COIT20263: Information Security Management, Assessment 2, Term 1, 2018

Verified

Added on 2021/06/17

AI Summary

This report presents an Issue Specific Security Policy (ISSP) for Cosmos, an online newspaper based in Sydney, Australia. The policy addresses key aspects of information security management, including the statement of purpose, authorized and prohibited uses of the online newspaper, systems management, policy violations, policy review and modification, limitations, and liabilities. The report also includes justifications for the policy and outlines several assumptions related to the newspaper's operations, such as user registration, subscriber growth, the use of freelance reporters, provision of live streaming, and the assurance of timely news delivery to the clients. The report emphasizes the importance of maintaining data integrity and confidentiality within the organization, along with the need for regular review and modification of the ISSP to adapt to technological advancements and evolving threats. The report highlights the need for Cosmos to protect its data and safeguard against potential risks like data breaches and the spread of fake news. The report is a part of an assessment for the COIT20263 Information Security Management course.

TEMPLATE FOR YOUR ANSWERS
COIT20263 Information Security Management - Assessment Item 2 (Term 1, 2018)
Names and student numbers of group members:
Confidential Information Policy Mark
allocated
Mark
earned
1 Statement of Purpose
The most significant purpose of this particular policy is the understanding and
also developing the Issue Specific Security Policy for a company, known as
Cosmos (Berger 2014). This particular company of Cosmos eventually is
responsible for publishing the online newspaper and the location of this
organization is in Sydney, Australia. They have the global network of all types
of freelancer reporters. These specific reporters subsequently report the
important and genuine news from each and every part of the world. All the
clients of this particular organization, who have the wish to use or read this
online newspaper, will at first have to register themselves within this
organization (Ifinedo 2014). They would have to pay a smaller amount of cash
to the organization for getting themselves registered here. The payment of this
money should be done online and the customers do not have to visit to the
organization. The main income of this organization, Cosmos is from the
several advertisements. These advertisements eventually comprise of the
playback videos and even live videos (Sommestad and Hallberg 2013). The
organization of Cosmos has now decided to update all their policies of
information security for the systems or computers that are related to
information. This particular project would be providing an Issue Specific
Security Policy for the organization with authorized uses, prohibited uses,
systems management, policy violations, policy review, policy modification
and finally limitations and liabilities (Sommestad et al. 2014). Moreover,
relevant assumptions and justification of the Issue Specific Security Policy
will be provided.
3
2 Authorised Uses
The authorized uses refer to those users, who have registered themselves with
the organization successfully after making the payment of registration money
(Cheng et al. 2013). These authorized users are the clients of these newspapers
and can easily access and read the news from their paper. They maintain the
accurateness and security of the news and it is the duty of all the customers to
maintain the integrity of the news.
3

Paraphrase This Document

Need a fresh take? Get an instant paraphrase of this document with our AI Paraphraser

3 Prohibited Uses
The prohibited uses refer to those users, who have not registered themselves
with the organization and are still accessing the news with wrong intentions.
They can even breach the data or news and can sell the news to other
organizations (Kim, Yang and Park 2014). Cosmos has the complete right to
take necessary actions against all these users and these actions can also be
legal.
3
4 Systems Management
The systems management refers to the management of various systems or
computers that are related with the organization of Cosmos. The network
administrator is responsible for the overall checking and maintaining all the
systems of the organization and thus it is his responsibility to maintain the
confidentiality of the systems (Peltier 2013). As they are the organization of
online newspaper, any type of system problem would be lead to major
destruction.
Furthermore, the freelancer reporters would be having various
telecommunications devices for the purpose of their news reporting. If any
type of problem occurs within those devices, the freelancers will not be able to
work and thus the customers would not be getting any news from them (Peltier
2016). The systems management is thus one of the most important factors for
the organization of Cosmos.
3
5 Violations of Policy
This is the fifth important factor in an Issue Specific Security Policy (Crossler
et al. 2013). The policies of the organization should be maintained properly
and if any type of discrepancies is noticed or rather the policy is violated, the
organization of Cosmos has the full right to sack that employee or reporter.
This type of problem mainly occurs with the prohibited users, who do not
follow the rules and regulations for using the online newspaper. If the
prohibited users violate the policy, legal actions are to be taken against him or
her and he or she would be put behind the bars (Wall, Palvia and Lowry
2013). The news breaching is thus stopped with this and the customers would
getting accurate news from anywhere in the world.
3
6 Policy Review and Modification
The policy should be timely reviewed and modified on a timely manner. The
analysis is eventually done by the administrators of the company. If they
notice, that any type of changes is required in the policy, they would change
them evenly (Ahmad, Maynard and Park 2014). Once, the review is done and
modifications are made, the entire changed policy is to be reported to the
technical expert. The up gradation of technology is the basic requirement in
any organization and the Issue Specific Security Policy should be reviewed as
well as modified for this particular purpose ( Yeo, Pak and Yang 2013).
Moreover, the freelancers are working in poor Internet connectivity places and
the devices of these reporters are provided by the organization. If these
3

devices do not work properly, the freelancer will not be able to work properly.
Hence, the technology should be checked regularly. Furthermore, the news
should not lose its integrity (Siponen, Mahmood and Pahnila 2014). This
particular factor should also be maintained. Thus, Issue Specific Security
Policy should require proper review and modifications.
7 Limitations of Liability
Cosmos do not have any liability to pay for the prohibited users. The
prohibited users should be checked properly and necessary actions should be
taken for them subsequently. As they are dealing with various types of news,
there is absolutely zero tolerance of fake news or forged news within it (Safa
et al. 2015). If this type of situation arises, they have the complete right to take
necessary action or even terminate their employees in the scenario. Hence they
have no liability to pay off.
3
Justification
One of the most popular and significant online newspapers in the world,
known as the Cosmos organization is making the globalized network for all
types of freelancer reporters in all over the world. This particular organization
is located in Sydney, Australia and is extremely famous in its field. For the
presence or existence of the global network, they have the ability to deliver
news in the entire world and without any kind of time constraints. All the
clients, who have the ability or the wish to obtain news from this specific
newspaper, have to register themselves within the online newspapers after the
successful payment of a very small amount of registration fees. Once, they
have successfully registered themselves with the newspaper; they could even
watch live videos of news and read the newspaper very often. Since, there is
no time constraint, the clients can watch the news and read newspaper any
time and from anywhere in the world. The major income of this particular
organization is from the several advertisements that comprise of the playback
videos as well as the live streaming of news. These advertisements could be
from anywhere. It can be from any specific person or can even be from the
various companies. The one and only restriction in this phase is that these
companies or persons should be eventually complied with all the rules and
regulations of Australian government. They should also follow the guidelines
of Australian government.
It has been calculated that during the starting year or beginning, the number of
customers would be lesser and it would be around 100,000. However, as
several days will pass, the number would be incrementing exponentially and
within the time period of three years, this number would be touching more
than 500,000. This particular organization also provide various devices of
telecommunications to all of its freelancer reporters with the sole motive to
live report the news within those places where there is no Internet connection
or where the Internet connection is poor. The data or the information of
Cosmos organization is subsequently controlled or managed by them in a
specific way that does not allow any type of data theft or breaching. As they
are the newspaper organization, the data should be preserved and managed
explicitly, so that there is no loophole of data theft. The integrity as well as the
confidentiality of the data is solely maintained by them. This organization has
6

now taken the decision of up gradation of various policies related to
information security and for they have made an Issue Specific Security Policy
for the betterment of the organization.
The Issue Specific Security Policy of Cosmos has various important factors
within it. The first point is the statement of purpose. It determines all the
details of their policy with a short description of the organizational
background. The next factor is the authorized uses, which states about all the
authorized users of this organization. The third factor is the prohibited users
that describe all the prohibited users of the organization of Cosmos and what
can happen if these users use this newspaper. Moreover, the confidentiality
and the integrity of the users of this organization are mentioned here. The next
part is the system management that demonstrates how the organization can
manage their systems or computers. The importance of systems management
is given here. The fifth factor is the policy violation. It states that what would
happen if any type of policy is being violated by specific person. The next
factor is the policy reviewing and modification. The organization should check
and review their policies very often for avoiding the problems. The last factor
is the limitations and liabilities. Cosmos do not have any liability to pay off.
The Issue Specific Security Policy is the most important policy for Cosmos.
Assumptions
The organization of Cosmos will be upgrading their policies of information
security to gain proper benefit from the Issue Specific Security Policy. There
are various important assumptions for this particular case study for the
Cosmos online newspaper. The most significant assumptions of the case study
are given below:
i) The most significant assumption for the case study of Cosmos
organization is that all the customers, who are willing to utilize the newspaper
of Cosmos, have to register themselves with this organization. They cannot
access the newspaper or rather read the newspaper without this registration ad
without paying the small registration fee.
ii) The next important assumption for the organization of Cosmos is
that they would be obtaining huge number of clients for their business. It has
been evaluated that in the starting year, the number of clients would be lesser
ad it would be approximately 100,000. However, as days would pass, this
number would be increasing explicitly and in the time period of three years,
the number would be touching around 500,000. The organization is bound to
get success by this up gradation of information security policies.
iii) The third important assumption for the organization of Cosmos is
that various news reporters will be working with this particular organization
and they would be give the flexibility to work in any location and in any time.
Thus, the reporters do not have to come down to the office for their work.
They could be staying in any part of the work and working as freelancer
reporters. This freelancing reporting is allowing them to work according to
their schedule and is not restricted to any specific time.
iv) The fourth important assumption for the organization of Cosmos is
that the clients or the customers of the organization would be getting live
streaming for the news they are willing to watch. This would be helpful and
useful even for those areas where the connectivity of Internet is very low or
even does not have the connectivity of Internet. Moreover, these freelancer
6

Paraphrase This Document

Need a fresh take? Get an instant paraphrase of this document with our AI Paraphraser

reporters are provided with proper and significant devices of
telecommunications that would help them in working with no Internet
connectivity areas.
v) The fifth important assumption for the organization of Cosmos is
that the clients of this particular organization would be getting all time news
and does not require any time restriction in this scenario. Since the freelancer
reporters are working in all over the world and in any time constraint, they
would be able to deliver the online news easily and promptly. The video feeds
would be available every time.
vi) The sixth significant assumption for the organization of Cosmos is
that this particular company is making a huge global network of several
freelancer reporters.
References
Ahmad, A., Maynard, S.B. and Park, S., 2014. Information security strategies:
towards an organizational multi-strategy perspective. Journal of Intelligent
Manufacturing, 25(2), pp.357-370.
Berger, T.U., 2014. Norms, Identity, and National Security. Security Studies:
A Reader.
Cheng, L., Li, Y., Li, W., Holm, E., & Zhai, Q. (2013). Understanding the
violation of IS security policy in organizations: An integrated model based on
social control and deterrence theory. Computers & Security, 39, 447-459.
Crossler, R.E., Johnston, A.C., Lowry, P.B., Hu, Q., Warkentin, M. and
Baskerville, R., 2013. Future directions for behavioral information security
research. computers & security, 32, pp.90-101.
D'Arcy, J., Herath, T. and Shoss, M.K., 2014. Understanding employee
responses to stressful information security requirements: A coping
perspective. Journal of Management Information Systems, 31(2), pp.285-318.
Ifinedo, P., 2014. Information systems security policy compliance: An
empirical study of the effects of socialisation, influence, and
cognition. Information & Management, 51(1), pp.69-79.
Kim, S.H., Yang, K.H. and Park, S., 2014. An integrative behavioral model of
information security policy compliance. The Scientific World Journal, 2014.
Peltier, T.R., 2013. Information security fundamentals. CRC Press.
Peltier, T.R., 2016. Information Security Policies, Procedures, and Standards:
guidelines for effective information security management. CRC Press.
Safa, N.S., Sookhak, M., Von Solms, R., Furnell, S., Ghani, N.A. and
Herawan, T., 2015. Information security conscious care behaviour formation
in organizations. Computers & Security, 53, pp.65-78.
Siponen, M., Mahmood, M.A. and Pahnila, S., 2014. Employees’ adherence to
information security policies: An exploratory field study. Information &
2

management, 51(2), pp.217-224.
Sommestad, T. and Hallberg, J., 2013, July. A review of the theory of planned
behaviour in the context of information security policy compliance. In IFIP
International Information Security Conference (pp. 257-271). Springer,
Berlin, Heidelberg.
Sommestad, T., Hallberg, J., Lundholm, K. and Bengtsson, J., 2014. Variables
influencing information security policy compliance: a systematic review of
quantitative studies. Information Management & Computer Security, 22(1),
pp.42-75.
Soomro, Z.A., Shah, M.H. and Ahmed, J., 2016. Information security
management needs more holistic approach: A literature review. International
Journal of Information Management, 36(2), pp.215-225.
Wall, J.D., Palvia, P. and Lowry, P.B., 2013. Control-related motivations and
information security policy compliance: The role of autonomy and
efficacy. Journal of Information Privacy and Security, 9(4), pp.52-79.
Yeo, G.T., Pak, J.Y. and Yang, Z., 2013. Analysis of dynamic effects on
seaports adopting port security policy. Transportation Research Part A:
Policy and Practice, 49, pp.285-301.
Late submission penalty
Plagiarism penalty
Total 35