Your All-in-One AI-Powered Toolkit for Academic Success.

+13062052269

info@desklib.com

Available 24*7 on WhatsApp / Email

Company

Tools

Support

Information Security Plan for WASSA Swim Association

Verified

Added on 2023/06/03

AI Summary

This report discusses the information security plan for WASSA Swim Association, including risk assessment, risk matrix, and solutions for identified risks. It also provides a classification table of information and examples of each type. The report concludes with the importance of implementing anti-virus software, firewalls, network control and access, DNS and DHCP servers, and restricting physical access to data.

Contribute Materials

Your contribution can guide someone’s learning journey. Share your documents today.

Running head: INFORMATION SECURITY
Information Security
Name of the Student
Name of the University
Author’s Note:

Secure Best Marks with AI Grader

Need help grading? Try our AI Grader for instant feedback on your assignments.

💎 Get Pro

1
INFORMATION SECURITY
Table of Contents
Executive Summary...................................................................................................................2
Introduction................................................................................................................................3
Discussion..................................................................................................................................3
1. Information Security Plan of WASSA Swim Association.................................................3
2. Risk Matrix of WASSA Swim Association.......................................................................5
3. Classification Table of Information in WASSA Swim Association..................................6
4. Solutions for the Risks Identified for WASSA Swim Association..................................10
Conclusion................................................................................................................................11
References................................................................................................................................12

2
INFORMATION SECURITY
Executive Summary
The main aim of this report is to understand the entire scenario of WASSA Swim
Association. It is a fictitious swimming association that is the peak body for the entire
administration of swimmers within Western Australia for the representation of more than 500
members as well as 5 distinct associated clubs. Information security is the specific state for
protection against the unauthorized utilization of information, especially the electronic data as
well as the measures that are undertaken for achieving this type of security. This is the proper
practice to prevent from all types of issues and problems related to the confidential
information or data. This report has properly described the scale of risk assessment and risk
matrix about the type of information as well as threats category.

3
INFORMATION SECURITY
Introduction
Information security is the significant practice of the prevention of the unauthorized
or unauthenticated access, utilization, disruption, disclosure, inspection, modification,
destruction or recording of any kind of information (Von Solms & Van Niekerk, 2013). This
type of data or information might of any form that is of either physical or electronic. The
most significant focus of the information security is to balance the subsequent protection of
CIA or confidentiality, integrity and finally availability. Hence, a proper and effective policy
is being implemented for hampering the total productivity of any particular organization.
Risk management procedure plays the most vital role in this type of security and hence the
assets, vulnerabilities, potential threats, sources of those threats, possible controls as well as
the potential controls for the efficiency and effectiveness of risk management planning
(Peltier, 2013).
The following report outlines a brief discussion on the case study of WASSA Swim
Association. A proper description of the information security and the various risks related to
the information of this organization as well as the potential impacts and solutions for those
risks would be provided in this particular report. The risk matrix for each and every risk of
WASSA would also be given here with a classification scheme.
Discussion
1. Information Security Plan of WASSA Swim Association
The information security plan of the WASSA Swim Association eventually describes
about the safeguards for the protection of information, data and resources (Peltier, 2016).
There are few reasons for these safeguards in WASSA Swim Association and these reasons
are as follows:

Paraphrase This Document

Need a fresh take? Get an instant paraphrase of this document with our AI Paraphraser

💎 Try AI Paraphraser

4
INFORMATION SECURITY
i) The first and the foremost reason for the creation of such information security plan
is the making of reasonable efforts for ensuring the confidentiality as well as security of the
covered information and data.
ii) Another significant and important reason for this type of information security plan
within WASSA Swim Association is the subsequent protection against any type of
anticipated hazards or threats to the respective integrity and security to these information and
data (Singh, 2013).
iii) The third important and noteworthy reason for the presence of an information
security plan in WASSA Swim Association is the protect against all types of unauthorized
access as well as utilization of the covered information, resources and data, which could
result in the substantial inconvenience and harm to the customers (Xu et al., 2014).
The information security plan in this WASSA Swim Association would even provide
for the mechanisms for several benefits, which are given below:
i) The first and the foremost benefit of this information security plan would be the
proper identification and assessing of risks, which could threaten the covered information,
data and resources.
ii) The second important benefit of the information security plan is that the several
risks associated with information could be easily managed and controlled (Safa, Von Solms
& Furnell, 2016).
iii) The proper implementation and reviewing of the plan for understanding the risks
are also required here.
iv) This information security plan of WASSA Swim Association should even be
adjusted for the reflection of changes in the technology, sensitivity of the confidential

5
INFORMATION SECURITY
information, data and resources and hence the external as well as internal threats of
information security are identified properly (Andress, 2014).
2. Risk Matrix of WASSA Swim Association
There are two types of risks associated with the information in WASSA Swim
Association, which are internal risks and external risks (Tamjidyamcholo et al., 2013). These
risks could be extremely vulnerable for the council members, association members, polices or
any other media types of WASSA Swim Association. The risk matrix for WASSA Swim
Association is given below:
Identified
Risks
Internal/
External
Severity Probability Impact
1.
Administrative
Rights to all
Members
Internal Catastrophic
(4)
High (4) High (4)
2. Open Source
CMS
External Critical (3) Medium (3) Medium (3)
3. Mailchimp External Catastrophic
(4)
High (4) High (4)
4. Access to the
Place
Internal Critical (3) Medium (3) Medium (3)
5. Corruption of
Data
Internal Marginal (2) Low (2) Low (2)
6. Unauthorized Internal Negligible (1) Very Low (1) Very Low (1)

6
INFORMATION SECURITY
Access of Data
7. Loss of Data
Integrity
Internal Critical (3) High (3) High (3)
8. Physical Loss
of Data
External Catastrophic
(4)
High (4) High (4)
9. Errors to
System
External Critical (3) Medium (3) Medium (3)
10. Improper
Database
System
External Negligible (1) Very Low (1) Very Low (1)
Table 1: Risk Matrix of WASSA Swim Association
Here in the above risk matrix, 4 is the highest severity and 1 is the lowest severity.
The above mentioned ten distinct risks are extremely vulnerable and dangerous for
this WASSA Swim Association and hence should be properly solved to maintain a balance
for the security of the confidential data and information (Cardenas, Manadhata & Rajan,
2013).
3. Classification Table of Information in WASSA Swim Association
The classification table of information for any organization, subsequently divides the
information to four specific classes, which are confidential, regulated, internal and finally
external (Layton, 2016). This type of classification helps the organization to deal with the
various types of information and hence providing an utmost protection to every type of
information.
The classification table of information for WASSA Swim Association is as follows:

Secure Best Marks with AI Grader

Need help grading? Try our AI Grader for instant feedback on your assignments.

💎 Get Pro

7
INFORMATION SECURITY
Classes of
Information
Description of Information Examples of Such
Information
1. Confidential This type of information is only related
to the WASSA Swim Association and
hence is classified as confidential. The
significant access of any type of
unauthorized or unauthenticated parties
could eventually cause this entity for
incurring any type of organizational
losses (Aljawarneh, Alawneh & Jaradat,
2017). The confidential classification
solely involves the detailed information,
which could affect the brand name of
WASSA Swim Association and it should
not be shared with public. Moreover, the
important and sensitive information
could even develop the insider
information and thus can bring insider
threats. Moreover, those information,
which could be kept secret from the
unauthorized parties is also termed as
confidential.
The examples of such
information majorly include
documentation for the
administrators and other
members of board, non
published accounting
materials, budgets as well as
strategy memoranda,
transactional data, strategies
about long term
developments, sensitive
WASSA Swim Association
plans and many more.
2. Regulated This is the second type of information
type, which is governed by the
regulatory restrictions (Sarwar & Khan,
The examples of regulated
information mainly include
the policies and procedures,

8
INFORMATION SECURITY
2013). The respective regulated data
could only be accessible go the
authenticated and authorized personnel
of WASSA Swim Association. An
extreme care should be taken in this case
before the information is used, stored
and even transmitted. The authenticated
disclosure of regulated information
could adversely affect the organization,
employees, clients, business partners and
each and every other stakeholder, who is
associated with this particular
organization. It would even violate the
regulatory compliance guidelines and
the legal and financial liabilities are
incurred eventually.
associated with the
information that help to keep
the confidential or sensitive
data completely protected by
the federal laws, specified
regulations and laws. The
PII or personally identifiable
information of the WASSA
Swim Association fall under
this particular category
(Khalil et al., 2013).
Moreover, the notifications
and other law regulations are
also important in this case.
3. Internal Uses The third type of information is the
internal usage. This particular class of
information eventually covers the
WASSA Swim Association related
confidential information, which does not
fall under the sections of confidential,
regulated and external uses (Popa et al.,
2013). The subsequent access to this
type of information is extremely
The internal letters,
electronic mails, memos and
reports of WASSA Swim
Association fall under this
classifications. Furthermore,
the various internal policies,
procedures and instructions
as well as information
associated with the daily

9
INFORMATION SECURITY
restricted and hence should only be
accessible for those, who require the
information for performing their tasks.
Most of the organization data and
information are falling under the
classification of internal utilization.
activities of WASSA Swim
Association should also be
accessed by only the internal
and authorized people. The
non sensitive personal data
and the intellectual
properties are also parts of
such information (Khan &
Tuteja, 2015).
4. External Uses The final type of information is the
external use type. This is the most
popular and widely utilized type that has
no restriction on the subsequent access
of data and information. The
organizational information could only be
classified as public or external use, when
the information has the quality
controlled or approved by the respective
departments of WASSA Swim
Association (Von Solms & Van Niekerk,
2013). Moreover, this type of
information has the severity level of
negligible as per risk matrix, since there
would not be any issue for data loss.
The example of external or
public information
classification is those
information that is posted on
the Internet or is published
in any other type of media.
The files or folders of
information that are already
in use also fall under this
category. Moreover the
marketing campaign
materials are also important
and significant examples of
such information type.

Paraphrase This Document

Need a fresh take? Get an instant paraphrase of this document with our AI Paraphraser

💎 Try AI Paraphraser

10
INFORMATION SECURITY
4. Solutions for the Risks Identified for WASSA Swim Association
The various risks identified in the risk matrix should be mitigated properly for the
proper eradication of all types of risks and threats so that the information is absolutely
secured in WASSA Swim Association (Peltier, 2013). The major solutions for the perfect
removal of these risks within the organization are as follows:
i) Anti Virus Software: The first and the foremost basic methodology or strategy for
the proper mitigation of any type of risk within the information systems of WASSA Swim
Association is the proper implementation of anti virus software. It is the most basic type of
computer program that is subsequently utilized for the perfect prevention, detection as well as
removal of malware (Singh, 2013). Any type of virus attacks or malware attacks are properly
removed with this software.
ii) Implementation of Firewalls: The second type of effective and efficient strategy or
methodology that could easily mitigate all the identified risks and threats in WASSA Swim
Association is the proper implementation of firewalls. It is the network security system,
which monitors and controls the incoming as well as outgoing network traffic on the basis of
previously determined security rules and regulations.
iii) Network Control and Access: The third effective and noteworthy strategy for the
proper mitigation of each and every identified risk or threat for this organization of WASSA
Swim Association is the network control as well as access (Safa, Von Solms & Furnell,
2016). There are various acts, which could negatively impact the entire operation of the
peripherals, networks and computers for impeding the entire ability of the network access.
iv) Implementation of DNS and DHCP Servers: The DNS and DHCP servers are
extremely effective for the proper mitigation of any type of risks within the network of

11
INFORMATION SECURITY
WASSA Swim Association so that the data access by unauthorized access and data loss are
strictly prohibited.
v) Restricting Physical Access of Data: The physical access of the data should be
restricted eventually, so that there is no chance of data manipulation under any circumstances
(Peltier, 2016).
Conclusion
Therefore, from the above discussion, it can be concluded that infosec or information
security is the collection of several strategies that help to manage the several tools, policies
and processes, required for the prevention, detection, documentation and finally countering
the threats for the digitalized as well as non digitalized information. The major
responsibilities of the information security majorly involve the proper establishment of the set
of various business processes, which could eventually protect the information assets,
irrespective of the fact that how the information is being processed and how it is kept in
storage. The core objectives of the information security programs are confidentiality,
integrity and availability or CIA of the information technology systems. All of these
objectives subsequently ensure that the confidential information is getting disclosed to the
authenticated parties and hence preventing the unauthorized modification of the data.
Moreover, the data could even be accessed by the authorized parties whenever needed. A
proper procedure of risk management should be conducted for continuously assessing the
threats and vulnerabilities. The above report has properly outlined the details of the WASSA
Swim Association for understanding the various risks and threats associated with this
particular organization. A risk matrix is provided here for understanding the severity of the
risks. Moreover, significant and noteworthy solutions are also provided here for mitigating
each and every risks. A classification scheme for the information of WASSA is even given in
this report.

12
INFORMATION SECURITY
References
Aljawarneh, S. A., Alawneh, A., & Jaradat, R. (2017). Cloud security engineering: Early
stages of SDLC. Future Generation Computer Systems, 74, 385-392.
Andress, J. (2014). The basics of information security: understanding the fundamentals of
InfoSec in theory and practice. Syngress.
Cardenas, A. A., Manadhata, P. K., & Rajan, S. P. (2013). Big data analytics for
security. IEEE Security & Privacy, 11(6), 74-76.
Khalil, I. M., Khreishah, A., Bouktif, S., & Ahmad, A. (2013, April). Security concerns in
cloud computing. In 2013 Tenth International conference on information technology:
new generations (ITNG) (pp. 411-416). IEEE.
Khan, S. S., & Tuteja, R. R. (2015). Security in cloud computing using cryptographic
algorithms. International Journal of Innovative Research in Computer and
Communication Engineering, 3(1), 148-155.
Layton, T. P. (2016). Information Security: Design, implementation, measurement, and
compliance. Auerbach Publications.
Peltier, T. R. (2013). Information security fundamentals. CRC Press.
Peltier, T. R. (2016). Information Security Policies, Procedures, and Standards: guidelines
for effective information security management. Auerbach Publications.
Popa, D., Cremene, M., Borda, M., & Boudaoud, K. (2013, January). A security framework
for mobile cloud applications. In Roedunet International Conference (RoEduNet),
2013 11th(pp. 1-4). IEEE.

Secure Best Marks with AI Grader

Need help grading? Try our AI Grader for instant feedback on your assignments.

💎 Get Pro

13
INFORMATION SECURITY
Safa, N. S., Von Solms, R., & Furnell, S. (2016). Information security policy compliance
model in organizations. Computers & Security, 56, 70-82.
Sarwar, A., & Khan, M. N. (2013). A review of trust aspects in cloud computing
security. International Journal of Cloud Computing and Services Science, 2(2), 116.
Singh, G. (2013). A study of encryption algorithms (RSA, DES, 3DES and AES) for
information security. International Journal of Computer Applications, 67(19).
Tamjidyamcholo, A., Baba, M. S. B., Tamjid, H., & Gholipour, R. (2013). Information
security–Professional perceptions of knowledge-sharing intention under self-efficacy,
trust, reciprocity, and shared-language. Computers & Education, 68, 223-232.
Von Solms, R., & Van Niekerk, J. (2013). From information security to cyber
security. computers & security, 38, 97-102.
Xu, L., Jiang, C., Wang, J., Yuan, J., & Ren, Y. (2014). Information security in big data:
privacy and data mining. IEEE Access, 2, 1149-1176.

1 out of 14

+13062052269

info@desklib.com

Information Security Plan for WASSA Swim Association

Contribute Materials

Secure Best Marks with AI Grader

Paraphrase This Document

Secure Best Marks with AI Grader

Paraphrase This Document

Secure Best Marks with AI Grader

Related Documents

Information Security

Information Security Threats and Risk Assessment

Information Security: Shangri-La Hotel

Risk Management for Atlassian Australia

Enterprise Information Security Risk Analysis

Information Security: The Royal Children's Hospital