This report aims to understand security management and governance for PAI. It discusses the benefits of security management, development of a security policy and plan, identification of functions and roles, and the use of COBIT model.
Contribute Materials
Your contribution can guide someone’s learning journey. Share your
documents today.
Running head: SECURITY MANAGEMENT AND GOVERNANCE Security Management and Governance Name of the Student Name of the University Author’s Note:
Secure Best Marks with AI Grader
Need help grading? Try our AI Grader for instant feedback on your assignments.
1 SECURITY MANAGEMENT AND GOVERNANCE Executive Summary The main aim of this report is to understand security management and governance for PAI. Informationssecuritymanagementmodelisextremelyimportantforknowingabout prevention of unauthorized accessing, using, disclosure, disruption and modification of information. This type of information or data could easily take up any specific form, such as physical or electronic. The primary focus of information security is to balance the security of CIA or confidentiality, integrity and availability of data. This report has clearly described about a model of InfoSec management model, COBIT or Control Objectives for Information Related Technology.
2 SECURITY MANAGEMENT AND GOVERNANCE Table of Contents Part A: Report............................................................................................................................3 1. Benefits derived from Security Management as an ongoing process and Reasons for having a Policy in PAI...........................................................................................................3 2. Development of a Security Policy and Security Management Plan for PAI.....................4 3.IdentificationofFunctions,Tasks,RolesandResponsibilitiesfortheSecurity Management Program for PAI and Roles of Different Individuals or Groups in Governance ................................................................................................................................................5 4. Identification of Model or Method for Development of Security Management Program.6 5. Discussion of Implications of Legal and Statutory Requirements and Benefits of Formal Approach................................................................................................................................7 Conclusion..................................................................................................................................8 References..................................................................................................................................9
3 SECURITY MANAGEMENT AND GOVERNANCE Part A: Report 1. Benefits derived from Security Management as an ongoing process and Reasons for having a Policy in PAI There are several important benefits that are being derived from security management as the ongoing process for PAI are as follows: i)Helps in Protecting All Forms of Technological Information: As PAI has the deal with software and artificial intelligence, it is required to protect all forms of information like present condition of business that requires AI, reason for implementation of AI systems and benefits obtained from those systems. ii)Increasing Resilience to Cyber Attacks: The ICT Security Program will be extremely effective for increasing resilience to cyber attacks (Von Solms and Van Niekerk 2013).This program can detect any type of attack on the confidential information without indulging complexities. iii)Providing Framework to Keep PAI Products and Services Secured:This type of program will beproviding an appropriate framework for keeping their products and services much secured and upgraded. iv)Reduction of Costs: PAI will not have to incur huge costs while managing security of their software information. The reasonsfor having a policy in PAI are as follows: i)Protection ofCIA of Software and Data: The confidentiality, integrity and availabilityor CIA of software and datacan be easily protected with a set of physical and technical controls and this is the first reason.Thus, development and analysis of AI products and services would be protected with this policy.
Paraphrase This Document
Need a fresh take? Get an instant paraphrase of this document with our AI Paraphraser
4 SECURITY MANAGEMENT AND GOVERNANCE ii)Ensuring Timely Resumption of Critical Business Process: Another reason is to ensure timely resumption of important business processes (Crossleret al. 2013).This is required for routine check ups of software up gradation and providing insights in a periodical manner. Hence, PAI would be able to execute the business processes effectively. iii)Improving Company Culture: ICT Security Program should be implemented for improvement of organizational culture.Since PAI develops software for their clients and mainly focuses on developing artificial intelligence system, they have to improve their company culture so that applications are being developed without any issue. 2. Development of aSecurity Policy and Security Management Plan for PAI The security policy and security management plan should be developed by PAI so that information integrity can be maintained and the regulatory and legislative requirements are fulfilled. The steps to develop a security policy and security management plan in respect to theAI products and services of PAI are as follows: i)Performing a Regulatory Review:After performing regulatory review of PAI, it is foundoutthatthisorganizationrequirestodevelopasecuritypolicyandsecurity management. ii)Specification of Governance, Responsibility and Oversight:The governance, responsibility and oversight of PAI are required to be noted. iii)Taking Asset Inventory:The assets of this organization includes AI software and other software solutions. iv)Classification of Data:There are various types of data required to be analysed in PAI and amongst them AI related data are the most vital.
5 SECURITY MANAGEMENT AND GOVERNANCE v)Evaluation of Available Security Safeguard:The available security safeguard is evaluated in this step. vi)Performing Third Party Risks Assessment:A third party risk assessment should be performed in this step. vii)Creation of an Incident Response Plan:In the seventh step, an incident response plan is to be created. viii)Training and Testing staff:Finally, the staff of PAI are required to be trained and tested for completing implementation of security management plan. Each of these steps are extremely important for making the security program effective for PAI and since they are concerned about the intellectual property, this security program will be extremely useful (Peltier 2013).Moreover, the AI products and services would also be protected in this manner. 3.IdentificationofFunctions,Tasks,RolesandResponsibilitiesfortheSecurity ManagementProgramforPAIandRolesofDifferentIndividualsor Groupsin Governance The functions, tasks, roles and responsibilities for the Security Management Program mainly include offering organization wide protection, helps in responding to the evolving security threats, acting against breaches of information and intellectual properties, business continuity planning and many more (Siponen, Mahmood and Pahnila 2014).The three levels of access controls in PAI are as follows: i)ManagementLevel:Thislevelincludesdeterrent,preventative,detective, corrective, recovery and compensating. Each of these categories involve policies, registration processes, periodic violation report reviews, employees or account termination, disaster recovery plan and separation of duties.
6 SECURITY MANAGEMENT AND GOVERNANCE ii)Operational Level: Each of six above mentioned categories involve warning signs, gates, fences and guard, CCTVs, fire suppression system, disaster recovery plan and defence in depth respectively (Peltier 2016). iii)Technical Level:Each of these six categories involve warning barriers, login systems, log monitors and IDPS, forensics processes, data backups and key logging and keystroke monitoring respectively. 4.IdentificationofModelorMethodforDevelopmentofSecurityManagement Program A basic model that can make the security program much more effective and efficient for PAI in respect to the others is COBIT (Control Objectives for Information and Related Technology) as follows: i)Meeting Stakeholder Needs: The first step is to meet the needs of stakeholders. For this purpose, the importance of information security in PAI is to be developed. Since, they are concerned about intellectual properties, a proper identification of risks is required. When stakeholders’ needs would be understood, it would be easier for them to learn about gaps and challenges. ii)Covering Enterprise End to End: In this step, the end to end enterprise would be covered effectively (Rhodes-Ousley 2013). iii)Application of a Single Integrated Framework: In the third step, there would be an application of a single integrated framework so that PAI is able to understand the risks in their systems. iv)Enabling Holistic Approach: A holistic approach should be enabled in this fourth step, thus any type of social factor in PAI is considered.
Secure Best Marks with AI Grader
Need help grading? Try our AI Grader for instant feedback on your assignments.
7 SECURITY MANAGEMENT AND GOVERNANCE v)Separation of Governance and Management: The governance and management should be separated in the final step to ensure that security and privacy of data is maintained. This model has been selected since loss of illegal copies of source code and associated documentation is the major requirement forPAI (Safa, Von Solms and Furnell 2016). The velocity and complexity of threat organizations were facing attack trends for determining effective mitigations. 5. Discussion of Implications of Legal and Statutory Requirements and Benefits of Formal Approach The laws that are appropriate for PAI to secure their intellectual properties and applications are as follows: i)Privacy Act 2018: With this act, intellectual properties of PAI would be secured (D'Arcy, Herath and Shoss 2014). ii)Security of Critical Infrastructure Act 2018: The infrastructure of PAI is required to be protected for better results and this act ensures security of infrastructure. iii)Corporations Act 2001: The employees will follow work culture and rules with this act. iv)Privacy and Data Protection Act 2014: The confidential data and information would be secured with this act in PAI. Since, the estimated value of this knowledge is apparently 3 million dollars and information is being kept as trade secrets, in which the end products and source code will be protected by the copyright laws. The most important benefits that the formal approach would be bringing include securing informationregardingintellectualproperties,providing a centrally managed frameworks, protecting CIA of data and many more.
8 SECURITY MANAGEMENT AND GOVERNANCE Conclusion Therefore, conclusion can be drawn that PAI or Power AI being a significant software organization that mainly provides artificial intelligence systems for controlling power uses, generation and even storage within several environments. Unique solutions are developed by them and hence protection of the applications is quite vital for them. For this purpose, they have contacted one of the most popular consulting services, SSS or Secure Security Services for providing a unique framework, which would be effective for their security and protection of data. The above provided report has clearly outlined an appropriate security framework or policy that can ensure better information security.
9 SECURITY MANAGEMENT AND GOVERNANCE References Crossler, R.E., Johnston, A.C., Lowry, P.B., Hu, Q., Warkentin, M. and Baskerville, R., 2013.Futuredirectionsforbehavioralinformationsecurityresearch.computers& security,32, pp.90-101. D'Arcy, J., Herath, T. and Shoss, M.K., 2014. Understanding employee responses to stressful informationsecurityrequirements:Acopingperspective.JournalofManagement Information Systems,31(2), pp.285-318. Peltier, T.R., 2013.Information security fundamentals. CRC press. Peltier, T.R., 2016.Information Security Policies, Procedures, and Standards: guidelines for effective information security management. Auerbach Publications. Rhodes-Ousley,M.,2013.Informationsecurity:thecompletereference.McGrawHill Education. Safa, N.S., Von Solms, R. and Furnell, S., 2016. Information security policy compliance model in organizations.Computers & Security,56, pp.70-82. Siponen, M., Mahmood, M.A. and Pahnila, S., 2014. Employees’ adherence to information security policies: An exploratory field study.Information & management,51(2), pp.217-224. VonSolms,R.andVanNiekerk,J.,2013.Frominformationsecuritytocyber security.computers & security,38, pp.97-102.