COIT20263: OZ Dispatch Customer Information Security Management

Verified

Added on 2023/03/30

AI Summary

This report details a customer information security policy that OZ Dispatch, a home delivery service, intends to implement to protect sensitive customer data. As OZ Dispatch expands to new locations like Parramatta, NSW, Australia, the need for secure data sharing across organizational units becomes critical. The report addresses current threats, proposes a customer information security policy, and outlines policies, practices, and technologies for information security, including disclosure policies, access control, and cryptographic key management. It emphasizes the importance of data encryption and secure storage to prevent data theft and maintain customer trust. The document is contributed by a student and available on Desklib, a platform offering study tools and resources.

Contribute Materials

Your contribution can guide someone’s learning journey. Share your documents today.

Running head: INFORMATION SECURITY MANAGEMENT
Information Security Management
Name of the Student
Name of the University
Author Note

Secure Best Marks with AI Grader

Need help grading? Try our AI Grader for instant feedback on your assignments.

1INFORMATION SECURITY MANAGEMENT
Executive Summary
This report aims to discuss about the policies regarding customer information security
which the OZ organisation is looking to implement. Through implementation of these
policies the OZ organisation is trying to secure the data of the customers which are highly
confidential and sensitive in nature. OZ is an organisation which country provides home
delivery services. In the current situation this organisation is planning to operate from the
location of Parramatta, NSW, Australia. While the same businesses will be operated from
different types of location, the organisations must be able to share all the data from one
organizational unit to another organizational unit. Sharing of data will be done through by
implementing a new network system which must be capable of sharing confidential data
without any type of security issues. Due to this reason current organisation is focusing on
implementation of new network system which will be capable of meeting all the business
requirements of the Oz organisation. For all of the businesses customers are the most
important assets. A large percentage of organisational growth is totally depending on the
engagement of the customer with the organisation. Thus it is very much important to ensure a
trustworthy services through which satisfaction of the customers can be achieved.
Considering this thing on the mind this report has discussed about some important customer
information security policy which can be implemented by the Oz organisation. This
developed policy has ensured that none of the business according data will be breached out
due to which sensitive and confidential information of the customer data will be
compromised. The data of the customers can be accessible by the organisation after signing
the informed consent with their customers to operate under all the consideration of ethical
and legal issues.

2INFORMATION SECURITY MANAGEMENT
Table of Contents
Executive Summary.......................................................................................................1
1. Introduction:...............................................................................................................3
2. Guidelines:.................................................................................................................4
2.1 Current threat for the data of the customers:........................................................4
2.2 Oz dispatch's customer information security policy:...........................................5
2.3 Policies, practices and technologies regarding information security...................5
3. Conclusion:................................................................................................................9
4. References:...............................................................................................................11

3INFORMATION SECURITY MANAGEMENT
1. Introduction:
In this context the current organisation is Oz dispatch which is one of the biggest
organisation in Australia. This organisation mainly provides home delivery related services.
In the current context the organisation is planning to increase its business area and for that
they have selected to operate from new locations in Australia. One of this location is
Parramatta, NSW. By considering all of the aspects the organisation has determined to
implement an effective IS security program. For the development and deployment of the
system this organisation is currently looking for a contract organisation (Burrough et al.
2015). After a large discussion the Managing Director of the organisation has finalized that in
the Parramatta office of the Oz dispatch there will be a sales and marketing team, accountant
team can a data analyst team. Here the main role of the data analyst will be dealing with the
large amount of data the customers, sales regarding information and product related
information. from the brief analysis of the organisation the business processes of the
organisation has been understood successfully and from that business process it has been
assessed that customers need to place their order and they need to pay for their order that has
been booked through the internet from the organisation. In the initial stage of the delivery
system delivery staff of the Oz dispatch organisation will be collecting the ordered product
from the suppliers and then this products will be taken to the main distribution centres. After
some basic amendments once the order of the customer is ready for shipment then nearby
delivery staff will be auto assigned by the system for completing the delivery (Safa et al.
2015). When the system auto assigns a delivery staff for completing the delivery the delivery
staffs get prompted about it and the reaches to the distribution centre and picks specific
orders for specific customers and provides a doorstep delivery to them. This current system is
very much complex in nature and due to this fact proper coordination is required between the
delivery staff members and the managers. considering this fact the Oz dispatch organisation

Secure Best Marks with AI Grader

Need help grading? Try our AI Grader for instant feedback on your assignments.

4INFORMATION SECURITY MANAGEMENT
decided to overcome this issue by providing mobile devices to each of the managers and the
delivery staffs so that better coronation can be created among them. Also the higher authority
of the Oz dispatch organisation has decided that each of the distribution centre of the
organisation must have an active internet connection with Wi-Fi routers so that employees
and the managers can connect their mobile devices wirelessly to the internet. Apart from this
all the organisation is also looking to build a strong security policy of the information of the
customers show that privacy and security of the valuable data of the first customers can be
ensured. Through this policy the organisation will be able to gain the loyalty of their existing
customers which will be beneficial for the Oz dispatch organisation.
2. Guidelines:
2.1 Current threat for the data of the customers:
As it has been determined previously that the management of the Oz dispatch
organisation is providing mobile devices to the delivery staff and manager of the organisation
some internal security risks are occurring in the entire system. These mobile devices has been
provided to the managers and the delivery staffs for better coordination among them. thus in
this environment those mobile phones can be used by the delivery staffs and the managers
both for their personal use organizational use while Oz dispatch organisation is not having
any type of BYOD policy (Cassidy 2016). As there is no proper BYOD policy the data
regarding the customers which are present in the mobile phones of the managers and delivery
staff can be easily breached. Apart from that there are also many issues are present due to
practicing the BYOD environment which includes theft of the devices, some technical failure
and some other security issues which leads to mishandling of the data asset of the Oz dispatch
organisation, where this data assets includes laptops and mobile phones (Safa, Von Solms
and Furnell 2016). Thus a proper BYOD policy need to be implemented within the Oz
dispatch organisation.

5INFORMATION SECURITY MANAGEMENT
2.2 Oz dispatch's customer information security policy:
Property trust of the customers is always valuable for the organisations and this is also
same for the Oz dispatch organisation. For this reason Oz organisation is looking for
expanding their business area so that they can serve more customers. In this aspect protection
of the customer data becomes very much important. To consider this fact, security policy has
been prepared in this case for saving the system several of attacks which includes insider
attack, data modification and data theft issues (Abbasi, Sarker and Chiang 2016). While
customer is placing in order to the website of Oz dispatch organisation they need to share
their information regarding payment credentials, demographic and regarding some personal
data. This information are there most important information of the customer show that it need
to be highly secured. In the selling process the need of secured and effective customer
information security plan will be discussed.
Scope of the policy:
The main scope of this policies are regarding ensuring security of the data and
increasing privacy for the customers. This policy is important in this context as customers
share very much crucial with the organisation including the payment credentials also. This
policy would be focused to create technical and physical control over the disclosure of
confidential data of the customers (Chang and Ramachandran 2015). This security policy for
the customers will remained focused on three most important security aspects of information
which are the authenticity, integrity and confidentiality.
2.3 Policies, practices and technologies regarding information security.
Disclosure policy of information:
Objective: this policy is aiming to prevent sensitive and confidential information of the
customers by any type of illegitimate party.

6INFORMATION SECURITY MANAGEMENT
Policy: information of the customers should not be disclosed without any type of legal and
valid bindings. Whenever it is important to disclose some data of a particular customer, that
customer must be communicated properly before data disclosure by OZ dispatch
organisation. Here the organizational customers will be also able to get rid of any type of
unethical conduct by an intruder (Peltier 2016). All the employees of the OZ dispatch
organisation are strictly prohibited to any type of disclosure of the customer's private data to
any type of 3rd party organization for gaining any type of benefits. If found any this type of
cases then punishment against the employee can lead up to termination from the organization.
Policy for access control:
Objective: The policy of access control aims to control illegitimate access over sensitive and
confidential information of the customers.
Policy: The Oz dispatch organisation will be responsible for ensuring that complete access
and control over the confidential data of the customer is maintained. Configuration of access
to this sensitive customer data using the secured web services will be also ensured by Oz
dispatched organisation (Lafuente 2015). Access management is also important in this case
and it will be maintained by the OZ dispatch organisation. For this proper login features and
encryption will be implemented by the organisation. Through this policy proper
implementation of identity management and access management will be ensured (McCormac
et al. 2017). Only some particular experts will be responsible for accessing and controlling
confidential data of the customers within Oz dispatch organisation. Any type of important
confidential data that is known by the low level employees in the organisation must not be
disclosed or shared with some other third party organisation for any type of benefits. If found
any type of this activities then it will be prosecuted strictly.
Policies for information security:

Paraphrase This Document

Need a fresh take? Get an instant paraphrase of this document with our AI Paraphraser

7INFORMATION SECURITY MANAGEMENT
Objective: through implementation of the information security policy organisation is
currently aiming to creating a practical road map for the Information Service security within
organisation by properly documenting policies of information security.
Policy: network administrator of the Oz dispatch organisation is responsible for creating a
Intruder prevention and detection system within the network of the organisation for
measuring security of the network through which sensitive and confidential data of the
customers goes one location to another. The management how the Oz dispatch organisation
will be responsible for making a data privacy and data security plan for the data of the
customers for appropriate security controls (Laszka, Felegyhazi and Buttyan 2015).
Organisation will also ensure produce of standard operating for the devices on which
confidential data of the customers are stored so that there is no data leakage and data theft
issues.
Management of cryptography and cryptographic key:
Objective: This is an Information Service related security policy which ensure that
cryptographic approaches has been taken successfully by the organisation for securing and
protecting elements of CIA by using proper cryptographic algorithms and others respective
protocols.
Policy: High authority of Oz dispatch organisation is responsible for you doing that all the
current system in the organisation are consisting proper cryptographic keys all the system
must be capable of providing appropriate alerts before expiry of this cryptographic keys (Ab
Rahman and Choo 2015). The systems should provide notification prior of 15 days before
expiry of the cryptographic keys. Here the network administrator of the system responsible
for implementation of auditing unlocking for handling the updates key management activities
securing data of the customers from various of external and internal threats.

8INFORMATION SECURITY MANAGEMENT
Security and Storage:
Currently the Oz dispatch organisation is determined to prevent data theft which
occurs due to various of network-based attack. The important and confidential data of the
customers must be stored in the database with high level of encryption so that any type of
network intruder will not be able to access those data of the customers. To protect this data
from various types of natural disasters the Oz organisation must backup all the data available
in the database. This will also provide the opportunity of effective and easy data recovery
(Stamp 2017). Also the Oz organisation must create a campaign through which they will be
directing the customers about different types of ways through which they will be able to
manage their own privacy and security of their confidential data (Zhang 2018). The Oz
organisation need to provide multilevel encryption to the important data of the customer so
that it can be saved from various of external and internal threats.
Information security controls:
The implementation of firewall is one of the most appropriate way of securing the
important data of the customers. Firewall is typical type of information security control which
is capable of monitoring and controlling network traffic of a particular network of the OZ
organisation. Firewall will be implemented here for blocking the illegitimate party important
occasion.
In this aspect another important technical control is the SSH which consist
cryptographic network protocol that can be used for securing the services which possesses
data of the customers over a network which is unsecured signature (Martin and Murphy
2017). Through this way important data of the customers can be saved on public network
also.

9INFORMATION SECURITY MANAGEMENT
For the login authentication purpose facial ID recognition system can be utilised so
that customers will be able to overcome the threat of data access by an illegitimate user
(Stallings 2017). By using the facial ID recognition system unauthorised logins can be
interrupted easily.
ISO standard compliance:
The Oz dispatch organisation need to work under ISO 27002 InfoSec security
standard which will be issuing that all the controls can be utilised for personally identifiable
information. Other than from this security standard organisation will be also operating under
the ISO 27018 InfoSec which will be assuming that security and privacy of the important
data of the customers will be compliance with the ISO 27018 InfoSec standards of security.
The standard of security will define a practice code which aims on proper protection of the
confidential data of the customers.
Legislations and laws:
 It is very much important to control all the employees and illegitimate or unauthorised
type of data access need to be blocked which will be done by operating under
Workplace Surveillance Act 2005 (Bertino 2016).
 Data of the customers will be protected by Oz dispatch organisation using the privacy
act.
 The Oz organisation can be punished if they promote or support any type of criminal
activity under the Crime Act 1990.
3. Conclusion:
From the above discussion it can be concluded that currently Oz dispatch organisation
is highly concerned with their security an important confidential data of their customer.
Depending on the situation the Oz dispatch organisation has taken the decision of

Secure Best Marks with AI Grader

Need help grading? Try our AI Grader for instant feedback on your assignments.

10INFORMATION SECURITY MANAGEMENT
implementing a strong an impressive security policy for protecting the information of the
customers. In this policy customers will be informed before if any type of data disclosure is
required about them. From the law and legislation it has been assessed that OZ dispatch
organisation will be working under ISO standard 27002 and ISO standard 27018. From the
discussion it has been also assessed that important data of the customers will be stored in the
database of the organisation with having some high level of encryption for ultimate security
of those data. Customer information security policy is also discussed within this report and it
has been assessed that Oz dispatch organisation will be able to overcome each of these traits
by following the implemented security policy properly.

11INFORMATION SECURITY MANAGEMENT
4. References:
Ab Rahman, N.H. and Choo, K.K.R., 2015. A survey of information security incident
handling in the cloud. computers & security, 49, pp.45-69.
Abbasi, A., Sarker, S. and Chiang, R.H., 2016. Big data research in information systems:
Toward an inclusive research agenda. Journal of the Association for Information
Systems, 17(2), p.I.
Bertino, E., 2016, March. Data Security and Privacy in the IoT. In EDBT (Vol. 2016, pp. 1-
3).
Burrough, P.A., McDonnell, R., McDonnell, R.A. and Lloyd, C.D., 2015. Principles of
geographical information systems. Oxford university press.
Cassidy, A., 2016. A practical guide to information systems strategic planning. Auerbach
Publications.
Chang, V. and Ramachandran, M., 2015. Towards achieving data security with the cloud
computing adoption framework. IEEE Transactions on Services Computing, 9(1), pp.138-
151.
Lafuente, G., 2015. The big data security challenge. Network security, 2015(1), pp.12-14.
Laszka, A., Felegyhazi, M. and Buttyan, L., 2015. A survey of interdependent information
security games. ACM Computing Surveys (CSUR), 47(2), p.23.
Martin, K.D. and Murphy, P.E., 2017. The role of data privacy in marketing. Journal of the
Academy of Marketing Science, 45(2), pp.135-155.

12INFORMATION SECURITY MANAGEMENT
McCormac, A., Zwaans, T., Parsons, K., Calic, D., Butavicius, M. and Pattinson, M., 2017.
Individual differences and information security awareness. Computers in Human
Behavior, 69, pp.151-156.
Peltier, T.R., 2016. Information Security Policies, Procedures, and Standards: guidelines for
effective information security management. Auerbach Publications.
Safa, N.S., Sookhak, M., Von Solms, R., Furnell, S., Ghani, N.A. and Herawan, T., 2015.
Information security conscious care behaviour formation in organizations. Computers &
Security, 53, pp.65-78.
Safa, N.S., Von Solms, R. and Furnell, S., 2016. Information security policy compliance
model in organizations. Computers & Security, 56, pp.70-82.
Stallings, W., 2017. Cryptography and network security: principles and practice (pp. 92-95).
Upper Saddle River: Pearson.
Stamp, M., 2017. Introduction to machine learning with applications in information security.
Chapman and Hall/CRC.
Zhang, D., 2018, October. Big data security and privacy protection. In 8th International
Conference on Management and Computer Science (ICMCS 2018). Atlantis Press.