Information Security Management: Risks, Prevention, and Frameworks
Added on 2023-04-21
11 Pages2362 Words381 Views
|
|
|
information security management
1 | P a g e
Table of Contents
Introduction................................................................................................................................1
Ethical issues related to mishandling of various information resources....................................1
Steps taken to prevent braeches.................................................................................................1
Identification of information assets........................................................................................2
The risks associated with information assets..........................................................................2
Risk management framework(s).............................................................................................2
Conclusion..................................................................................................................................3
Table of Contents
Introduction................................................................................................................................1
Ethical issues related to mishandling of various information resources....................................1
Steps taken to prevent braeches.................................................................................................1
Identification of information assets........................................................................................2
The risks associated with information assets..........................................................................2
Risk management framework(s).............................................................................................2
Conclusion..................................................................................................................................3
2 | P a g e
Introduction
Information security management is a pre-defined set of rules and policies that are used to
manage all the sensitive data in an organisation. The goal of this security system is to
minimize the risk and ensure that business continuity goes on without any security breach
(Von Solms and Von Solms, 2014). The organisation that is considered in this report is Smart
Software Pty Ltd which is a leading software company based in Melbourne. Thus the risks
plans are developed in a way that integrity, confidentiality and availability of data packets are
maintained.
Ethical issues related to mishandling of various information resources
In case of Smart Software Pty Ltd if information is mishandled by the staff it can cause
security breaches. If resources are not handled correctly then it can cause leakage of personal
data. The sensitive files can be leaked or data loss can be a failure for the organisation. As
given the case study many employees do work from home that can cause security issue if
access is given to some unauthorised user (Von Solms and Von Solms, 2014). The ethical
issues associated in the company if information resources are not handled carefully are
hacking crimes. It is a way in which unauthorised access or man in middle tries to gain access
to authenticated information (Safa and Von Solms, 2016). Cyber criminals design techniques
to read the data from computers thus these issues can be resolved by developing proper
privacy. The virtual private networks that are used by employees can not cause harm if there
are nor securely certified. As listed in the case study some of the resources are open and
public which can cause data breach (Safa and Von Solms, 2016).
Introduction
Information security management is a pre-defined set of rules and policies that are used to
manage all the sensitive data in an organisation. The goal of this security system is to
minimize the risk and ensure that business continuity goes on without any security breach
(Von Solms and Von Solms, 2014). The organisation that is considered in this report is Smart
Software Pty Ltd which is a leading software company based in Melbourne. Thus the risks
plans are developed in a way that integrity, confidentiality and availability of data packets are
maintained.
Ethical issues related to mishandling of various information resources
In case of Smart Software Pty Ltd if information is mishandled by the staff it can cause
security breaches. If resources are not handled correctly then it can cause leakage of personal
data. The sensitive files can be leaked or data loss can be a failure for the organisation. As
given the case study many employees do work from home that can cause security issue if
access is given to some unauthorised user (Von Solms and Von Solms, 2014). The ethical
issues associated in the company if information resources are not handled carefully are
hacking crimes. It is a way in which unauthorised access or man in middle tries to gain access
to authenticated information (Safa and Von Solms, 2016). Cyber criminals design techniques
to read the data from computers thus these issues can be resolved by developing proper
privacy. The virtual private networks that are used by employees can not cause harm if there
are nor securely certified. As listed in the case study some of the resources are open and
public which can cause data breach (Safa and Von Solms, 2016).
3 | P a g e
Steps taken to prevent breaches
Some of the measures that Smart Software Pty Ltd should take to prevent its staff members
from handling information unethically are listed below.
The information should be protected by storing it over a protected network.
Downloads are restricted from any unauthorised users, as well as computers have
access to only secure sites (Ho, Hsu and Yen, 2015).
The open sources software’s that are used by the company should be licenced so risk
of transferring data to external sources are minimised. The system should have
automated security to check passwords and firewall configuration regularly.
Apart from that, an IT team of the company is used to identify suspicious network so
that attacks are identified and then steps are taken (Fakhri, Fahimah and Ibrahim,
2015). It is suggested that threats should be identified by keeping track of all the
suspicious activities.
Smart soft Pvt. Lmt. should deploy a strict but realistic security policy by controlling
the access to data. An access list should be created so that only authorised users are
able to access the information (Fakhri, Fahimah and Ibrahim, 2015). The files are
encrypted while transferring them over the channel so that even if the data is leaked it
is not in a readable format.
The other step that should be taken is by separating the personal and professional
work; the strict rule should be defined by the company that no employee is allowed to
access personal information or emails of computer networks (Kong and You,
Samsung Electronics, 2015).
Steps taken to prevent breaches
Some of the measures that Smart Software Pty Ltd should take to prevent its staff members
from handling information unethically are listed below.
The information should be protected by storing it over a protected network.
Downloads are restricted from any unauthorised users, as well as computers have
access to only secure sites (Ho, Hsu and Yen, 2015).
The open sources software’s that are used by the company should be licenced so risk
of transferring data to external sources are minimised. The system should have
automated security to check passwords and firewall configuration regularly.
Apart from that, an IT team of the company is used to identify suspicious network so
that attacks are identified and then steps are taken (Fakhri, Fahimah and Ibrahim,
2015). It is suggested that threats should be identified by keeping track of all the
suspicious activities.
Smart soft Pvt. Lmt. should deploy a strict but realistic security policy by controlling
the access to data. An access list should be created so that only authorised users are
able to access the information (Fakhri, Fahimah and Ibrahim, 2015). The files are
encrypted while transferring them over the channel so that even if the data is leaked it
is not in a readable format.
The other step that should be taken is by separating the personal and professional
work; the strict rule should be defined by the company that no employee is allowed to
access personal information or emails of computer networks (Kong and You,
Samsung Electronics, 2015).
End of preview
Want to access all the pages? Upload your documents or become a member.
Related Documents
Preventing Unethical Handling of Information Resources at Smart Software Pty Ltdlg...
|7
|1466
|207
IT Security: Protective Measures, Information Security Policy, Protecting Information in Computer System, Business Use 2-key Triple DESlg...
|8
|1360
|274
Information Security Managementlg...
|7
|1165
|32
Information Security Risk Management for Smart Software Pty LTDlg...
|16
|4716
|355
Information Security | Task Reportlg...
|11
|2699
|24
Sample Assignment on IS Securitylg...
|5
|1001
|31