Information Security Management Report: A4A Case Study Analysis
VerifiedAdded on  2020/05/16
|17
|4332
|251
Report
AI Summary
This report provides a comprehensive analysis of the information security risks faced by the NGO Academics for Academics (A4A). It begins with an executive summary and introduction outlining the importance of information security management, particularly for an organization handling sensitive data. The report then presents a case study of A4A, detailing its operations, structure, and reliance on public funding. It identifies various security threats, including malicious software, denial-of-service attacks, data leakage, unsolicited emails, identity theft, unintentional damage, and phishing. Following the risk assessment, the report proposes practical guidelines for managing these risks, emphasizing the use of antivirus software, firewalls, and encryption. Finally, the report discusses key assumptions underlying the case study and concludes with a summary of the findings and recommendations. The report highlights the critical need for robust information security measures to protect A4A's data and ensure its operational integrity.
Running head: INFORMATION SECURITY MANAGEMENT
Information Security Management
Name of the Student
Name of the University
Author’s Note:
Information Security Management
Name of the Student
Name of the University
Author’s Note:
Paraphrase This Document
Need a fresh take? Get an instant paraphrase of this document with our AI Paraphraser
1
INFORMATION SECURITY MANAGEMENT
Executive Summary
The main aim of this report is to understand the entire case study for the organization known
as Academics for Academics. It is a NGO that runs on public funding for helping various
small colleges or universities in South East Asia and Australia. The information or the data of
this organization is not protected since they do not have their security policies or guidelines.
This report discusses about the various security threats or risks of A4A. Moreover, it helps to
find mitigation plans for these identified security threats for the information security system
of A4A. The final part of the report discusses about the significant assumptions of the case
study of A4A.
INFORMATION SECURITY MANAGEMENT
Executive Summary
The main aim of this report is to understand the entire case study for the organization known
as Academics for Academics. It is a NGO that runs on public funding for helping various
small colleges or universities in South East Asia and Australia. The information or the data of
this organization is not protected since they do not have their security policies or guidelines.
This report discusses about the various security threats or risks of A4A. Moreover, it helps to
find mitigation plans for these identified security threats for the information security system
of A4A. The final part of the report discusses about the significant assumptions of the case
study of A4A.
2
INFORMATION SECURITY MANAGEMENT
Table of Contents
Introduction................................................................................................................................3
Discussion..................................................................................................................................4
Case Study..............................................................................................................................4
Information Security Risks....................................................................................................5
Guidelines for Managing the Information Security Risks.....................................................7
Assumptions.............................................................................................................................10
Conclusion................................................................................................................................12
References................................................................................................................................14
INFORMATION SECURITY MANAGEMENT
Table of Contents
Introduction................................................................................................................................3
Discussion..................................................................................................................................4
Case Study..............................................................................................................................4
Information Security Risks....................................................................................................5
Guidelines for Managing the Information Security Risks.....................................................7
Assumptions.............................................................................................................................10
Conclusion................................................................................................................................12
References................................................................................................................................14
⊘ This is a preview!⊘
Do you want full access?
Subscribe today to unlock all pages.
Trusted by 1+ million students worldwide
3
INFORMATION SECURITY MANAGEMENT
Introduction
Information security control or management is the significant collection of certain
specific procedures or policies for the systematic management of an organization’s
confidential data (Stallings et al. 2012). The major goal of information security management
is the reduction of the risk in any information system and make sure that the organization
would reach to the objectives and goals without having any type of security breaches. These
security issues or breaches are extremely harmful for any organization or business. The
information security management or simply ISM provides a brief description about the
management that any particular organization requires for the successful implementation
(Peltier 2016). The security risks that are analyzed by information security management are
the threats or risks to the assets, the vulnerabilities and the impact.
This report provides a brief discussion on the entire case study for the organization of
A4A. A specific NGO or non-governmental organization, which helps all the smaller public
or private universities or colleges situated in South East Asia and even Australia. This
particular organization does not have their own guidelines or policies for the proper
protection of the organization’s resources (Disterer 2013). This report helps to recognize all
the various kinds of security threats or risks that the organization of Academics for
Academics or A4A can have for their resources. Moreover, the proper mitigation techniques
or plans from securing the data or resources from those threats are also given here. The report
suggests some of the most important guidelines for preventing the data or resources from the
insider threats and the outsider attacks. Proper assumptions about the case study are also
given in this report.
INFORMATION SECURITY MANAGEMENT
Introduction
Information security control or management is the significant collection of certain
specific procedures or policies for the systematic management of an organization’s
confidential data (Stallings et al. 2012). The major goal of information security management
is the reduction of the risk in any information system and make sure that the organization
would reach to the objectives and goals without having any type of security breaches. These
security issues or breaches are extremely harmful for any organization or business. The
information security management or simply ISM provides a brief description about the
management that any particular organization requires for the successful implementation
(Peltier 2016). The security risks that are analyzed by information security management are
the threats or risks to the assets, the vulnerabilities and the impact.
This report provides a brief discussion on the entire case study for the organization of
A4A. A specific NGO or non-governmental organization, which helps all the smaller public
or private universities or colleges situated in South East Asia and even Australia. This
particular organization does not have their own guidelines or policies for the proper
protection of the organization’s resources (Disterer 2013). This report helps to recognize all
the various kinds of security threats or risks that the organization of Academics for
Academics or A4A can have for their resources. Moreover, the proper mitigation techniques
or plans from securing the data or resources from those threats are also given here. The report
suggests some of the most important guidelines for preventing the data or resources from the
insider threats and the outsider attacks. Proper assumptions about the case study are also
given in this report.
Paraphrase This Document
Need a fresh take? Get an instant paraphrase of this document with our AI Paraphraser
4
INFORMATION SECURITY MANAGEMENT
Discussion
Case Study
Academics for Academics or simply A4A is a typical NGO with the head office
located in Sydney, Australia whereas the branch office of this NGO is located in Singapore.
This particular organization of Academics for Academics or A4A is mainly run by the
donations from public. They do not have their own funding system since they are an NGO.
Altogether, the total number of the Academics for Academics or A4A members is ten. Within
the ten members, six of them work in the office of Sydney whereas the remaining four
members work in Singapore office. This particular NGO of Academics for Academics or
A4A was established for the purpose of helping out each and every small private and public
universities and colleges, which are situated in Australia and South East Asia. The private
universities or the colleges, who are solely interested in receiving the services of Academics
for Academics or A4A, would have to register themselves and become the successful
member universities or colleges of Academics for Academics. Furthermore, the experienced
experts or professionals, who are interested in providing any type of voluntary service to any
of the member university or college can also register with Academics for Academics. These
specific voluntary services mainly involve the supervising of any of the research project or
paper or the progress of the set of courses or providing lecture on any stream to the respective
learners. This organization would even appoint these individuals and they would turn into the
constituents of Academics for Academics or A4A. Next, the organization would be giving
interim or short term assignments for a specific period of time. These members would get
various benefits or advantages from this organization such as medical expenses,
accommodation, meals and travel expenses. All the members get equal benefits, as this is a
globally identified organization. The moment, these members are hired by the organization;
they would be staring to work under Academics for Academics. In spite of these advantages
INFORMATION SECURITY MANAGEMENT
Discussion
Case Study
Academics for Academics or simply A4A is a typical NGO with the head office
located in Sydney, Australia whereas the branch office of this NGO is located in Singapore.
This particular organization of Academics for Academics or A4A is mainly run by the
donations from public. They do not have their own funding system since they are an NGO.
Altogether, the total number of the Academics for Academics or A4A members is ten. Within
the ten members, six of them work in the office of Sydney whereas the remaining four
members work in Singapore office. This particular NGO of Academics for Academics or
A4A was established for the purpose of helping out each and every small private and public
universities and colleges, which are situated in Australia and South East Asia. The private
universities or the colleges, who are solely interested in receiving the services of Academics
for Academics or A4A, would have to register themselves and become the successful
member universities or colleges of Academics for Academics. Furthermore, the experienced
experts or professionals, who are interested in providing any type of voluntary service to any
of the member university or college can also register with Academics for Academics. These
specific voluntary services mainly involve the supervising of any of the research project or
paper or the progress of the set of courses or providing lecture on any stream to the respective
learners. This organization would even appoint these individuals and they would turn into the
constituents of Academics for Academics or A4A. Next, the organization would be giving
interim or short term assignments for a specific period of time. These members would get
various benefits or advantages from this organization such as medical expenses,
accommodation, meals and travel expenses. All the members get equal benefits, as this is a
globally identified organization. The moment, these members are hired by the organization;
they would be staring to work under Academics for Academics. In spite of these advantages
5
INFORMATION SECURITY MANAGEMENT
or benefits, there is an important and unavoidable condition for this particular job. The
confidential data or information that would exclude the marked assignments, examinations or
the personal electronic mails would be the sole property of Academics for Academics and the
member institutions. These members would not have any right on this data or information.
The information security system of Academics for Academics or A4A would be storing and
managing all the confidential data. The location of the members does not matter in this case.
The verification of the information is done completely.
Information Security Risks
The ISS or information security system of the organization of Academics for
Academics or A4A is responsible for storing all the important and confidential information or
data about the activities or project (Soomro, Shah and Ahmed 2016). This security of
information is the procedure of the detection and prevention of every unsanctioned or
unauthorized access, changing, utilization, modification, disclosure, destruction and
recording of confidential information. The information stored within the security system of
information is about the constituents of the organization or regarding the member colleges or
universities. Thus, it is extremely important for the organization cannot be lost at any cost
(Hu et al. 2012). However, there is always a high chance of data loss in any information
system. The security threats or risks to the security system of information for the NGO of
Academics for Academics are given below:
i) Malicious Software or Code: Malicious software or code is the most significant
security risk in any information system. This type of threat occurs when a malicious software
or code is being infected in the system by any hacker or intruder (Rhodes-Ousley 2013). The
purpose of this infection is to hack the system or slow down the system. This software or
code is generally malicious and has the capability to replicate itself. The moment it enters any
system, it starts replicating itself. The common name for this malicious software or code is
INFORMATION SECURITY MANAGEMENT
or benefits, there is an important and unavoidable condition for this particular job. The
confidential data or information that would exclude the marked assignments, examinations or
the personal electronic mails would be the sole property of Academics for Academics and the
member institutions. These members would not have any right on this data or information.
The information security system of Academics for Academics or A4A would be storing and
managing all the confidential data. The location of the members does not matter in this case.
The verification of the information is done completely.
Information Security Risks
The ISS or information security system of the organization of Academics for
Academics or A4A is responsible for storing all the important and confidential information or
data about the activities or project (Soomro, Shah and Ahmed 2016). This security of
information is the procedure of the detection and prevention of every unsanctioned or
unauthorized access, changing, utilization, modification, disclosure, destruction and
recording of confidential information. The information stored within the security system of
information is about the constituents of the organization or regarding the member colleges or
universities. Thus, it is extremely important for the organization cannot be lost at any cost
(Hu et al. 2012). However, there is always a high chance of data loss in any information
system. The security threats or risks to the security system of information for the NGO of
Academics for Academics are given below:
i) Malicious Software or Code: Malicious software or code is the most significant
security risk in any information system. This type of threat occurs when a malicious software
or code is being infected in the system by any hacker or intruder (Rhodes-Ousley 2013). The
purpose of this infection is to hack the system or slow down the system. This software or
code is generally malicious and has the capability to replicate itself. The moment it enters any
system, it starts replicating itself. The common name for this malicious software or code is
⊘ This is a preview!⊘
Do you want full access?
Subscribe today to unlock all pages.
Trusted by 1+ million students worldwide
6
INFORMATION SECURITY MANAGEMENT
virus. The most degrading and harmful fact of this typical infected code or software is that
this virus absolutely changes the configuration of the system and all the important data is
misplaced and cannot be recovered (Von Solms and Van Niekerk 2013). This type of
software or code should be checked on a daily basis so that any organization does not suffer
any data loss due to this.
ii) Denial of Service Attacks: The Denial or Service or DoS attacks are again
extremely important security threats in any particular security system of information
(Crossler et al. 2013). DoS attacks take place when any intruder or hacker hacks or intrudes
in any system and bluntly denies the service. The most dangerous issue with this attack is that
the legitimate user is unaware of the intrusion and thus, the intruder faces no problem in
intruding into the system. The attacker gets complete access to the system and when the user
attempts for entering into his or her system, that service is denied. Moreover, the denial of
service attack slows down the system or the server (Bang et al. 2012). When this type of
attacks occurs in several numbers of computers, it is called as a distributed denial of service
or DDoS attack.
iii) Leakage of Information: Information or data are the most significant and
confidential resources of all organizations. This confidential information should not be
intercepted or lost by any means (Siponen, Mahmood and Pahnila 2014). Nevertheless, there
exists a major risk of information or data leakage in an information security system. There are
two distinct ways for information leakage in an organization. The first way is when any type
of technical problems occur within the system and the second way is from an employee. The
first way can be solved by implementing various mitigation techniques or plans. However,
there is no such measure for the second way (Yang, Shieh and Tzeng 2013). The employee of
the organization can leak any confidential information either intentionally or unintentionally.
INFORMATION SECURITY MANAGEMENT
virus. The most degrading and harmful fact of this typical infected code or software is that
this virus absolutely changes the configuration of the system and all the important data is
misplaced and cannot be recovered (Von Solms and Van Niekerk 2013). This type of
software or code should be checked on a daily basis so that any organization does not suffer
any data loss due to this.
ii) Denial of Service Attacks: The Denial or Service or DoS attacks are again
extremely important security threats in any particular security system of information
(Crossler et al. 2013). DoS attacks take place when any intruder or hacker hacks or intrudes
in any system and bluntly denies the service. The most dangerous issue with this attack is that
the legitimate user is unaware of the intrusion and thus, the intruder faces no problem in
intruding into the system. The attacker gets complete access to the system and when the user
attempts for entering into his or her system, that service is denied. Moreover, the denial of
service attack slows down the system or the server (Bang et al. 2012). When this type of
attacks occurs in several numbers of computers, it is called as a distributed denial of service
or DDoS attack.
iii) Leakage of Information: Information or data are the most significant and
confidential resources of all organizations. This confidential information should not be
intercepted or lost by any means (Siponen, Mahmood and Pahnila 2014). Nevertheless, there
exists a major risk of information or data leakage in an information security system. There are
two distinct ways for information leakage in an organization. The first way is when any type
of technical problems occur within the system and the second way is from an employee. The
first way can be solved by implementing various mitigation techniques or plans. However,
there is no such measure for the second way (Yang, Shieh and Tzeng 2013). The employee of
the organization can leak any confidential information either intentionally or unintentionally.
Paraphrase This Document
Need a fresh take? Get an instant paraphrase of this document with our AI Paraphraser
7
INFORMATION SECURITY MANAGEMENT
iv) Receiving Unsolicited Emails: The fourth security risk or threat of any
information system is the receiving of unsolicited emails. The legitimate user receives a fake
email from any false electronic mail IDs, claiming to be belonging to an authenticated
organization (Chander, Jain and Shankar 2013). As soon as the victim clicks on the email to
read it, the entire information system is intruded or hacked and there is absolutely no cure.
v) Identity Theft: This is again one of the most dangerous security threats in any
information system. The intruder or the hacker steals the identity of a legitimate user so that
he gets the access of all confidential information or data.
vi) Unintentional Damage: It is not necessary that all the security threats are caused
intentionally (Peltier 2013). It has been observed that in many organizations, the employees
cause damage to the information system due to lack of training given to them.
vii) Phishing: Phishing occurs when the intruder gets all the confidential information
from the system by sending hoax emails. Eradication of phishing is almost impossible.
These above mentioned information security risks are extremely dangerous for any
information system. Thus, Academics For Academics or A4A should check their information
system on a regular basis (Fielder et al. 2014). However, these can be reduced or mitigated.
The guidelines for mitigation or managing these security risks of information are given
below.
Guidelines for Managing the Information Security Risks
The security system of information of the organization of A4A has a chance or
tendency to have various significant risks that are very dangerous for the confidential
information (Bell, Ndje and Lele 2013). However, few of the guidelines or techniques for the
INFORMATION SECURITY MANAGEMENT
iv) Receiving Unsolicited Emails: The fourth security risk or threat of any
information system is the receiving of unsolicited emails. The legitimate user receives a fake
email from any false electronic mail IDs, claiming to be belonging to an authenticated
organization (Chander, Jain and Shankar 2013). As soon as the victim clicks on the email to
read it, the entire information system is intruded or hacked and there is absolutely no cure.
v) Identity Theft: This is again one of the most dangerous security threats in any
information system. The intruder or the hacker steals the identity of a legitimate user so that
he gets the access of all confidential information or data.
vi) Unintentional Damage: It is not necessary that all the security threats are caused
intentionally (Peltier 2013). It has been observed that in many organizations, the employees
cause damage to the information system due to lack of training given to them.
vii) Phishing: Phishing occurs when the intruder gets all the confidential information
from the system by sending hoax emails. Eradication of phishing is almost impossible.
These above mentioned information security risks are extremely dangerous for any
information system. Thus, Academics For Academics or A4A should check their information
system on a regular basis (Fielder et al. 2014). However, these can be reduced or mitigated.
The guidelines for mitigation or managing these security risks of information are given
below.
Guidelines for Managing the Information Security Risks
The security system of information of the organization of A4A has a chance or
tendency to have various significant risks that are very dangerous for the confidential
information (Bell, Ndje and Lele 2013). However, few of the guidelines or techniques for the
8
INFORMATION SECURITY MANAGEMENT
successful mitigation or eradication of security threats or risks is present. These mitigation
techniques or plans for the security threats of an information system are as follows:
i) Antivirus: This is the simplest and the most basic method for the mitigation of any
malicious software or code from a system. Antivirus is a software that detects and prevents
the attacks of virus or any such malicious software and code (Cavusoglu et al. 2015). This
software is installed in an information security system and thus the entry of all dangerous
attacks is stopped. Academics for Academics or A4A should implement an antivirus software
in their information system.
ii) Firewalls: This is the second most efficient and effective method for the
prevention of security threats or risks. Firewalls are similar to antivirus as these are also
installed in an information system. Just like the name, firewalls act as the security system in
any system and also helps in detecting and preventing all types of information security risks
(Alexander, Finch. and Sutton 2013). The main advantage of firewall is that it is extremely
safe, secured and cost effective. Academics for Academics or A4A should implement a
firewall software in their information system.
iii) Encryption: The third basic method for the protection of any confidential
information is by the simple process of encryption (Tu and Yuan 2014). This is the procedure
of encoding or encrypting any confidential message or information in an encoded text, known
as cipher text. The encryption is done in a typical method that the legitimate users only have
the ability to access any information. The procedure of encryption is recommendable for all
organizations for reducing the message interception. There are two distinct algorithms in
encryption, namely, symmetric key and asymmetric key (Chen, Ramamurthy and Wen 2012).
The algorithm of symmetric key comprises of only one specific for both encoding and
decoding of a message. This eventually means the both the sender and the receiver of this
INFORMATION SECURITY MANAGEMENT
successful mitigation or eradication of security threats or risks is present. These mitigation
techniques or plans for the security threats of an information system are as follows:
i) Antivirus: This is the simplest and the most basic method for the mitigation of any
malicious software or code from a system. Antivirus is a software that detects and prevents
the attacks of virus or any such malicious software and code (Cavusoglu et al. 2015). This
software is installed in an information security system and thus the entry of all dangerous
attacks is stopped. Academics for Academics or A4A should implement an antivirus software
in their information system.
ii) Firewalls: This is the second most efficient and effective method for the
prevention of security threats or risks. Firewalls are similar to antivirus as these are also
installed in an information system. Just like the name, firewalls act as the security system in
any system and also helps in detecting and preventing all types of information security risks
(Alexander, Finch. and Sutton 2013). The main advantage of firewall is that it is extremely
safe, secured and cost effective. Academics for Academics or A4A should implement a
firewall software in their information system.
iii) Encryption: The third basic method for the protection of any confidential
information is by the simple process of encryption (Tu and Yuan 2014). This is the procedure
of encoding or encrypting any confidential message or information in an encoded text, known
as cipher text. The encryption is done in a typical method that the legitimate users only have
the ability to access any information. The procedure of encryption is recommendable for all
organizations for reducing the message interception. There are two distinct algorithms in
encryption, namely, symmetric key and asymmetric key (Chen, Ramamurthy and Wen 2012).
The algorithm of symmetric key comprises of only one specific for both encoding and
decoding of a message. This eventually means the both the sender and the receiver of this
⊘ This is a preview!⊘
Do you want full access?
Subscribe today to unlock all pages.
Trusted by 1+ million students worldwide
9
INFORMATION SECURITY MANAGEMENT
message utilizes only one key for the purpose of encryption and decryption (Baskerville,
Spagnoletti and Kim 2014). The major advantage of this symmetric key algorithm is that it
can be implemented and utilized very easily. The next encrypting algorithm is known as the
algorithm of asymmetric key. This particular algorithm is just the opposite of the algorithm of
symmetric key. The specific keys for the encryption and decryption of the message are
separate and thus the algorithm is much complex (Vacca 2012). Academics for Academics
should secure their information by the processes of encryption and decryption.
iv) Digital Authentication: The fourth popular way for the security purpose of
information system is digital authentication. It is the simple and significant procedure of
authenticating and sanctioning any particular person or individual digitally (Ifinedo 2012).
The most important examples of this process of digital authentication mainly include voice
recognition, fingerprint recognition, digital signatures and face recognition. The successful
implementation of this particular policy of security is completed by means of implementing
biometric attendance to all organizations or all information systems (Kayworth and Whitten
2012). Only the sanctioned, authenticated and the authorized users have the access to this
information security system. Academics for Academics should only provide access to the
authenticated users.
v) Passwords: The final method of securing confidential data or information in the
information system for the organization of Academics for Academics or A4A is passwords.
The security risk of identity theft is reduced or mitigated by this particular process (Guo and
Yuan 2012). The presence of password in any information system helps to protect the
complete system and no intruder or hacker has the ability to enter into a password-protected
system easily. The biometric password is the most effective solution for all security related
issues since; this type of password only allows authenticated and authorized employees for
INFORMATION SECURITY MANAGEMENT
message utilizes only one key for the purpose of encryption and decryption (Baskerville,
Spagnoletti and Kim 2014). The major advantage of this symmetric key algorithm is that it
can be implemented and utilized very easily. The next encrypting algorithm is known as the
algorithm of asymmetric key. This particular algorithm is just the opposite of the algorithm of
symmetric key. The specific keys for the encryption and decryption of the message are
separate and thus the algorithm is much complex (Vacca 2012). Academics for Academics
should secure their information by the processes of encryption and decryption.
iv) Digital Authentication: The fourth popular way for the security purpose of
information system is digital authentication. It is the simple and significant procedure of
authenticating and sanctioning any particular person or individual digitally (Ifinedo 2012).
The most important examples of this process of digital authentication mainly include voice
recognition, fingerprint recognition, digital signatures and face recognition. The successful
implementation of this particular policy of security is completed by means of implementing
biometric attendance to all organizations or all information systems (Kayworth and Whitten
2012). Only the sanctioned, authenticated and the authorized users have the access to this
information security system. Academics for Academics should only provide access to the
authenticated users.
v) Passwords: The final method of securing confidential data or information in the
information system for the organization of Academics for Academics or A4A is passwords.
The security risk of identity theft is reduced or mitigated by this particular process (Guo and
Yuan 2012). The presence of password in any information system helps to protect the
complete system and no intruder or hacker has the ability to enter into a password-protected
system easily. The biometric password is the most effective solution for all security related
issues since; this type of password only allows authenticated and authorized employees for
Paraphrase This Document
Need a fresh take? Get an instant paraphrase of this document with our AI Paraphraser
10
INFORMATION SECURITY MANAGEMENT
acceding the confidential information (Baskerville, Spagnoletti and Kim 2014). A4A should
keep passwords in their organization and they should change the passwords periodically.
These above mentioned five guidelines would be helping Academics For Academics
or A4A to manage their possible security related threats or risks present within their
information system. The security threats might not be stopped, however, when these
guidelines would be followed, these risks could be reduced to a controllable limit.
Assumptions
Assumptions are made on any particular case study or situation by considering proper
justifications and discussions. The significant assumptions for managing the security threats
or risks in the organization of A4A are given below:
i) A4A is the specific NGO, which helps out more or less every smaller public and
private university or college located in Australia and South East Asia.
ii) The colleges or universities that are private and solely interested in receiving the
services of Academics for Academics or A4A, would have to register themselves and become
the successful member universities or colleges of Academics for Academics.
iii) The experts or professionals, who wishes to give several voluntary services within
the field of research and teaching could simply register themselves in this organization of
Academics For Academics, and this would be an awesome option for them.
iv) A4A is recruiting several trained individuals in several streams and is enabling
cultural diversification within this NGO.
INFORMATION SECURITY MANAGEMENT
acceding the confidential information (Baskerville, Spagnoletti and Kim 2014). A4A should
keep passwords in their organization and they should change the passwords periodically.
These above mentioned five guidelines would be helping Academics For Academics
or A4A to manage their possible security related threats or risks present within their
information system. The security threats might not be stopped, however, when these
guidelines would be followed, these risks could be reduced to a controllable limit.
Assumptions
Assumptions are made on any particular case study or situation by considering proper
justifications and discussions. The significant assumptions for managing the security threats
or risks in the organization of A4A are given below:
i) A4A is the specific NGO, which helps out more or less every smaller public and
private university or college located in Australia and South East Asia.
ii) The colleges or universities that are private and solely interested in receiving the
services of Academics for Academics or A4A, would have to register themselves and become
the successful member universities or colleges of Academics for Academics.
iii) The experts or professionals, who wishes to give several voluntary services within
the field of research and teaching could simply register themselves in this organization of
Academics For Academics, and this would be an awesome option for them.
iv) A4A is recruiting several trained individuals in several streams and is enabling
cultural diversification within this NGO.
11
INFORMATION SECURITY MANAGEMENT
v) As soon as these trained individuals would be a part of this NGO, the professionals
would be solely enjoying various advantages such as expenses for medical, charges for
accommodation and meals and also the travel expenses.
vi) This particular organization has put only one basic condition for the employment
of the members that the confidential information and the resources would be the properties of
A4A and the members do not have any right on them.
vii) All the confidential data and information is kept in the secured and systematic
security system of information by this NGO, namely, A4A.
viii) Several and various security threats can easily enter into any information system.
The security threats are extremely dangerous and harmful.
ix) The major security risk or threats for any particular security system of information
are harmful software, harmful code, attacks of denial of service, leakage of information,
phishing, messages interception, spoofing, unintentional destruction of important assets or
information and many more.
x) These security threats can be easily eradicated or mitigated by simply following
some of the major stages and by applying various measures.
xi) The most basic methods of eradicating these types of security threats or risks are
encryption, antivirus, passwords, firewalls and digital authentication.
xii) Academics For Academics or A4A is assumed to get each and every
organizational objective and goal by their pioneering strategies of organization.
INFORMATION SECURITY MANAGEMENT
v) As soon as these trained individuals would be a part of this NGO, the professionals
would be solely enjoying various advantages such as expenses for medical, charges for
accommodation and meals and also the travel expenses.
vi) This particular organization has put only one basic condition for the employment
of the members that the confidential information and the resources would be the properties of
A4A and the members do not have any right on them.
vii) All the confidential data and information is kept in the secured and systematic
security system of information by this NGO, namely, A4A.
viii) Several and various security threats can easily enter into any information system.
The security threats are extremely dangerous and harmful.
ix) The major security risk or threats for any particular security system of information
are harmful software, harmful code, attacks of denial of service, leakage of information,
phishing, messages interception, spoofing, unintentional destruction of important assets or
information and many more.
x) These security threats can be easily eradicated or mitigated by simply following
some of the major stages and by applying various measures.
xi) The most basic methods of eradicating these types of security threats or risks are
encryption, antivirus, passwords, firewalls and digital authentication.
xii) Academics For Academics or A4A is assumed to get each and every
organizational objective and goal by their pioneering strategies of organization.
⊘ This is a preview!⊘
Do you want full access?
Subscribe today to unlock all pages.
Trusted by 1+ million students worldwide
1 out of 17
Related Documents
Your All-in-One AI-Powered Toolkit for Academic Success.
 +13062052269
info@desklib.com
Available 24*7 on WhatsApp / Email
![[object Object]](/_next/static/media/star-bottom.7253800d.svg)
Unlock your academic potential
Copyright © 2020–2025 A2Z Services. All Rights Reserved. Developed and managed by ZUCOL.