Information System Security: For a Case Study
Added on 2023-06-15
13 Pages2480 Words309 Views
|
|
|
Running head: INFORMATION SYSTEM SECURITY
Information System Security: For a Case Study
Name of the Student:
Student ID:
Name of the University:
Author’s note:
Information System Security: For a Case Study
Name of the Student:
Student ID:
Name of the University:
Author’s note:
2INFORMATION SYSTEM SECURITY
Table of Contents
Task 1: Analyse the existing information system............................................................................3
1.1 Inventory of Asset..................................................................................................................3
1.2 Statement of Applicability.....................................................................................................4
Task 2: Perform security risk management.....................................................................................6
Task 3: Perform security audit.........................................................................................................7
Task 4: Enhance information security practice...............................................................................8
4.1 Security Policy.......................................................................................................................8
4.2 Security Enhancement Plan...................................................................................................9
4.3 Individual Group Member Evaluation...................................................................................9
Bibliography..................................................................................................................................11
Table of Contents
Task 1: Analyse the existing information system............................................................................3
1.1 Inventory of Asset..................................................................................................................3
1.2 Statement of Applicability.....................................................................................................4
Task 2: Perform security risk management.....................................................................................6
Task 3: Perform security audit.........................................................................................................7
Task 4: Enhance information security practice...............................................................................8
4.1 Security Policy.......................................................................................................................8
4.2 Security Enhancement Plan...................................................................................................9
4.3 Individual Group Member Evaluation...................................................................................9
Bibliography..................................................................................................................................11
3INFORMATION SYSTEM SECURITY
Task 1: Analyse the existing information system
1.1 Inventory of Asset
The inventory of asset is made for the development of the list of assets that would help in
keeping an eye on the physical goods sold or bought for the development of the business
(Freeman 2016). The cash and carry organization had been providing household and food items
for their customers. The inventory of assets for the cash and carry organization is shown below,
Inventory of Asset for Information System
Asset Name Category Short brief Possible
Owner
Acceptable
Use
Required
Level of
Protection
Customer
Information
Database The customer
information is the
database that stores
and records the
information of the
customers of the
organization.
Database
Admin
Should be
limited for
business
purposes only
High
Online
Platform
Virtual
Network
The online
platform helps in
developing
improved
operations for
forming the
supportive and
effective operations
for the internet
based processes.
Web
Development
team
Spreading of
business to a
larger scale
High
Disaster
Recovery
Tool It would help in
recovering the data
and information
that had been lost
due to any disaster
event.
Database
team
Restoration of
the data lost
due to any
accident
Medium
Payment
Platform
Process The payment
platform provides
the option for
making payments
via internet
Accounts
Department
Secure
connection
with banks
should be made
for safe money
High
Task 1: Analyse the existing information system
1.1 Inventory of Asset
The inventory of asset is made for the development of the list of assets that would help in
keeping an eye on the physical goods sold or bought for the development of the business
(Freeman 2016). The cash and carry organization had been providing household and food items
for their customers. The inventory of assets for the cash and carry organization is shown below,
Inventory of Asset for Information System
Asset Name Category Short brief Possible
Owner
Acceptable
Use
Required
Level of
Protection
Customer
Information
Database The customer
information is the
database that stores
and records the
information of the
customers of the
organization.
Database
Admin
Should be
limited for
business
purposes only
High
Online
Platform
Virtual
Network
The online
platform helps in
developing
improved
operations for
forming the
supportive and
effective operations
for the internet
based processes.
Web
Development
team
Spreading of
business to a
larger scale
High
Disaster
Recovery
Tool It would help in
recovering the data
and information
that had been lost
due to any disaster
event.
Database
team
Restoration of
the data lost
due to any
accident
Medium
Payment
Platform
Process The payment
platform provides
the option for
making payments
via internet
Accounts
Department
Secure
connection
with banks
should be made
for safe money
High
4INFORMATION SYSTEM SECURITY
gateways. transfer
Business
Continuity
Management
Strategy The business
continuity
management would
help in easing the
processes of
developing
business operations
for effective
development
model.
Business
Developer
Strategies for
increasing the
performance of
the business
should be
carried on
Medium
1.2 Statement of Applicability
The statement of applicability is a proper document that highlights the various risk
factors of the organization for delivering the advanced operations to its customers (Cam-Winget,
Popa and Hui 2017). The online operations would be helpful for the deployment of the effective
operations that would result in implementing effective operations for the management of the
operations. The statement of applicability is shown below,
Statement of Applicability
Organization: Cash and Carry Organization
Made by: Katie Longs Version: 1.0 Date: 3rd April, 2018
Objective: To increase the security of the information system for overcoming the problems of
fraudulent emails, malicious code infection, and denial of service
The company has faced the problem of fraudulent mail been sent to the customers via company’s
official mail id. The mail has resulted in seeking information from the customers along with
customer information. The implication of the effective system security would help the
organization in securing the information for listing improved operations.
Control: 4.5.1
gateways. transfer
Business
Continuity
Management
Strategy The business
continuity
management would
help in easing the
processes of
developing
business operations
for effective
development
model.
Business
Developer
Strategies for
increasing the
performance of
the business
should be
carried on
Medium
1.2 Statement of Applicability
The statement of applicability is a proper document that highlights the various risk
factors of the organization for delivering the advanced operations to its customers (Cam-Winget,
Popa and Hui 2017). The online operations would be helpful for the deployment of the effective
operations that would result in implementing effective operations for the management of the
operations. The statement of applicability is shown below,
Statement of Applicability
Organization: Cash and Carry Organization
Made by: Katie Longs Version: 1.0 Date: 3rd April, 2018
Objective: To increase the security of the information system for overcoming the problems of
fraudulent emails, malicious code infection, and denial of service
The company has faced the problem of fraudulent mail been sent to the customers via company’s
official mail id. The mail has resulted in seeking information from the customers along with
customer information. The implication of the effective system security would help the
organization in securing the information for listing improved operations.
Control: 4.5.1
End of preview
Want to access all the pages? Upload your documents or become a member.
Related Documents
Information System Security: Risk, Assets, Migrations and Vulnerabilitieslg...
|7
|1522
|302
ZOMATO HACKED: Security Breach Results in 17 Million User Data Stolenlg...
|5
|731
|290
Accounting Information System - Marcia’s IT Developmentlg...
|7
|692
|26
INFORMATION SECURITY POLICY MANAGEMENTlg...
|6
|886
|26
Travel Business Service Industry | Reportlg...
|5
|2940
|47
Introduction to Cloud Computing Introduction 3 Main Body3 Approaches: 5 Demonstration and Evaluationlg...
|14
|5243
|273