COIT20263 Information Security Management: Cosmos Risk Analysis
VerifiedAdded on  2023/06/11
|17
|4535
|385
Report
AI Summary
This report analyzes the information security risks faced by Cosmos, an online newspaper, and proposes guidelines for managing these risks. The report identifies threats such as viruses, account hijacking, insider threats, malware injection, denial of service attacks, insecure APIs, phishing, spamming, spoofing, and data breaches. It then outlines mitigation strategies, including password implementation, secured browsers, access control, antivirus software, blocking pop-ups, and message encryption. The report emphasizes the importance of a robust information security management system (ISMS) to protect Cosmos's data and ensure business continuity. The document is a student contribution and is available, along with other resources, on Desklib.
Running head: INFORMATION SECURITY MANAGEMENT
Information Security Management
Name of the Student
Name of the University
Author’s Note:
Information Security Management
Name of the Student
Name of the University
Author’s Note:
Paraphrase This Document
Need a fresh take? Get an instant paraphrase of this document with our AI Paraphraser
1
INFORMATION SECURITY MANAGEMENT
Executive Summary
The main aim of this report is to understand the entire case study of Cosmos organization. It
is one of the most significant online newspapers that provide news to their clients or
customers by means of online delivery of news. The client, who has the wish to access their
news, would have to get them registered with this newspaper. They have decided to upgrade
their information systems for the betterment of their business. There are various security risks
or threats to this information system like phishing, denial of service attacks or DoS attacks,
virus, and injection of malware, hacking, spamming, Trojan horses and many more. All of
these risks could be easily mitigated with the help of various mitigation strategies. The major
and the most important mitigation strategies are firewall implementation, antivirus
implementation and many more. This report has properly outlined the guidelines for
managing the information security risks for Cosmos organization.
INFORMATION SECURITY MANAGEMENT
Executive Summary
The main aim of this report is to understand the entire case study of Cosmos organization. It
is one of the most significant online newspapers that provide news to their clients or
customers by means of online delivery of news. The client, who has the wish to access their
news, would have to get them registered with this newspaper. They have decided to upgrade
their information systems for the betterment of their business. There are various security risks
or threats to this information system like phishing, denial of service attacks or DoS attacks,
virus, and injection of malware, hacking, spamming, Trojan horses and many more. All of
these risks could be easily mitigated with the help of various mitigation strategies. The major
and the most important mitigation strategies are firewall implementation, antivirus
implementation and many more. This report has properly outlined the guidelines for
managing the information security risks for Cosmos organization.
2
INFORMATION SECURITY MANAGEMENT
Table of Contents
1. Introduction............................................................................................................................3
2. Discussion..............................................................................................................................4
2.1 Case Study........................................................................................................................4
2.2 Guidelines for Managing Information Security Risks.....................................................5
3. Conclusion............................................................................................................................10
4. Assumptions.........................................................................................................................11
5. References............................................................................................................................14
INFORMATION SECURITY MANAGEMENT
Table of Contents
1. Introduction............................................................................................................................3
2. Discussion..............................................................................................................................4
2.1 Case Study........................................................................................................................4
2.2 Guidelines for Managing Information Security Risks.....................................................5
3. Conclusion............................................................................................................................10
4. Assumptions.........................................................................................................................11
5. References............................................................................................................................14
⊘ This is a preview!⊘
Do you want full access?
Subscribe today to unlock all pages.
Trusted by 1+ million students worldwide
3
INFORMATION SECURITY MANAGEMENT
1. Introduction
Information security is the proper practice to prevent the unauthorized access,
utilization, disruption, destruction, inspection, disclosure, recording, modification, and
recording of data or information (Crossler et al. 2013). The information security could be
easily utilized regardless of the data form they are taking. The major focus of the information
security is to balance the protection and maintain the CIA or confidentiality, integrity and
availability of the data or information. This focus is maintained on the proper implementation
of policy and thus hampering the overall productivity of organization. The effectiveness of
the risk management plan is checked with the help of this information security (Peltier 2013).
The information security management is responsible for controlling the factors that the
organization requires in implementing the management to ensure that it is properly managing
all the risks. These types of risks could be eventually mitigated with information security
management. The security related issues should be managed with an ISMS or information
security management system. The business operation is eventually secured within this system
(Siponen, Mahmood and Pahnila 2014). All the organizations have adapted this holistic
approach for securing this management and thus obtaining competitive advantages. The
trustworthiness of the information security management of an organization is arranged by
these organizations.
The following report outlines a brief description on the information security
management for the case study of Cosmos newspaper. It is one of the most popular online
newspaper organizations that is located in Sydney, Australia. It comprises of a global
network of various freelance reporters, who are reporting news from all corners of the world.
All the customers, who have an interest in reading these online newspapers or watching the
live video feeds of news, would have to register themselves with this organization with
INFORMATION SECURITY MANAGEMENT
1. Introduction
Information security is the proper practice to prevent the unauthorized access,
utilization, disruption, destruction, inspection, disclosure, recording, modification, and
recording of data or information (Crossler et al. 2013). The information security could be
easily utilized regardless of the data form they are taking. The major focus of the information
security is to balance the protection and maintain the CIA or confidentiality, integrity and
availability of the data or information. This focus is maintained on the proper implementation
of policy and thus hampering the overall productivity of organization. The effectiveness of
the risk management plan is checked with the help of this information security (Peltier 2013).
The information security management is responsible for controlling the factors that the
organization requires in implementing the management to ensure that it is properly managing
all the risks. These types of risks could be eventually mitigated with information security
management. The security related issues should be managed with an ISMS or information
security management system. The business operation is eventually secured within this system
(Siponen, Mahmood and Pahnila 2014). All the organizations have adapted this holistic
approach for securing this management and thus obtaining competitive advantages. The
trustworthiness of the information security management of an organization is arranged by
these organizations.
The following report outlines a brief description on the information security
management for the case study of Cosmos newspaper. It is one of the most popular online
newspaper organizations that is located in Sydney, Australia. It comprises of a global
network of various freelance reporters, who are reporting news from all corners of the world.
All the customers, who have an interest in reading these online newspapers or watching the
live video feeds of news, would have to register themselves with this organization with
Paraphrase This Document
Need a fresh take? Get an instant paraphrase of this document with our AI Paraphraser
4
INFORMATION SECURITY MANAGEMENT
paying a smaller amount of fees. This report will be providing guidelines on the security risk
management.
2. Discussion
2.1 Case Study
Cosmos is considered as one of the most popular online newspaper publishing
company that is situated in Sydney, Australia (Xu et al. 2014). This particular organization
has the globalized network for freelance reporters, who are reporting news from all corners of
the world. The customers, who have interest to read this newspaper or watch live video feeds,
would have to register themselves to this newspaper after paying a small amount of fees. The
main income generator of this organization is from the various advertisements that comprise
of live as well as playback videos in some of the instances. This particular organization
accepts all types of advertisements from several companies or individuals, when it complies
with various guidelines, regulations and media codes within Australia (Yang, Shieh and
Tzeng 2013). It has been estimated that 100,000 people would be accessing this newspaper of
Cosmos daily in the starting and it would be increasing to 500,000 in the next 3 years.
The organization of Cosmos has eventually provided all the freelance reporters with
perfect devices of telecommunication for the live reporting from various areas where the
connectivity of Internet is extremely poor or even unavailable (Peltier 2016). All the
permanent staffs or employees of this organization comprises of a Finance Manager, a HR
Manager, a CEO, a technical manager or a publishing manager. Moreover, 20 other staffs are
present within this organization. This particular organization is needed to provide the most
secured or reliable service for the advertisers, customers, freelance reporters and permanent
staffs (Cherdantseva and Hilton 2013). The availability of their news is extremely high and
reliable at the same time and thus should be protected with the help of information security
INFORMATION SECURITY MANAGEMENT
paying a smaller amount of fees. This report will be providing guidelines on the security risk
management.
2. Discussion
2.1 Case Study
Cosmos is considered as one of the most popular online newspaper publishing
company that is situated in Sydney, Australia (Xu et al. 2014). This particular organization
has the globalized network for freelance reporters, who are reporting news from all corners of
the world. The customers, who have interest to read this newspaper or watch live video feeds,
would have to register themselves to this newspaper after paying a small amount of fees. The
main income generator of this organization is from the various advertisements that comprise
of live as well as playback videos in some of the instances. This particular organization
accepts all types of advertisements from several companies or individuals, when it complies
with various guidelines, regulations and media codes within Australia (Yang, Shieh and
Tzeng 2013). It has been estimated that 100,000 people would be accessing this newspaper of
Cosmos daily in the starting and it would be increasing to 500,000 in the next 3 years.
The organization of Cosmos has eventually provided all the freelance reporters with
perfect devices of telecommunication for the live reporting from various areas where the
connectivity of Internet is extremely poor or even unavailable (Peltier 2016). All the
permanent staffs or employees of this organization comprises of a Finance Manager, a HR
Manager, a CEO, a technical manager or a publishing manager. Moreover, 20 other staffs are
present within this organization. This particular organization is needed to provide the most
secured or reliable service for the advertisers, customers, freelance reporters and permanent
staffs (Cherdantseva and Hilton 2013). The availability of their news is extremely high and
reliable at the same time and thus should be protected with the help of information security
5
INFORMATION SECURITY MANAGEMENT
management. Recently, Cosmos organization has decided to upgrade their information
security policies for the betterment of their information system.
2.2 Guidelines for Managing Information Security Risks
Cosmos is an online news company that is responsible for producing accurate news
for their clients or customers (Andress 2014). The information systems of this organization
are eventually protected by various mitigation strategies; however, these mitigation strategies
are not as much upgraded as required. Rather they are obsolete. Due to the obsolete nature of
the mitigation strategies or information systems, they have decided to upgrade their systems
perfectly. This type of up gradation would be helpful for them in attaining various
organizational goals and objectives. In this particular process, they would even be able to
recognize the threats or risks related to their information security (Sommestad et al. 2014).
There are various important and significant risks or threats that are vulnerable to the
information systems of the organization of Cosmos.
The various risks to the information system of this particular organization of Cosmos
are as follows:
i) Virus: The first and the foremost risk or threat to the information system of the
Cosmos organization is virus attack (Parsons et al. 2014). This is a malicious software
program, which when executed eventually replicates itself by simple modification of various
other computer programs as well as insertion of their own code.
ii) Hijacking of Accounts: The second important security risk to the information
system of this particular organization is the account hijacking (Baskerville, Spagnoletti and
Kim 2014). Since the customers of this online newspaper company will be accessing their
INFORMATION SECURITY MANAGEMENT
management. Recently, Cosmos organization has decided to upgrade their information
security policies for the betterment of their information system.
2.2 Guidelines for Managing Information Security Risks
Cosmos is an online news company that is responsible for producing accurate news
for their clients or customers (Andress 2014). The information systems of this organization
are eventually protected by various mitigation strategies; however, these mitigation strategies
are not as much upgraded as required. Rather they are obsolete. Due to the obsolete nature of
the mitigation strategies or information systems, they have decided to upgrade their systems
perfectly. This type of up gradation would be helpful for them in attaining various
organizational goals and objectives. In this particular process, they would even be able to
recognize the threats or risks related to their information security (Sommestad et al. 2014).
There are various important and significant risks or threats that are vulnerable to the
information systems of the organization of Cosmos.
The various risks to the information system of this particular organization of Cosmos
are as follows:
i) Virus: The first and the foremost risk or threat to the information system of the
Cosmos organization is virus attack (Parsons et al. 2014). This is a malicious software
program, which when executed eventually replicates itself by simple modification of various
other computer programs as well as insertion of their own code.
ii) Hijacking of Accounts: The second important security risk to the information
system of this particular organization is the account hijacking (Baskerville, Spagnoletti and
Kim 2014). Since the customers of this online newspaper company will be accessing their
⊘ This is a preview!⊘
Do you want full access?
Subscribe today to unlock all pages.
Trusted by 1+ million students worldwide
6
INFORMATION SECURITY MANAGEMENT
news after payment of a small amount of money, their accounts could be easily hijacked by
simple means of hacking by the attackers or hackers.
iii) Insider Threats: The third most significant security risk or threat is the insider
threat (Disterer 2013). It is extremely dangerous for the company as this type of attack is
done by the inside persons or the hacker is present within the system. These insider threats
can even turn out to be the most vulnerable.
iv) Malware Injection: Another significant security risk for this organization is
injection of malware. This is done by a hacker with the sole purpose of including malware
attacks within the organization.
v) Denial of Service Attacks: This is again one of the most significant security threats
or risk is the denial of service attack (Dehling et al. 2015). In this type of attack, the
perpetrator subsequently seeks into the machine for making that machine or network resource
completely unavailable for the user.
vi) Insecure APIs: The insecure application programming interface is yet another
important security threat of this organization.
vii) Phishing: In this type of attack, the attacker or hacker obtains the sensitive
information like username, passwords or any other credit card credentials (Safa et al. 2015).
This type of attack is extremely common for the online companies or organizations and thus
Cosmos should check their information system properly.
viii) Spamming: Another significant attack is spamming. This is done by sending the
messages indiscriminately.
ix) Spoofing: Email spoofing is again one of the most common security risk or threat
for the organization of Cosmos (Tamjidyamcholo et al. 2013).
INFORMATION SECURITY MANAGEMENT
news after payment of a small amount of money, their accounts could be easily hijacked by
simple means of hacking by the attackers or hackers.
iii) Insider Threats: The third most significant security risk or threat is the insider
threat (Disterer 2013). It is extremely dangerous for the company as this type of attack is
done by the inside persons or the hacker is present within the system. These insider threats
can even turn out to be the most vulnerable.
iv) Malware Injection: Another significant security risk for this organization is
injection of malware. This is done by a hacker with the sole purpose of including malware
attacks within the organization.
v) Denial of Service Attacks: This is again one of the most significant security threats
or risk is the denial of service attack (Dehling et al. 2015). In this type of attack, the
perpetrator subsequently seeks into the machine for making that machine or network resource
completely unavailable for the user.
vi) Insecure APIs: The insecure application programming interface is yet another
important security threat of this organization.
vii) Phishing: In this type of attack, the attacker or hacker obtains the sensitive
information like username, passwords or any other credit card credentials (Safa et al. 2015).
This type of attack is extremely common for the online companies or organizations and thus
Cosmos should check their information system properly.
viii) Spamming: Another significant attack is spamming. This is done by sending the
messages indiscriminately.
ix) Spoofing: Email spoofing is again one of the most common security risk or threat
for the organization of Cosmos (Tamjidyamcholo et al. 2013).
Paraphrase This Document
Need a fresh take? Get an instant paraphrase of this document with our AI Paraphraser
7
INFORMATION SECURITY MANAGEMENT
x) Breaching of data: The data should not be breached at any cost since, they are
supposed to provide news to their clients. If the news is breached at any cost, it would be
losing its authenticity and integrity and thus their business would be affected.
For all the above mentioned security risks and attacks, there are certain mitigation
strategies that would be helpful for them and thus should be properly implemented by the
organization of Cosmos for mitigating these risks perfectly (Soomro, Shah and Ahmed 2016).
The various mitigation strategies are given below:
i) Implementation of Passwords: The first and the foremost mitigation strategy is the
implementation of various passwords to the information systems. This password is a word or
string of various characters that are utilized for the user authentication to properly prove the
access approval or identity for gaining perfect access to the resources (Webb et al. 2014).
This password helps to keep secret from all the unauthorized users and not allowing to access
the data or information. The utilization of passwords is known to be perfect. the usernames as
well as the passwords could be commonly utilized by the people while logging into the
system and thus controlling the access in the protected computer operating systems, various
information systems, databases and many more. Cosmos organization should keep passwords
within their systems (Cardenas, Manadhata and Rajan 2013). A unique username and
password should be given to the employees, staffs as well as the customers of the
organization of Cosmos. This implementation of passwords would extremely important for
the organization.
ii) Secured Browsers: Another important mitigation strategy of security risk or threat
is the incorporation of the secured browsers. The browsers of the organization of Cosmos
should be eventually made safe and secured and thus this would help in mitigating the risk
related to browsers (Dotcenko, Vladyko and Letenko 2014). Since they are an online
INFORMATION SECURITY MANAGEMENT
x) Breaching of data: The data should not be breached at any cost since, they are
supposed to provide news to their clients. If the news is breached at any cost, it would be
losing its authenticity and integrity and thus their business would be affected.
For all the above mentioned security risks and attacks, there are certain mitigation
strategies that would be helpful for them and thus should be properly implemented by the
organization of Cosmos for mitigating these risks perfectly (Soomro, Shah and Ahmed 2016).
The various mitigation strategies are given below:
i) Implementation of Passwords: The first and the foremost mitigation strategy is the
implementation of various passwords to the information systems. This password is a word or
string of various characters that are utilized for the user authentication to properly prove the
access approval or identity for gaining perfect access to the resources (Webb et al. 2014).
This password helps to keep secret from all the unauthorized users and not allowing to access
the data or information. The utilization of passwords is known to be perfect. the usernames as
well as the passwords could be commonly utilized by the people while logging into the
system and thus controlling the access in the protected computer operating systems, various
information systems, databases and many more. Cosmos organization should keep passwords
within their systems (Cardenas, Manadhata and Rajan 2013). A unique username and
password should be given to the employees, staffs as well as the customers of the
organization of Cosmos. This implementation of passwords would extremely important for
the organization.
ii) Secured Browsers: Another important mitigation strategy of security risk or threat
is the incorporation of the secured browsers. The browsers of the organization of Cosmos
should be eventually made safe and secured and thus this would help in mitigating the risk
related to browsers (Dotcenko, Vladyko and Letenko 2014). Since they are an online
8
INFORMATION SECURITY MANAGEMENT
newspaper, they should check for the security of their browsers. Moreover, they should
update their browsers periodically and this would help them in mitigating the risks related to
the software eventually.
iii) Controlling Access: Another important guideline to manage the security risks or
threats within the organization of Cosmos is to control the overall access of the organization
(Kolkowska and Dhillon 2013). The unauthorized users would be restricted in this process
and thus this would be helpful for the organization. Hence, the access to the browsers should
be controlled properly for mitigating the security risks or threats.
iv) Implementation of Antivirus: Antivirus is considered as one of the basic and the
simplest method to restrict any type of hacking or unauthorized access of data. Antivirus is
the particular software program, which is used to prevent, detect as well as to remove any
type of malware or virus (Layton 2016). Any type of computer virus could be easily detected
in the process and the organizational information system would be protected and secured.
Trojan horses could be easily mitigated in the process and hence Cosmos will be benefitted
from the antivirus program.
v) Blocking the Pop up: The next important guideline for the proper mitigation of
risks or threats in the information system of Cosmos is successfully blocking the pop up
windows (Posey et al. 2014). When these pop ups would be blocked properly, the
confidential information would be protected and secured and thus hacking or intruding can be
restricted. Phishing could be easily mitigated by this particular guideline.
vi) Encrypting the Message: Encryption is considered as one of the most effective
security control. It helps to secure the data or information within any system. It is the
significant procedure of encoding the confidential text or message to a cipher text in the
method, which would only allow the receiver in accessing the text or message (Wall, Palvia
INFORMATION SECURITY MANAGEMENT
newspaper, they should check for the security of their browsers. Moreover, they should
update their browsers periodically and this would help them in mitigating the risks related to
the software eventually.
iii) Controlling Access: Another important guideline to manage the security risks or
threats within the organization of Cosmos is to control the overall access of the organization
(Kolkowska and Dhillon 2013). The unauthorized users would be restricted in this process
and thus this would be helpful for the organization. Hence, the access to the browsers should
be controlled properly for mitigating the security risks or threats.
iv) Implementation of Antivirus: Antivirus is considered as one of the basic and the
simplest method to restrict any type of hacking or unauthorized access of data. Antivirus is
the particular software program, which is used to prevent, detect as well as to remove any
type of malware or virus (Layton 2016). Any type of computer virus could be easily detected
in the process and the organizational information system would be protected and secured.
Trojan horses could be easily mitigated in the process and hence Cosmos will be benefitted
from the antivirus program.
v) Blocking the Pop up: The next important guideline for the proper mitigation of
risks or threats in the information system of Cosmos is successfully blocking the pop up
windows (Posey et al. 2014). When these pop ups would be blocked properly, the
confidential information would be protected and secured and thus hacking or intruding can be
restricted. Phishing could be easily mitigated by this particular guideline.
vi) Encrypting the Message: Encryption is considered as one of the most effective
security control. It helps to secure the data or information within any system. It is the
significant procedure of encoding the confidential text or message to a cipher text in the
method, which would only allow the receiver in accessing the text or message (Wall, Palvia
⊘ This is a preview!⊘
Do you want full access?
Subscribe today to unlock all pages.
Trusted by 1+ million students worldwide
9
INFORMATION SECURITY MANAGEMENT
and Lowry 2013). This is considered as the most popular and efficient for the organization of
Cosmos. This particular organization should implement this security measure in their
business. It is nearly impossible to crack the cipher text and can only be done with the help of
decryption. Only the authorized recipient has the ability in easily decrypting the specific
message with a key that is being provided by the sender and recipients. This eventually
restricts the entry to the authorized and authenticated data within the information system
(Crossler et al. 2013). There are specifically two types of algorithms. They are the symmetric
key algorithm and asymmetric key algorithm. The symmetric key algorithm helps to restrict
the data and the data can be retrieved with only one key, i.e. only one key is required for
encryption and the same key is used for decryption. The asymmetric key algorithm restricts
the data with the help of two keys. One of the key is used for encryption and the other key is
used for decryption. Cosmos organization should implement asymmetric key algorithm
within their business (Peltier 2013). Since both the keys are different here, the security is
more than the symmetric key algorithm.
vii) Implementing Firewalls: The next significant guideline for the proper mitigation
of risks or threats in the information system of Cosmos is the successful implementation of
firewalls. Firewall can be defined as the network security system that subsequently monitors
the incoming and outgoing traffic of network, which is based on the previously determined
security rules (Von Solms and Van Niekerk 2013). The firewall is the specific barrier
between the trusted internal and the un-trusted external networks like Internet connection.
Cosmos organization should implement a proper firewall within their information system and
thus their security would be monitored.
viii) Digital Authentication: The next important guideline for proper mitigation of
risks or threats in the information system of Cosmos is the implementation of digital
authentication. It is one of the most important procedure through which the authentication is
INFORMATION SECURITY MANAGEMENT
and Lowry 2013). This is considered as the most popular and efficient for the organization of
Cosmos. This particular organization should implement this security measure in their
business. It is nearly impossible to crack the cipher text and can only be done with the help of
decryption. Only the authorized recipient has the ability in easily decrypting the specific
message with a key that is being provided by the sender and recipients. This eventually
restricts the entry to the authorized and authenticated data within the information system
(Crossler et al. 2013). There are specifically two types of algorithms. They are the symmetric
key algorithm and asymmetric key algorithm. The symmetric key algorithm helps to restrict
the data and the data can be retrieved with only one key, i.e. only one key is required for
encryption and the same key is used for decryption. The asymmetric key algorithm restricts
the data with the help of two keys. One of the key is used for encryption and the other key is
used for decryption. Cosmos organization should implement asymmetric key algorithm
within their business (Peltier 2013). Since both the keys are different here, the security is
more than the symmetric key algorithm.
vii) Implementing Firewalls: The next significant guideline for the proper mitigation
of risks or threats in the information system of Cosmos is the successful implementation of
firewalls. Firewall can be defined as the network security system that subsequently monitors
the incoming and outgoing traffic of network, which is based on the previously determined
security rules (Von Solms and Van Niekerk 2013). The firewall is the specific barrier
between the trusted internal and the un-trusted external networks like Internet connection.
Cosmos organization should implement a proper firewall within their information system and
thus their security would be monitored.
viii) Digital Authentication: The next important guideline for proper mitigation of
risks or threats in the information system of Cosmos is the implementation of digital
authentication. It is one of the most important procedure through which the authentication is
Paraphrase This Document
Need a fresh take? Get an instant paraphrase of this document with our AI Paraphraser
10
INFORMATION SECURITY MANAGEMENT
done by means of an electronic signature (Siponen, Mahmood and Pahnila 2014). Hence, the
authenticity is maintained perfectly. The frauds or the identity thefts could be easily identified
and mitigated by this procedure. The organization of Cosmos could easily secure the
information system with this proper implementation.
ix) Regulatory Compliance: Another important guideline to control the security of the
information system for the organization of Cosmos is implementing regulatory compliance
(Yang, Shieh and Tzeng 2013). This is the perfect policy or specification, which is utilized to
achieve all the efforts for ensuring that each and every employee or customer of the
organization is maintain all the rules or regulations.
x) Involvement of Virtual Private Networks: The final guideline for this particular
organization of Cosmos is to the proper involvement of VPN or virtual private network
(Peltier 2016). It is the private network within any public network, which is helpful in
sending as well as receiving the data or information. The prevention of man in the middle
attacks is done easily with this.
3. Conclusion
Therefore, from the above discussion conclusion can be drawn that information
security management or ISM can be defined as the set of policies as well as procedures to
systematic management of the organizational sensitive data or information. The most
significant objective of this information security management is the minimization of risks or
breaches and thus ensuring business continuity by simply proactive limitation of the impact
of any security breach. The information security management eventually addresses the
behaviour of an employee and the data, technology or processes. This type of management is
targeted for any particular type of information like data of the customers or this could be
implemented within a comprehensive method that has become the organizational culture.
INFORMATION SECURITY MANAGEMENT
done by means of an electronic signature (Siponen, Mahmood and Pahnila 2014). Hence, the
authenticity is maintained perfectly. The frauds or the identity thefts could be easily identified
and mitigated by this procedure. The organization of Cosmos could easily secure the
information system with this proper implementation.
ix) Regulatory Compliance: Another important guideline to control the security of the
information system for the organization of Cosmos is implementing regulatory compliance
(Yang, Shieh and Tzeng 2013). This is the perfect policy or specification, which is utilized to
achieve all the efforts for ensuring that each and every employee or customer of the
organization is maintain all the rules or regulations.
x) Involvement of Virtual Private Networks: The final guideline for this particular
organization of Cosmos is to the proper involvement of VPN or virtual private network
(Peltier 2016). It is the private network within any public network, which is helpful in
sending as well as receiving the data or information. The prevention of man in the middle
attacks is done easily with this.
3. Conclusion
Therefore, from the above discussion conclusion can be drawn that information
security management or ISM can be defined as the set of policies as well as procedures to
systematic management of the organizational sensitive data or information. The most
significant objective of this information security management is the minimization of risks or
breaches and thus ensuring business continuity by simply proactive limitation of the impact
of any security breach. The information security management eventually addresses the
behaviour of an employee and the data, technology or processes. This type of management is
targeted for any particular type of information like data of the customers or this could be
implemented within a comprehensive method that has become the organizational culture.
11
INFORMATION SECURITY MANAGEMENT
There are various types of risks or threats present within a company and all of them are
required to be mitigated on time. These risks or threats are extremely vulnerable for the
company and hence it is required that a specific information system to be incorporated. The
information system is bound to provide perfect protection to the organizational systems and
thus is easily implemented and acquired by each and every organization. The above report
has provided a brief discussion on the case study of Cosmos organization. It is one of the
most significant organizations of online newspaper that is responsible for providing proper
news to their clients. This particular organization has eventually taken the decision to upgrade
their information systems for the betterment of their business. Information system will be
providing security to their business properly. This report has clearly given a short and precise
idea about the information system of this particular online newspaper organization, known as
Cosmos. Various risks will be present within their information system. This report has given
the proper description of the guidelines for various risks or threats that this organization
would be facing. These guidelines would be helpful for them in managing or mitigating their
risks. Assumptions are also made about the organizational information system.
4. Assumptions
Cosmos organization has taken the decision to upgrade their information system for
betterment or security of their business. There are various assumptions in this particular case
study of Cosmos. They are given below:
i) The first and the foremost assumption in this case study of Cosmos organization is
that they are responsible for producing proper and perfect news for their customers or clients.
ii) The second assumption in this case study of Cosmos organization is that they are
an online newspaper company that is situated in Sydney, Australia.
INFORMATION SECURITY MANAGEMENT
There are various types of risks or threats present within a company and all of them are
required to be mitigated on time. These risks or threats are extremely vulnerable for the
company and hence it is required that a specific information system to be incorporated. The
information system is bound to provide perfect protection to the organizational systems and
thus is easily implemented and acquired by each and every organization. The above report
has provided a brief discussion on the case study of Cosmos organization. It is one of the
most significant organizations of online newspaper that is responsible for providing proper
news to their clients. This particular organization has eventually taken the decision to upgrade
their information systems for the betterment of their business. Information system will be
providing security to their business properly. This report has clearly given a short and precise
idea about the information system of this particular online newspaper organization, known as
Cosmos. Various risks will be present within their information system. This report has given
the proper description of the guidelines for various risks or threats that this organization
would be facing. These guidelines would be helpful for them in managing or mitigating their
risks. Assumptions are also made about the organizational information system.
4. Assumptions
Cosmos organization has taken the decision to upgrade their information system for
betterment or security of their business. There are various assumptions in this particular case
study of Cosmos. They are given below:
i) The first and the foremost assumption in this case study of Cosmos organization is
that they are responsible for producing proper and perfect news for their customers or clients.
ii) The second assumption in this case study of Cosmos organization is that they are
an online newspaper company that is situated in Sydney, Australia.
⊘ This is a preview!⊘
Do you want full access?
Subscribe today to unlock all pages.
Trusted by 1+ million students worldwide
1 out of 17
Related Documents
Your All-in-One AI-Powered Toolkit for Academic Success.
 +13062052269
info@desklib.com
Available 24*7 on WhatsApp / Email
![[object Object]](/_next/static/media/star-bottom.7253800d.svg)
Unlock your academic potential
Copyright © 2020–2025 A2Z Services. All Rights Reserved. Developed and managed by ZUCOL.