BIT361: Security Management Program Development for Power AI Company

Verified

Added on 2022/11/14

AI Summary

This report, prepared for Secure Security Services (SSS), addresses the development of an ongoing security management program for Power AI (PAI), a company specializing in AI software. The report outlines the need for an ICT Security Program, detailing security policies, identifying threats, attacks, and vulnerabilities, and discussing the advantages of a risk management plan. It explores the formal approach to security within PAI's values, covering machine learning in security, governance roles, and statutory and legal necessities. The report further analyzes the benefits of a continuous security management process, including informed decision-making and compliance with regulations. A preliminary Risk Assessment/Management Plan, including a contingency plan, is provided in the appendix, with a discussion of associated costs and benefits, to protect PAI's intellectual property. The report emphasizes the importance of prioritizing risks and allocating resources for effective security governance, reflecting on the structure of PAI's organizational framework.

Contribute Materials

Your contribution can guide someone’s learning journey. Share your documents today.

Running head: SECURITY MANAGEMENT AND GOVERNANCE
Security Management and Governance
(Power AI /PAI)
Name of the student:
Name of the university:
Author Note

Secure Best Marks with AI Grader

Need help grading? Try our AI Grader for instant feedback on your assignments.

1SECURITY MANAGEMENT AND GOVERNANCE
Executive summary
The PAI or Power AI has been dealing with developing the software for various industrial scenarios,
business and home usages. In this study a formal approach is made to the security. Then, different
policies of security have been included in the study. After that the attacks, various threats and
different vulnerabilities in the present case are discussed. Furthermore, various advantages of
planning risk management are investigated in the study. Again, different benefits to fetching security
management as a constant process are analyzed here.

2SECURITY MANAGEMENT AND GOVERNANCE
1. Introduction:
The Power AI or PAI deals with the development of software for home use, business and
industrial. The primary concern is to create AI or Artificial intelligence systems. This is for
maintaining power usage, generation and storage at various environments. A study is needed to
present the various perquisites foe deploying the ICT security program for the organization.
The following report makes a formal approach to security. Further, various security policies
are to be developed. Then, various attacks, vulnerabilities and threats are identified. Next, different
benefits of the risk management plan are discussed. Further, various advantages fetching security
management as a continuous process is evaluated.
2. Discussing the fit of the formal approach towards security under PAI’s values:
2.1. Approach to security:
Machine Learning and security domain:
A wide understanding is to be made on various activities across the resources within control.
Thus ML can make the systems possible for the analysts. This is for discerning the way in which the
events have been dispersed widely. This must be within time and around disparate users, hosts and
networks that are related.
Clustering:
This intends to segregate information to a various set of discrete clusters or groups. This is
based on similarities under primary attributes and features (Huygh et al. 2018).

3SECURITY MANAGEMENT AND GOVERNANCE
Cluster analysis:
This introduces the idea of the feature space. This consists of thousands of dimensions. This
is one for every feature in the sample set.
Categorization:
This enables to make generalizations for actions and objects. This is to predict the properties
of actions and objects that have been totally new.
2.2. Role to be played according to governance:
At first the learning and training phase must be considered. Here, the analyst must construct
the model by deploying the classifier to a various set of training data. Next, in the validation phase
the analyst must apply the data of validation to model for assessing the accuracy (Hare 2018).
Further, in the testing phase the accuracy of the model must be evaluated with the help of test data.
This has been withheld from the validation and training process. In the deployment phase, the model
can be implemented for predicting the class membership of unlabelled and new data.
3. Discussing the development of security policies:
The diagnosis must be focusing on evaluating the strategic landscape as it is present. Here the
trajectories must be considered for taking that to the future. It requires deep and textured knowledge
of global and regional trends. Next, the decision making has needed the responses for huge strategic
questions. This is to employ national power for supporting the values an interest (Rebollo et al.
2015). At last, the assessment includes periodic revisiting of prior decisions and diagnoses. This is to
ascertain the ways the strategic landscape has been changing.

Secure Best Marks with AI Grader

Need help grading? Try our AI Grader for instant feedback on your assignments.

4SECURITY MANAGEMENT AND GOVERNANCE
3.1. Understanding the methodology:
For the present case the reverse-engineering and formalizing the policies of access controls
can be deployed as an effective model. This formalizing of the functional model has been
corresponding to classic transformation originating from UM. This moves to the B Notation
addressed by various tasks. For taking benefits of different complementary research tasks, the
translation rules can be included under the unified system (da Silva et al. 2018). About the concerns
to formalize the security model, it has depended on SecureUML-B. This is a type of mapping
leading to a structure. It has represented various data types. For carrying the step, PAU can utilize
the B4Msecure tool. This is to transform the UML class diagrams to various B formalizations.
3.2. Reason to have the policy:
As the security policies have been reflecting various risk appetite of the executive
management at PAI. They must begin with various defined risks for PAI. Here, a policy must be
appropriately written for decreasing the risks. As any organization comprises of risks about social
engineering, there must be policed to reflect the behaviors (Sadgrove 2016). These are intended for
decreasing employee’s risks that are engineered socially. The policy must involve the aspect that all
the employees have been considering security awareness training every year.
4. Listing threats, attacks and vulnerabilities:
They are demonstrated hereafter.
Hackers getting the edge with AI:
To start with, this has been regarding the same type of benefits are appreciated from
presenting AI has been substantial for various hackers and scammers. Here, the cybercriminals have

5SECURITY MANAGEMENT AND GOVERNANCE
been using the automation for affecting the manner towards seeking the latest vulnerabilities that can
be exploited easily and quickly (Baldini et al. 2018).
Bot Hackers:
PAI must appreciate the conversation of chatbots despite acknowledging the quantity of data
that has been transferring them. In this way, the chatbots are been programed for maintaining the
talks with users. This is with the approach for influencing to uncover the personal and financial data,
connections and so on.
Spear-phishing has turned to be simple:
Under security attacks the artificial intelligence has been making that less demanding for
various lesser-level of cyber-attacks. This is for controlling complicated interruptions. This can be
done through computing with ease (Kahler 2015). Here, the programmers have been consistently
prevailing the task scaling. More individuals have been going after phishing plans, the more systems
can be explored. Apart from this, the artificial intelligence has been furnishing that with the
approach for scaling greater level. This can be done through automation of targets and providing
bulk attacks.
Malicious corruptions:
The AI activities of PAI has been there with various potential vulnerabilities. They have
included different malicious corruption with the training of data, segment configuration and usage
(Froestad and Shearing 2016). Here, no industry has been resistant. There have been huge
categorizations where the machine learning and AI have the liabilities. Thus it has been presenting
the expanded threats.

6SECURITY MANAGEMENT AND GOVERNANCE
Mapping of social networking:
Besides, there has been additional risks that are AI-Based. It has involved greater-level of mapping
of social networking. Here, for example, the tools that are AI-powered that has been looking to
platforms of social networking. This is to empower the terrorist for identifying PAI. Thus they have
nee operating in more successful manner (Volchkov 2018).
5. Evaluating the implications of statutory and legal necessities and benefits of
the formal approach:
5.1. Statutory necessities:
Though much of the AI processing has been occurring between machines, for PAI it is the
interaction with the people that is resonated by specifically AI. In this way NLP has started to
replace the other AI algorithms and interfaces. Thus they are able to understand how the images and
sounds can be identified. In this way one can understand the meaning, communication and infer the
senses from the contexts (Thomas 2019). Here, the niche solutions denoting the necessities
effectively has been sourced from various narrowly focused and specialists of AI suppliers. It can
make the running. The cost reduction the AI can rise the effectively of the process, develop decision
making and make the tasks automated (Barafort, Mesquida and Mas 2017). Then there is the new
revenue and rise in scopes from the AI. This is the biggest driver for the future.
5.2. Legal necessities:
During the beginning point of the legal analysis there is the deployment to develop various
legal norms across the data and software. This is the only AI that one has never known. This is the
data and software that has been a helpful heuristic. Under the legal terms, AI is the assimilation of

Paraphrase This Document

Need a fresh take? Get an instant paraphrase of this document with our AI Paraphraser

7SECURITY MANAGEMENT AND GOVERNANCE
data and software. The software is the deployment of the code of algorithm in AI. This involves the
set of rules for solving any issue.
5.3. Understating the benefits:
Since, the rate of AI adoption rises, the common regulatory and legal norms under the sectors
such as data protection, negligence an intellectual property has been evolving to meet the latest
requirements. This has been a sector specific regulation under the sectors such as financial services,
transport and healthcare. It has been able to evolve the meeting of latest necessities (Alreshidi,
Mourshed and Rezgui 2017). Here, the quick developments have lead to policy makers and
governments across the world. This is to grapple with what A has meant for the regulation, policy
and laws. This also involves an effective legal framework and technical necessities.
6. Explaining the advantages of risk management plan:
6.1. Benefits of risk management plan:
This is helpful for PIA including steps for creating a new one. It assures that the risks have
been controlled suitably. Here, the aim is to decrease the effects of negative risks and rise the effect
of scopes. This plan includes the tool for reporting the risks for senior management and project
teams and sponsors (Juntunen and Virta 2019).
6.2. Discussing the significance of contingency plan, risk analysis and CBA to PIA:
For PIA it is vital since it has been working highly great to prevent the risks. It is the backup
plan activated by any business as any unforeseen or disaster situation makes disruptions in the
operations of the company and putting the staffs of PIA at risk (von Solms, B. and Upton, D., 2016.).
The risk management is helpful to determine the risks prior they have been occurring. The cost
benefit analysis or CBA has been determining the weaknesses and strengths of various alternatives.

8SECURITY MANAGEMENT AND GOVERNANCE
This can be used for finding the scopes. It provides the most effective approach for gaining
advantages while preserving the savings.
7. Benefits that can be derived from fetching security management as a constant
process:
The business managers of PAI can make various informed decisions about potential risks.
Moreover, they can also demonstrate various compliances with regulations and standards. Moreover,
they can undertake security decisions. This is based on the risk analyses for deploying operational
administrative, management and technical controls. It is considered as the utmost cost efficient
method to decrease the risks. Here, the risks of higher priority can be firstly tackled. This is for
attaining the best ROI under information security (Guo et al. 2017). Moreover, PAI can also develop
the trusts and credibility among various internal stakeholders and thee external vendors. These are
the primary factors for winning the business. Security management can increase awareness across
PAI for various risks of information security. They have included the staffs across the PAI and thus
it has been lowering the entire risk for the organization (Galvão et al. 2017).
8. Conclusion:
The above study shows that IT security governance is the system that is present in the PAI. It
is useful to control and direct IT security. Apart from this, the governance has been specifying
various frameworks of accountability. It has been providing the oversights. This is helpful to assure
that the risks are managed enough. On the other hand, the management assures that controls are
deployed for mitigating risks. Information security governance and managing risk include the
determination of the information assets of the organization. This includes the implementation,
documentation and development of guidelines, procedures, standards and policies. It is useful to

9SECURITY MANAGEMENT AND GOVERNANCE
assure the availability, integrity and confidentiality. This has been vital for developing IT security
governance. It helps in prioritizing the risks and create the support as more resources are needed for
securing PAI. Here, the structure of the body of security governance has been broadly relying on the
organizational structure of PAI.

Secure Best Marks with AI Grader

Need help grading? Try our AI Grader for instant feedback on your assignments.

10SECURITY MANAGEMENT AND GOVERNANCE
9. References:
Alreshidi, E., Mourshed, M. and Rezgui, Y., 2017. Factors for effective BIM governance. Journal of
Building Engineering, 10, pp.89-101.
Baldini, G., Peirce, T., Handte, M., Rotondi, D., Gusmeroli, S., Piccione, S., Copigneaux, B., Le
Gall, F., Melakessou, F., Smadja, P. and Serbanati, A., 2018. Internet of Things Privacy, Security,
and Governance. Internet of Things Security: Fundamentals, Techniques and Applications, p.19.
Barafort, B., Mesquida, A.L. and Mas, A., 2017. Integrating risk management in IT settings from
ISO standards and management systems perspectives. Computer Standards & Interfaces, 54, pp.176-
185.
da Silva, M.B.D., dos Santos, A.M., dos Santos Soares, M., do Nascimento, R.P.C. and Nunes, I.D.,
2018. A Survey on Adoption Good Practices for ICT Governance at Enhanced Organizations. In
Information Technology-New Generations (pp. 483-490). Springer, Cham.
Froestad, J. and Shearing, C., 2016. Security governance, policing, and local capacity. CRC press.
Galvão, G.D.A., Abadia, L.G., Parizzotto, L., Pião, R.D.C.S. and de Carvalho, M.M., 2017,
December. Compliance and Ethics for Project Management Governance. In ECMLG 2017 13th
European Conference on Management, Leadership and Governance: ECMLG 2017 (p. 115).
Academic Conferences and publishing limited.
Guo, W., Zhu, Z., Li, X., Xie, J. and Lin, Q., 2017, October. Countermeasures to Improve Local
Government Governance Capability by Using Big Data. In 7th International Conference on
Management, Education, Information and Control (MEICI 2017). Atlantis Press.
Hare, S., 2018. Establishing IT governance. Strategic Finance, 99(8), pp.62-63.

11SECURITY MANAGEMENT AND GOVERNANCE
Huygh, T., De Haes, S., Joshi, A. and Van Grembergen, W., 2018, January. Answering key global
IT management concerns through IT governance and management processes: A COBIT 5 View. In
Proceedings of the 51st Hawaii International Conference on System Sciences.
Juntunen, T. and Virta, S., 2019. Security dynamics: Multilayered security governance in an age of
complexity, uncertainty, and resilience. Leading Change in a Complex World: Transdisciplinary
Perspectives.
Kahler, M. ed., 2015. Networked politics: agency, power, and governance. Cornell University Press.
Rebollo, O., Mellado, D., Fernández-Medina, E. and Mouratidis, H., 2015. Empirical evaluation of a
cloud computing information security governance framework. Information and Software
Technology, 58, pp.44-57.
Sadgrove, K., 2016. The complete guide to business risk management. Routledge.
Thomas, M.A., 2019. Evaluating Electronic Health Records Interoperability Symbiotic Relationship
to Information Management Governance Security Risks (Doctoral dissertation, Northcentral
University).
Volchkov, A., 2018. Information Security Governance: Framework and Toolset for CISOs and
Decision Makers. Auerbach Publications.
von Solms, B. and Upton, D., 2016. Cyber security capacity governance. The Business &
Management Review, 7(4), p.34.

12SECURITY MANAGEMENT AND GOVERNANCE
10. Appendix:
Illustrating the risk management plan for PAI:
Project Title: Security
Management and
Governance
(Power AI /PAI)
Project
Working
Title:
Proponent Secretary: Proponent
Agency:
Prepared by: Date /
Control
Number:
B. Risk Management Strategy
1. Risk Identification Process
 Developing a systematic process
 Collecting information from various sources:
 Deploying tools of risk identification tools along with techniques

Paraphrase This Document

Need a fresh take? Get an instant paraphrase of this document with our AI Paraphraser

13SECURITY MANAGEMENT AND GOVERNANCE
 Documenting different risks2. Risk Evaluation and Prioritization
 Evaluating risk uncertainty
 Determining how standardized assessments has been supporting risk prioritization
3. Risk Mitigation Options
 Risk avoidance
 Considering acceptance
 Utilizing transference and
 Understanding limitation

14SECURITY MANAGEMENT AND GOVERNANCE
4. Risk Plan Maintenance
 Asseting the attribute data,
 Making functional hierarchy,
 Making criticality analysis,
 Analysisng the risk and failure,
 Undertaking control plans,
 Making reliability analysis,
 Undertaking continuous improvement.
.5. Risk Management Responsibilities
Individual Responsibility
Risk Manager
Provide the effective methodology in
order to identify and investigate the
financial effect on the loss.
Examining the usage of the realistic and
various cost-effective opportunities
helpful to balance different retention
programs with commercial insurance.
Preparing the budgets of risk management
and insurance and allocating the claim
costs and different premiums for different
departments and various divisions.
Other managers Providing information that is necessary

15SECURITY MANAGEMENT AND GOVERNANCE
for various risk managers for reviewing
and identifying the loss exposures.
Getting aware of the role to prevent loss
and become accountable for following
different procedures, attending various
risk control meetings and so on.