A4A: Information Assets Assessment Report and Security Threats

Verified

Added on 2020/05/28

AI Summary

This report assesses the information assets of an organization (A4A), categorizing them into financial information, services, research and development, operations, EDM, and member information. It then evaluates potential security threats, including administrative/personal threats from staff, network vulnerabilities (eavesdropping, spoofing), hardware failures, software failures, and environmental/physical risks. The report also discusses how risk profiles might vary depending on the member institution's location, emphasizing that while personal, hardware, and software threats are standard, environmental and network-related risks are location-dependent. It recommends a flexible information security policy addressing both common and location-specific threats. The report is based on the analysis of the information assets of an organization, identifying various security threats and risks associated with these assets.

Running head: INFORMATION ASSETS ASSESSMENT
INFORMATION ASSETS ASSESSMENT
Name of the student
Name of the University
Author Note

Paraphrase This Document

Need a fresh take? Get an instant paraphrase of this document with our AI Paraphraser

1INFORMATION ASSETS ASSESSMENT
Task 1:
Information asset of an organisation is the organisation’s system information that stays
managed and organized as a unit. The information asset of the considered organisation are
discussed as follows:
Financial information: The method by which the firm collects the donation from the public
for its operations. The cost associated with its activities and projects (Peltier 2016). All the
financial information such as financial reports and accounting data.
Services: The services that the considered organisation offers is also included in the list of
their informational data. The short-term or long-term assignments, marked assignments,
emails and exams they get from their member institutions are also included. Research and
development done for the organisation and its member institutions are also its information
assets.
Operations: The recruiting process as a member of the organisation. The test, the
interviewing methods and the training material they provide to their new members are
included in this category. Documentation and software used for the purposes mentioned
above are also included in their information assets.
EDM (Enterprises Data Management): EDM refers the efficacy of a firm to develop,
upgrade, manage and disseminate information for all application, time requirement of entities,
data delivery accuracy and the processes. The ultimate goal of the former is to avoid any
issues or conflict developed as a result of mismanagement. The protocols and system of an
EDM is an informational asset of the A4A.
Members Information: The members of A4A and their details that have been kept by A4A
is their informational asset. The details of the member staff’s and their relation and
dependency on the firm and vice versa is also an informational asset of the firm.

2INFORMATION ASSETS ASSESSMENT
Task 2:
Assessment of the information security threats of information assets is critical to
design the security system for the assets. The threats that may be associated with the assets are
discussed as follows.
Administrative/Personal threats: These treats for the organisation may arise if any of the
10-member staff decided to go rogue. The members may use the organisation’s information
for their personal use or malicious purposes (AlHogail 2015). The members are authorized to
access the specific information (like emails, exams and marked assignments) which they can
tamper with. Theft of the hardware or resources also is a possible information security threats.
Network: Eavesdropping or wiretapping are some of the network-related security threats to
the information. These situations can be developed while communications equipment or the
lines are facing errors. Spying and spoofing also are network related information security
threats to the organisation.
Hardware: Failure of the necessary hardware at the headquarter and the branch office may
put their information assets at risk. The considered situation can be great danger if the firm is
still operational over the primitive methods. The failure will also have a negative impact on
the firm economically.
Software: Failure to the software that holds or processes the assignments, proposals,
member’s information may also arise informational security threats. The considered systems
will influence the operations of the firm and keep the operations on hold. Recovering the lost
data or getting the software to work again is a complex task that may take a lot of effort and
time.

3INFORMATION ASSETS ASSESSMENT
Environmental and physical security: Any destruction caused due to human-made or
natural disaster also puts the information security at risk (Shameli-Sendi, Aghababaei-
Barzegar and Cheriet 2016).
Task 3:
The risk may not differ depending on the member institution. Though, it can be stated
the chances of arousal of a particular risk may differ depending on the member institution.
The reason for stating that is that the environmental/physical risks are associated with the
climate of the country in which the member institution is established. In the considered case
A4A’s Australian branch is more vulnerable to environmental threat than Singapore.
Network related information threats depend upon the bandwidth (which differs in
different countries). The following example can explain this threat; Singapore uses more
bandwidth than Australia, hence the network related security threats can be optimised in
Singapore much more comfortably than in Australia (NewsComAu, 2018).
On the other hand, threats like personal threats are standard for all firms irrespective
of their location or method of operation. The reason for stating the statement mentioned above
is that personal threats refer to the threat proposed by the employees. Hence, it cannot be
predicted. The same can be assumed for hardware and software threats. Henceforth it is
recommended that the information security policy should be developed taking consideration
of the different threats proposed to it. Though some part of the policy can be kept constant to
tackle the threats that are common for different firms.

Paraphrase This Document

Need a fresh take? Get an instant paraphrase of this document with our AI Paraphraser

4INFORMATION ASSETS ASSESSMENT
References:
AlHogail, A., 2015. Design and validation of information security culture
framework. Computers in human behavior, 49, pp.567-575.
NewsComAu. (2018). It’s not just you — download speeds are low Down Under. [online]
Available at: http://www.news.com.au/technology/online/nbn/australian-download-speeds-
languish-in-50th-place-behind-new-zealand-thailand-and-kenya/news-story/
8df36cfaaff9c36669566513b0dbc38a [Accessed 6 Jan. 2018].
Peltier, T.R., 2016. Information Security Policies, Procedures, and Standards: guidelines for
effective information security management. CRC Press.
Shameli-Sendi, A., Aghababaei-Barzegar, R. and Cheriet, M., 2016. Taxonomy of
information security risk assessment (ISRA). Computers & Security, 57, pp.14-30.