Your All-in-One AI-Powered Toolkit for Academic Success.

+13062052269

info@desklib.com

Available 24*7 on WhatsApp / Email

Company

Tools

Support

Information Security and Governance: Part A Report

Verified

Added on 2023/01/13

AI Summary

This report discusses the benefits of security management, developing a security policy and management plan, identifying roles and responsibilities, methods for developing a security management program, and implications of legal requirements.

Contribute Materials

Your contribution can guide someone’s learning journey. Share your documents today.

Running head: PART A REPORT
Information Security and Governance: Part A Report
Name of the Student
Name of the University
Author’s Note:

Secure Best Marks with AI Grader

Need help grading? Try our AI Grader for instant feedback on your assignments.

💎 Get Pro

1
PART A REPORT
Table of Contents
Part A: Report............................................................................................................................2
1. Discussion on Benefits that are derived from the Security Management as the ongoing
procedure as well as Reasons to have a Security Program Policy.........................................2
2. Developing a Proper Security Policy as well as Security Management Plan....................3
3. Identifying the major Functionalities, Tasks, Responsibilities and Roles for Security
Management Program for PIA as well as Roles of the Various Groups or Individuals in
Governance............................................................................................................................4
4. Identifying Major Methods and Models for Developing Security Management Program 5
5. Discussing Implications of Legal and Statutory Requirements and Major Advantages of
the Formal Approach..............................................................................................................6
Summary....................................................................................................................................7
References..................................................................................................................................8

2
PART A REPORT
Part A: Report
1. Discussion on Benefits that are derived from the Security Management as the ongoing
procedure as well as Reasons to have a Security Program Policy
Some of the most important and significant advantages that could be derived from the
security management program as an ongoing procedure are given below:
i) Helps to Protect and Secure Every Form of Information: All the significant forms
of confidential information would be secured and protected for Power AI (Flores, Antonsen
and Ekstedt 2014).
ii) Increments Cyber Attack Resilience: This is the second significant advantage of
security management program. It helps in incrementing the cyber attack resilience.
iii) Provides Framework for Keeping Organizational Information Protected: The
security management program eventually provides a proper and subsequent framework for
effectively keeping all types of organizational information protected.
iv) Reducing Expenses: The ICT security management program would be reducing
the major expenses for information security.
There are some of the most significant reasons to have a proper policy and these
reasons are given below:
i) Protecting CIA of Information: CIA or confidentiality, integrity and availability of
the confidential information could be easily and promptly secured with a collection of
technical as well as physical controls and this is important for the organization (Whitman and
Mattord 2014).

3
PART A REPORT
ii) Ensuring Proper Resumption of the Major Business Processes: The second
important and significant reason to keep this ICT security management program is ensuing
that there is a timely resumption of several important business processes for Power AI.
iii) Improvement of Company Culture: This is yet another important reason for
keeping ICT security management program in PAI (Bahl and Wali 2014). The entire
company culture can be improved with this program.
2. Developing a Proper Security Policy as well as Security Management Plan
A security management plan and security policy must be eventually developed by
Power AI so that the integrity of information could be maintained as well as legal and
regulatory requirements are being fulfilled. Major steps for developing a security
management plan and a security policy are provided below:
i) Performing Proper Regulatory Review.
ii) Specifying Oversight, Responsibilities and Governance.
iii) Considering Inventory of Assets.
iv) Evaluating Proper Assessment of Third Party Risk.
v) Properly Creating Incident Response Planning.
vi) Training as well as Testing of Employees.
All the above mentioned steps are quite significant to make the entire security
program efficient for Power AI as they are extremely concerned regarding their intellectual
property. The security program would be extremely effective for them (Carcary et al. 2016).

Paraphrase This Document

Need a fresh take? Get an instant paraphrase of this document with our AI Paraphraser

💎 Try AI Paraphraser

4
PART A REPORT
3. Identifying the major Functionalities, Tasks, Responsibilities and Roles for Security
Management Program for PIA as well as Roles of the Various Groups or Individuals in
Governance
Power AI comprises of fifty employees and within them twenty five are directly
involved in the processes of designing, developing, examination and finally deploying the
products. Each of the positions of employees are stable as well as employee turnover are
extremely high to maintain the high demands of information technology staff with subsequent
knowledge regarding system of AI (Mueller, Schmidt and Kuerbis 2013). The respective
organizational senior management consists of three employees that include IT Manager,
finance Manager and Sales Manager. The human resource department of this team is
overseen by the owner.
The various responsibilities, roles, tasks and functionalities for this security
management program majorly involve offering a proper protection to the entire organization,
is helpful to respond to the various evolving security risks, business continuity plan, acting
against information as well as intellectual property and several others (Silic and Back 2014).
The major roles of the information technology manager for the security management
program in Power AI involve planning, organizing, direction as well as controlling all types
of intellectual properties and information. This is needed for saving the major and the most
significant algorithms, which are mainly developed for services and products since these are
the considerable investments (Van Eeten and Mueller 2013). The major roles and
responsibilities of the Power AI based finance manager include proper maintenance of
financial development as well as growth of strategies in the longer term financial objectives
of PAI. Sales manager of this particular organization comprises of some of the major and
most significant responsibilities include meeting of the organizational revenue target by the

5
PART A REPORT
activity of sales representative. It is extremely important and significant to maintain a proper
balance between the organizational security management and governance.
4. Identifying Major Methods and Models for Developing Security Management
Program
Power AI or PAI is a company that is significant responsible for developing software
for the industrial, business and home uses (Yaokumah and Brown 2014). They have decided
to implement an ICT Security Program within their business. The plan of security program
for this organization will be properly discussing the procedure of information privacy is
getting better controlled only after developing the Security Management plan and thus they
would be providing a proper program with several roles and tasks for development of
program. They are mainly concerned about their intellectual properties and the various
algorithms are being developed for the products (Debreceny 2013). Recently, the
development work is being completed on the closed on site network, which is being managed
internally by the IT service employees. The completed products in an executable form are
being ported to the Sales system that is being provided by the cloud application provider or
Cloud Services International (Safa, Von Solms and Furnell 2016). The subsequent planning
will be discussing about the procedure of information privacy that is being well managed
after developing the Security Management Program policy and this would be providing a
program with the major roles and tasks for development of program.
Some of the most subsequent methods and models for an efficient as well as effective
development of security management policy. The several methods as well as models are
extremely important for making the entire security program quite efficient and effective in
terms of other security program (Layton 2016). The proper illegal and loss of the copies of
the source codes and associated documentation would be the most significant need for Power
AI. The complexity as well as velocity of the threat companies were eventually facing

6
PART A REPORT
subsequent attack trends to determine the efficient mitigations (Ahmad, Maynard and Park
2014). Several elements and components of the model of security management involve policy
statement, proper compliance with all applicable standards, proper definition, threat
assessment and threat analysis, training of employees, laws and regulations, roles of the
security program managers, management as well as supervisor training, management
commitment as well as responsibilities and program exercise and drills (Da Veiga and
Martins 2015).
5. Discussing Implications of Legal and Statutory Requirements and Major Advantages
of the Formal Approach
Security management as well as governance program will be quite significant for PAI.
This particular program helps to provide various important benefits as well as a proper
security to subsequent organization (Mishra 2015). These systems and information, which are
eventually present in the organization of Power AI are being included in the respective
program of security management and governance. A proper access to authenticated
information is considered as a major indispensable element for conducting the business and
in a growing number of organizations, this information is termed as business (Trautman,
Triche and Wetherbe 2013). The various statutory and legal requirements of program of
security management and governance involve a subsequent set of processes and policies to
achieve the various security objectives that will be securing the several intellectual properties
for Power AI from all types of theft, loss and release.
Such plans also include agreements and arrangements with proper entity companies
such as local law enforcement. This information will be giving competitors with subsequent
cost benefits to gain a better development for every similar product. As, the respective
assessed value of the knowledge is approximately 3 million dollars and the information is
also kept as trade secrets, where source code and end products would be secured by copyright

Secure Best Marks with AI Grader

Need help grading? Try our AI Grader for instant feedback on your assignments.

💎 Get Pro

7
PART A REPORT
laws (Hagmann 2013). Major advantages that this formal approach will be providing are
protecting intellectual property information, protection of confidentiality, integrity and
availability of the data, giving a centrally controlled frameworks and several others.
Summary
Therefore, from the above discussion, it can be concluded that security management
and governance program is extremely important and significant for managing the patient
information within Power AI. This type of program is required for knowing about the
importance of patient information and how to deal with them. The second part of the report
has provided a detailed analysis of risk management planning for the Power AI organization.
The risks are being prioritized as per priorities. The most significant risks in this particular
report are identity theft, ransomware, loss of intellectual properties, and sabotage of data,
Trojan horse and information extortion. Proper and relevant mitigation strategies or controls
are also provided in this report.

8
PART A REPORT
References
Ahmad, A., Maynard, S.B. and Park, S., 2014. Information security strategies: towards an
organizational multi-strategy perspective. Journal of Intelligent Manufacturing, 25(2),
pp.357-370.
Bahl, S. and Wali, O.P., 2014. Perceived significance of information security governance to
predict the information security service quality in software service industry: An empirical
analysis. Information Management & Computer Security, 22(1), pp.2-23.
Carcary, M., Renaud, K., McLaughlin, S. and O'Brien, C., 2016. A framework for
information security governance and management. IT Professional, 18(2), pp.22-30.
Da Veiga, A. and Martins, N., 2015. Improving the information security culture through
monitoring and implementation actions illustrated through a case study. Computers &
Security, 49, pp.162-176.
Debreceny, R.S., 2013. Research on IT governance, risk, and value: Challenges and
opportunities. Journal of Information Systems, 27(1), pp.129-135.
Flores, W.R., Antonsen, E. and Ekstedt, M., 2014. Information security knowledge sharing in
organizations: Investigating the effect of behavioral information security governance and
national culture. Computers & Security, 43, pp.90-110.
Hagmann, J., 2013. Information governance–beyond the buzz. Records Management
Journal, 23(3), pp.228-240.
Layton, T.P., 2016. Information Security: Design, implementation, measurement, and
compliance. Auerbach Publications.
Mishra, S., 2015. Organizational objectives for information security governance: a value
focused assessment. Information & Computer Security, 23(2), pp.122-144.

9
PART A REPORT
Mueller, M., Schmidt, A. and Kuerbis, B., 2013. Internet security and networked governance
in international relations. International Studies Review, 15(1), pp.86-104.
Safa, N.S., Von Solms, R. and Furnell, S., 2016. Information security policy compliance
model in organizations. Computers & Security, 56, pp.70-82.
Silic, M. and Back, A., 2014. Information security: Critical review and future directions for
research. Information Management & Computer Security, 22(3), pp.279-308.
Trautman, L.J., Triche, J. and Wetherbe, J., 2013. Corporate information technology
governance under fire. Journal of Strategic and International Studies, 8(3).
Van Eeten, M.J. and Mueller, M., 2013. Where is the governance in Internet
governance?. New Media & Society, 15(5), pp.720-736.
Whitman, M. and Mattord, H.J., 2014. Information security governance for the non-security
business executive.
Yaokumah, W. and Brown, S., 2014. An empirical examination of the relationship between
information security/business strategic alignment and information security governance
domain areas. Journal of Business Systems, Governance & Ethics, 9(2), pp.50-65.

1 out of 10

+13062052269

info@desklib.com

Information Security and Governance: Part A Report

Contribute Materials

Secure Best Marks with AI Grader

Paraphrase This Document

Secure Best Marks with AI Grader

Related Documents

Security Management and Governance

Security Management and Governance

Security Management and Governance

Information Security Management and Governance

Cyber Security CIA: Confidentiality, Integrity, and Availability

IT Risk Management: Cyber Security