Security Presentation and Guidebook: IT Risk & Policy - Bolton College
VerifiedAdded on  2023/05/30
|13
|3119
|308
Report
AI Summary
This report provides a comprehensive security presentation and guidebook tailored for Bolton College, focusing on IT risk management, security policies, and disaster recovery planning. It begins with an overview of risk assessment procedures faced by the college, emphasizing compliance with the "Data Protection Policy" and the importance of privacy, security, and data breach protection. The report summarizes the ISO 31000 risk management methodology, detailing its application to IT security within the college, and discusses the impact of IT security audits on organizational policy. Key stakeholders' roles are defined to ensure effective security implementation. Furthermore, the report outlines a security policy for Bolton College, addressing data security principles, security controls, and responsibilities, while also evaluating the suitability of security tools. It concludes by emphasizing the alignment of IT security with the college's organizational policy, highlighting the importance of securing information resources to support academic activities. Desklib provides access to this document along with a wealth of other solved assignments and past papers.
Running head: SECURITY PRESENTATION AND GUIDEBOOK
Security Presentation and Guidebook
Name of the Student
Name of the University
Author Note
Security Presentation and Guidebook
Name of the Student
Name of the University
Author Note
Secure Best Marks with AI Grader
Need help grading? Try our AI Grader for instant feedback on your assignments.
1
SECURITY PRESENTATION AND GUIDEBOOK
Table of Contents
Introduction................................................................................................................................3
Part 1..........................................................................................................................................3
Risk Assessment Procedures faced by the Bolton College....................................................3
Summarisation of ISO 31000 risk management methodology..............................................4
Application of ISO 31000 risk management in IT Security..................................................4
Impact of IT Security Audit on the security of the organisational policy..............................5
Roles of stakeholders in the organisation...............................................................................5
Part 2..........................................................................................................................................6
Security Policy for Bolton College considering Disaster Recovery......................................6
Purpose...............................................................................................................................6
Scope..................................................................................................................................6
Policy statement.................................................................................................................6
Statement of Policy............................................................................................................6
Misuse of information and violation of policy...................................................................8
Evaluation of the suitability of tools used within security policies.......................................8
Part 3..........................................................................................................................................9
IT Security Alignment with Organisational Policy................................................................9
Conclusion..................................................................................................................................9
Recommendations....................................................................................................................10
Bibliography.............................................................................................................................11
SECURITY PRESENTATION AND GUIDEBOOK
Table of Contents
Introduction................................................................................................................................3
Part 1..........................................................................................................................................3
Risk Assessment Procedures faced by the Bolton College....................................................3
Summarisation of ISO 31000 risk management methodology..............................................4
Application of ISO 31000 risk management in IT Security..................................................4
Impact of IT Security Audit on the security of the organisational policy..............................5
Roles of stakeholders in the organisation...............................................................................5
Part 2..........................................................................................................................................6
Security Policy for Bolton College considering Disaster Recovery......................................6
Purpose...............................................................................................................................6
Scope..................................................................................................................................6
Policy statement.................................................................................................................6
Statement of Policy............................................................................................................6
Misuse of information and violation of policy...................................................................8
Evaluation of the suitability of tools used within security policies.......................................8
Part 3..........................................................................................................................................9
IT Security Alignment with Organisational Policy................................................................9
Conclusion..................................................................................................................................9
Recommendations....................................................................................................................10
Bibliography.............................................................................................................................11
2
SECURITY PRESENTATION AND GUIDEBOOK
Introduction
Information technology has allowed every sector to be innovative and much efficient
in delivering their outputs or productions. Technological advancement allows individuals to
be proactive and deliver their sector of the operational activities in an efficient way.
However, there are certain risks associated with the application of information technology.
Consideration and management of these risks are vital for increasing the efficiency of the
technology being used for delivering the operational activities.
Bolton College has adopted the information technology as an integral part for
supporting the students, staffs on campus, faculty, and researchers. The technology has
become the key component for the institute to manage and support the academic demand of
the institution, quality and learning improvements for the students, and the safety and well-
being of the entire community.
The purpose of this report is to analyze and evaluate the risks associated to the
adoption of the technology as the key component for the management of the above
operational activities the facts proposed in this report will based on the consideration of the
stakeholders involved in this project along with the alignment of the organizational policy
and the security policy.
Part 1
Risk Assessment Procedures faced by the Bolton College
The risk management related to the data security and privacy of the customers is the
commitment of the Bolton College as mentioned in the “Data Protection Policy” version vG1
launched by Bolton College at 12/05/2018 (BoltonCollege 2018). The institution focuses on
the enhancement of the network and data infrastructure in addition to the security policies
based on the needs and requirements. There are three major pillars in the risk management
SECURITY PRESENTATION AND GUIDEBOOK
Introduction
Information technology has allowed every sector to be innovative and much efficient
in delivering their outputs or productions. Technological advancement allows individuals to
be proactive and deliver their sector of the operational activities in an efficient way.
However, there are certain risks associated with the application of information technology.
Consideration and management of these risks are vital for increasing the efficiency of the
technology being used for delivering the operational activities.
Bolton College has adopted the information technology as an integral part for
supporting the students, staffs on campus, faculty, and researchers. The technology has
become the key component for the institute to manage and support the academic demand of
the institution, quality and learning improvements for the students, and the safety and well-
being of the entire community.
The purpose of this report is to analyze and evaluate the risks associated to the
adoption of the technology as the key component for the management of the above
operational activities the facts proposed in this report will based on the consideration of the
stakeholders involved in this project along with the alignment of the organizational policy
and the security policy.
Part 1
Risk Assessment Procedures faced by the Bolton College
The risk management related to the data security and privacy of the customers is the
commitment of the Bolton College as mentioned in the “Data Protection Policy” version vG1
launched by Bolton College at 12/05/2018 (BoltonCollege 2018). The institution focuses on
the enhancement of the network and data infrastructure in addition to the security policies
based on the needs and requirements. There are three major pillars in the risk management
3
SECURITY PRESENTATION AND GUIDEBOOK
section including privacy, security, and protection against data breach and intrusion. They
have adopted Data Protection Impact Assessment (“DPIA”) security standard for developing
the information security management and infrastructure practices considering the needs and
requirements of the University. The institution focuses on increasing the awareness among
the stakeholders through delivering campaign and training programs. They are focusing on
implementing the security awareness and education programs across the campus emphasizing
on increasing the knowledge related to potential and current risks, and the security
compliance issues.
Summarisation of ISO 31000 risk management methodology
In 2009, ISO 31000 was originally published and the updated version was launched in
February 2018 with same overall purpose with certain additional changes. The latest version
of ISO 31000 include the following changes as compared to the previous version:
ď‚· The risk management principles are the major components for the successful and
efficient deployment of the risk management and it must be reviewed on regular basis.
ď‚· The new version highlights on the importance of leadership by top management
explaining that the risk management starts from the organizational governance.
ď‚· The revised version greatly emphasizes on the iterative nature of the risk management
focusing on the regular audit and regulation for managing and developing new
strategies as per the current needs and requirement of the organization.
 The ISO 31000 comment that “the content is streamlined with greater focus on
sustaining an open systems model to fit multiple needs and contexts.”
Application of ISO 31000 risk management in IT Security
This standard is applicable for all size of the organization and supports the
management of the risks those could possibly influence the management and delivery of the
operational activities. The Bolton College can gain competitive advantage through enhancing
SECURITY PRESENTATION AND GUIDEBOOK
section including privacy, security, and protection against data breach and intrusion. They
have adopted Data Protection Impact Assessment (“DPIA”) security standard for developing
the information security management and infrastructure practices considering the needs and
requirements of the University. The institution focuses on increasing the awareness among
the stakeholders through delivering campaign and training programs. They are focusing on
implementing the security awareness and education programs across the campus emphasizing
on increasing the knowledge related to potential and current risks, and the security
compliance issues.
Summarisation of ISO 31000 risk management methodology
In 2009, ISO 31000 was originally published and the updated version was launched in
February 2018 with same overall purpose with certain additional changes. The latest version
of ISO 31000 include the following changes as compared to the previous version:
ď‚· The risk management principles are the major components for the successful and
efficient deployment of the risk management and it must be reviewed on regular basis.
ď‚· The new version highlights on the importance of leadership by top management
explaining that the risk management starts from the organizational governance.
ď‚· The revised version greatly emphasizes on the iterative nature of the risk management
focusing on the regular audit and regulation for managing and developing new
strategies as per the current needs and requirement of the organization.
 The ISO 31000 comment that “the content is streamlined with greater focus on
sustaining an open systems model to fit multiple needs and contexts.”
Application of ISO 31000 risk management in IT Security
This standard is applicable for all size of the organization and supports the
management of the risks those could possibly influence the management and delivery of the
operational activities. The Bolton College can gain competitive advantage through enhancing
Secure Best Marks with AI Grader
Need help grading? Try our AI Grader for instant feedback on your assignments.
4
SECURITY PRESENTATION AND GUIDEBOOK
the customer satisfaction of the students. The globally accepted standard will always be
acceptable to all the stakeholders associated with the institution and hence, the more students
can have better satisfaction on the proposed risk management strategies. The impact of the
risks could be minimized to the extent level through adopting the 31000 risk management
standard.
Impact of IT Security Audit on the security of the organisational policy
This regular update can be helpful for the Bolton College to manage the compliance
programs updated and allow them to aim in the right direction. It allows the organization to
manage and manipulate the existing policies as per the need and requirement of the
stakeholders through identifying and fixing the glitches or issues those could possibly
influence the security. The IT security Audit is also helpful in analysing and evaluating the
standards, procedures, and policies those could be helpful in managing the security of the
network and technology being used for the management and delivery of the operational
activities.
Roles of stakeholders in the organisation
Successful security auditing program emphasizes on the regular evaluation of the
policies, standards, and regulation compliance with the organizational and human resource
policies. The stakeholders need to understand that it could be time taking process and thus,
the stakeholders need to allow the IT specialists to monitor and look after the sections those
are considerable for the efficient delivery of the audit program that can be helpful in
improving the security of the institutional infrastructure. The project manager or institutional
head should assure that there is proper and effective strategy or timeline developed for the
delivery and management of the audit program. The network administrators should
thoroughly monitor the ongoing access over the network and identify the suspicious codes or
messages those could possibly impact the network in future.
SECURITY PRESENTATION AND GUIDEBOOK
the customer satisfaction of the students. The globally accepted standard will always be
acceptable to all the stakeholders associated with the institution and hence, the more students
can have better satisfaction on the proposed risk management strategies. The impact of the
risks could be minimized to the extent level through adopting the 31000 risk management
standard.
Impact of IT Security Audit on the security of the organisational policy
This regular update can be helpful for the Bolton College to manage the compliance
programs updated and allow them to aim in the right direction. It allows the organization to
manage and manipulate the existing policies as per the need and requirement of the
stakeholders through identifying and fixing the glitches or issues those could possibly
influence the security. The IT security Audit is also helpful in analysing and evaluating the
standards, procedures, and policies those could be helpful in managing the security of the
network and technology being used for the management and delivery of the operational
activities.
Roles of stakeholders in the organisation
Successful security auditing program emphasizes on the regular evaluation of the
policies, standards, and regulation compliance with the organizational and human resource
policies. The stakeholders need to understand that it could be time taking process and thus,
the stakeholders need to allow the IT specialists to monitor and look after the sections those
are considerable for the efficient delivery of the audit program that can be helpful in
improving the security of the institutional infrastructure. The project manager or institutional
head should assure that there is proper and effective strategy or timeline developed for the
delivery and management of the audit program. The network administrators should
thoroughly monitor the ongoing access over the network and identify the suspicious codes or
messages those could possibly impact the network in future.
5
SECURITY PRESENTATION AND GUIDEBOOK
Part 2
Security Policy for Bolton College considering Disaster Recovery
Purpose
The purpose of this security policy is to make sure the efficient and effective use of
the information resources and technology and have an alternative disaster recovery option for
certain uncertainties.
Scope
This policy will be applicable to all the stakeholders those are directly or indirectly
connected to the Bolton College and will majorly focus on the faculty, students, researchers,
and staffs of the institution. It will monitor and regularly audit the network and storage for
assuring the identification and management of the data security.
Policy statement
Every user of the Bolton College’s information resources and technologies is
applicable to be connected with the institute’s network and database for the management and
delivery of the operational activities for every stakeholder. The policy will be applied to all
types of the information resources being used for the administration, teaching, research, or
any other purpose within the campus. The illegal activities not complying with the
government laws will be considered illegal and legal actions will be made on them as per the
court or government policies.
Statement of Policy
a. Data Security Principles
It aims at managing the data security and protection of the information resources
being utilized and used within the college campus. It focuses on the following major
principles:
SECURITY PRESENTATION AND GUIDEBOOK
Part 2
Security Policy for Bolton College considering Disaster Recovery
Purpose
The purpose of this security policy is to make sure the efficient and effective use of
the information resources and technology and have an alternative disaster recovery option for
certain uncertainties.
Scope
This policy will be applicable to all the stakeholders those are directly or indirectly
connected to the Bolton College and will majorly focus on the faculty, students, researchers,
and staffs of the institution. It will monitor and regularly audit the network and storage for
assuring the identification and management of the data security.
Policy statement
Every user of the Bolton College’s information resources and technologies is
applicable to be connected with the institute’s network and database for the management and
delivery of the operational activities for every stakeholder. The policy will be applied to all
types of the information resources being used for the administration, teaching, research, or
any other purpose within the campus. The illegal activities not complying with the
government laws will be considered illegal and legal actions will be made on them as per the
court or government policies.
Statement of Policy
a. Data Security Principles
It aims at managing the data security and protection of the information resources
being utilized and used within the college campus. It focuses on the following major
principles:
6
SECURITY PRESENTATION AND GUIDEBOOK
1. Availability of the information resources
2. Integrity of the information
3. Confidentiality of the information
4. Academic pursuits support
5. Information access
b. Security Controls
ISO 31000 risk management methodology standard will be adopted for the
management and delivery of the security controls those could allow enhancement in the
security of the entire environment. It is being adopted considering the welfare and benefits of
the data security and infrastructure required for the management and delivery of the
operational activities. The data security will be managed as per the following classification of
the data considering its priority and sensitiveness:
1. High risk data
2. Moderate risk data, and
3. Low risk data
Based on the above priorities, the data management will be proceeded considering its
security and privacy.
There will be different responsibilities for different personals involved in the project
including the following:
ISO (Information Security Officer): ISO will be responsible for the implementation of
the policies and the procedures those could be helpful in governing and managing the privacy
and security of the data saved in the database of the college.
Data Custodians: their responsibility will be to take care of the application being used,
system data policies, and other information resources those are in their control.
SECURITY PRESENTATION AND GUIDEBOOK
1. Availability of the information resources
2. Integrity of the information
3. Confidentiality of the information
4. Academic pursuits support
5. Information access
b. Security Controls
ISO 31000 risk management methodology standard will be adopted for the
management and delivery of the security controls those could allow enhancement in the
security of the entire environment. It is being adopted considering the welfare and benefits of
the data security and infrastructure required for the management and delivery of the
operational activities. The data security will be managed as per the following classification of
the data considering its priority and sensitiveness:
1. High risk data
2. Moderate risk data, and
3. Low risk data
Based on the above priorities, the data management will be proceeded considering its
security and privacy.
There will be different responsibilities for different personals involved in the project
including the following:
ISO (Information Security Officer): ISO will be responsible for the implementation of
the policies and the procedures those could be helpful in governing and managing the privacy
and security of the data saved in the database of the college.
Data Custodians: their responsibility will be to take care of the application being used,
system data policies, and other information resources those are in their control.
Paraphrase This Document
Need a fresh take? Get an instant paraphrase of this document with our AI Paraphraser
7
SECURITY PRESENTATION AND GUIDEBOOK
System Developers: Their responsibility will be to manage the role of the network
administrator, integration, and development, related to the application of the information
resources as per the policies and regulations developed for the application of the information
resources.
Users: The every user connected to the institution needs to understand their sector of
authorization and access of data and information and use the resources in efficient and
effective manner.
Third-party affiliates: the vendors, consultants, and partners need to abide the
developed policies and make sure that they follow them in an efficient and effective way
without hampering the developed information and organization infrastructure.
Misuse of information and violation of policy
Accessing the information or data other than the authority of the individuals will be
considered as the violation of the policy and will be treated accordingly. The charges for such
unwanted activities will have financial punishment or could lead to dis-attachment with the
institution. Using the information for personal benefits in any way will also be considered as
the violation of the policy and the user will have to face punishment as applicable. Criminal
activities will have legal actions as per the government and will be managed by the local or
national federals as appropriate for the government, the institution will not interfere nor take
the responsibility of any of the criminal activities.
Evaluation of the suitability of tools used within security policies
Dual factor authentication, different level of authentication, a monitoring system, and
alarm system, and encryption can be used as the appropriate tools for allowing the successful
and efficient deployment of the security policy. The mentioned tools are highly
recommended considering the proper and regular monitoring and audit of the network and the
SECURITY PRESENTATION AND GUIDEBOOK
System Developers: Their responsibility will be to manage the role of the network
administrator, integration, and development, related to the application of the information
resources as per the policies and regulations developed for the application of the information
resources.
Users: The every user connected to the institution needs to understand their sector of
authorization and access of data and information and use the resources in efficient and
effective manner.
Third-party affiliates: the vendors, consultants, and partners need to abide the
developed policies and make sure that they follow them in an efficient and effective way
without hampering the developed information and organization infrastructure.
Misuse of information and violation of policy
Accessing the information or data other than the authority of the individuals will be
considered as the violation of the policy and will be treated accordingly. The charges for such
unwanted activities will have financial punishment or could lead to dis-attachment with the
institution. Using the information for personal benefits in any way will also be considered as
the violation of the policy and the user will have to face punishment as applicable. Criminal
activities will have legal actions as per the government and will be managed by the local or
national federals as appropriate for the government, the institution will not interfere nor take
the responsibility of any of the criminal activities.
Evaluation of the suitability of tools used within security policies
Dual factor authentication, different level of authentication, a monitoring system, and
alarm system, and encryption can be used as the appropriate tools for allowing the successful
and efficient deployment of the security policy. The mentioned tools are highly
recommended considering the proper and regular monitoring and audit of the network and the
8
SECURITY PRESENTATION AND GUIDEBOOK
database of the Bolton College information resources. It would be helpful in identifying the
severity of the threat and identify the victim or the individuals responsible for violating the
policies and hence, punishing accordingly.
Part 3
IT Security Alignment with Organisational Policy
The Bolton College’s IT team is managing the IT infrastructure that is capable of
handling and supporting the files, databases, and applications across the VMware
environment and is managing the strength of 500 staffs and 12000 students. Major emphasis
is provided on the storage of the institutional database for assuring the functioning of the web
portals and Information System functioning. The organizational policy emphasizes on the
proper delivery of the educational services to the college’s stakeholders and hence the
developed policy should must align with the organizational policy in manner to manage the
operational activities in an effective and efficient way. The organizational policy also
emphasizes on the secured use of the information resources and technology for assuring the
effectiveness of the security arrangements. It is necessary that the organizational policy align
with the IT security considering the application and benefits of the information resources and
technologies being used for boosting the academic activities.
Conclusion
It can be concluded that the above report discusses the IT security and management
considering the pace in the application of the information technology and resources. The first
section described the background of the Bolton College in addition to the adoption being
made for improvising the way of operation deliveries within the campus. Thereafter a
conclusion being presented stated the current risk management strategies adopted by the
College considering the usage of the information resources and technologies. It can be
SECURITY PRESENTATION AND GUIDEBOOK
database of the Bolton College information resources. It would be helpful in identifying the
severity of the threat and identify the victim or the individuals responsible for violating the
policies and hence, punishing accordingly.
Part 3
IT Security Alignment with Organisational Policy
The Bolton College’s IT team is managing the IT infrastructure that is capable of
handling and supporting the files, databases, and applications across the VMware
environment and is managing the strength of 500 staffs and 12000 students. Major emphasis
is provided on the storage of the institutional database for assuring the functioning of the web
portals and Information System functioning. The organizational policy emphasizes on the
proper delivery of the educational services to the college’s stakeholders and hence the
developed policy should must align with the organizational policy in manner to manage the
operational activities in an effective and efficient way. The organizational policy also
emphasizes on the secured use of the information resources and technology for assuring the
effectiveness of the security arrangements. It is necessary that the organizational policy align
with the IT security considering the application and benefits of the information resources and
technologies being used for boosting the academic activities.
Conclusion
It can be concluded that the above report discusses the IT security and management
considering the pace in the application of the information technology and resources. The first
section described the background of the Bolton College in addition to the adoption being
made for improvising the way of operation deliveries within the campus. Thereafter a
conclusion being presented stated the current risk management strategies adopted by the
College considering the usage of the information resources and technologies. It can be
9
SECURITY PRESENTATION AND GUIDEBOOK
concluded that the existing policies of the college lags in delivering necessary security and
audit processes and hence, the improvisation is necessary considering the delivery and
management of the security and privacy of the individuals. The next phases of the project
describes the adoption of the best strategies and policies those are considerable for the
improvement of the security aspects of the Bolton College.
Recommendations
Based on the information provided above, the following recommendations can be
made:
1. The Bolton College should consider the application of tools and technologies those
could be helpful in improving the security of the institutional information resources and
technologies.
2. There should be regular IT security audit considering the evaluation, management
and compliance of the policies.
3. The Bolton College should adopt ISO 31000 risk management methodology within
its policies for assuring the development and management of the data security and privacy.
4. The policy recommended in this paper can be adopted for enhancing the data and
information security.
5. The network monitoring, alarm system, and encryption should be used within the
network for assuring the data security and privacy.
SECURITY PRESENTATION AND GUIDEBOOK
concluded that the existing policies of the college lags in delivering necessary security and
audit processes and hence, the improvisation is necessary considering the delivery and
management of the security and privacy of the individuals. The next phases of the project
describes the adoption of the best strategies and policies those are considerable for the
improvement of the security aspects of the Bolton College.
Recommendations
Based on the information provided above, the following recommendations can be
made:
1. The Bolton College should consider the application of tools and technologies those
could be helpful in improving the security of the institutional information resources and
technologies.
2. There should be regular IT security audit considering the evaluation, management
and compliance of the policies.
3. The Bolton College should adopt ISO 31000 risk management methodology within
its policies for assuring the development and management of the data security and privacy.
4. The policy recommended in this paper can be adopted for enhancing the data and
information security.
5. The network monitoring, alarm system, and encryption should be used within the
network for assuring the data security and privacy.
Secure Best Marks with AI Grader
Need help grading? Try our AI Grader for instant feedback on your assignments.
10
SECURITY PRESENTATION AND GUIDEBOOK
Bibliography
Ahmed, T., Andersen, K., Shaffer, P., Crocker, D., Ghosh, S., Connelly, K., Gummadi, K.P.,
Crandall, D., Kate, A., Kapadia, A. and Cranor, L.F., 2016. Addressing physical safety,
security, and privacy for people with visual impairments. In Twelfth Symposium on Usable
Privacy and Security ({SOUPS} 2016)(pp. 341-354).
Alexander, D. et al. (2008) Information Security Management Principles. BSC.
Bennett, C.J. and Raab, C.D., 2017. The governance of privacy: Policy instruments in global
perspective. Routledge.
BoltonCollege., 2018. Link:
https://www.boltoncollege.ac.uk/assets/Uploads/Attachments/GDPR/Bolton-College-Data-
Full-Protection-Policy.pdf. Accessed on [25th, Nov 2018].
Farooq, A., Kakakhel, S.R.U., Virtanen, S. and Isoaho, J., 2015, December. A taxonomy of
perceived information security and privacy threats among IT security students. In Internet
Technology and Secured Transactions (ICITST), 2015 10th International Conference for (pp.
280-286). IEEE.
Habib, H., Naeini, P.E., Devlin, S., Oates, M., Swoopes, C., Bauer, L., Christin, N. and
Cranor, L.F., 2018. User behaviors and attitudes under password expiration policies.
In Fourteenth Symposium on Usable Privacy and Security ({SOUPS} 2018) (pp. 13-30).
Happen to Us – Avoiding Corporate Disaster While Driving Success. Wiley.
Kaunert, C., 2018. European internal security: towards supranational governance in the area
of freedom, security and justice.
Lowry, P.B., Dinev, T., Willison, R., Belanger, F., Benbasat, I., Brown, S.A., Culnan, M.,
Galletta, D., George, J., Pavlou, P. and Rao, H.R., 2015. Call for Papers: European Journal of
SECURITY PRESENTATION AND GUIDEBOOK
Bibliography
Ahmed, T., Andersen, K., Shaffer, P., Crocker, D., Ghosh, S., Connelly, K., Gummadi, K.P.,
Crandall, D., Kate, A., Kapadia, A. and Cranor, L.F., 2016. Addressing physical safety,
security, and privacy for people with visual impairments. In Twelfth Symposium on Usable
Privacy and Security ({SOUPS} 2016)(pp. 341-354).
Alexander, D. et al. (2008) Information Security Management Principles. BSC.
Bennett, C.J. and Raab, C.D., 2017. The governance of privacy: Policy instruments in global
perspective. Routledge.
BoltonCollege., 2018. Link:
https://www.boltoncollege.ac.uk/assets/Uploads/Attachments/GDPR/Bolton-College-Data-
Full-Protection-Policy.pdf. Accessed on [25th, Nov 2018].
Farooq, A., Kakakhel, S.R.U., Virtanen, S. and Isoaho, J., 2015, December. A taxonomy of
perceived information security and privacy threats among IT security students. In Internet
Technology and Secured Transactions (ICITST), 2015 10th International Conference for (pp.
280-286). IEEE.
Habib, H., Naeini, P.E., Devlin, S., Oates, M., Swoopes, C., Bauer, L., Christin, N. and
Cranor, L.F., 2018. User behaviors and attitudes under password expiration policies.
In Fourteenth Symposium on Usable Privacy and Security ({SOUPS} 2018) (pp. 13-30).
Happen to Us – Avoiding Corporate Disaster While Driving Success. Wiley.
Kaunert, C., 2018. European internal security: towards supranational governance in the area
of freedom, security and justice.
Lowry, P.B., Dinev, T., Willison, R., Belanger, F., Benbasat, I., Brown, S.A., Culnan, M.,
Galletta, D., George, J., Pavlou, P. and Rao, H.R., 2015. Call for Papers: European Journal of
11
SECURITY PRESENTATION AND GUIDEBOOK
Information Systems (EJIS) Special Issue on Security and Privacy in 21 st Century
Organisations. European Journal of Information Systems.
Martin, Y.S. and Kung, A., 2018, April. Methods and Tools for GDPR Compliance Through
Privacy and Data Protection Engineering. In 2018 IEEE European Symposium on Security
and Privacy Workshops (EuroS&PW) (pp. 108-111). IEEE.
Nazareth, D.L. and Choi, J., 2015. A system dynamics model for information security
management. Information & Management, 52(1), pp.123-134.
Safa, N.S., Von Solms, R. and Furnell, S., 2016. Information security policy compliance
model in organizations. Computers & Security, 56, pp.70-82.
Siponen, M., Mahmood, M.A. and Pahnila, S., 2014. Employees’ adherence to information
security policies: An exploratory field study. Information & management, 51(2), pp.217-224.
Steinberg, R. (2011) Governance, Risk Management, and Compliance: It Can't
Sunyaev, A., Dehling, T., Taylor, P.L. and Mandl, K.D., 2014. Availability and quality of
mobile health app privacy policies. Journal of the American Medical Informatics
Association, 22(e1), pp.e28-e33.
Tipton, H. (2010) Information Security Management Handbook. 4th Ed. Auerbach Pubs.
Washizaki, H., Fukumoto, S., Yamamoto, M., Yoshizawa, M., Fukazawa, Y., Kato, T.,
Ogata, S., Kaiya, H., Fernandez, E.B., Kanuka, H. and Kondo, Y., 2016, June. A metamodel
for security and privacy knowledge in cloud services. In 2016 IEEE World Congress on
Services (SERVICES) (pp. 142-143). IEEE.
General References
https://www.bc.edu/content/dam/files/offices/its/pdf/ITS-strategic-plan-v1-1-fall15.pdf
www.bcs.org British Computer Society (General Reference)
SECURITY PRESENTATION AND GUIDEBOOK
Information Systems (EJIS) Special Issue on Security and Privacy in 21 st Century
Organisations. European Journal of Information Systems.
Martin, Y.S. and Kung, A., 2018, April. Methods and Tools for GDPR Compliance Through
Privacy and Data Protection Engineering. In 2018 IEEE European Symposium on Security
and Privacy Workshops (EuroS&PW) (pp. 108-111). IEEE.
Nazareth, D.L. and Choi, J., 2015. A system dynamics model for information security
management. Information & Management, 52(1), pp.123-134.
Safa, N.S., Von Solms, R. and Furnell, S., 2016. Information security policy compliance
model in organizations. Computers & Security, 56, pp.70-82.
Siponen, M., Mahmood, M.A. and Pahnila, S., 2014. Employees’ adherence to information
security policies: An exploratory field study. Information & management, 51(2), pp.217-224.
Steinberg, R. (2011) Governance, Risk Management, and Compliance: It Can't
Sunyaev, A., Dehling, T., Taylor, P.L. and Mandl, K.D., 2014. Availability and quality of
mobile health app privacy policies. Journal of the American Medical Informatics
Association, 22(e1), pp.e28-e33.
Tipton, H. (2010) Information Security Management Handbook. 4th Ed. Auerbach Pubs.
Washizaki, H., Fukumoto, S., Yamamoto, M., Yoshizawa, M., Fukazawa, Y., Kato, T.,
Ogata, S., Kaiya, H., Fernandez, E.B., Kanuka, H. and Kondo, Y., 2016, June. A metamodel
for security and privacy knowledge in cloud services. In 2016 IEEE World Congress on
Services (SERVICES) (pp. 142-143). IEEE.
General References
https://www.bc.edu/content/dam/files/offices/its/pdf/ITS-strategic-plan-v1-1-fall15.pdf
www.bcs.org British Computer Society (General Reference)
12
SECURITY PRESENTATION AND GUIDEBOOK
www.bsa.org.uk Business Software Alliance (General Reference)
www.fast.org.uk Federation Against Software Theft (General Reference)
www.ico.gov.uk Information Commissioners Office (General Reference)
SECURITY PRESENTATION AND GUIDEBOOK
www.bsa.org.uk Business Software Alliance (General Reference)
www.fast.org.uk Federation Against Software Theft (General Reference)
www.ico.gov.uk Information Commissioners Office (General Reference)
1 out of 13
Related Documents
Your All-in-One AI-Powered Toolkit for Academic Success.
 +13062052269
info@desklib.com
Available 24*7 on WhatsApp / Email
![[object Object]](/_next/static/media/star-bottom.7253800d.svg)
Unlock your academic potential
© 2024  |  Zucol Services PVT LTD  |  All rights reserved.