Information Security and Governance: Part A Report
Verified
Added on  2023/01/13
|10
|2346
|40
AI Summary
This report discusses the benefits of security management, developing a security policy and management plan, identifying roles and responsibilities, methods for developing a security management program, and implications of legal requirements.
Contribute Materials
Your contribution can guide someone’s learning journey. Share your
documents today.
Running head: PART A REPORT Information Security and Governance: Part A Report Name of the Student Name of the University Author’s Note:
Secure Best Marks with AI Grader
Need help grading? Try our AI Grader for instant feedback on your assignments.
1 PART A REPORT Table of Contents Part A: Report............................................................................................................................2 1. Discussion on Benefits that are derived from the Security Management as the ongoing procedure as well as Reasons to have a Security Program Policy.........................................2 2. Developing a Proper Security Policy as well as Security Management Plan....................3 3. Identifying the major Functionalities, Tasks, Responsibilities and Roles for Security Management Program for PIA as well as Roles of the Various Groups or Individuals in Governance............................................................................................................................4 4. Identifying Major Methods and Models for Developing Security Management Program5 5. Discussing Implications of Legal and Statutory Requirements and Major Advantages of the Formal Approach..............................................................................................................6 Summary....................................................................................................................................7 References..................................................................................................................................8
2 PART A REPORT Part A: Report 1. Discussion on Benefits that are derived from the Security Management as the ongoing procedure as well as Reasons to have a Security Program Policy Some of the most important and significant advantages that could be derived from the security management program as an ongoing procedure are given below: i)Helps to Protect and Secure Every Form of Information: All the significant forms of confidential information would be secured and protected for Power AI (Flores, Antonsen and Ekstedt 2014). ii)Increments Cyber Attack Resilience: This is the second significant advantage of security management program. It helps in incrementing the cyber attack resilience. iii)Provides Framework for Keeping Organizational Information Protected: The security management program eventually provides a proper and subsequent framework for effectively keeping all types of organizational information protected. iv)Reducing Expenses: The ICT security management program would be reducing the major expenses for information security. There are some of the most significant reasons to have a proper policy and these reasons are given below: i)Protecting CIA of Information: CIA or confidentiality, integrity and availability of the confidential information could be easily and promptly secured with a collection of technical as well as physical controls and this is important for the organization (Whitman and Mattord 2014).
3 PART A REPORT ii)Ensuring Proper Resumption of the Major Business Processes: The second important and significant reason to keep this ICT security management program is ensuing that there is a timely resumption of several important business processes for Power AI. iii)Improvement of Company Culture: This is yet another important reason for keeping ICT security management program in PAI (Bahl and Wali 2014). The entire company culture can be improved with this program. 2. Developing a Proper Security Policy as well as Security Management Plan A security management plan and security policy must be eventually developed by Power AI so that the integrity of information could be maintained as well as legal and regulatoryrequirementsarebeingfulfilled.Majorstepsfordevelopingasecurity management plan and a security policy are provided below: i)Performing Proper Regulatory Review. ii)Specifying Oversight, Responsibilities and Governance. iii)Considering Inventory of Assets. iv)Evaluating Proper Assessment of Third Party Risk. v)Properly Creating Incident Response Planning. vi)Training as well as Testing of Employees. All the above mentioned steps are quite significant to make the entire security program efficient for Power AI as they are extremely concerned regarding their intellectual property. The security program would be extremely effective for them (Carcaryet al. 2016).
Paraphrase This Document
Need a fresh take? Get an instant paraphrase of this document with our AI Paraphraser
4 PART A REPORT 3. Identifying the major Functionalities, Tasks, Responsibilities and Roles for Security Management Program for PIA as well as Roles of the Various Groups or Individuals in Governance Power AI comprises of fifty employees and within them twenty five are directly involved in the processes of designing, developing, examination and finally deploying the products. Each of the positions of employees are stable as well as employee turnover are extremely high to maintain the high demands of information technology staff with subsequent knowledge regarding system of AI (Mueller, Schmidt and Kuerbis 2013). The respective organizational senior management consists of three employees that include IT Manager, finance Manager and Sales Manager. The human resource department of this team is overseen by the owner. Thevariousresponsibilities,roles,tasksandfunctionalitiesforthissecurity management program majorly involve offering a proper protection to the entire organization, is helpful to respond to the various evolving security risks, business continuity plan, acting against information as well as intellectual property and several others (Silic and Back 2014). The major roles of the information technology manager for the security management program in Power AI involve planning, organizing, direction as well as controlling all types of intellectual properties and information. This is needed for saving the major and the most significant algorithms, which are mainly developed for services and products since these are theconsiderableinvestments(VanEetenandMueller2013).Themajorrolesand responsibilities of the Power AI based finance manager include proper maintenance of financial development as well as growth of strategies in the longer term financial objectives of PAI. Sales manager of this particular organization comprises of some of the major and most significant responsibilities include meeting of the organizational revenue target by the
5 PART A REPORT activity of sales representative. It is extremely important and significant to maintain a proper balance between the organizational security management and governance. 4.IdentifyingMajorMethodsandModelsforDevelopingSecurityManagement Program Power AI or PAI is a company that is significant responsible for developing software for the industrial, business and home uses (Yaokumah and Brown 2014). They have decided to implement an ICT Security Program within their business. The plan of security program for this organization will be properly discussing the procedure of information privacy is getting better controlled only after developing the Security Management plan and thus they would be providing a proper program with several roles and tasks for development of program. They are mainly concerned about their intellectual properties and the various algorithmsarebeingdevelopedfortheproducts(Debreceny2013).Recently,the development work is being completed on the closed on site network, which is being managed internally by the IT service employees. The completed products in an executable form are being ported to the Sales system that is being provided by the cloud application provider or Cloud Services International (Safa, Von Solms and Furnell 2016). The subsequent planning will be discussing about the procedure of information privacy that is being well managed after developing the Security Management Program policy and this would be providing a program with the major roles and tasks for development of program. Some of the most subsequent methods and models for an efficient as well as effective development of security management policy. The several methods as well as models are extremely important for making the entire security program quite efficient and effective in terms of other security program (Layton 2016). The proper illegal and loss of the copies of the source codes and associated documentation would be the most significant need for Power AI. The complexity as well as velocity of the threat companies were eventually facing
6 PART A REPORT subsequent attack trends to determine the efficient mitigations (Ahmad, Maynard and Park 2014). Several elements and components of the model of security management involve policy statement,propercompliancewithallapplicablestandards,properdefinition,threat assessment and threat analysis, training of employees, laws and regulations, roles of the securityprogrammanagers,managementaswellassupervisortraining,management commitment as well as responsibilities and program exercise and drills (Da Veiga and Martins 2015). 5. Discussing Implications of Legal and Statutory Requirements and Major Advantages of the Formal Approach Security management as well as governance program will be quite significant for PAI. This particular program helps to provide various important benefits as well as a proper security to subsequent organization (Mishra 2015). These systems and information, which are eventually present in the organization of Power AI are being included in the respective programofsecuritymanagementandgovernance.Aproperaccesstoauthenticated information is considered as a major indispensable element for conducting the business and in a growing number of organizations, this information is termed as business (Trautman, Triche and Wetherbe 2013). The various statutory and legal requirements of program of security management and governance involve a subsequent set of processes and policies to achieve the various security objectives that will be securing the several intellectual properties for Power AI from all types of theft, loss and release. Such plans also include agreements and arrangements with proper entity companies such as local law enforcement. This information will be giving competitors with subsequent cost benefits to gain a better development for every similar product. As, the respective assessed value of the knowledge is approximately 3 million dollars and the information is also kept as trade secrets, where source code and end products would be secured by copyright
Secure Best Marks with AI Grader
Need help grading? Try our AI Grader for instant feedback on your assignments.
7 PART A REPORT laws (Hagmann 2013). Major advantages that this formal approach will be providing are protectingintellectualpropertyinformation,protectionofconfidentiality,integrityand availability of the data, giving a centrally controlled frameworks and several others. Summary Therefore, from the above discussion, it can be concluded that security management and governance program is extremely important and significant for managing the patient information within Power AI. This type of program is required for knowing about the importance of patient information and how to deal with them. The second part of the report has provided a detailed analysis of risk management planning for the Power AI organization. The risks are being prioritized as per priorities. The most significant risks in this particular report are identity theft, ransomware, loss of intellectual properties, and sabotage of data, Trojan horse and information extortion. Proper and relevant mitigation strategies or controls are also provided in this report.
8 PART A REPORT References Ahmad, A., Maynard, S.B. and Park, S., 2014. Information security strategies: towards an organizationalmulti-strategyperspective.JournalofIntelligentManufacturing,25(2), pp.357-370. Bahl, S. and Wali, O.P., 2014. Perceived significance of information security governance to predict the information security service quality in software service industry: An empirical analysis.Information Management & Computer Security,22(1), pp.2-23. Carcary,M.,Renaud,K.,McLaughlin,S.andO'Brien,C.,2016.Aframeworkfor information security governance and management.IT Professional,18(2), pp.22-30. Da Veiga, A. and Martins, N., 2015. Improving the information security culture through monitoringand implementationactionsillustratedthrough acase study.Computers& Security,49, pp.162-176. Debreceny,R.S.,2013.ResearchonITgovernance,risk,andvalue:Challengesand opportunities.Journal of Information Systems,27(1), pp.129-135. Flores, W.R., Antonsen, E. and Ekstedt, M., 2014. Information security knowledge sharing in organizations: Investigating the effect of behavioral information security governance and national culture.Computers & Security,43, pp.90-110. Hagmann,J.,2013.Informationgovernance–beyondthebuzz.RecordsManagement Journal,23(3), pp.228-240. Layton,T.P.,2016.InformationSecurity:Design,implementation,measurement,and compliance. Auerbach Publications. Mishra, S., 2015. Organizational objectives for information security governance: a value focused assessment.Information & Computer Security,23(2), pp.122-144.
9 PART A REPORT Mueller, M., Schmidt, A. and Kuerbis, B., 2013. Internet security and networked governance in international relations.International Studies Review,15(1), pp.86-104. Safa, N.S., Von Solms, R. and Furnell, S., 2016. Information security policy compliance model in organizations.Computers & Security,56, pp.70-82. Silic, M. and Back, A., 2014. Information security: Critical review and future directions for research.Information Management & Computer Security,22(3), pp.279-308. Trautman,L.J.,Triche,J.andWetherbe,J.,2013.Corporateinformationtechnology governance under fire.Journal of Strategic and International Studies,8(3). VanEeten,M.J.andMueller,M.,2013.WhereisthegovernanceinInternet governance?.New Media & Society,15(5), pp.720-736. Whitman, M. and Mattord, H.J., 2014. Information security governance for the non-security business executive. Yaokumah, W. and Brown, S., 2014. An empirical examination of the relationship between informationsecurity/businessstrategicalignmentandinformationsecuritygovernance domain areas.Journal of Business Systems, Governance & Ethics,9(2), pp.50-65.