Information Security Management
Added on 2023-04-21
21 Pages5376 Words392 Views
Theoretical Computer ScienceData Science and Big DataNutrition and Wellness
|
|
|
Running head: INFORMATION SECURITY MANAGEMENT
Information Security Management
Name of the Student
Name of the University
Author’s Note:
Information Security Management
Name of the Student
Name of the University
Author’s Note:
1
INFORMATION SECURITY MANAGEMENT
Table of Contents
Introduction................................................................................................................................2
Task 1: The CISO Memo...........................................................................................................2
Task 2: Information Security Policy..........................................................................................6
Conclusion................................................................................................................................15
References................................................................................................................................16
INFORMATION SECURITY MANAGEMENT
Table of Contents
Introduction................................................................................................................................2
Task 1: The CISO Memo...........................................................................................................2
Task 2: Information Security Policy..........................................................................................6
Conclusion................................................................................................................................15
References................................................................................................................................16
2
INFORMATION SECURITY MANAGEMENT
Introduction
The information security is the subsequent practice to prevent any type of
unauthorized access, utilization, disruption, inspection, destruction or recording of relevant
information. This relevant data or information could eventually undertake any specific form
electronic and physical and the major focus of this information security is to balance the
protection of confidentiality, integrity as well as availability of data by maintenance of focus
on the efficient policy deployment without even hampering the productivity of the
organization (Siponen, Mahmood and Pahnila 2014). A multi step risk management process
is required for identifying assets, potential impacts, threat sources and many more are
considered here. The following report outlines a brief discussion about the information
security management in the organization of University of Hertfordshire with proper details. A
CISO Memo and information security policy of the organization will be provided here.
Security issues as well as relevant solutions will be properly described in this report to
understand the current position of the University of Hertfordshire in respect to information
security.
Task 1: The CISO Memo
A new Chief Information Security Officer or CISO has been appointed for the
respective Department of Computer Science within the University of Hertfordshire (Crossler
et al. 2013). The existing information security policy of this particular organization is
required to be reviewed as well as analysed. The respective information security policy of
this organization subsequently identifies every key security principle that are underpinning
the policy (Von Solms and Van Niekerk 2013). This particular information-security policy is
supplementary to the subsequent information management policy and follows a standard code
of practice. The major purpose of this specific document is to adopt several principles,
INFORMATION SECURITY MANAGEMENT
Introduction
The information security is the subsequent practice to prevent any type of
unauthorized access, utilization, disruption, inspection, destruction or recording of relevant
information. This relevant data or information could eventually undertake any specific form
electronic and physical and the major focus of this information security is to balance the
protection of confidentiality, integrity as well as availability of data by maintenance of focus
on the efficient policy deployment without even hampering the productivity of the
organization (Siponen, Mahmood and Pahnila 2014). A multi step risk management process
is required for identifying assets, potential impacts, threat sources and many more are
considered here. The following report outlines a brief discussion about the information
security management in the organization of University of Hertfordshire with proper details. A
CISO Memo and information security policy of the organization will be provided here.
Security issues as well as relevant solutions will be properly described in this report to
understand the current position of the University of Hertfordshire in respect to information
security.
Task 1: The CISO Memo
A new Chief Information Security Officer or CISO has been appointed for the
respective Department of Computer Science within the University of Hertfordshire (Crossler
et al. 2013). The existing information security policy of this particular organization is
required to be reviewed as well as analysed. The respective information security policy of
this organization subsequently identifies every key security principle that are underpinning
the policy (Von Solms and Van Niekerk 2013). This particular information-security policy is
supplementary to the subsequent information management policy and follows a standard code
of practice. The major purpose of this specific document is to adopt several principles,
3
INFORMATION SECURITY MANAGEMENT
policies as well as practices that eventually maximize the overall protection against all types
of risks so that this security of the information and even the systems are being ensured
eventually (Peltier 2013). Moreover, they ensure that the University’s systems and
information are the most significant assets of an organization that should be protected
properly.
The scope of the information security policy of University of Hertfordshire is that
each and every member of the university is subsequently required to comply with the policy
that on the contrary, applies to the collaborative activities undertaken by its partner
organizations (Siponen, Mahmood and Pahnila 2014). As per the University’s information
policy, the wholly owned subsidiaries and companies where the university has any interest
would be in subject to few processes as well as policies set out in the document. The various
financial regulations, relevant memoranda of understanding and relevant shareholder’s
agreements of this organization are clearly stated within this information security policy.
The key principles of this information security policy of University of Hertfordshire
majorly involves the principles of availability, integrity, confidentiality, compliance,
responsibilities of members of the university and analysis (Yang, Shieh and Tzeng 2013).
The availability of the data of this university states that for the purpose of enabling the data
and fulfil the defined roles, the respective members of this university would have subsequent
access to the information and hence the various systems, which handle information in
restrictions of few advantages are eventually granted to these members. The second principle
is integrity (Peltier 2016). The information that is available to each and every member of this
university must be in timely manner, complete as well as accurate so that the respective
university has the ability of conducting its business processes and academic processes
effectively and efficiently.
INFORMATION SECURITY MANAGEMENT
policies as well as practices that eventually maximize the overall protection against all types
of risks so that this security of the information and even the systems are being ensured
eventually (Peltier 2013). Moreover, they ensure that the University’s systems and
information are the most significant assets of an organization that should be protected
properly.
The scope of the information security policy of University of Hertfordshire is that
each and every member of the university is subsequently required to comply with the policy
that on the contrary, applies to the collaborative activities undertaken by its partner
organizations (Siponen, Mahmood and Pahnila 2014). As per the University’s information
policy, the wholly owned subsidiaries and companies where the university has any interest
would be in subject to few processes as well as policies set out in the document. The various
financial regulations, relevant memoranda of understanding and relevant shareholder’s
agreements of this organization are clearly stated within this information security policy.
The key principles of this information security policy of University of Hertfordshire
majorly involves the principles of availability, integrity, confidentiality, compliance,
responsibilities of members of the university and analysis (Yang, Shieh and Tzeng 2013).
The availability of the data of this university states that for the purpose of enabling the data
and fulfil the defined roles, the respective members of this university would have subsequent
access to the information and hence the various systems, which handle information in
restrictions of few advantages are eventually granted to these members. The second principle
is integrity (Peltier 2016). The information that is available to each and every member of this
university must be in timely manner, complete as well as accurate so that the respective
university has the ability of conducting its business processes and academic processes
effectively and efficiently.
4
INFORMATION SECURITY MANAGEMENT
Confidentiality, on the other hand, ensures that confidential information must be
accessible only to those specified people, who had been authorized for accessing the accurate
information (Xu et al. 2014). The information, which is not at all confidential must be
promptly accessible without any type of limitation. The next significant security principle
present in this information security policy of University of Hertfordshire is compliance. This
information must be detained as well as operated in such a manner that all contractual,
statutory and legal responsibilities of this particular organization are not being compromised.
The responsibilities of the members of the university must have proper authority and they
must comprehend their duties in respect to the information privacy and then conform to each
and every university regulation as well as policy (Singh 2013). The proper analysis of the
threats and a systematic identification of relevant and accurate risks is highly required in this
case for proper eradication of issues within the respective information security policy.
This information security policy of University of Hertfordshire also provides major
policy areas by which risk could be analysed properly and systematically. The first policy
area is business continuity, which defines that the university is needed to progress as well as
sustain a specific business continuity planning on the basis of formalized risk analysis (Safa,
Von Solms and Furnell 2016). The various duties must be established and it should be
ensured that all the members are meeting their responsibilities effectively. Compliance is the
next policy area, where the information management process should allow this university in
complying with the obligations of legal or statutory. The compliance issues like protection of
data, information freedom, copyrights, IP or intellectual property, protection of software and
licensing, and finally disposal of equipment are to be removed eventually. The outsourcing
and the third party access are also checked with this particular information security policy
(Andress 2014). The external supplier, who is being given contract to the supplying of goods
or services to this University of Hertfordshire, which would eventually bring them to the
INFORMATION SECURITY MANAGEMENT
Confidentiality, on the other hand, ensures that confidential information must be
accessible only to those specified people, who had been authorized for accessing the accurate
information (Xu et al. 2014). The information, which is not at all confidential must be
promptly accessible without any type of limitation. The next significant security principle
present in this information security policy of University of Hertfordshire is compliance. This
information must be detained as well as operated in such a manner that all contractual,
statutory and legal responsibilities of this particular organization are not being compromised.
The responsibilities of the members of the university must have proper authority and they
must comprehend their duties in respect to the information privacy and then conform to each
and every university regulation as well as policy (Singh 2013). The proper analysis of the
threats and a systematic identification of relevant and accurate risks is highly required in this
case for proper eradication of issues within the respective information security policy.
This information security policy of University of Hertfordshire also provides major
policy areas by which risk could be analysed properly and systematically. The first policy
area is business continuity, which defines that the university is needed to progress as well as
sustain a specific business continuity planning on the basis of formalized risk analysis (Safa,
Von Solms and Furnell 2016). The various duties must be established and it should be
ensured that all the members are meeting their responsibilities effectively. Compliance is the
next policy area, where the information management process should allow this university in
complying with the obligations of legal or statutory. The compliance issues like protection of
data, information freedom, copyrights, IP or intellectual property, protection of software and
licensing, and finally disposal of equipment are to be removed eventually. The outsourcing
and the third party access are also checked with this particular information security policy
(Andress 2014). The external supplier, who is being given contract to the supplying of goods
or services to this University of Hertfordshire, which would eventually bring them to the
5
INFORMATION SECURITY MANAGEMENT
contract with every resource of university and he should agree for abiding by this information
security policy.
The University of Hertfordshire has even mentioned about the information handling
of the organization. The respective management of the company should ensure that the
safeguards are kept in place for the core purpose of ensuring proper protection of integrity of
information during the restoration or recovery of the lost or corrupted data files or folders
(Soomro, Shah and Ahmed 2016). User management and utilization of computers are also
enhanced here so that illegal and unethical use of data is being stopped by them efficiently
and without any complexity (Dehling et al. 2015). Moreover, mobile computing, network
management and business critical software management are also checked by them.
The problems or areas of improvements of information security policy of this
university mainly include regular assessments (Sommestad et al. 2014). They do not check
for their system issues regularly and thus this could turn out to be a major problem in their
daily work. As the students and university members have to follow the rules and regulations
for the proper maintenance of information and data security effectively and efficiently. A
periodical assessment of their policy is recommended for University of Hertfordshire. The
other issue includes lack of security to their assets and resources. Since the students and other
organizational members are provided with resources, it is quite important for them to
maintain them with utmost security. However, no such extra security is incurred in the
information security policy of this organization (Parsons et al. 2014). Although, they have
maintained few rules for such act, there always remains a high security issue for them.
INFORMATION SECURITY MANAGEMENT
contract with every resource of university and he should agree for abiding by this information
security policy.
The University of Hertfordshire has even mentioned about the information handling
of the organization. The respective management of the company should ensure that the
safeguards are kept in place for the core purpose of ensuring proper protection of integrity of
information during the restoration or recovery of the lost or corrupted data files or folders
(Soomro, Shah and Ahmed 2016). User management and utilization of computers are also
enhanced here so that illegal and unethical use of data is being stopped by them efficiently
and without any complexity (Dehling et al. 2015). Moreover, mobile computing, network
management and business critical software management are also checked by them.
The problems or areas of improvements of information security policy of this
university mainly include regular assessments (Sommestad et al. 2014). They do not check
for their system issues regularly and thus this could turn out to be a major problem in their
daily work. As the students and university members have to follow the rules and regulations
for the proper maintenance of information and data security effectively and efficiently. A
periodical assessment of their policy is recommended for University of Hertfordshire. The
other issue includes lack of security to their assets and resources. Since the students and other
organizational members are provided with resources, it is quite important for them to
maintain them with utmost security. However, no such extra security is incurred in the
information security policy of this organization (Parsons et al. 2014). Although, they have
maintained few rules for such act, there always remains a high security issue for them.
End of preview
Want to access all the pages? Upload your documents or become a member.
Related Documents
Strategic Information Security: University of Melbournelg...
|17
|4306
|481
Guidelines for Managing Information Security Risks for Cosmos Organizationlg...
|17
|4535
|385
Information and Security Managementlg...
|22
|5365
|80
Information Security: Shangri-La Hotellg...
|11
|3046
|27
Information Security in Woolworths Supermarket, Australialg...
|11
|3130
|129
ITC 596 -IT Risk Management | Assignmentlg...
|8
|1569
|49