Your All-in-One AI-Powered Toolkit for Academic Success.

+13062052269

info@desklib.com

Available 24*7 on WhatsApp / Email

Company

Tools

Support

Strategic Information Security: ANSTO

Verified

Added on 2023/06/04

AI Summary

This research report outlines the security program of ANSTO, a significant Australian nuclear organization. It includes a risk assessment and recommendations for improvement. The report covers the organizational background, developing security program, current roles and titles of security personnel, determination of ISO security standard, suitable security model, and threat identification and risk assessment.

Contribute Materials

Your contribution can guide someone’s learning journey. Share your documents today.

Running head: STRATEGIC INFORMATION SECURITY
Strategic Information Security: ANSTO
Name of the Student
Name of the University
Author’s Note:

Secure Best Marks with AI Grader

Need help grading? Try our AI Grader for instant feedback on your assignments.

💎 Get Pro

1
STRATEGIC INFORMATION SECURITY
Table of Contents
1. Abstract..................................................................................................................................2
2. Introduction............................................................................................................................3
3. Research Objectives...............................................................................................................3
4. Discussion..............................................................................................................................4
4.1 Organizational Background.............................................................................................4
4.2 Developing Security Program for ANSTO......................................................................4
4.3 Current Roles and Titles of the Security Personnel of ANSTO and Recommendations
for Improvements...................................................................................................................6
4.4 Determination of ISO Security Standard.........................................................................7
4.5 Suitable Security Model of ANSTO................................................................................8
4.6 Determination of the Suitability of Certification.............................................................9
4.7 Threat Identification and Risk Assessment for ANSTO................................................10
5. Conclusion............................................................................................................................12
6. References............................................................................................................................14

2
STRATEGIC INFORMATION SECURITY
1. Abstract
The major aim of this research report is to properly understand the entire security program of
the most popular and significant Australian nuclear organization, called ANSTO or the
Australian Nuclear Science and Technology Organisation. The information security of this
specific organization is being checked thoroughly so that there occurs no issue with their
confidential information or data. There are certain tools, technologies and processes that
could be easily and promptly deployed for maintaining this type of information security
within the organization. Hence, modification, destruction and disruption of data without
taking permission is strictly avoided in the scenario. Moreover, for the core purpose of
achieving the several advantages or features of the information security, this organization of
Australian Nuclear Science and Technology Organisation has undertaken various measures.
This report has clearly stated and demonstrated the security program of the organization with
various important or vital details. The report has also done a risk assessment of all the
probable risks and threats to the information security after the proper identification of risks
and threats.

3
STRATEGIC INFORMATION SECURITY
2. Introduction
Information securities or simply InfoSec can be stated as one of the core practice that
helps in preventing the authorized access, utilization, disruption, expose, inspection,
recording, modification and even the destruction of the confidential information. This data or
information might be taking any form like physical and electronic (Crossler et al. 2013). The
following research paper outlines a brief discussion on the strategic information security for
the organization of Australian Nuclear Science and Technology Organisation or ANSTO.
This is the constitutional body of the government of Australia for replacing the Australian
Atomic Energy Commission. Since, this is the centre of the Australian nuclear expertise, it is
considered as one of the most effective and efficient organization. This research report will
be providing the detailed description of the security program of ANSTO and a risk
assessment will also be done here.
3. Research Objectives
The research objectives of the research paper are given below:
i) To develop a specific security program for ANSTO.
ii) To identify the current roles as well as responsibilities of security personnel of this
organization.
iii) To provide suitable recommendations for improving security program in ANSTO.
iv) To determine the ISO security standards followed in ANSTO.
v) To determine the suitability of certification.
vi) To identify the probable information security threats and conduct a risk assessment
for ANSTO.

Paraphrase This Document

Need a fresh take? Get an instant paraphrase of this document with our AI Paraphraser

💎 Try AI Paraphraser

4
STRATEGIC INFORMATION SECURITY
4. Discussion
4.1 Organizational Background
Australian Nuclear Science and Technology Organisation or ANSTO is a nuclear
organization that provide nuclear expertise to its clients. They have several mission
statements within their organization (Ansto.gov.au. 2018). The first and the foremost mission
statement of the ANSTO is supporting the significant development as well as implementation
of the government initiatives and policies within the nuclear or related areas, both
internationally and domestically. Another important and significant mission statement of this
particular organization of ANSTO is operation of the nuclear sciences as well as technology
based facility, for the core advantage of the industries as well as the Australian or
international research communities (Ansto.gov.au. 2018). The third vital and noteworthy
mission statement of the ANSTO is the undertaking of research, which would be advanced
for the major application of nuclear science as well as technology. Another major mission
statement of this specific organization is to apply the nuclear science, expertise and
techniques for the major purpose of addressing each and every environmental challenge of
Australia and eventually incrementing the competitiveness of the industry of Australia
(Ansto.gov.au. 2018). They even advance and manufacture the utilization of the
radiopharmaceuticals that could improvise the health conditions of the Australians. There are
five research facilities of ANSTO, which are OPAL research reactors, the Australian centre
for the neutron scattering, the Australian synchrotron, the centre for the accelerator science
and cyclotron facilities (Ansto.gov.au. 2018).
4.2 Developing Security Program for ANSTO
The security program can be stated as the documented set of the organisational
information security procedures, standards, guidelines and policies. This particular security
program provides the roadmap for the efficient as well as effective controls and practices of

5
STRATEGIC INFORMATION SECURITY
the security management (Von Solms and Van Niekerk 2013). The specific security program
of the ANSTO should be developed for helping it in ensuring the confidentiality, integrity as
well as availability of their customer and even their organizational information and data.
There is always a higher risk of the potential breaches and security incidents in their
organization since they deal with nuclear data (Peltier 2013). However, with the help of the
security program of ANSTO, they could easily secure their financial records, confidential and
sensitive information that are quite attractive target to the attackers since these information
can be manipulated or even changed by the attackers for bringing major risks (Siponen,
Mahmood and Pahnila 2014). Irrespective of the size or type of the data of the organization,
the presence of security program could help them in mitigating the various risks and threats
that could either lose, alter or steal their confidential information. There are three distinct
characteristics that should be present for developing the security program of ANSTO and
they are as follows:
i) Establishment of Benchmark of Security: The first and the foremost characteristic
of the security program of ANSTO is the proper establishment of the benchmark of security
(Yang, Shieh and Tzeng 2013). This security must be defined within the organizational
environment by the security policies, programs and standard documentation. They could
easily measure their information security even for the future.
ii) Measurement Against their Benchmark: The next important and significant
characteristic of the security program of ANSTO is their measurement against the
benchmark. Thus, they can check the effective changes in their organization.
iii) Proper Decision Making: The entire decision making procedure in ANSTO could
become extremely easier with this type of security program and hence the key stakeholders of
this organization could be solely benefitted without any complexities (Peltier 2016).

6
STRATEGIC INFORMATION SECURITY
They should include four components within their security program, which are
follows:
i) Charter: This component can include the scope, mission and mandate of ANSTO.
ii) Policies: The policies could define how the company is addressing the security
issues (Singh 2013).
iii) Processes: This particular component ensures that the security program is efficient
and repeatable and security activities are performed.
iv) Measurement: The measurement of security program helps in determining the
various improvements required to be made.
4.3 Current Roles and Titles of the Security Personnel of ANSTO and
Recommendations for Improvements
ANSTO has kept some of the most significant and important security personnel and
these people are responsible for maintaining the security within their organization (Xu et al.
2014). These are as follows:
i) Chief Security Officer: The chief security officer is responsible for maintaining
overall the security of the organization. This particular person has the duty to observe the
works of the security guards and provide them instructions properly. This person requires to
be clearly visible as well as vigilant so that there is no loophole in the security of the
organization.
ii) Chief Technical Officer: The chief technical officer of ANSTO is responsible for
maintaining the confidential information and data and even the hardware and software of the
company (Safa, Von Solms and Furnell 2016). The IT related all details are to be notified to
him and if there is any type of discrepancy noted, he has the authority to undertake necessary

Secure Best Marks with AI Grader

Need help grading? Try our AI Grader for instant feedback on your assignments.

💎 Get Pro

7
STRATEGIC INFORMATION SECURITY
actions against the specified person. There are other subsequent duties as well. Several
technicians and employees work under this particular chief technical officer and all of them
have to report to this officer. There could not be any change or alteration without the
permission of the chief technical officer.
The security program of any organization should be updated and changed eventually
for maintaining a proper balance of the information and their protection by the security
personnel (Andress 2014). The few recommendations for the purpose of improving the
security program within this organization of ANSTO are as follows:
i) Ensuring Executive Support: The first and the foremost recommendation that is
required for the betterment of the organization of ANSTO is to ensure the executive support.
The end user awareness should have a complete support to the top executives as well as the
middle managers for becoming successful (Sommestad et al. 2014). Hence, the information
flow would be possible easily and promptly.
ii) Focusing on the Changed Behaviours of Employees: Another important and
significant recommendation for the maintenance of the information security within the
organization of ANSTO is focusing on the changing behaviours and hence improving the
security. This could only take place when the people could make relevant decisions and act in
such ways that the risks are reduced in each and every aspect (Parsons et al. 2014). The
organizational employees should be aware of the threats and risks associated with the
systems.
iii) Solicitation of End User Ideas: Another important and noteworthy
recommendation to improve the security program of ANSTO is by the solicitation of the end
users’ ideas and encouraging the feedbacks. Moreover, the success or growth of the security

8
STRATEGIC INFORMATION SECURITY
program should also be measured effectively and efficiently by the respective security
personnel.
4.4 Determination of ISO Security Standard
The organization of ANSTO is eventually following the ISO security standard of AS/
NZS ISO/ IEC 27001:2006 for their information securities (Disterer 2013). This particular
standard is prepared for providing the model to form, deploy, function, monitor, evaluate,
maintain as well as improvise the management system of information security. The adoption
of this particular ISO security standard has also provided the strategic decision to the
company of ANSTO (Safa et al. 2015). The design or implementation of the information
security system of this company is majorly influenced by the various objectives and needs,
processes employed, size or structure and security requirements. It is majorly expected that
the supporting system of the organization should be changed time to time (Shropshire,
Warkentin and Sharma 2015). The main goal of this type of information security is the proper
balanced protection to gain three factors of confidentiality, integrity as well as availability for
the maintenance of efficient and effective policy implementation and hence not hampering
the productivity of the company.
This particular international information security standard even helps in adopting the
process approach for the proper maintenance of the organizational information security
system (Ab Rahman and Choo 2015). This specific process approach to the information
security management for emphasizing on the size of the organization. Hence, the objectives
as well as policies are subsequently established here and proper controls are being undertaken
by them for managing each and every risk or threats. This organization of ANSTO has also
monitored and reviewed the overall effectiveness and performance of the system of
information security and hence the objective measurement is done for the continuous
improvement of the organizational processes (Baskerville, Spagnoletti and Kim 2014). The

9
STRATEGIC INFORMATION SECURITY
international standard of AS/ NZS ISO/ IEC 27001:2006 is substantially aligned with ISO
14001:2004 and ISO 9001:2000 for supporting their integrated and consistent deployment as
well as operation with the related strategies of management.
4.5 Suitable Security Model of ANSTO
The major responsibilities of this information security majorly include establishment
of the collection of several business processes for the purpose of protecting the information
assets irrespective of the fact that how this information was formatted (Ahmad, Maynard and
Park 2014). The security model of any organization is the specific scheme that helps to
specify as well as enforce the several security policies. This particular security model might
be founded on the official model of the access right, model for the dispersed computing as
well as the model for computations. The computer security model is usually implemented by
taking the help of a particular security policy and hence it is always accurate and perfect and
thus is being utilized by almost all organizations (Kolkowska and Dhillon 2013). There are
some of the important and significant security models present in the technological world.
Amongst them, the most suitable security model for this organization of the ANSTO is the
Clark Wilson model.
The Clark Wilson integrity model is responsible for providing a specific foundation to
specify and analyse the integrity policy for any particular computing system
(Tamjidyamcholo et al. 2013). The Clark Wilson model is majorly concerned about the
formalizing of the notion of the information integrity. Since, ANSTO is a nuclear science
organization, information integrity is highly required. It is properly maintained by the
prevention of the data items corruption either for the malicious intents and errors. The
integrity policy subsequently describes the procedure of keeping the data items valid from
any one state of their system to the other and even specified the major capabilities of the
several principals within the systems (Webb et al. 2014). Hence, ANSTO would be highly

Paraphrase This Document

Need a fresh take? Get an instant paraphrase of this document with our AI Paraphraser

💎 Try AI Paraphraser

10
STRATEGIC INFORMATION SECURITY
benefitted if they would implement the Clark Wilson model; since this model defines the
enforcement rules as well as certification rules.
4.6 Determination of the Suitability of Certification
The Australian Nuclear Science and Technology Organisation should implement
certification within their business (Cardenas, Manadhata and Rajan 2013). Certification is
extremely vital and significant for any organization since it helps to maintain the adequacy of
the information system security standards for each and every requirement of the organization.
The issue of the security standards and methods are addressed with the certifications for the
core purpose of enabling the analysis, evaluation and controlling of the security of the
information system (Layton 2016). One of the most significant application of these security
methods majorly involve the various checklists and guidelines that could allow avoiding the
misses or lapses within the proper adoption or implementation of the security procedures or
measures. Moreover, the critical processes and vulnerabilities regarding the information
security is extremely important for ANSTO (Ahmad, Maynard and Park 2014). The
respective discipline is being standardized and the basic guidance, industry standards and
policies are set and collaborated for passwords, firewalls, legal liabilities, anti virus software
and encryption software. There are some of the major objectives of these programs of
information security and these objectives are the confidentiality, integrity as well as
availability of the business related data or the IT systems (Shropshire, Warkentin and Sharma
2015). All of these objectives eventually ensure that the sensitive information could only be
disclosed to the authenticated parties and the integrity of data is being maintained and
modified. Hence, certification is extremely suitable for ANSTO.
4.7 Threat Identification and Risk Assessment for ANSTO
A specific process of risk management is present that help in identifying the threat
sources, potential impacts, vulnerabilities, assets as well as possible controls (Baskerville,

11
STRATEGIC INFORMATION SECURITY
Spagnoletti and Kim 2014). The effectiveness of the risk management plan is also assessed
here. The threats and risks are responsible for bringing major vulnerabilities within any
specific organization and hence affecting the information security. ANSTO, being a nuclear
organization, might face some of the most important and significant threats, which should be
mitigated on time for maintaining their confidential information and data properly and
perfectly (Parsons et al. 2014). The major and the most significant and noteworthy threats for
the information security of ANSTO are given below:
i) Social Engineering Attacks: The first and the most important threat for the
organization of ANSTO information security would be the social engineering attack. This
particular attack manipulates the people to perform various actions and to divulge the
confidential information for any type of malicious reason (Ab Rahman and Choo 2015). The
best example of this attack is phishing.
ii) Disclosure of Passwords: The second important and significant threat of the
organization is disclosure of passwords. These passwords should not be disclosed at any cost
and hence should be kept in secret.
iii) Accessing of Network: Since ANSTO is a nuclear organization, there should not
be any loophole for information security (Safa, Von Solms and Furnell 2016). The network
should be accessed by the unauthorized persons under any circumstance.
iv) Errors in the Maintenance of Hardware: The hardware plays the most vital role
in securing the confidential information for all companies. Hence, the several errors for the
maintenance of the hardware could be extremely vulnerable. Moreover, the hardware could
even be stolen by the respective attackers.
v) Human as well as Natural Disasters: These are the next significant and important
threats that are quite common for the organization of ANSTO (Yang, Shieh and Tzeng 2013).

12
STRATEGIC INFORMATION SECURITY
The human disasters majorly involve the tampering and vandalism of information by the
staffs and employees of ANSTO; however the natural disasters involve the volcanoes, storms
and earthquakes.
vi) Destruction of Confidential Records: The next important and significant threat of
the information security of ANSTO is the respective destruction of records (Siponen,
Mahmood and Pahnila 2014). As this company deals with nuclear data, the sensitive records
should not be destructed at any cost.
The risk assessment of all the identified risks and threats within this organization of
ANSTO is as follows:
Serial
Number
Identified Threats or Risks Impact of the Identified
Risks
1. Social Engineering Attacks Medium
2. Disclosure of Passwords High
3. Accessing of Network High
4. Errors in the Maintenance of Hardware Low
5. Human as well as Natural Disasters Medium
6. Destruction of Confidential Records Extreme
Table 1: Risk Assessment of the Identified Risks of ANSTO
5. Conclusion
Therefore, from this above report, a conclusion can be drawn that the information
security can be described as the distinct set of several strategies, which help in managing the
various processes, policies as well as tools that are solely needed for the proper exposure,
prevention, countering and finally documenting the probable threats to any type of digitalized
or non digitalized organizational confidential information. A proper process of risk

Secure Best Marks with AI Grader

Need help grading? Try our AI Grader for instant feedback on your assignments.

💎 Get Pro

13
STRATEGIC INFORMATION SECURITY
management is being conducted, by which the threats as well as vulnerabilities could be
continuously assessed for applying protective controls. The above research report has clearly
outlined a brief discussion on the organization of ANSTO regarding its security program.
Various details such as threat identification, ISO security standards, and current roles of the
security personnel are provided in this particular research report. Moreover, the suitable
security model is also chosen here and the suitability of the certification is determined
properly. Relevant recommendations are also provided in this research report for improving
the entire security structure of the ANSTO.

14
STRATEGIC INFORMATION SECURITY
6. References
Ab Rahman, N.H. and Choo, K.K.R., 2015. A survey of information security incident
handling in the cloud. Computers & Security, 49, pp.45-69.
Ahmad, A., Maynard, S.B. and Park, S., 2014. Information security strategies: towards an
organizational multi-strategy perspective. Journal of Intelligent Manufacturing, 25(2),
pp.357-370.
Andress, J., 2014. The basics of information security: understanding the fundamentals of
InfoSec in theory and practice. Syngress.
Ansto.gov.au. 2018. ANSTO | Australia’s Nuclear Science and Technology Organisation.
[online] Available at: https://www.ansto.gov.au/ [Accessed 18 Oct. 2018].
Baskerville, R., Spagnoletti, P. and Kim, J., 2014. Incident-centered information security:
Managing a strategic balance between prevention and response. Information &
management, 51(1), pp.138-151.
Cardenas, A.A., Manadhata, P.K. and Rajan, S.P., 2013. Big data analytics for security. IEEE
Security & Privacy, 11(6), pp.74-76.
Crossler, R.E., Johnston, A.C., Lowry, P.B., Hu, Q., Warkentin, M. and Baskerville, R.,
2013. Future directions for behavioral information security research. computers &
security, 32, pp.90-101.
Disterer, G., 2013. ISO/IEC 27000, 27001 and 27002 for information security
management. Journal of Information Security, 4(02), p.92.
Kolkowska, E. and Dhillon, G., 2013. Organizational power and information security rule
compliance. Computers & Security, 33, pp.3-11.

15
STRATEGIC INFORMATION SECURITY
Layton, T.P., 2016. Information Security: Design, implementation, measurement, and
compliance. Auerbach Publications.
Parsons, K., McCormac, A., Butavicius, M., Pattinson, M. and Jerram, C., 2014. Determining
employee awareness using the human aspects of information security questionnaire (HAIS-
Q). Computers & Security, 42, pp.165-176.
Peltier, T.R., 2013. Information security fundamentals. CRC Press.
Peltier, T.R., 2016. Information Security Policies, Procedures, and Standards: guidelines for
effective information security management. Auerbach Publications.
Safa, N.S., Sookhak, M., Von Solms, R., Furnell, S., Ghani, N.A. and Herawan, T., 2015.
Information security conscious care behaviour formation in organizations. Computers &
Security, 53, pp.65-78.
Safa, N.S., Von Solms, R. and Furnell, S., 2016. Information security policy compliance
model in organizations. Computers & Security, 56, pp.70-82.
Shropshire, J., Warkentin, M. and Sharma, S., 2015. Personality, attitudes, and intentions:
Predicting initial adoption of information security behavior. Computers & Security, 49,
pp.177-191.
Singh, G., 2013. A study of encryption algorithms (RSA, DES, 3DES and AES) for
information security. International Journal of Computer Applications, 67(19).
Siponen, M., Mahmood, M.A. and Pahnila, S., 2014. Employees’ adherence to information
security policies: An exploratory field study. Information & management, 51(2), pp.217-224.
Sommestad, T., Hallberg, J., Lundholm, K. and Bengtsson, J., 2014. Variables influencing
information security policy compliance: a systematic review of quantitative
studies. Information Management & Computer Security, 22(1), pp.42-75.

Paraphrase This Document

Need a fresh take? Get an instant paraphrase of this document with our AI Paraphraser

💎 Try AI Paraphraser

16
STRATEGIC INFORMATION SECURITY
Tamjidyamcholo, A., Baba, M.S.B., Tamjid, H. and Gholipour, R., 2013. Information
security–Professional perceptions of knowledge-sharing intention under self-efficacy, trust,
reciprocity, and shared-language. Computers & Education, 68, pp.223-232.
Von Solms, R. and Van Niekerk, J., 2013. From information security to cyber
security. computers & security, 38, pp.97-102.
Webb, J., Ahmad, A., Maynard, S.B. and Shanks, G., 2014. A situation awareness model for
information security risk management. Computers & security, 44, pp.1-15.
Xu, L., Jiang, C., Wang, J., Yuan, J. and Ren, Y., 2014. Information security in big data:
privacy and data mining. IEEE Access, 2, pp.1149-1176.
Yang, Y.P.O., Shieh, H.M. and Tzeng, G.H., 2013. A VIKOR technique based on
DEMATEL and ANP for information security risk control assessment. Information
Sciences, 232, pp.482-500.

1 out of 17

+13062052269

info@desklib.com

Strategic Information Security: ANSTO

Contribute Materials

Secure Best Marks with AI Grader

Paraphrase This Document

Secure Best Marks with AI Grader

Paraphrase This Document

Secure Best Marks with AI Grader

Paraphrase This Document

Related Documents

Information Security Fundamentals and Best Practices

Information Security Risk Assessment

Strategic Information Security Program Development for Yahoo Inc.

Developing a security program in Banks of America

Information Security Compliance Analysis

Information Security Risks in NHS