Information Security Management Ethics Case Study: FuturePlus Scenario

Verified

Added on 2022/10/04

AI Summary

This case study focuses on the ethical aspects of information security management within the context of FuturePlus, a charity organization supporting disadvantaged students in Australia. The assignment addresses critical areas such as data privacy, access and disclosure, and data collection and availability. It emphasizes the importance of securing sensitive data, including donor and student information, by implementing measures like VPNs for secure network access and encryption for data at rest and in transit. The study highlights the need for access control to ensure only authorized personnel can access specific information, along with the implementation of a cloud-based architecture for 24/7 data availability and integrity. The analysis draws on references to support the recommendations for robust information security practices.

INFORMATION SECURITY MANAGEMENT 1
Information Security Management
Name
Date

Paraphrase This Document

Need a fresh take? Get an instant paraphrase of this document with our AI Paraphraser

INFORMATION SECURITY MANAGEMENT 2
Information Security Management
Ethics is a critical aspect of information security (info-sec), especially given the case
scenario of FuturePlus, an institution involved in providing assistance and support to disadvantaged
students in Australia. Given their IT setup and the kind of information and data they hold; the
following three points on ethical aspects are important and relevant for the scenario;
Data privacy
This relates to the fact that FuturePlus stores important data on donors and their students in
their databases; such information includes addresses and financial information that can otherwise be
unlawfully accessed and abused. The current setup where FuturePlus uses a wireless 5G network to
access its IT resources poses risks of unauthorized access and this requires securing. This should be
achieved through setting up a virtual private network for the wireless 5G cellular network. This will
ensure anonymous status in accessing and sending/ receiving information and make it difficult or
near impossible for external malicious sources to access the Future Plus ICT resources such as
databases. The remote collection and updating of data using mobile devices will also be secured
using a VPN with encryption of the data being transmitted. (Gupta, 2012)
Access and disclosure
The nature of the company’s data makes them very sensitive and not everyone should be
able to access information such as donor financial details, especially for the casual workers or the
support staff. It is essential that FuturePlus ensures only authorized personnel can access certain
information; for instance, the Accountant should have access to the financial and payment details of
the donors and the students receiving support. However, the planning officer should not have a
similar level of privilege, while the support staff do not necessarily have to access this information.
To ensure integrity and privacy, access rights must be implemented to allow only specific persons
access certain information and be able to make changes or edit them. This means that access
credentials should be set for different users and require authentication before one can access the
information. Internal risks are some of the most serious IT security threats hence the need for
effective credential and access rights management (Osborne, 2019; Field, 2011).
Data collection and availability
The filed data collectors must have restricted access to data, with their devices encrypted; to
ensure 24/7 availability, the company should have its databases set in a cloud architecture and
virtualized so there is full time access and availability. This should also involve having the data
encrypted end to end and the mobile devices used for collecting data in the filed set up with IPsec
VPN so the data vulnerabilities during information collection are minimized. Having a virtual cloud
setup with encryption will ensure that even if the physical databases at the company’s offices are

INFORMATION SECURITY MANAGEMENT 3
unavailable or are breached, the operations of FuturePlus will proceed and data availability and
safety guaranteed (Osborne, 2019). The collected and stored data must be encrypted both a rest and
in transit s that even in the event of unauthorized access, the entities are not able to access or use it
meaningfully.

INFORMATION SECURITY MANAGEMENT 4
References
Field, T. (2011). The Ethics of Information Security. Retrieved 10 August 2019, from
https://www.bankinfosecurity.com/interviews/ethics-information-security-i-1199
Gupta, U. (2012). Role of Ethics in IT Security. Retrieved 10 August 2019, from
https://www.inforisktoday.com/role-ethics-in-security-a-4469
Osborne, C. (2019). Cyber security 101: Protect your privacy from hackers, spies, and the
government | ZDNet. Retrieved 10 August 2019, from https://www.zdnet.com/article/online-
security-101-how-to-protect-your-privacy-from-hackers-spies-and-the-government/