Security Management and Governance
VerifiedAdded on  2023/01/13
|10
|2029
|100
AI Summary
This report aims to understand security management and governance for PAI. It discusses the benefits of security management, development of a security policy and plan, identification of functions and roles, and the use of COBIT model.
Contribute Materials
Your contribution can guide someone’s learning journey. Share your
documents today.
Running head: SECURITY MANAGEMENT AND GOVERNANCE
Security Management and Governance
Name of the Student
Name of the University
Author’s Note:
Security Management and Governance
Name of the Student
Name of the University
Author’s Note:
Secure Best Marks with AI Grader
Need help grading? Try our AI Grader for instant feedback on your assignments.
1
SECURITY MANAGEMENT AND GOVERNANCE
Executive Summary
The main aim of this report is to understand security management and governance for PAI.
Informations security management model is extremely important for knowing about
prevention of unauthorized accessing, using, disclosure, disruption and modification of
information. This type of information or data could easily take up any specific form, such as
physical or electronic. The primary focus of information security is to balance the security of
CIA or confidentiality, integrity and availability of data. This report has clearly described
about a model of InfoSec management model, COBIT or Control Objectives for Information
Related Technology.
SECURITY MANAGEMENT AND GOVERNANCE
Executive Summary
The main aim of this report is to understand security management and governance for PAI.
Informations security management model is extremely important for knowing about
prevention of unauthorized accessing, using, disclosure, disruption and modification of
information. This type of information or data could easily take up any specific form, such as
physical or electronic. The primary focus of information security is to balance the security of
CIA or confidentiality, integrity and availability of data. This report has clearly described
about a model of InfoSec management model, COBIT or Control Objectives for Information
Related Technology.
2
SECURITY MANAGEMENT AND GOVERNANCE
Table of Contents
Part A: Report............................................................................................................................3
1. Benefits derived from Security Management as an ongoing process and Reasons for
having a Policy in PAI...........................................................................................................3
2. Development of a Security Policy and Security Management Plan for PAI.....................4
3. Identification of Functions, Tasks, Roles and Responsibilities for the Security
Management Program for PAI and Roles of Different Individuals or Groups in Governance
................................................................................................................................................5
4. Identification of Model or Method for Development of Security Management Program. 6
5. Discussion of Implications of Legal and Statutory Requirements and Benefits of Formal
Approach................................................................................................................................7
Conclusion..................................................................................................................................8
References..................................................................................................................................9
SECURITY MANAGEMENT AND GOVERNANCE
Table of Contents
Part A: Report............................................................................................................................3
1. Benefits derived from Security Management as an ongoing process and Reasons for
having a Policy in PAI...........................................................................................................3
2. Development of a Security Policy and Security Management Plan for PAI.....................4
3. Identification of Functions, Tasks, Roles and Responsibilities for the Security
Management Program for PAI and Roles of Different Individuals or Groups in Governance
................................................................................................................................................5
4. Identification of Model or Method for Development of Security Management Program. 6
5. Discussion of Implications of Legal and Statutory Requirements and Benefits of Formal
Approach................................................................................................................................7
Conclusion..................................................................................................................................8
References..................................................................................................................................9
3
SECURITY MANAGEMENT AND GOVERNANCE
Part A: Report
1. Benefits derived from Security Management as an ongoing process and Reasons for
having a Policy in PAI
There are several important benefits that are being derived from security management
as the ongoing process for PAI are as follows:
i) Helps in Protecting All Forms of Technological Information: As PAI has the deal
with software and artificial intelligence, it is required to protect all forms of information like
present condition of business that requires AI, reason for implementation of AI systems and
benefits obtained from those systems.
ii) Increasing Resilience to Cyber Attacks: The ICT Security Program will be
extremely effective for increasing resilience to cyber attacks (Von Solms and Van Niekerk
2013). This program can detect any type of attack on the confidential information without
indulging complexities.
iii) Providing Framework to Keep PAI Products and Services Secured: This type of
program will be providing an appropriate framework for keeping their products and services
much secured and upgraded.
iv) Reduction of Costs: PAI will not have to incur huge costs while managing security
of their software information.
The reasons for having a policy in PAI are as follows:
i) Protection of CIA of Software and Data: The confidentiality, integrity and
availability or CIA of software and data can be easily protected with a set of physical and
technical controls and this is the first reason. Thus, development and analysis of AI products
and services would be protected with this policy.
SECURITY MANAGEMENT AND GOVERNANCE
Part A: Report
1. Benefits derived from Security Management as an ongoing process and Reasons for
having a Policy in PAI
There are several important benefits that are being derived from security management
as the ongoing process for PAI are as follows:
i) Helps in Protecting All Forms of Technological Information: As PAI has the deal
with software and artificial intelligence, it is required to protect all forms of information like
present condition of business that requires AI, reason for implementation of AI systems and
benefits obtained from those systems.
ii) Increasing Resilience to Cyber Attacks: The ICT Security Program will be
extremely effective for increasing resilience to cyber attacks (Von Solms and Van Niekerk
2013). This program can detect any type of attack on the confidential information without
indulging complexities.
iii) Providing Framework to Keep PAI Products and Services Secured: This type of
program will be providing an appropriate framework for keeping their products and services
much secured and upgraded.
iv) Reduction of Costs: PAI will not have to incur huge costs while managing security
of their software information.
The reasons for having a policy in PAI are as follows:
i) Protection of CIA of Software and Data: The confidentiality, integrity and
availability or CIA of software and data can be easily protected with a set of physical and
technical controls and this is the first reason. Thus, development and analysis of AI products
and services would be protected with this policy.
Paraphrase This Document
Need a fresh take? Get an instant paraphrase of this document with our AI Paraphraser
4
SECURITY MANAGEMENT AND GOVERNANCE
ii) Ensuring Timely Resumption of Critical Business Process: Another reason is to
ensure timely resumption of important business processes (Crossler et al. 2013). This is
required for routine check ups of software up gradation and providing insights in a periodical
manner. Hence, PAI would be able to execute the business processes effectively.
iii) Improving Company Culture: ICT Security Program should be implemented for
improvement of organizational culture. Since PAI develops software for their clients and
mainly focuses on developing artificial intelligence system, they have to improve their
company culture so that applications are being developed without any issue.
2. Development of a Security Policy and Security Management Plan for PAI
The security policy and security management plan should be developed by PAI so
that information integrity can be maintained and the regulatory and legislative requirements
are fulfilled. The steps to develop a security policy and security management plan in respect
to the AI products and services of PAI are as follows:
i) Performing a Regulatory Review: After performing regulatory review of PAI, it is
found out that this organization requires to develop a security policy and security
management.
ii) Specification of Governance, Responsibility and Oversight: The governance,
responsibility and oversight of PAI are required to be noted.
iii) Taking Asset Inventory: The assets of this organization includes AI software and
other software solutions.
iv) Classification of Data: There are various types of data required to be analysed in
PAI and amongst them AI related data are the most vital.
SECURITY MANAGEMENT AND GOVERNANCE
ii) Ensuring Timely Resumption of Critical Business Process: Another reason is to
ensure timely resumption of important business processes (Crossler et al. 2013). This is
required for routine check ups of software up gradation and providing insights in a periodical
manner. Hence, PAI would be able to execute the business processes effectively.
iii) Improving Company Culture: ICT Security Program should be implemented for
improvement of organizational culture. Since PAI develops software for their clients and
mainly focuses on developing artificial intelligence system, they have to improve their
company culture so that applications are being developed without any issue.
2. Development of a Security Policy and Security Management Plan for PAI
The security policy and security management plan should be developed by PAI so
that information integrity can be maintained and the regulatory and legislative requirements
are fulfilled. The steps to develop a security policy and security management plan in respect
to the AI products and services of PAI are as follows:
i) Performing a Regulatory Review: After performing regulatory review of PAI, it is
found out that this organization requires to develop a security policy and security
management.
ii) Specification of Governance, Responsibility and Oversight: The governance,
responsibility and oversight of PAI are required to be noted.
iii) Taking Asset Inventory: The assets of this organization includes AI software and
other software solutions.
iv) Classification of Data: There are various types of data required to be analysed in
PAI and amongst them AI related data are the most vital.
5
SECURITY MANAGEMENT AND GOVERNANCE
v) Evaluation of Available Security Safeguard: The available security safeguard is
evaluated in this step.
vi) Performing Third Party Risks Assessment: A third party risk assessment should
be performed in this step.
vii) Creation of an Incident Response Plan: In the seventh step, an incident response
plan is to be created.
viii) Training and Testing staff: Finally, the staff of PAI are required to be trained
and tested for completing implementation of security management plan.
Each of these steps are extremely important for making the security program effective
for PAI and since they are concerned about the intellectual property, this security program
will be extremely useful (Peltier 2013). Moreover, the AI products and services would also be
protected in this manner.
3. Identification of Functions, Tasks, Roles and Responsibilities for the Security
Management Program for PAI and Roles of Different Individuals or Groups in
Governance
The functions, tasks, roles and responsibilities for the Security Management Program
mainly include offering organization wide protection, helps in responding to the evolving
security threats, acting against breaches of information and intellectual properties, business
continuity planning and many more (Siponen, Mahmood and Pahnila 2014). The three levels
of access controls in PAI are as follows:
i) Management Level: This level includes deterrent, preventative, detective,
corrective, recovery and compensating. Each of these categories involve policies, registration
processes, periodic violation report reviews, employees or account termination, disaster
recovery plan and separation of duties.
SECURITY MANAGEMENT AND GOVERNANCE
v) Evaluation of Available Security Safeguard: The available security safeguard is
evaluated in this step.
vi) Performing Third Party Risks Assessment: A third party risk assessment should
be performed in this step.
vii) Creation of an Incident Response Plan: In the seventh step, an incident response
plan is to be created.
viii) Training and Testing staff: Finally, the staff of PAI are required to be trained
and tested for completing implementation of security management plan.
Each of these steps are extremely important for making the security program effective
for PAI and since they are concerned about the intellectual property, this security program
will be extremely useful (Peltier 2013). Moreover, the AI products and services would also be
protected in this manner.
3. Identification of Functions, Tasks, Roles and Responsibilities for the Security
Management Program for PAI and Roles of Different Individuals or Groups in
Governance
The functions, tasks, roles and responsibilities for the Security Management Program
mainly include offering organization wide protection, helps in responding to the evolving
security threats, acting against breaches of information and intellectual properties, business
continuity planning and many more (Siponen, Mahmood and Pahnila 2014). The three levels
of access controls in PAI are as follows:
i) Management Level: This level includes deterrent, preventative, detective,
corrective, recovery and compensating. Each of these categories involve policies, registration
processes, periodic violation report reviews, employees or account termination, disaster
recovery plan and separation of duties.
6
SECURITY MANAGEMENT AND GOVERNANCE
ii) Operational Level: Each of six above mentioned categories involve warning signs,
gates, fences and guard, CCTVs, fire suppression system, disaster recovery plan and defence
in depth respectively (Peltier 2016).
iii) Technical Level: Each of these six categories involve warning barriers, login
systems, log monitors and IDPS, forensics processes, data backups and key logging and
keystroke monitoring respectively.
4. Identification of Model or Method for Development of Security Management
Program
A basic model that can make the security program much more effective and efficient
for PAI in respect to the others is COBIT (Control Objectives for Information and Related
Technology) as follows:
i) Meeting Stakeholder Needs: The first step is to meet the needs of stakeholders. For
this purpose, the importance of information security in PAI is to be developed. Since, they are
concerned about intellectual properties, a proper identification of risks is required. When
stakeholders’ needs would be understood, it would be easier for them to learn about gaps and
challenges.
ii) Covering Enterprise End to End: In this step, the end to end enterprise would be
covered effectively (Rhodes-Ousley 2013).
iii) Application of a Single Integrated Framework: In the third step, there would be
an application of a single integrated framework so that PAI is able to understand the risks in
their systems.
iv) Enabling Holistic Approach: A holistic approach should be enabled in this fourth
step, thus any type of social factor in PAI is considered.
SECURITY MANAGEMENT AND GOVERNANCE
ii) Operational Level: Each of six above mentioned categories involve warning signs,
gates, fences and guard, CCTVs, fire suppression system, disaster recovery plan and defence
in depth respectively (Peltier 2016).
iii) Technical Level: Each of these six categories involve warning barriers, login
systems, log monitors and IDPS, forensics processes, data backups and key logging and
keystroke monitoring respectively.
4. Identification of Model or Method for Development of Security Management
Program
A basic model that can make the security program much more effective and efficient
for PAI in respect to the others is COBIT (Control Objectives for Information and Related
Technology) as follows:
i) Meeting Stakeholder Needs: The first step is to meet the needs of stakeholders. For
this purpose, the importance of information security in PAI is to be developed. Since, they are
concerned about intellectual properties, a proper identification of risks is required. When
stakeholders’ needs would be understood, it would be easier for them to learn about gaps and
challenges.
ii) Covering Enterprise End to End: In this step, the end to end enterprise would be
covered effectively (Rhodes-Ousley 2013).
iii) Application of a Single Integrated Framework: In the third step, there would be
an application of a single integrated framework so that PAI is able to understand the risks in
their systems.
iv) Enabling Holistic Approach: A holistic approach should be enabled in this fourth
step, thus any type of social factor in PAI is considered.
Secure Best Marks with AI Grader
Need help grading? Try our AI Grader for instant feedback on your assignments.
7
SECURITY MANAGEMENT AND GOVERNANCE
v) Separation of Governance and Management: The governance and management
should be separated in the final step to ensure that security and privacy of data is maintained.
This model has been selected since loss of illegal copies of source code and associated
documentation is the major requirement for PAI (Safa, Von Solms and Furnell 2016). The
velocity and complexity of threat organizations were facing attack trends for determining
effective mitigations.
5. Discussion of Implications of Legal and Statutory Requirements and Benefits of
Formal Approach
The laws that are appropriate for PAI to secure their intellectual properties and
applications are as follows:
i) Privacy Act 2018: With this act, intellectual properties of PAI would be secured
(D'Arcy, Herath and Shoss 2014).
ii) Security of Critical Infrastructure Act 2018: The infrastructure of PAI is required
to be protected for better results and this act ensures security of infrastructure.
iii) Corporations Act 2001: The employees will follow work culture and rules with
this act.
iv) Privacy and Data Protection Act 2014: The confidential data and information
would be secured with this act in PAI.
Since, the estimated value of this knowledge is apparently 3 million dollars and
information is being kept as trade secrets, in which the end products and source code will be
protected by the copyright laws. The most important benefits that the formal approach would
be bringing include securing information regarding intellectual properties, providing a
centrally managed frameworks, protecting CIA of data and many more.
SECURITY MANAGEMENT AND GOVERNANCE
v) Separation of Governance and Management: The governance and management
should be separated in the final step to ensure that security and privacy of data is maintained.
This model has been selected since loss of illegal copies of source code and associated
documentation is the major requirement for PAI (Safa, Von Solms and Furnell 2016). The
velocity and complexity of threat organizations were facing attack trends for determining
effective mitigations.
5. Discussion of Implications of Legal and Statutory Requirements and Benefits of
Formal Approach
The laws that are appropriate for PAI to secure their intellectual properties and
applications are as follows:
i) Privacy Act 2018: With this act, intellectual properties of PAI would be secured
(D'Arcy, Herath and Shoss 2014).
ii) Security of Critical Infrastructure Act 2018: The infrastructure of PAI is required
to be protected for better results and this act ensures security of infrastructure.
iii) Corporations Act 2001: The employees will follow work culture and rules with
this act.
iv) Privacy and Data Protection Act 2014: The confidential data and information
would be secured with this act in PAI.
Since, the estimated value of this knowledge is apparently 3 million dollars and
information is being kept as trade secrets, in which the end products and source code will be
protected by the copyright laws. The most important benefits that the formal approach would
be bringing include securing information regarding intellectual properties, providing a
centrally managed frameworks, protecting CIA of data and many more.
8
SECURITY MANAGEMENT AND GOVERNANCE
Conclusion
Therefore, conclusion can be drawn that PAI or Power AI being a significant software
organization that mainly provides artificial intelligence systems for controlling power uses,
generation and even storage within several environments. Unique solutions are developed by
them and hence protection of the applications is quite vital for them. For this purpose, they
have contacted one of the most popular consulting services, SSS or Secure Security Services
for providing a unique framework, which would be effective for their security and protection
of data. The above provided report has clearly outlined an appropriate security framework or
policy that can ensure better information security.
SECURITY MANAGEMENT AND GOVERNANCE
Conclusion
Therefore, conclusion can be drawn that PAI or Power AI being a significant software
organization that mainly provides artificial intelligence systems for controlling power uses,
generation and even storage within several environments. Unique solutions are developed by
them and hence protection of the applications is quite vital for them. For this purpose, they
have contacted one of the most popular consulting services, SSS or Secure Security Services
for providing a unique framework, which would be effective for their security and protection
of data. The above provided report has clearly outlined an appropriate security framework or
policy that can ensure better information security.
9
SECURITY MANAGEMENT AND GOVERNANCE
References
Crossler, R.E., Johnston, A.C., Lowry, P.B., Hu, Q., Warkentin, M. and Baskerville, R.,
2013. Future directions for behavioral information security research. computers &
security, 32, pp.90-101.
D'Arcy, J., Herath, T. and Shoss, M.K., 2014. Understanding employee responses to stressful
information security requirements: A coping perspective. Journal of Management
Information Systems, 31(2), pp.285-318.
Peltier, T.R., 2013. Information security fundamentals. CRC press.
Peltier, T.R., 2016. Information Security Policies, Procedures, and Standards: guidelines for
effective information security management. Auerbach Publications.
Rhodes-Ousley, M., 2013. Information security: the complete reference. McGraw Hill
Education.
Safa, N.S., Von Solms, R. and Furnell, S., 2016. Information security policy compliance
model in organizations. Computers & Security, 56, pp.70-82.
Siponen, M., Mahmood, M.A. and Pahnila, S., 2014. Employees’ adherence to information
security policies: An exploratory field study. Information & management, 51(2), pp.217-224.
Von Solms, R. and Van Niekerk, J., 2013. From information security to cyber
security. computers & security, 38, pp.97-102.
SECURITY MANAGEMENT AND GOVERNANCE
References
Crossler, R.E., Johnston, A.C., Lowry, P.B., Hu, Q., Warkentin, M. and Baskerville, R.,
2013. Future directions for behavioral information security research. computers &
security, 32, pp.90-101.
D'Arcy, J., Herath, T. and Shoss, M.K., 2014. Understanding employee responses to stressful
information security requirements: A coping perspective. Journal of Management
Information Systems, 31(2), pp.285-318.
Peltier, T.R., 2013. Information security fundamentals. CRC press.
Peltier, T.R., 2016. Information Security Policies, Procedures, and Standards: guidelines for
effective information security management. Auerbach Publications.
Rhodes-Ousley, M., 2013. Information security: the complete reference. McGraw Hill
Education.
Safa, N.S., Von Solms, R. and Furnell, S., 2016. Information security policy compliance
model in organizations. Computers & Security, 56, pp.70-82.
Siponen, M., Mahmood, M.A. and Pahnila, S., 2014. Employees’ adherence to information
security policies: An exploratory field study. Information & management, 51(2), pp.217-224.
Von Solms, R. and Van Niekerk, J., 2013. From information security to cyber
security. computers & security, 38, pp.97-102.
1 out of 10
Related Documents
Your All-in-One AI-Powered Toolkit for Academic Success.
 +13062052269
info@desklib.com
Available 24*7 on WhatsApp / Email
Unlock your academic potential
© 2024  |  Zucol Services PVT LTD  |  All rights reserved.