Data Integrity Policy Report for Regional Gardens Company Security

Verified

Added on 2022/09/05

AI Summary

This report presents a comprehensive data integrity policy designed for Regional Gardens, a company operating a nursery and providing gardening advice. The policy addresses the company's vulnerability to security risks due to its aging computer systems, lack of a clear patching policy, and open internet access. The report defines the policy's purpose and rationale, emphasizing the need to maintain server and network authenticity, protect against hacking, and reduce internet consumption costs. It outlines the policy's scope, covering data center management, information security, and the application to both individuals and business assets. The report details roles and responsibilities, including the Board of Governors, Vice Chancellor's Board, SIRO, and Information Governance Committee. It specifies mandatory requirements such as upgrading computer systems, data backups, and complex password generation. The report also acknowledges exemptions, such as legal laws and the need for a clearer patching policy, and provides a glossary of key terms like availability, confidentiality, integrity, and quality. The policy aims to enhance security, productivity, and customer trust, ensuring the protection of sensitive data and the company's overall information security management.

Running Head: DATA POLICY
Data Integrity Policy
Name of the Student
Name of the University
Author Note

Paraphrase This Document

Need a fresh take? Get an instant paraphrase of this document with our AI Paraphraser

1DATA POLICY
Table of Contents
Brief Overview................................................................................................................................2
Policy Purpose and Rationale..........................................................................................................2
Policy Scope....................................................................................................................................3
Roles and Responsibilities...............................................................................................................4
Mandatory Requirements.................................................................................................................5
Exemptions......................................................................................................................................5
Glossary...........................................................................................................................................5
Reference.........................................................................................................................................7

2DATA POLICY
Brief Overview
The Regional Gardens Company is an enterprise in gardening, they own a nursery and
provides supplies to the people nearby. A consultancy company named as Regional Garden
Planner on gardening advice is associated with this company. They manage a small data centre
that handles all the data generated in both the places. The main server of the company is situated
in the data centre only along with the overall storage system. The company’s web page is quite
active too but not operated well in terms of security. The overall staffing of both the company is
about 65.
The computer systems used the Regional Garden Planner are mostly old, the operating
system of those systems are Windows 7, the number of MacBooks present is 3 with OS X.
Hence, the chance of getting affected by viruses will be easier. The company must undertake a
set of policy to be aware of the security risks and data loss threats so that proper risk mitigation
techniques can be done accordingly [1]. The open-access of the internet that is available to all the
employees are accessible from any device and any network. This increases the company’s
vulnerability toward risks.
Policy Purpose and Rationale
The intent of the data policy is to provide a strong structured set of rules for maintaining
the computer system, its access permissions, proper software updates, limiting the access of
internet through the systems, updated operating systems, patch installing on fixed intervals [2].
The address of the server of the company must be private. The proper data back-up, latest
technologies for data retention, cloud storage of the data, monitoring of the activities in the
company server, technologies for data security, network security and server security [3]. The
updated firewalls and anti-viruses for the computer systems, proper protection to the emails,
installing the server away from the networking system, individual password of the employees,
locking of the computers by individual id and password of each employee.
The purpose of the data policy is presented below:
 To maintain the authenticity of the server and the network of the company.
 The computer systems with an updated operating system will perform better in managing
the tasks that are carried out through the online servers.

3DATA POLICY
 The attacks of the hacker can also be avoided with an updated system, proper firewall and
anti-viruses on the computer systems.
 Restriction on some of the vulnerable websites will lower the chances of hacking to the
servers and company network. It will also lower the cost related to internet consumption
across the company.
 The several servers running for the core business processes are of older versions, the
policy will push the company to have regulatory updates.
 The information about the company cannot be available to public access.
This data integrity policy must be undertaken by the Regional Gardens Company so that they
have a closed framework of policy to be followed by the employees of the Company [4]. This
will make their online activities more secure and the risk of data loss will be less.
Policy Scope
The defined policies will help the concerned business to develop its performance by
enhancing the security of their sensitive data. The policy will limit access for every internet users
which will disallow numerous users to trigger any kind of attack. The policy also enhances the
productivity of the staffs. Regional Gardens Ltd. can also gather more trust from their respective
customers as well as the business can involve more customers in their business. The updated
policy will also allow the business to provide better quality services to their customers [5]. The
data centre. The management infrastructure is also enhanced by the introduction of the
mentioned policies. Thus, the primary aim of this policy is to allow Regional Gardens Ltd. to
maintain information security management in their workplace. Data is a major element for the
business as the business perform their daily operation with these sensitive data. The policy can
be applied to both the individuals and assets of the business. The criteria mentioned in this policy
can be applied to every kind of data which the business process. The policy is managed,
developed and owned by the associate director of the concerned business [6]. The scope of
Information Security Policy deals with the security and management of business assets.
The policy is applicable for
 Anyone within Regional Gardens Ltd. who accesses the information assets of the
business.

Paraphrase This Document

Need a fresh take? Get an instant paraphrase of this document with our AI Paraphraser

4DATA POLICY
 Technologies which are used for accessing and processing these assets.
 Data which is transferred to or from the concerned business.
 Internal and external methods which are utilized to store, transfer and process the
sensitive data.
The policy is designed to:
 Promote the holistic approach towards the information security management
 Protect the business from any sort of data leakage or attacks
 Support the business’s strategic vision by the approach that balances the security and
usability of the information [7].
 Help the compliance of legal, regulatory and contractual obligations.
Roles and Responsibilities
1. Board of Governors: The board has the ultimate access to the business data and the
activities performed in the concerned business. It secures the intuitional reputation
through implementing procedures, policies and regulations. The board of the governors
should also be assured that the business comprises of effective systems to control the
risks that are associated with their business.
2. Vice Chancellor’s Board: This board of Vice-Chancellor is responsible to lead and foster
the business culture which uses, protects and values all the stakeholders and assets of the
business. The board is also responsible for defining the risk appetite of the business to
prevail the technological, socio-economic, political and external standards [8]. The board
should also guarantee that the developed policy fit the business and it becomes easy for
the business to adopt the policy as well as the board should also ensure that the developed
policy must be effective for the business.

5DATA POLICY
3. Senior Information Risk Owner: The SIRO should guarantee that the designed policy
and the objectives of the information security goals are compatible with the business. He
or she should also identify the person to whom he or she will report the breach
information [9]. The Vice-Chancellor and the Council should also be aware of the risk
management reported by the SIRO.
4. Information Governance Committee: This committee should provide strategic focus and
direction to the business methods across the business. The scope integrated both the
security and quality of the business data.
Mandatory Requirements
The information security management requires staffs of high skills which can ensure that
the implemented policy can be effective for the business. The old computer versions should be
upgraded to the latest form which allows the business to develop its services and increase the
customer satisfaction factor. Every data should be kept back up such that the business face any
problem in case of any accidents [10]. The passwords should be generated in a complex form
such that it becomes harder to predict the passwords. This reduces the phishing of information.
Exemptions
The developed policy covers every area of the business. However, the legal laws are to be
approved by the government which are not considered in the policy statement. The business is
still facing problems to have a clear update and patching policy which was not considered in the
policy [11]. Some business data should be kept open such to provide unlimited access to the
users which can also increase the vulnerability level for the business. The number of skilful
employees should be increased such that the business can tackle all the business issues.
Glossary
Availability: Data availability describes the ability to guarantee that the need data is always
accessible to the authorized users as well as the users can easily access the data without any
permission of the data analyst or information security manager. If the system or policy failed to

6DATA POLICY
provide sufficient data available to the users then the business can face multiple problems and
can hamper the business reputation by exploiting its reputation. The policy or the system should
be upgraded to their maximum level such that sufficient data availability can be provided to the
users [12]. This can also decrease to the frequency of data occurrence which in turn allow the
business to improve its services or products.
Confidentiality: Confidentiality describes that the business requires to secure sensitive
information. This allows the business to gather more trust from their customers. Each and every
data is vulnerable to the external environment and thus require high-security management. The
confidentiality factor also requires high skills of the staffs as the maintenance of the data should
focus on protecting the business data.
Integrity: Integrity describes the authenticity of the data. The integrity factor ensures that the
information of data is altered and the individuals can easily trust on the business data. This is
achieved by processing the data through some intelligent systems which process the errorless
data. Any sort of unaware alteration in the data can exploit the business in numerous ways.
Quality: The quality of the data should be maintained throughout the business processes. Each
and every business should deal with the quality of the information. Business development is
directly related to the quality of the business.
Information Assets: The information assets also play an important role in processing business
data. These assets are vulnerable to numerous threats and thus require high-quality security
management.

Paraphrase This Document

Need a fresh take? Get an instant paraphrase of this document with our AI Paraphraser

7DATA POLICY
Reference
[1] A.A. Belal, H.R El-Ramady, E.S. Mohamed and A.M. Saleh, Drought risk assessment using
remote sensing and GIS techniques, Arabian Journal of Geosciences, 7(1), pp.35-53, 2014.
[2] D. Acemoglu, A. Malekian and A. Ozdaglar, Network security and contagion, Journal of
Economic Theory, 166, pp.536-585, 2016.
[3] M.A. Badawy, N.A. El-Fishawy and O. Elshakankiry, Using patch management tools to
enhance the signature customization for IDS based on vulnerability scanner, In 2014 11th
International Conference on Information Technology: New Generations (pp. 529-533), IEEE,
2014, April.
[4] A. Zuiderwijk, and M. Janssen, Open data policies, their implementation and impact: A
framework for comparison, Government Information Quarterly, 31(1), pp.17-29, 2014.
[5] E. Chemerinsky, Constitutional law: principles and policies, Aspen Publishers, 2019.
[6] H. Afshar and C. Denniseds, Women and adjustment policies in the third world. Springer,
2016.
[7] M. Edelman, Political language: Words that succeed and policies that fail, Elsevier, 2013.
[8] P.R. ed. Portney, Public policies for environmental protection, Routledge, 2016.
[9] M. Tang, Y. Yu, Q.M. Malluhi, M. Ouzzani and W.G. Aref, Locationspark: A distributed in-
memory data management system for big spatial data, Proceedings of the VLDB
Endowment, 9(13), pp.1565-1568, 2016.
[10] C. Zhang, DeepDive: a data management system for automatic knowledge base
construction, University of Wisconsin-Madison, Madison, Wisconsin, 2015.
[11] U. ul Hassan, A. Ojo and E. Curry, Catalog and Entity Management Service for Internet
of Things-Based Smart Environments, In Real-time Linked Dataspaces (pp. 89-103),
Springer, Cham, 2020.
[12] R.B. Allen, Metadata for Administrative and Social Science Data, Building the Next
Generation of Scholarly Infrastructure, 2020.