Your All-in-One AI-Powered Toolkit for Academic Success.

+13062052269

info@desklib.com

Available 24*7 on WhatsApp / Email

Company

Tools

Support

Information System Security: For a Case Study

Verified

Added on 2023/06/15

AI Summary

This case study analyzes the existing information system, performs security risk management, security audit, and enhances information security practice for Cash and Carry Organization. It includes an inventory of assets, statement of applicability, risk register, security policy, security enhancement plan, and individual group member evaluation.

Contribute Materials

Your contribution can guide someone’s learning journey. Share your documents today.

Running head: INFORMATION SYSTEM SECURITY
Information System Security: For a Case Study
Name of the Student:
Student ID:
Name of the University:
Author’s note:

Secure Best Marks with AI Grader

Need help grading? Try our AI Grader for instant feedback on your assignments.

💎 Get Pro

2INFORMATION SYSTEM SECURITY
Table of Contents
Task 1: Analyse the existing information system............................................................................3
1.1 Inventory of Asset..................................................................................................................3
1.2 Statement of Applicability.....................................................................................................4
Task 2: Perform security risk management.....................................................................................6
Task 3: Perform security audit.........................................................................................................7
Task 4: Enhance information security practice...............................................................................8
4.1 Security Policy.......................................................................................................................8
4.2 Security Enhancement Plan...................................................................................................9
4.3 Individual Group Member Evaluation...................................................................................9
Bibliography..................................................................................................................................11

3INFORMATION SYSTEM SECURITY
Task 1: Analyse the existing information system
1.1 Inventory of Asset
The inventory of asset is made for the development of the list of assets that would help in
keeping an eye on the physical goods sold or bought for the development of the business
(Freeman 2016). The cash and carry organization had been providing household and food items
for their customers. The inventory of assets for the cash and carry organization is shown below,
Inventory of Asset for Information System
Asset Name Category Short brief Possible
Owner
Acceptable
Use
Required
Level of
Protection
Customer
Information
Database The customer
information is the
database that stores
and records the
information of the
customers of the
organization.
Database
Admin
Should be
limited for
business
purposes only
High
Online
Platform
Virtual
Network
The online
platform helps in
developing
improved
operations for
forming the
supportive and
effective operations
for the internet
based processes.
Web
Development
team
Spreading of
business to a
larger scale
High
Disaster
Recovery
Tool It would help in
recovering the data
and information
that had been lost
due to any disaster
event.
Database
team
Restoration of
the data lost
due to any
accident
Medium
Payment
Platform
Process The payment
platform provides
the option for
making payments
via internet
Accounts
Department
Secure
connection
with banks
should be made
for safe money
High

4INFORMATION SYSTEM SECURITY
gateways. transfer
Business
Continuity
Management
Strategy The business
continuity
management would
help in easing the
processes of
developing
business operations
for effective
development
model.
Business
Developer
Strategies for
increasing the
performance of
the business
should be
carried on
Medium
1.2 Statement of Applicability
The statement of applicability is a proper document that highlights the various risk
factors of the organization for delivering the advanced operations to its customers (Cam-Winget,
Popa and Hui 2017). The online operations would be helpful for the deployment of the effective
operations that would result in implementing effective operations for the management of the
operations. The statement of applicability is shown below,
Statement of Applicability
Organization: Cash and Carry Organization
Made by: Katie Longs Version: 1.0 Date: 3rd April, 2018
Objective: To increase the security of the information system for overcoming the problems of
fraudulent emails, malicious code infection, and denial of service
The company has faced the problem of fraudulent mail been sent to the customers via company’s
official mail id. The mail has resulted in seeking information from the customers along with
customer information. The implication of the effective system security would help the
organization in securing the information for listing improved operations.
Control: 4.5.1

Paraphrase This Document

Need a fresh take? Get an instant paraphrase of this document with our AI Paraphraser

💎 Try AI Paraphraser

5INFORMATION SYSTEM SECURITY
Title: Implementation of IaaS Cloud Platform
Description: The implementation of information as a service cloud platform would help in
controlling the access to the cloud online network of the organization based on the information.
The implementation if IaaS would ensure that the cloud network implementation would help the
organization for the deployment of the successive implementation. The IaaS cloud platform
would be helpful for the deployment of the access limited online platform.
Documents Required: Cloud Vendor List, Existing Information Migration
Control: 4.5.2
Title: Network Control Implementation
Description: The implementation of the network control functions using IDS/IPS would be
helpful for detecting and preventing the infiltration in the network. The IDS works as a detection
system that identifies the infiltration in the network. The IPS works successively with IDS and
prevents the system from performing any operation or completing any query once intrusion is
detected. The network control would help the organization for keeping any attack or virus away
from the organization’s network.
Documents Required: Network Infrastructure Design, Security Protocols
Control: 4.5.3
Title: Addition of Encryption Function
Description: The addition of the encryption would help in easing the flow of information and
develop effective management of the data security. The various cipher methods would be helpful
for the addition of key cipher method. The development of the encryption would help in easing
the deployment of the data security and integration. The encryption would allow the formation of

6INFORMATION SYSTEM SECURITY
the activities and alignment of the operations.
Documents Required: Security key for Cipher
Task 2: Perform security risk management
Risk Register: Risk Register is a tool used for the analysis of the factors of risk for
developing effective operation development (Li 2014). The analysis of the factors of the risk
would help in developing control strategies for overcoming the implication of the risk
management operations. The risk register for the information system and the various issues of
Cash and Carry organization is given below,
Risk Name Malicious Codes Security Infiltration Lack of Secure
Devices
Internet
Viruses
Causes The malicious
codes are resulted
due to the
internet/cloud
connection. The
malwares present in
the cloud network
would infiltrate into
the network for
causing disruption
in the operations.
The security
infiltration is resulted
due to the wearing of
the security functions.
The advanced hackers
and cyber criminals
would get access into
the system for
extracting information
for their personal
benefits.
The absence of
secure device
would result in
causing the major
infiltration
probability. The
absence of secure
device would tend
to cause the major
infiltration into the
operations.
The virus
present in the
internet cloud
would tend to
form the
issues in
operations.
Probability Low Medium Medium Low
Impact High High Medium High
Risk Level High Extreme Medium Medium
Control
Strategy
Avoid Reduce Transfer Avoid
Control
Action
Increment of
security function in
the system would
help in overcoming
Implementation of
IDS/IPS in the
Network of the
organization would be
Replacement of
the existing tools
by taking advice
from a security
Increment of
security
function in the
system would
help in

7INFORMATION SYSTEM SECURITY
these issues helpful expert advisor overcoming
these issues
Proximity Immediate Immediate Immediate Immediate
Risk Name Design Issues Lack of
information
Cyber thefts Data Misuse
Causes The major issue of
the design is its
incompatibility with
the functions.
Absence of
information would
tend to form the
issues in
development of the
operations
External cyber
criminals would
extract the
information from
the network
The data would
be misused for
harming the
organization
Probability High High Low Medium
Impact Medium Low High High
Risk Level High Medium high Medium high Extreme
Control
Strategy
Transfer Accept Avoid Reduce
Control
Action
SDLC design phase
should be followed
Utilization of the
existing
information should
be used
Deployment of
the preventions
against cyber
attacks
Encryption of
data would
make it unusable
for the thieves
Proximity Immediate Immediate Immediate Immediate
Task 3: Perform security audit
Audit Report
Information System of Cash and Carry Organization
Overview of Scenario The Cash and Carry organization provides household and food items
for its customer while operating in 12 branches of UK with a total

Secure Best Marks with AI Grader

Need help grading? Try our AI Grader for instant feedback on your assignments.

💎 Get Pro

8INFORMATION SYSTEM SECURITY
manpower of 130. The inclusion of online platform had resulted in
many risks for the organization. They faced the problem of fraudulent
emails, DoS attack, and malware attacks due to the weak security
infrastructure. They have realized the problems would result in
causing the major issues for growth of the organization.
Risk Identified The major risk factors identified in the organization are Malicious
Codes, Security Infiltration, and Lack of Secure Devices.
Control Objectives The control objectives for Cash and Carry Organization are,
To develop security functions for limiting the access to the
information
To develop the implementation of network security in the system
To restrict the access for unauthorised users from the network
Evidence Fraudulent email sent to customers, Denial of Service (DoS) attack,
and Cross Site Scripting (XSS) are the problems faced by the
organization and they would act as the evidence showing the
slackness in the security
Result Non-conformity
Recommended Action Preventive
Task 4: Enhance information security practice
4.1 Security Policy

9INFORMATION SYSTEM SECURITY
“Establishing and Maintaining confidentiality and security of the information, network,
and applications while managing the operations of the organization.”
4.2 Security Enhancement Plan
#001231
Control action name: Implementation of IaaS cloud services
Type: Operational
Duration: Mid
Owner: Client
Responsibility: Cloud Vendor
Status: In progress
#001232
Control action name: Alignment of Security Functions
Type: Tactical
Duration: Long
Owner: Client
Responsibility: IT Team
Status: In progress
4.3 Individual Group Member Evaluation
The study helped me in analysing the elements and components of the information
system of an organization considering them as assets in the asset inventory. I even used the
statement of applicability for the analysing the gaps in the information system. The risk register
that I developed was based on the understanding of the risks and the alignment of the improved

10INFORMATION SYSTEM SECURITY
operations. The security audit would be helpful for the alignment of the control strategies and the
alignment of the recommended actions favourable for the deployment of the operations. The
security policy developed helped me in listing the practices that would be helpful for the
alignment of the operations.
The proposed risk control would be helpful for the alignment of the operations and the
development of the security policy in the organization. The risk control strategy would be helpful
for the deployment of the contingency planning against the security issues. The plan
development would also support the operations that are favourable for the operations of risk
management.
I have realized the major issues in the security risk assessment and it would form the
major analysis of the project operation development. The risk assessment would help in
overcoming the probability of the effective operation development. It was hard for analysing the
scope of the risk factors and the continuation of the operations.

Paraphrase This Document

Need a fresh take? Get an instant paraphrase of this document with our AI Paraphraser

💎 Try AI Paraphraser

11INFORMATION SYSTEM SECURITY
Bibliography
Almadhoob, A. and Valverde, R., 2014. Cybercrime prevention in the Kingdom of Bahrain via
IT security audit plans. Journal of Theoretical and Applied Information Technology, 65(1),
pp.274-292.
Cam-Winget, N., Popa, D. and Hui, J., 2017. Applicability Statement for the Routing Protocol
for Low-Power and Lossy Networks (RPL) in Advanced Metering Infrastructure (AMI)
Networks.
Chandramouli, M., Schoening, B. and Nordman, B., 2015. Energy Management (EMAN)
Applicability Statement. Energy.
Chen, Z., 2016. Time-to-produce, inventory, and asset prices. Journal of Financial Economics,
120(2), pp.330-345.
Duggan, J.M., Eichelberger, B.A., Ma, S., Lawler, J.J. and Ziv, G., 2015. Informing management
of rare species with an approach combining scenario modeling and spatially explicit risk
assessment. Ecosystem Health and Sustainability, 1(6), pp.1-18.
Forouzanfar, M.H., Alexander, L., Anderson, H.R., Bachman, V.F., Biryukov, S., Brauer, M.,
Burnett, R., Casey, D., Coates, M.M., Cohen, A. and Delwiche, K., 2015. Global, regional, and
national comparative risk assessment of 79 behavioural, environmental and occupational, and
metabolic risks or clusters of risks in 188 countries, 1990–2013: a systematic analysis for the
Global Burden of Disease Study 2013. The Lancet, 386(10010), pp.2287-2323.
Freeman, T.Y., 2016. Improving the Asset Inventory Process. South Carolina State Documents
Depository.

12INFORMATION SYSTEM SECURITY
Hom, M.A., Joiner Jr, T.E. and Bernert, R.A., 2016. Limitations of a single-item assessment of
suicide attempt history: Implications for standardized suicide risk assessment. Psychological
assessment, 28(8), p.1026.
Ifinedo, P., 2014. Information systems security policy compliance: An empirical study of the
effects of socialisation, influence, and cognition. Information & Management, 51(1), pp.69-79.
Johnston, A.C., Warkentin, M., McBride, M. and Carter, L., 2016. Dispositional and situational
factors: influences on information security policy violations. European Journal of Information
Systems, 25(3), pp.231-251.
Kanatov, M., Atymtayeva, L. and Yagaliyeva, B., 2014, December. Expert systems for
information security management and audit. Implementation phase issues. In Soft Computing
and Intelligent Systems (SCIS), 2014 Joint 7th International Conference on and Advanced
Intelligent Systems (ISIS), 15th International Symposium on (pp. 896-900). IEEE.
Li, W., 2014. Risk assessment of power systems: models, methods, and applications. John Wiley
& Sons.
Liang, C.S. ed., 2016. Europe for the Europeans: The foreign and security policy of the populist
radical right. Routledge.
Ma, S., Lee, K.H., Kim, C.H., Rhee, J., Zhang, X. and Xu, D., 2015, December. Accurate, low
cost and instrumentation-free security audit logging for windows. In Proceedings of the 31st
Annual Computer Security Applications Conference (pp. 401-410). ACM.

13INFORMATION SYSTEM SECURITY
Perri, R. and Shuli, I., 2016. FINANCIAL STATEMENT ANALYSIS IN ALBANIA-A
SURVEY OF ITS APPLICABILITY AMONG DIFFERENT USERS'CLASS AND THE
DIFFERENCES FROM THE DEVELOPED COUNTRIES. CEA Journal of Economics, 4(2).
Safa, N.S., Von Solms, R. and Furnell, S., 2016. Information security policy compliance model
in organizations. Computers & Security, 56, pp.70-82.

1 out of 13

+13062052269

info@desklib.com

Information System Security: For a Case Study

Contribute Materials

Secure Best Marks with AI Grader

Paraphrase This Document

Secure Best Marks with AI Grader

Paraphrase This Document

Related Documents

Information System Security: Risk, Assets, Migrations and Vulnerabilities

ZOMATO HACKED: Security Breach Results in 17 Million User Data Stolen

Accounting Information System - Marcia’s IT Development

INFORMATION SECURITY POLICY MANAGEMENT

Travel Business Service Industry | Report

Introduction to Cloud Computing Introduction 3 Main Body3 Approaches: 5 Demonstration and Evaluation