COIT20263 - Developing a Confidential Information Policy for Cosmos
VerifiedAdded on 2023/06/12
|11
|2588
|436
Report
AI Summary
This document presents a comprehensive confidential information policy developed for Cosmos, an online newspaper publishing company. The policy outlines the statement of purpose, authorized and prohibited uses of information, systems management protocols, violations of the policy, policy review and modification procedures, and limitations of liability. It also includes assumptions and justifications for the policy's contents, emphasizing the fair and responsible use of data and resources within the organization. The policy aims to protect the confidential information stored in the company's information system and ensure compliance with relevant regulations. Desklib provides access to this and other solved assignments for students.
Running head: INFORMATION SECURITY MANAGEMENT
Information Security Management
Name of the Student
Name of the University
Author Note
Information Security Management
Name of the Student
Name of the University
Author Note
Paraphrase This Document
Need a fresh take? Get an instant paraphrase of this document with our AI Paraphraser
1
INFORMATION SECURITY MANAGEMENT
Table of Contents
1. Statement of Purpose.......................................................................................................2
2. Authorised Uses...............................................................................................................3
3. Prohibited Uses................................................................................................................4
4. Systems Management......................................................................................................4
5. Violations of Policy.........................................................................................................5
6. Policy Review and Modification.....................................................................................6
7. Limitations of Liability....................................................................................................6
Assumptions........................................................................................................................7
Justification..........................................................................................................................7
References............................................................................................................................9
INFORMATION SECURITY MANAGEMENT
Table of Contents
1. Statement of Purpose.......................................................................................................2
2. Authorised Uses...............................................................................................................3
3. Prohibited Uses................................................................................................................4
4. Systems Management......................................................................................................4
5. Violations of Policy.........................................................................................................5
6. Policy Review and Modification.....................................................................................6
7. Limitations of Liability....................................................................................................6
Assumptions........................................................................................................................7
Justification..........................................................................................................................7
References............................................................................................................................9
2
INFORMATION SECURITY MANAGEMENT
Confidential Information Policy
1. Statement of Purpose
The organization Cosmos is an online newspaper publishing company that is located in
Sydney Australia. It is in charge of a global network of freelance reporters who reports different
trending and important contents from across the world. This online platform can be accessed by
the customers who are interested in reading the newspaper and current news online and from the
every corner of the world. This revenue of the services provided mainly comes from the online
advertisements containing live playback of the videos. Any business organization can engage
with Cosmos for advertising their content as long as the advertisements comply with the media
code and guidelines and regulations in Australia. This online newspaper platform is estimated to
be accessed by 100000 people and it can increase with 500000 within next three years.
Therefore, it is expected that the engagement of staffs and employees with Cosmos will
increase as well. The freelance reporters associated with Cosmos are provided with suitable
telecommunication devices for live reporting even from the areas where the internet connectivity
is unavailable or inaccessible. Therefore, the company has decided to update its information
security policy associated with the information system of the company in order to prohibit any
unauthorized usage of the resources of the company.
The policy aims at addressing the fair and responsible use of the data and information
that are produced by the employees and freelance reporters of Cosmos (Blythe, Coventry and
Little 2015). This information stored in the information system of the organization is only
intended to be accessed by the registered individuals irrespective of their location. The issue
specific security policy therefore limits the usage of the information stored only to the authorized
INFORMATION SECURITY MANAGEMENT
Confidential Information Policy
1. Statement of Purpose
The organization Cosmos is an online newspaper publishing company that is located in
Sydney Australia. It is in charge of a global network of freelance reporters who reports different
trending and important contents from across the world. This online platform can be accessed by
the customers who are interested in reading the newspaper and current news online and from the
every corner of the world. This revenue of the services provided mainly comes from the online
advertisements containing live playback of the videos. Any business organization can engage
with Cosmos for advertising their content as long as the advertisements comply with the media
code and guidelines and regulations in Australia. This online newspaper platform is estimated to
be accessed by 100000 people and it can increase with 500000 within next three years.
Therefore, it is expected that the engagement of staffs and employees with Cosmos will
increase as well. The freelance reporters associated with Cosmos are provided with suitable
telecommunication devices for live reporting even from the areas where the internet connectivity
is unavailable or inaccessible. Therefore, the company has decided to update its information
security policy associated with the information system of the company in order to prohibit any
unauthorized usage of the resources of the company.
The policy aims at addressing the fair and responsible use of the data and information
that are produced by the employees and freelance reporters of Cosmos (Blythe, Coventry and
Little 2015). This information stored in the information system of the organization is only
intended to be accessed by the registered individuals irrespective of their location. The issue
specific security policy therefore limits the usage of the information stored only to the authorized
⊘ This is a preview!⊘
Do you want full access?
Subscribe today to unlock all pages.
Trusted by 1+ million students worldwide
3
INFORMATION SECURITY MANAGEMENT
users of Cosmos. Since the policy is confidential, it can only be accessed and followed by the
registered members of Cosmos.
2. Authorised Uses
Authorized uses of the information indicates that only the registered members of Cosmos,
including the freelance reporters will be allowed to store and access the information stored in the
information system of the organization. The telecommunication devices will be provided to the
freelance reporters only after a prior approval from the higher officials of Cosmos. The
telecommunication devices can only be used for the company’s purpose and cannot be misused;
if found guilty, the freelance reporters are subjected to a pre determined punishment (Ifinedo
2014). The information system stores all the confidential information and contents of the Cosmos
and therefore a proper access control are enforced (Vance, Siponen and Pahnila 2012). The
registered members and the freelance reporters will be registered to the system and will be given
a valid user id and password. This user id and password can be used to access to the system.
Furthermore, only the devices provided by the Cosmos to their freelance reporters can be
used for recording and reporting any news. Use of any other systems by the freelancers who are
provided with the telecommunication devices by the company is strictly prohibited to use any
other devices. One the information that is recorded by the reporters are sent to the Cosmos office,
it will be treated as the property of the organization and therefore any unauthorized use or
telecast of the same is completely prohibited (Bridy 2012). The scheduling of the news that will
be telecasted online is subjected to the decision of Cosmos. However, the trusted freelance
reporters who are engaged with the company for more than 2 years are given the rights to direct
telecast any breaking news or live event. That is however subjected to prior approval as well.
INFORMATION SECURITY MANAGEMENT
users of Cosmos. Since the policy is confidential, it can only be accessed and followed by the
registered members of Cosmos.
2. Authorised Uses
Authorized uses of the information indicates that only the registered members of Cosmos,
including the freelance reporters will be allowed to store and access the information stored in the
information system of the organization. The telecommunication devices will be provided to the
freelance reporters only after a prior approval from the higher officials of Cosmos. The
telecommunication devices can only be used for the company’s purpose and cannot be misused;
if found guilty, the freelance reporters are subjected to a pre determined punishment (Ifinedo
2014). The information system stores all the confidential information and contents of the Cosmos
and therefore a proper access control are enforced (Vance, Siponen and Pahnila 2012). The
registered members and the freelance reporters will be registered to the system and will be given
a valid user id and password. This user id and password can be used to access to the system.
Furthermore, only the devices provided by the Cosmos to their freelance reporters can be
used for recording and reporting any news. Use of any other systems by the freelancers who are
provided with the telecommunication devices by the company is strictly prohibited to use any
other devices. One the information that is recorded by the reporters are sent to the Cosmos office,
it will be treated as the property of the organization and therefore any unauthorized use or
telecast of the same is completely prohibited (Bridy 2012). The scheduling of the news that will
be telecasted online is subjected to the decision of Cosmos. However, the trusted freelance
reporters who are engaged with the company for more than 2 years are given the rights to direct
telecast any breaking news or live event. That is however subjected to prior approval as well.
Paraphrase This Document
Need a fresh take? Get an instant paraphrase of this document with our AI Paraphraser
4
INFORMATION SECURITY MANAGEMENT
3. Prohibited Uses
The data stored in the information system is considered to be highly confidential and
therefore, any illegal and unauthorized usage of that data is completely prohibited. Furthermore,
the newly appointed freelance reporters are not gives an access to the information system and
they are needed to send the information collected to a higher official of the company under who
he/ she is working (Cheng et al. 2013). Any type of replication of the data or their telecast by the
reporters will be considered illegal and therefore legal actions will be taken against them.
Furthermore, the Cosmos aims at providing a secure and reliable services to its
permanent staffs and the customers and therefore, any unauthorized access to the information of
the company is completely prohibited and is subjected to legal action if any unauthorized person
attempts to access those information.
4. Systems Management
It is mainly the responsibility of the technical manger of Cosmos to ensure that all the
access point of the information system is well configured so that it can detect any unauthorized
use or any attempt to data theft. This process includes, however not limited to ensuring proper
authentication and encryption configuration of the system (Sommestad et al. 2014). However, it
is also the responsibility of the freelance reporters as well to ensure that the telecommunication
devices provided by Cosmos are properly configured to serve the purpose of the organization.
It is the responsibility of the technical manager to ensure that all the staffs and the
reporters associated with the organization are given proper rights to access the information
system that is the technical manager needs to ensure that all the staffs are registered with the
system (Belleflamme and Peitz 2014). An unregistered member even if works for the
INFORMATION SECURITY MANAGEMENT
3. Prohibited Uses
The data stored in the information system is considered to be highly confidential and
therefore, any illegal and unauthorized usage of that data is completely prohibited. Furthermore,
the newly appointed freelance reporters are not gives an access to the information system and
they are needed to send the information collected to a higher official of the company under who
he/ she is working (Cheng et al. 2013). Any type of replication of the data or their telecast by the
reporters will be considered illegal and therefore legal actions will be taken against them.
Furthermore, the Cosmos aims at providing a secure and reliable services to its
permanent staffs and the customers and therefore, any unauthorized access to the information of
the company is completely prohibited and is subjected to legal action if any unauthorized person
attempts to access those information.
4. Systems Management
It is mainly the responsibility of the technical manger of Cosmos to ensure that all the
access point of the information system is well configured so that it can detect any unauthorized
use or any attempt to data theft. This process includes, however not limited to ensuring proper
authentication and encryption configuration of the system (Sommestad et al. 2014). However, it
is also the responsibility of the freelance reporters as well to ensure that the telecommunication
devices provided by Cosmos are properly configured to serve the purpose of the organization.
It is the responsibility of the technical manager to ensure that all the staffs and the
reporters associated with the organization are given proper rights to access the information
system that is the technical manager needs to ensure that all the staffs are registered with the
system (Belleflamme and Peitz 2014). An unregistered member even if works for the
5
INFORMATION SECURITY MANAGEMENT
organization will be prohibited by the system in accessing the information stored in the
information system of the organization.
Any unauthorized usage of the confidential information of the organization will be
reported to the technical manager (Al-Omari, El-Gayar and Deokar 2012). The members of the
organization should furthermore ensure fair and responsible use of the resources of the
organization.
5. Violations of Policy
With properly configured system, it will be easier to detect any information loss of the
organization. Not only data theft, the violation of the policy will be applicable if the new
freelance reporters directly telecast any news without consulting Cosmos.
Therefore, in an event of the inappropriate use of the data and information of Cosmos, the
organization reserves the right to take necessary and appropriate actions (Safa, Von Solms and
Furnell 2016). These might include termination of the member from the company or take some
legal action against the member.
The guidelines of the issue specific security policy will be intimated to all the staffs and
employees of Cosmos and violation of which for the first time will result in a warning mail that
will be dropped in the official mail box of the member. Any further violation of the policy of the
company will be subjected to legal actions against the member.
All the cases of violation of the policy will be reported to the manager of the company
who will be responsible for verifying the occurrence of the infringement of information Policy of
Cosmos.
INFORMATION SECURITY MANAGEMENT
organization will be prohibited by the system in accessing the information stored in the
information system of the organization.
Any unauthorized usage of the confidential information of the organization will be
reported to the technical manager (Al-Omari, El-Gayar and Deokar 2012). The members of the
organization should furthermore ensure fair and responsible use of the resources of the
organization.
5. Violations of Policy
With properly configured system, it will be easier to detect any information loss of the
organization. Not only data theft, the violation of the policy will be applicable if the new
freelance reporters directly telecast any news without consulting Cosmos.
Therefore, in an event of the inappropriate use of the data and information of Cosmos, the
organization reserves the right to take necessary and appropriate actions (Safa, Von Solms and
Furnell 2016). These might include termination of the member from the company or take some
legal action against the member.
The guidelines of the issue specific security policy will be intimated to all the staffs and
employees of Cosmos and violation of which for the first time will result in a warning mail that
will be dropped in the official mail box of the member. Any further violation of the policy of the
company will be subjected to legal actions against the member.
All the cases of violation of the policy will be reported to the manager of the company
who will be responsible for verifying the occurrence of the infringement of information Policy of
Cosmos.
⊘ This is a preview!⊘
Do you want full access?
Subscribe today to unlock all pages.
Trusted by 1+ million students worldwide
6
INFORMATION SECURITY MANAGEMENT
6. Policy Review and Modification
The policy that is being proposed is subjected to a periodic review by the Cosmos in an
annual basis and any changes to the policy will be done wherever it is appropriate to change.
With the expansion of the company, it is expected that more issues need to be incorporated in the
issue specific security policy of the company and therefore it is decided that the policy of the
company will be updated on an annual basis (Pallante 2012). However, Cosmos holds the right
to bring on changes or modification to the policy whenever the company is in need. The
medication of the policy mainly includes addition of some additional clauses as the information
system is expected to be modified as well in course of time.
The review of the proposed policy includes identification and analysis of the
appropriateness of the policy and procedures mentioned in Issue Specific Security Policy (ISSP).
It is therefore the responsibility of Cosmos to ensure that the policy is regularly reviewed and
amended if necessary. In order to ensure that the review is done correctly, regular meeting will
be held with the higher officials of Cosmos in order to ensure that the review is properly
amended.
Apart from the annual update, the company reserves the right to bring changes to the
policy whenever it wishes to. The timeframe of annual update, review and medication of ISSP is
therefore subjected to change. The regular review of the policy is essential in order to ensure that
no issue is left out from the policy that needed attention.
7. Limitations of Liability
Cosmos assumes no liability for the unauthorized act that violates the state, legal and
federal legislations (Kolkowska and Dhillon 2013). However, if any such issues are identified,
INFORMATION SECURITY MANAGEMENT
6. Policy Review and Modification
The policy that is being proposed is subjected to a periodic review by the Cosmos in an
annual basis and any changes to the policy will be done wherever it is appropriate to change.
With the expansion of the company, it is expected that more issues need to be incorporated in the
issue specific security policy of the company and therefore it is decided that the policy of the
company will be updated on an annual basis (Pallante 2012). However, Cosmos holds the right
to bring on changes or modification to the policy whenever the company is in need. The
medication of the policy mainly includes addition of some additional clauses as the information
system is expected to be modified as well in course of time.
The review of the proposed policy includes identification and analysis of the
appropriateness of the policy and procedures mentioned in Issue Specific Security Policy (ISSP).
It is therefore the responsibility of Cosmos to ensure that the policy is regularly reviewed and
amended if necessary. In order to ensure that the review is done correctly, regular meeting will
be held with the higher officials of Cosmos in order to ensure that the review is properly
amended.
Apart from the annual update, the company reserves the right to bring changes to the
policy whenever it wishes to. The timeframe of annual update, review and medication of ISSP is
therefore subjected to change. The regular review of the policy is essential in order to ensure that
no issue is left out from the policy that needed attention.
7. Limitations of Liability
Cosmos assumes no liability for the unauthorized act that violates the state, legal and
federal legislations (Kolkowska and Dhillon 2013). However, if any such issues are identified,
Paraphrase This Document
Need a fresh take? Get an instant paraphrase of this document with our AI Paraphraser
7
INFORMATION SECURITY MANAGEMENT
Cosmos reserves the rights to terminate its relationship with the member. The member who
would be violating the law and the policy will not be provided with any legal protection from the
organization.
The security policy that is being proposed for Cosmos will be intimated to all the
members of the organization and they have to provide their acknowledgement for the same
(Aurigemma and Panko 2012). Even after having a good knowledge about the policy, if any
member violates the law, he/she will be severely punished. Therefore, the authorized or the
unauthorized users, who will violate the policy will be responsible for its consequence as
Cosmos hold no liability for the offense.
The policy that is being prepared defines and limits the use of organization’s resources
and these resources cannot be circulated or replicated or used for personal use.
Assumptions
In preparation of the issue specific security policy, the following assumptions are made
(Kajtazi and Bulgurcu 2013)-
1. It is assumed that proper security protection is ensured by the organization in
protection of the information resources of Cosmos. The information system is properly secured
by cryptographic means.
2. It is assumed that the existing members of the organization will abide by the policy
that is proposed (Hu et al., 2012).
3. It is assumed that the Cosmos abides by the local government compliances.
Justification
INFORMATION SECURITY MANAGEMENT
Cosmos reserves the rights to terminate its relationship with the member. The member who
would be violating the law and the policy will not be provided with any legal protection from the
organization.
The security policy that is being proposed for Cosmos will be intimated to all the
members of the organization and they have to provide their acknowledgement for the same
(Aurigemma and Panko 2012). Even after having a good knowledge about the policy, if any
member violates the law, he/she will be severely punished. Therefore, the authorized or the
unauthorized users, who will violate the policy will be responsible for its consequence as
Cosmos hold no liability for the offense.
The policy that is being prepared defines and limits the use of organization’s resources
and these resources cannot be circulated or replicated or used for personal use.
Assumptions
In preparation of the issue specific security policy, the following assumptions are made
(Kajtazi and Bulgurcu 2013)-
1. It is assumed that proper security protection is ensured by the organization in
protection of the information resources of Cosmos. The information system is properly secured
by cryptographic means.
2. It is assumed that the existing members of the organization will abide by the policy
that is proposed (Hu et al., 2012).
3. It is assumed that the Cosmos abides by the local government compliances.
Justification
8
INFORMATION SECURITY MANAGEMENT
The issue specific security policy will define the fair and responsible use of the data,
resources and information of the organization. Cosmos aims at providing a reliable service to its
staffs and customers and hence this policy has been proposed. Since Cosmos mentions and limits
the use of the information stored in the information system of the organization, the policy is very
much justified. The contents of the policies are justified as well since ensures the fair and
responsible use of the information assets of the organization. Furthermore all the existing and the
future members of the organization will be informed about the policy and procedures of the ISSP
and therefore enforcement of the policy is justified.
With the involvement of more customers with the service it is necessary to enforce a
policy for proper protection of the information resources of the organization.
INFORMATION SECURITY MANAGEMENT
The issue specific security policy will define the fair and responsible use of the data,
resources and information of the organization. Cosmos aims at providing a reliable service to its
staffs and customers and hence this policy has been proposed. Since Cosmos mentions and limits
the use of the information stored in the information system of the organization, the policy is very
much justified. The contents of the policies are justified as well since ensures the fair and
responsible use of the information assets of the organization. Furthermore all the existing and the
future members of the organization will be informed about the policy and procedures of the ISSP
and therefore enforcement of the policy is justified.
With the involvement of more customers with the service it is necessary to enforce a
policy for proper protection of the information resources of the organization.
⊘ This is a preview!⊘
Do you want full access?
Subscribe today to unlock all pages.
Trusted by 1+ million students worldwide
9
INFORMATION SECURITY MANAGEMENT
References
Al-Omari, A., El-Gayar, O. and Deokar, A., 2012, January. Security policy compliance: User
acceptance perspective. In System Science (HICSS), 2012 45th Hawaii International Conference
on (pp. 3317-3326). IEEE.
Aurigemma, S. and Panko, R., 2012, January. A composite framework for behavioral
compliance with information security policies. In System Science (HICSS), 2012 45th Hawaii
International Conference on (pp. 3248-3257). IEEE.
Belleflamme, P. and Peitz, M., 2014. Digital piracy (pp. 1-8). Springer New York.
Blythe, J.M., Coventry, L.M. and Little, L., 2015, July. Unpacking Security Policy Compliance:
The Motivators and Barriers of Employees' Security Behaviors. In SOUPS (pp. 103-122).
Bridy, A., 2012. Copyright policymaking as procedural democratic process: A discourse-
theoretic perspective on acta, sopa, and pipa. Cardozo Arts & Ent. LJ, 30, p.153.
Cheng, L., Li, Y., Li, W., Holm, E. and Zhai, Q., 2013. Understanding the violation of IS
security policy in organizations: An integrated model based on social control and deterrence
theory. Computers & Security, 39, pp.447-459.
Hu, Q., Dinev, T., Hart, P. and Cooke, D., 2012. Managing employee compliance with
information security policies: The critical role of top management and organizational
culture. Decision Sciences, 43(4), pp.615-660.
Ifinedo, P., 2014. Information systems security policy compliance: An empirical study of the
effects of socialisation, influence, and cognition. Information & Management, 51(1), pp.69-79.
INFORMATION SECURITY MANAGEMENT
References
Al-Omari, A., El-Gayar, O. and Deokar, A., 2012, January. Security policy compliance: User
acceptance perspective. In System Science (HICSS), 2012 45th Hawaii International Conference
on (pp. 3317-3326). IEEE.
Aurigemma, S. and Panko, R., 2012, January. A composite framework for behavioral
compliance with information security policies. In System Science (HICSS), 2012 45th Hawaii
International Conference on (pp. 3248-3257). IEEE.
Belleflamme, P. and Peitz, M., 2014. Digital piracy (pp. 1-8). Springer New York.
Blythe, J.M., Coventry, L.M. and Little, L., 2015, July. Unpacking Security Policy Compliance:
The Motivators and Barriers of Employees' Security Behaviors. In SOUPS (pp. 103-122).
Bridy, A., 2012. Copyright policymaking as procedural democratic process: A discourse-
theoretic perspective on acta, sopa, and pipa. Cardozo Arts & Ent. LJ, 30, p.153.
Cheng, L., Li, Y., Li, W., Holm, E. and Zhai, Q., 2013. Understanding the violation of IS
security policy in organizations: An integrated model based on social control and deterrence
theory. Computers & Security, 39, pp.447-459.
Hu, Q., Dinev, T., Hart, P. and Cooke, D., 2012. Managing employee compliance with
information security policies: The critical role of top management and organizational
culture. Decision Sciences, 43(4), pp.615-660.
Ifinedo, P., 2014. Information systems security policy compliance: An empirical study of the
effects of socialisation, influence, and cognition. Information & Management, 51(1), pp.69-79.
Paraphrase This Document
Need a fresh take? Get an instant paraphrase of this document with our AI Paraphraser
10
INFORMATION SECURITY MANAGEMENT
Kajtazi, M. and Bulgurcu, B., 2013. Information security policy compliance: An empirical study
on escalation of commitment.
Kolkowska, E. and Dhillon, G., 2013. Organizational power and information security rule
compliance. Computers & Security, 33, pp.3-11.
Pallante, M.A., 2012. The Next Great Copyright Act. Colum. JL & Arts, 36, p.315.
Safa, N.S., Von Solms, R. and Furnell, S., 2016. Information security policy compliance model
in organizations. computers & security, 56, pp.70-82.
Sommestad, T., Hallberg, J., Lundholm, K. and Bengtsson, J., 2014. Variables influencing
information security policy compliance: a systematic review of quantitative studies. Information
Management & Computer Security, 22(1), pp.42-75.
Vance, A., Siponen, M. and Pahnila, S., 2012. Motivating IS security compliance: insights from
habit and protection motivation theory. Information & Management, 49(3-4), pp.190-198.
INFORMATION SECURITY MANAGEMENT
Kajtazi, M. and Bulgurcu, B., 2013. Information security policy compliance: An empirical study
on escalation of commitment.
Kolkowska, E. and Dhillon, G., 2013. Organizational power and information security rule
compliance. Computers & Security, 33, pp.3-11.
Pallante, M.A., 2012. The Next Great Copyright Act. Colum. JL & Arts, 36, p.315.
Safa, N.S., Von Solms, R. and Furnell, S., 2016. Information security policy compliance model
in organizations. computers & security, 56, pp.70-82.
Sommestad, T., Hallberg, J., Lundholm, K. and Bengtsson, J., 2014. Variables influencing
information security policy compliance: a systematic review of quantitative studies. Information
Management & Computer Security, 22(1), pp.42-75.
Vance, A., Siponen, M. and Pahnila, S., 2012. Motivating IS security compliance: insights from
habit and protection motivation theory. Information & Management, 49(3-4), pp.190-198.
1 out of 11
Related Documents
Your All-in-One AI-Powered Toolkit for Academic Success.
+13062052269
info@desklib.com
Available 24*7 on WhatsApp / Email
![[object Object]](/_next/static/media/star-bottom.7253800d.svg)
Unlock your academic potential
Copyright © 2020–2025 A2Z Services. All Rights Reserved. Developed and managed by ZUCOL.