BIT361 Security Management & Governance: Young Minds Secondary College
VerifiedAdded on  2023/06/11
|13
|2774
|243
Report
AI Summary
This report provides a comprehensive analysis of security management and governance at Young Minds Secondary College (YMSC), a private Australian secondary school experiencing rapid growth. The report outlines the importance of securing company values, developing a robust security policy, and identifying potential threats, vulnerabilities, and attacks. It emphasizes the implications of legal and statutory requirements and highlights the benefits of a risk management plan, including treating and minimizing risks, fostering risk awareness, enabling proper business strategies, saving costs and time, and uncovering new opportunities. The report also underscores the significance of contingency planning, risk analysis, and cost-benefit analysis for the college's success, along with the benefits of security management, such as securing information, increasing resilience to cyber attacks, providing a centrally managed framework, offering protection, and reducing expenses. The conclusion emphasizes the importance of information security management for protecting assets against misuse, damages, and losses, and the role of security management and governance in mitigating risks effectively.
Running head: INFORMATION SECURITY MANAGEMENT
Security Management and Governance
Name of the Student
Name of the University
Author’s Note:
Security Management and Governance
Name of the Student
Name of the University
Author’s Note:
Paraphrase This Document
Need a fresh take? Get an instant paraphrase of this document with our AI Paraphraser
1
INFORMATION SECURITY MANAGEMENT
Executive Summary
The main purpose of this report is to understand the entire concept of security management
and governance in the organization of Young Minds Secondary College. This particular
college is subsequently concerned about the information system and information security
within their business. Various risks or threats are possible for this organization. They have
decided for a proper risk management plan and cost benefit analysis within the organization.
There are several advantages of this risk management plan and security management. This
report has properly explained all of these subsequently.
INFORMATION SECURITY MANAGEMENT
Executive Summary
The main purpose of this report is to understand the entire concept of security management
and governance in the organization of Young Minds Secondary College. This particular
college is subsequently concerned about the information system and information security
within their business. Various risks or threats are possible for this organization. They have
decided for a proper risk management plan and cost benefit analysis within the organization.
There are several advantages of this risk management plan and security management. This
report has properly explained all of these subsequently.
2
INFORMATION SECURITY MANAGEMENT
Table of Contents
Introduction................................................................................................................................3
Discussion..................................................................................................................................3
1. Securing Company Values.................................................................................................3
2. Development of Security Policy and Methodology...........................................................4
3. Threats, Vulnerabilities and Attacks for YMSC................................................................5
4. Implications of Legal and Statutory Requirements and the Benefits of Approach............7
5. Benefits of a Risk Management Plan and Importance of Contingency Planning..............7
6. Benefits of Security Management......................................................................................9
Conclusion..................................................................................................................................9
References................................................................................................................................11
INFORMATION SECURITY MANAGEMENT
Table of Contents
Introduction................................................................................................................................3
Discussion..................................................................................................................................3
1. Securing Company Values.................................................................................................3
2. Development of Security Policy and Methodology...........................................................4
3. Threats, Vulnerabilities and Attacks for YMSC................................................................5
4. Implications of Legal and Statutory Requirements and the Benefits of Approach............7
5. Benefits of a Risk Management Plan and Importance of Contingency Planning..............7
6. Benefits of Security Management......................................................................................9
Conclusion..................................................................................................................................9
References................................................................................................................................11
⊘ This is a preview!⊘
Do you want full access?
Subscribe today to unlock all pages.
Trusted by 1+ million students worldwide
3
INFORMATION SECURITY MANAGEMENT
Introduction
Information security management is the specific set of procedures or policies for the
systematic management of the organizational confidential and sensitive data or information
(Crossler et al. 2013). The most significant goal or objective of this information security
management is to reduce the overall risk or threat and to ensure the business continuity by
means of proactive limitation of the impact of any security breach. The information security
management eventually addresses the several processes and data or technology. This could be
targeted towards a specific type of data or information and could be also implemented within
the comprehensive way for becoming the major part of the company (Peltier 2013). The
proper risk management plan, internal audits and many more are the core parts of the
information security management. It is considered as the most important for all organizations.
The following report outlines a brief discussion on the entire concept of information
security management as well as security management and governance for the Young Minds
Secondary College. It is a private Australian secondary school, which is operating for various
years for the development of innovative programs for their students. This report will be
explaining all the significant details regarding importance and implementation of security
management within the organization of Young Minds Secondary College.
Discussion
1. Securing Company Values
The operating principles or philosophies, which guide the internal conduct as well as
the relation with every customer, shareholder or partners, are termed as the company or
corporate values of any specific organization (Von Solms and Van Niekerk 2013). There are
various company values of any organization and all of these are summarized within the
INFORMATION SECURITY MANAGEMENT
Introduction
Information security management is the specific set of procedures or policies for the
systematic management of the organizational confidential and sensitive data or information
(Crossler et al. 2013). The most significant goal or objective of this information security
management is to reduce the overall risk or threat and to ensure the business continuity by
means of proactive limitation of the impact of any security breach. The information security
management eventually addresses the several processes and data or technology. This could be
targeted towards a specific type of data or information and could be also implemented within
the comprehensive way for becoming the major part of the company (Peltier 2013). The
proper risk management plan, internal audits and many more are the core parts of the
information security management. It is considered as the most important for all organizations.
The following report outlines a brief discussion on the entire concept of information
security management as well as security management and governance for the Young Minds
Secondary College. It is a private Australian secondary school, which is operating for various
years for the development of innovative programs for their students. This report will be
explaining all the significant details regarding importance and implementation of security
management within the organization of Young Minds Secondary College.
Discussion
1. Securing Company Values
The operating principles or philosophies, which guide the internal conduct as well as
the relation with every customer, shareholder or partners, are termed as the company or
corporate values of any specific organization (Von Solms and Van Niekerk 2013). There are
various company values of any organization and all of these are summarized within the
Paraphrase This Document
Need a fresh take? Get an instant paraphrase of this document with our AI Paraphraser
4
INFORMATION SECURITY MANAGEMENT
mission statement. The major corporate values of the Young Minds Secondary College are
given below:
i) Reliability
ii) Loyalty
iii) Commitment
iv) Efficiency
v) Honesty
vi) Integrity.
All the above mentioned company values are extremely important for this particular
college to maintain their organizational goals and objectives. All these company values could
be maintained with the help of a risk management plan (Siponen, Mahmood and Pahnila
2014). This specific plan would subsequently maintain these company values and it is a fit for
this approach as the impact of opportunities are solely increased with this.
Risk management plan and cost benefit analysis have importance in governance as
well. It would be helpful in governing the organization properly and effectively. The control
will be enhanced and the entire process of governing the college would be done by reducing
the impact of negative risks in the college.
2. Development of Security Policy and Methodology
The security policy should be developed properly for Young Minds Secondary
College. The rules or guidelines for the expected behaviour by various users or systems are
set by this policy (Yang, Shieh and Tzeng 2013). The security personnel are managed
INFORMATION SECURITY MANAGEMENT
mission statement. The major corporate values of the Young Minds Secondary College are
given below:
i) Reliability
ii) Loyalty
iii) Commitment
iv) Efficiency
v) Honesty
vi) Integrity.
All the above mentioned company values are extremely important for this particular
college to maintain their organizational goals and objectives. All these company values could
be maintained with the help of a risk management plan (Siponen, Mahmood and Pahnila
2014). This specific plan would subsequently maintain these company values and it is a fit for
this approach as the impact of opportunities are solely increased with this.
Risk management plan and cost benefit analysis have importance in governance as
well. It would be helpful in governing the organization properly and effectively. The control
will be enhanced and the entire process of governing the college would be done by reducing
the impact of negative risks in the college.
2. Development of Security Policy and Methodology
The security policy should be developed properly for Young Minds Secondary
College. The rules or guidelines for the expected behaviour by various users or systems are
set by this policy (Yang, Shieh and Tzeng 2013). The security personnel are managed
5
INFORMATION SECURITY MANAGEMENT
properly here. The significant methodology for developing a security policy within this
college is the implementation of information security system.
3. Threats, Vulnerabilities and Attacks for YMSC
Young Minds Secondary College or YMSC is vulnerable to various risks or
vulnerabilities and all these vulnerabilities turn out to be extremely dangerous for this
particular college (Xu et al. 2014). These risks are mainly for the information security of the
Young Minds Secondary College. All these risks could be controlled with the approach of
risk management plan and cost benefit analysis. The most significant risks to the information
security of this college are given below:
i) Social Engineering: The first and the foremost risk to the information security is
social engineering. It is the significant activity to manipulate people for performing various
actions to divulge the confidential data or information for the malicious purposes. The most
basic example of the social engineering technique is phishing (Peltier 2016). It is the attempt
for obtaining the sensitive information like passwords or usernames by simply acting as the
most trustworthy entity within any electronic communication device.
ii) Disclosing Confidential Information: The second important and significant risk to
the information security is the disclosure of confidential information. The confidential or
sensitive information should be properly preserved with the only motive to secure the data
properly and perfectly (Cherdantseva and Hilton 2013). If this data is disclosed in any
manner, this type of activity can be dangerous for the organization and thus the disclosure of
this information can turn out to be extremely vulnerable for this college.
iii) Access to the Network by Unauthorized Persons: The next important risk or
threat to the information security is the access to the network by any unauthorized person or
INFORMATION SECURITY MANAGEMENT
properly here. The significant methodology for developing a security policy within this
college is the implementation of information security system.
3. Threats, Vulnerabilities and Attacks for YMSC
Young Minds Secondary College or YMSC is vulnerable to various risks or
vulnerabilities and all these vulnerabilities turn out to be extremely dangerous for this
particular college (Xu et al. 2014). These risks are mainly for the information security of the
Young Minds Secondary College. All these risks could be controlled with the approach of
risk management plan and cost benefit analysis. The most significant risks to the information
security of this college are given below:
i) Social Engineering: The first and the foremost risk to the information security is
social engineering. It is the significant activity to manipulate people for performing various
actions to divulge the confidential data or information for the malicious purposes. The most
basic example of the social engineering technique is phishing (Peltier 2016). It is the attempt
for obtaining the sensitive information like passwords or usernames by simply acting as the
most trustworthy entity within any electronic communication device.
ii) Disclosing Confidential Information: The second important and significant risk to
the information security is the disclosure of confidential information. The confidential or
sensitive information should be properly preserved with the only motive to secure the data
properly and perfectly (Cherdantseva and Hilton 2013). If this data is disclosed in any
manner, this type of activity can be dangerous for the organization and thus the disclosure of
this information can turn out to be extremely vulnerable for this college.
iii) Access to the Network by Unauthorized Persons: The next important risk or
threat to the information security is the access to the network by any unauthorized person or
⊘ This is a preview!⊘
Do you want full access?
Subscribe today to unlock all pages.
Trusted by 1+ million students worldwide
6
INFORMATION SECURITY MANAGEMENT
individual. The access to the network of this college should be restricted properly for
avoiding any type of vulnerability to enter within the information system.
iv) Maintenance Errors: Another important risk is the maintenance errors. All the
wrong data or errors should be checked properly and this can only be done by proper
maintenance (Andress 2014). The maintenance errors can turn out to be extremely dangerous
for this college and hence should be mitigated within time.
v) Theft of Hardware: Stealing of hardware is yet another important security risk for
the Young Minds Secondary College information system. If this hardware is stolen at any
point, it could be extremely dangerous for the college as they will not be able to perform any
operation.
vi) Malfunctions of Equipments: If the equipments does not work properly and
malfunctions, the information system of the college could be in danger (Von Solms and Van
Niekerk 2013). This type of issue is thus extremely vulnerable for this particular college.
vii) Human as well as Natural Disasters: Various natural disasters like volcanoes,
earthquakes and storms are termed as the most dangerous for this college and these disasters
could not be controlled or managed. Moreover, the human errors can also occur for this
college (Sommestad et al. 2014). All the human errors can either be intentional or
unintentional.
viii) Destruction of Records: The record destruction is another important and
significant risk for the information system of the Young Minds Secondary College. This type
of destruction of records thus is extremely important for the organization.
However, with the presence of the risk management plan, all of the above mentioned
risks could be easily managed.
INFORMATION SECURITY MANAGEMENT
individual. The access to the network of this college should be restricted properly for
avoiding any type of vulnerability to enter within the information system.
iv) Maintenance Errors: Another important risk is the maintenance errors. All the
wrong data or errors should be checked properly and this can only be done by proper
maintenance (Andress 2014). The maintenance errors can turn out to be extremely dangerous
for this college and hence should be mitigated within time.
v) Theft of Hardware: Stealing of hardware is yet another important security risk for
the Young Minds Secondary College information system. If this hardware is stolen at any
point, it could be extremely dangerous for the college as they will not be able to perform any
operation.
vi) Malfunctions of Equipments: If the equipments does not work properly and
malfunctions, the information system of the college could be in danger (Von Solms and Van
Niekerk 2013). This type of issue is thus extremely vulnerable for this particular college.
vii) Human as well as Natural Disasters: Various natural disasters like volcanoes,
earthquakes and storms are termed as the most dangerous for this college and these disasters
could not be controlled or managed. Moreover, the human errors can also occur for this
college (Sommestad et al. 2014). All the human errors can either be intentional or
unintentional.
viii) Destruction of Records: The record destruction is another important and
significant risk for the information system of the Young Minds Secondary College. This type
of destruction of records thus is extremely important for the organization.
However, with the presence of the risk management plan, all of the above mentioned
risks could be easily managed.
Paraphrase This Document
Need a fresh take? Get an instant paraphrase of this document with our AI Paraphraser
7
INFORMATION SECURITY MANAGEMENT
4. Implications of Legal and Statutory Requirements and the Benefits of Approach
The legal and the statutory requirements have some of the major implications on the
Young Minds Secondary College. Both of these requirements are required by law. All of
these are non-negotiable and should be complied properly. If it is not complied properly,
these requirements could lead to penalty or fine (Disterer 2013). Hence failure is mandatory.
The risk management plan comprises of several benefits and all of them are required for the
business. Thus, the selected approach of risk management and contingency planning are
required for the business.
5. Benefits of a Risk Management Plan and Importance of Contingency Planning
The risk management plan approach for the organization of Young Minds Secondary
College comprises of several important and significant benefits or advantages. The most
significant advantages of the risk management plan for this particular organization are given
below:
i) Treating of Risks: The first and the foremost advantage of the risk management
plan for the organization of Young Minds Secondary College is that it helps to treat the
various threats or risks properly (Lam 2014). These risks could be treated easily and hence it
is a significant approach for them.
ii) Minimization of Risks: The risk minimization is another important advantage of
the organization of Young Minds Secondary College. This approach is perfect for the
organization as this would be solely minimizing the risks to a greater extent (McNeil, Frey
and Embrechts 2015). These risks are eventually handled within the provided assessment
plans.
INFORMATION SECURITY MANAGEMENT
4. Implications of Legal and Statutory Requirements and the Benefits of Approach
The legal and the statutory requirements have some of the major implications on the
Young Minds Secondary College. Both of these requirements are required by law. All of
these are non-negotiable and should be complied properly. If it is not complied properly,
these requirements could lead to penalty or fine (Disterer 2013). Hence failure is mandatory.
The risk management plan comprises of several benefits and all of them are required for the
business. Thus, the selected approach of risk management and contingency planning are
required for the business.
5. Benefits of a Risk Management Plan and Importance of Contingency Planning
The risk management plan approach for the organization of Young Minds Secondary
College comprises of several important and significant benefits or advantages. The most
significant advantages of the risk management plan for this particular organization are given
below:
i) Treating of Risks: The first and the foremost advantage of the risk management
plan for the organization of Young Minds Secondary College is that it helps to treat the
various threats or risks properly (Lam 2014). These risks could be treated easily and hence it
is a significant approach for them.
ii) Minimization of Risks: The risk minimization is another important advantage of
the organization of Young Minds Secondary College. This approach is perfect for the
organization as this would be solely minimizing the risks to a greater extent (McNeil, Frey
and Embrechts 2015). These risks are eventually handled within the provided assessment
plans.
8
INFORMATION SECURITY MANAGEMENT
iii) Awareness of the Risks: The risk awareness is the next important benefit of this
particular organization. The awareness of the risk is extremely important and hence risk
management plan should be incorporated within the college.
iv) Proper Business Strategies: They can even take up proper business strategies with
the help of this risk management plan (Safa et al. 2015). All the business strategies will
become successful with this plan.
v) Cost as well as Time Savings: Risk management plan is extremely cost effective
and time saving and thus all the issues related to high cost and time is easily resolved.
vi) New Opportunities: Various new opportunities could be incorporated with this
plan and thus is termed as the most important approach towards the success of the company.
The steps of the risk management plan are as follows:
i) Identification of Risks
ii) Analysis of Risks
iii) Evaluation or Rank of the Risks
iv) Treating the Risks
v) Monitoring and Reviewing the Risks.
The importance contingency planning, risk analysis and CBA for the college is
extremely vital to make the organization successful (Lam 2014). This college comprises of
the possibility of the situation, which adversely effects the operations. When the response of
the situation is proper, it has an impact on the business like loss of information or data. The
various above mentioned risks are well mitigated with the contingency planning.
INFORMATION SECURITY MANAGEMENT
iii) Awareness of the Risks: The risk awareness is the next important benefit of this
particular organization. The awareness of the risk is extremely important and hence risk
management plan should be incorporated within the college.
iv) Proper Business Strategies: They can even take up proper business strategies with
the help of this risk management plan (Safa et al. 2015). All the business strategies will
become successful with this plan.
v) Cost as well as Time Savings: Risk management plan is extremely cost effective
and time saving and thus all the issues related to high cost and time is easily resolved.
vi) New Opportunities: Various new opportunities could be incorporated with this
plan and thus is termed as the most important approach towards the success of the company.
The steps of the risk management plan are as follows:
i) Identification of Risks
ii) Analysis of Risks
iii) Evaluation or Rank of the Risks
iv) Treating the Risks
v) Monitoring and Reviewing the Risks.
The importance contingency planning, risk analysis and CBA for the college is
extremely vital to make the organization successful (Lam 2014). This college comprises of
the possibility of the situation, which adversely effects the operations. When the response of
the situation is proper, it has an impact on the business like loss of information or data. The
various above mentioned risks are well mitigated with the contingency planning.
⊘ This is a preview!⊘
Do you want full access?
Subscribe today to unlock all pages.
Trusted by 1+ million students worldwide
9
INFORMATION SECURITY MANAGEMENT
6. Benefits of Security Management
The ongoing process of Security Management comprises of various important and
significant benefits. They are as follows:
i) Secures Information: Security Management is responsible for securing information
within the organization.
ii) Increases Resilience to the Cyber Attacks: The resilience is increased to the cyber
attacks or threats (Crossler et al. 2013).
iii) Providing Centrally Managed Framework: The third advantage is that it provides
centrally managed framework for the organization.
iv) Offering Protection: It even offers protection to the organization for securing data
or information.
v) Reducing Expenses: Security Management also reduces the expenses to a greater
extent and thus it is another important advantage of this type of management (Peltier 2013).
Conclusion
Therefore, from the above discussion, it can be concluded that information security is
the various activity, related to the proper protection or security of the assets of information
infrastructure and information that are against the threats of misuse, damages, losses and
many more. This information security management eventually describes several controls,
which any organization requires to implement for ensuring that it is properly managing all the
risks or threats. Various types of risks and threats are possible to the information system of
any organization. The major threats or vulnerabilities to the organization are the threats to the
assets or information system. The security management and governance are extremely
INFORMATION SECURITY MANAGEMENT
6. Benefits of Security Management
The ongoing process of Security Management comprises of various important and
significant benefits. They are as follows:
i) Secures Information: Security Management is responsible for securing information
within the organization.
ii) Increases Resilience to the Cyber Attacks: The resilience is increased to the cyber
attacks or threats (Crossler et al. 2013).
iii) Providing Centrally Managed Framework: The third advantage is that it provides
centrally managed framework for the organization.
iv) Offering Protection: It even offers protection to the organization for securing data
or information.
v) Reducing Expenses: Security Management also reduces the expenses to a greater
extent and thus it is another important advantage of this type of management (Peltier 2013).
Conclusion
Therefore, from the above discussion, it can be concluded that information security is
the various activity, related to the proper protection or security of the assets of information
infrastructure and information that are against the threats of misuse, damages, losses and
many more. This information security management eventually describes several controls,
which any organization requires to implement for ensuring that it is properly managing all the
risks or threats. Various types of risks and threats are possible to the information system of
any organization. The major threats or vulnerabilities to the organization are the threats to the
assets or information system. The security management and governance are extremely
Paraphrase This Document
Need a fresh take? Get an instant paraphrase of this document with our AI Paraphraser
10
INFORMATION SECURITY MANAGEMENT
important for the organization to mitigate all of their risks effectively and efficiently. The
above report has outlined the case study of Young Minds Secondary College. The
management of the organization have decided to implement information security
management and governance within their organization. They had growing steadily
exponentially in the last 10 years. They are concerned about their information security and
hence should implement this governance properly. The risk management plan and the
contingency planning are properly done in this perspective. Moreover, the advantages or
benefits of security management for this particular organization are properly mentioned here.
The various legal as well as statutory requirements are eventually proved in this report.
INFORMATION SECURITY MANAGEMENT
important for the organization to mitigate all of their risks effectively and efficiently. The
above report has outlined the case study of Young Minds Secondary College. The
management of the organization have decided to implement information security
management and governance within their organization. They had growing steadily
exponentially in the last 10 years. They are concerned about their information security and
hence should implement this governance properly. The risk management plan and the
contingency planning are properly done in this perspective. Moreover, the advantages or
benefits of security management for this particular organization are properly mentioned here.
The various legal as well as statutory requirements are eventually proved in this report.
11
INFORMATION SECURITY MANAGEMENT
References
Andress, J., 2014. The basics of information security: understanding the fundamentals of
InfoSec in theory and practice. Syngress.
Cherdantseva, Y. and Hilton, J., 2013, September. A reference model of information
assurance & security. In Availability, reliability and security (ares), 2013 eighth international
conference on (pp. 546-555). IEEE.
Crossler, R.E., Johnston, A.C., Lowry, P.B., Hu, Q., Warkentin, M. and Baskerville, R.,
2013. Future directions for behavioral information security research. computers &
security, 32, pp.90-101.
Disterer, G., 2013. ISO/IEC 27000, 27001 and 27002 for information security
management. Journal of Information Security, 4(02), p.92.
Lam, J., 2014. Enterprise risk management: from incentives to controls. John Wiley & Sons.
McNeil, A.J., Frey, R. and Embrechts, P., 2015. Quantitative risk management: Concepts,
techniques and tools. Princeton university press.
Peltier, T.R., 2013. Information security fundamentals. CRC Press.
Peltier, T.R., 2016. Information Security Policies, Procedures, and Standards: guidelines for
effective information security management. CRC Press.
Safa, N.S., Sookhak, M., Von Solms, R., Furnell, S., Ghani, N.A. and Herawan, T., 2015.
Information security conscious care behaviour formation in organizations. Computers &
Security, 53, pp.65-78.
INFORMATION SECURITY MANAGEMENT
References
Andress, J., 2014. The basics of information security: understanding the fundamentals of
InfoSec in theory and practice. Syngress.
Cherdantseva, Y. and Hilton, J., 2013, September. A reference model of information
assurance & security. In Availability, reliability and security (ares), 2013 eighth international
conference on (pp. 546-555). IEEE.
Crossler, R.E., Johnston, A.C., Lowry, P.B., Hu, Q., Warkentin, M. and Baskerville, R.,
2013. Future directions for behavioral information security research. computers &
security, 32, pp.90-101.
Disterer, G., 2013. ISO/IEC 27000, 27001 and 27002 for information security
management. Journal of Information Security, 4(02), p.92.
Lam, J., 2014. Enterprise risk management: from incentives to controls. John Wiley & Sons.
McNeil, A.J., Frey, R. and Embrechts, P., 2015. Quantitative risk management: Concepts,
techniques and tools. Princeton university press.
Peltier, T.R., 2013. Information security fundamentals. CRC Press.
Peltier, T.R., 2016. Information Security Policies, Procedures, and Standards: guidelines for
effective information security management. CRC Press.
Safa, N.S., Sookhak, M., Von Solms, R., Furnell, S., Ghani, N.A. and Herawan, T., 2015.
Information security conscious care behaviour formation in organizations. Computers &
Security, 53, pp.65-78.
⊘ This is a preview!⊘
Do you want full access?
Subscribe today to unlock all pages.
Trusted by 1+ million students worldwide
1 out of 13
Related Documents
Your All-in-One AI-Powered Toolkit for Academic Success.
 +13062052269
info@desklib.com
Available 24*7 on WhatsApp / Email
![[object Object]](/_next/static/media/star-bottom.7253800d.svg)
Unlock your academic potential
Copyright © 2020–2026 A2Z Services. All Rights Reserved. Developed and managed by ZUCOL.