complete
understanding and documentation of University legal, regulations as well as requirements that
are beneficial for maintaining the governance framework (Bennett, 2017). This framework
includes five phases in which the first phase refers to the business process stage under which
goals and objectives along with various strategies have been prepared with the fulfilment of
regulatory requirements. At the next stage the report has been prepared which includes the
understanding of the strategy that has been accepted according to the current scenario. The third
stage is planning for change under which the identification of approved repositories has been
evaluated with proper monitoring. Fourth stage is implementation phase in which transformation
of data into information has been takes place. And the last stage is the analytics phase in which
reporting, auditing, compliance, ranking and other analytics in order to ensure the response time
and costs has been analysed. This practices ensures that the Blackbaud has utilised correct
7

Secure Best Marks with AI Grader

Need help grading? Try our AI Grader for instant feedback on your assignments.

💎 Get Pro

strategies in order to secure their data along with ensures the proper administrative controls in
order to mitigate cyber-security risks.
TASK 3
Information assets to be considered for risk analysis
Software applications
Software application is the process which bind the resources in functional system together.
Software applications to be included in Information asset includes:
a) EDI applications
b) Fax applications
c) Payment processing applications
d) HR management applications
e) E-mail applications
There is risk of data being stolen through these applications and safeguarding is required.
Integrated equipment or devices
There are equipment devices for creation, receiving, maintaining and transmitting information
which is sensitive for performing functions which are specialised. Examples are integrated
device and equipment like TV recording equipment, physical key security systems etc. for
inclusion of Information System Asset (Berry and Berry, 2018). These assets’ type have to be
grouped in classes having similar threats. There is risk of data being stolen from these devices.
Third party services and providers
Organisations omitting information assets are managed by business associates in organisation for
creation, receiving, maintaining and transmitting information that is sensitive. This has to be
included in Information Asset Inventory. Examples are hardware maintenance services, payroll
services etc. The information is having regular access by the suppliers and needs to be
safeguarded (Petrenko, Petrenko and Makoveichuk, 2017).
Networking Infrastructure Components
8

The network components receive and transmit information which is sensitive. They have to be
considered for analysis of risks and technical testing with networking hardware including:
 Routers
 Switches
 LAN cards
 Wireless routers
 Cables
Networking software
Network management and operations
Operating systems
Firewall
Network services
Satellite
Metro Ethernet
Wireless protocols
Information assets or media
Voice system: It stores recordings or messages.
Closed circuit TV system
These data systems carry and transmit information and there is a requirement of
safeguarding them.
Risk assessment methodologies
Risk Analysis Workbench Tool and IRAM 2
The methodology provide a guide stepwise for assessing of security risk . IRAM2 has focus on
internal vulnerabilities which are internal and their impacts that are potential on outside of the
organization (Evans and Price, 2020).
9

Microsoft Security Assessment Tool
It helps IT professional utilizing products of Microsoft for targeting needs of enterprise in the
compliance and security areas, infrastructure and management, collaborations and
communications.
Importance of information system in organisation
Business communication systems
The management gathers and distributes information and information systems make the process
more efficient with allowing managers for communication rapidly. E-mail is an effective way
however, managers utilise information systems by document storage in folders which they share
with employees needing the information. Every employee can communicate information
additional through making change in system tracks. Manager does collection of inputs and send
the revised document to the target audience. However, these communication systems are also
vulnerable for being hacked and information getting stolen.
Business Operations Management
Managing information depends on the information possessed. Information systems may offer
complete information allowing for more efficient operations. They can be used for sales insights
of data and identifies the stock that is performing well. There is information in numeric form
also, thus it becomes large amount of data to store and also to be kept secured. Customer data is
also responsibility of operations to keep secure which if leaked, can tarnish the company’s
reputation (Camisón-Haba and González-Cruz, 2020).
Decision-making of company
Company information system assists in making better decisions by delivering information
needed and modelling the results of decisions. Decision involves taking a course of action from
many alternatives and carrying out the tasks corresponding. The decision-making has to be kept
10

Paraphrase This Document

Need a fresh take? Get an instant paraphrase of this document with our AI Paraphraser

💎 Try AI Paraphraser

confidential and none of the committee members is supposed to discuss it beyond the meeting
room. Information can be used by competitor of the upcoming strategy of the company if leaked.
Record keeping of company
There is record needed for activities of organisation for regulatory and financial purposes and
also for finding the problems’ cause and taking of action correctively. Information system does
storage of documents and revises history, records of communication and data which is
operational. However, there is a need for keeping dual copes of the record and surveillance, the
data has to be channelled through a common server and monitoring it may become a challenge
for the organisation (Camisón-Haba and González-Cruz, 2020).
Information system for Blackbaud
Blackbaud has SIS solution for data that is dependable. The software works in connection with
education management solution for providing private schools with data flow. The features of the
information system used in company is:
 Academic data that is streamlined with management of records of students with
information about academic course.
 Academic formulas which are customisable for letter or numeric grading.
 Schedule that is configurable for matching unique structure of school.
 Course request management which takes in prerequisites and approvals and
provides overview of the scheduling dashboard (Petrenko, Petrenko and
Makoveichuk, 2017).
 Tracking of attendance for records.
 Location of students through Find Me Now feature.
 Student data management for sharing profiles that are learning, official notes etc.
 Reporting card and transcript builder with editor and style controls.
CONCLUSION
It can be concluded that the cyber security threats are present making information systems
vulnerable. However, there are solutions which have been emphasised here. Cyber threats and
11

role of information security has been explained. There has been approach justified for scope plus
content of ISMS with evaluation of information governance frameworks. Risk assessment
methodologies of information assets and importance of information governance has been
provided.
REFERENCES
Books and Journals
Alhassan, M.M. and Adjei-Quaye, A., 2017. Information Security in an
Organization. International Journal of Computer (IJC), 24(1). pp.100-116.
Bennett, S., 2017. What is information governance and how does it differ from data
governance?. Governance Directions, 69(8). pp.462-467.
Berry, C.T. and Berry, R.L., 2018. An initial assessment of small business risk management
approaches for cyber security threats. International Journal of Business Continuity and
Risk Management, 8(1), pp.1-10.
Camisón-Haba, S. and González-Cruz, T., 2020. Information assets: A typology of disclosed and
non-disclosed information. Technological Forecasting and Social Change, 160,
p.120242.
Castilho, S.D., and et.al., 2017, May. Proposed model to implement high-level information
security in internet of things. In 2017 Second International Conference on Fog and
Mobile Edge Computing (FMEC) (pp. 165-170). Ieee.
Evans, N. and Price, J., 2020. Development of a holistic model for the management of an
enterprise’s information assets. International Journal of Information Management, 54,
p.102193.
Gunduz, M.Z. and Das, R., 2020. Cyber-security on smart grid: Threats and potential
solutions. Computer networks, 169, p.107094.
Humayun, M., Niazi, M., Jhanjhi, N.Z., Alshayeb, M. and Mahmood, S., 2020. Cyber security
threats and vulnerabilities: a systematic mapping study. Arabian Journal for Science and
Engineering, 45(4), pp.3171-3189.
Miloslavskaya, N. and Tolstoy, A., 2019. Internet of things: information security challenges and
solutions. Cluster Computing, 22(1). pp.103-119.
12

Petrenko, S.A., Petrenko, A.S. and Makoveichuk, K.A., 2017. Problem of developing an early-
warning cybersecurity system for critically important governmental information
assets. network, 4, pp.7-8.
13

1 out of 13

+13062052269

info@desklib.com

Information Governance and Cyber Security: Risks and Mitigation Strategies

Contribute Materials

Secure Best Marks with AI Grader

Paraphrase This Document

Secure Best Marks with AI Grader

Paraphrase This Document

Related Documents

Information Governance And Cyber Security

Cybersecurity Threat Name of the Student

Cyber-Security: Phishing, Spear Phishing, Ransomware, Scareware and Enterprise Information Security

Analysis of It Security And Management

Network Security and Types of Security Threats and Attacks in Information Technology

Cyber Security Assessment 2022