ISSP Report: Developing and Implementing A4A's Copyright Policy
VerifiedAdded on 2020/03/01
|10
|2749
|406
Report
AI Summary
This report provides a detailed Information Security Policy (ISSP) for the A4A organization, addressing the fair and responsible use of data and information generated by its members. The policy covers assumptions, statement of purpose, authorized and prohibited uses, systems management, violations, policy review and modification, limitations of liability, and justification. It emphasizes the importance of securing the information system, protecting data through cryptographic methods, and adhering to copyright laws. The policy restricts data access to authorized A4A members, defines the organization's ownership of the data, and outlines consequences for policy violations, including termination or legal action. The report also highlights the annual review and modification of the policy, A4A's limited liability, and the justification for enforcing the copyright policy to prevent misuse of resources. The policy aims to safeguard A4A's resources and ensure responsible data handling within the organization.
Running head: ISSP
ISSP
Name of the Student
Name of the University
Author Note
ISSP
Name of the Student
Name of the University
Author Note
Secure Best Marks with AI Grader
Need help grading? Try our AI Grader for instant feedback on your assignments.
1
ISSP
1. Assumptions
The assumptions in developing the ISSP are listed below-
1) The existing information system is properly secured and no data breach through the
system is possible by any means. This includes the protection of the data of the information
system database by proper cryptographic method and can only be accessed with the help of a
valid username and password. Even the admin of the system should register into the system to
access, update, delete or modify the data (Ifinedo 2014).
2) The second assumption is that the system abides by the compliances of the local
government and does not practice any illegal activities itself and the organization A4A is a
registered NGO.
3) The third assumption is that, the members of the organization will abide by the
copyright policy set and the organization will dictate their policy to every member. The existing
members of the organization have full right to know about the copyright policy and its terms and
condition. The existing members will be notified by the new copyright policy via an official
email (Sommestad et al. 2014).
2. Statement of Purpose
This policy addresses the fair and responsible use of the data and the information
produced by the members of A4A (Höne and Eloff 2002). This includes but is not limited to the
assignments, learning lessons, class notes and exams. It is only intended for the authorized users
of A4A, and should be handled and stored by the information system of A4A irrespective of the
location where the member of A4A is working. Authorized users include anyone who has been
ISSP
1. Assumptions
The assumptions in developing the ISSP are listed below-
1) The existing information system is properly secured and no data breach through the
system is possible by any means. This includes the protection of the data of the information
system database by proper cryptographic method and can only be accessed with the help of a
valid username and password. Even the admin of the system should register into the system to
access, update, delete or modify the data (Ifinedo 2014).
2) The second assumption is that the system abides by the compliances of the local
government and does not practice any illegal activities itself and the organization A4A is a
registered NGO.
3) The third assumption is that, the members of the organization will abide by the
copyright policy set and the organization will dictate their policy to every member. The existing
members of the organization have full right to know about the copyright policy and its terms and
condition. The existing members will be notified by the new copyright policy via an official
email (Sommestad et al. 2014).
2. Statement of Purpose
This policy addresses the fair and responsible use of the data and the information
produced by the members of A4A (Höne and Eloff 2002). This includes but is not limited to the
assignments, learning lessons, class notes and exams. It is only intended for the authorized users
of A4A, and should be handled and stored by the information system of A4A irrespective of the
location where the member of A4A is working. Authorized users include anyone who has been
2
ISSP
recruited by the A4A and is granted approval to access and information system of A4A. This
includes the private universities and colleges as well as the members of A4A. The authorized
users of the information system of A4A are expected to understand and comply with the
document of information security policy. A4A was established last year and until now, they have
not enforced any copyright policies on its resources. A4A at present has a team of 10 staff
members who are allocated in different projects. Therefore, it becomes difficult to track if any of
the members are misusing or circulating the resources of A4A. This policy is thus enforced to
ensure the responsible use of the organizations property and prevention of circulation of any data
even by the author (Safa, Von Solms and Furnell 2016).
3. Authorized Uses
Only the members of A4A are permitted to access the information system of A4A. The
information system should be accessed only after properly imputing the user id and password.
The information should be accessed only for business operations, which is in this case providing
services to the registered universities and colleges. The user id and password are safely secured.
The user id should be unique so that no duplication is possible. The authorized users only have
the power to access the data or upload data into the system (Al-Omari, El-Gayar and Deokar
2012). The authorized user have no permission to use or access the data outside the organization
as all the information should be handled and stored by the information system of A4A and will
remain its property irrespective of the location in which the members work. Once uploaded in the
information system of A4A, the data or the information will be termed as the property of
organization and by no means it should be replicated or circulated. The authorized users are
allowed to access the information system but are not allowed to circulate it. The registration
ISSP
recruited by the A4A and is granted approval to access and information system of A4A. This
includes the private universities and colleges as well as the members of A4A. The authorized
users of the information system of A4A are expected to understand and comply with the
document of information security policy. A4A was established last year and until now, they have
not enforced any copyright policies on its resources. A4A at present has a team of 10 staff
members who are allocated in different projects. Therefore, it becomes difficult to track if any of
the members are misusing or circulating the resources of A4A. This policy is thus enforced to
ensure the responsible use of the organizations property and prevention of circulation of any data
even by the author (Safa, Von Solms and Furnell 2016).
3. Authorized Uses
Only the members of A4A are permitted to access the information system of A4A. The
information system should be accessed only after properly imputing the user id and password.
The information should be accessed only for business operations, which is in this case providing
services to the registered universities and colleges. The user id and password are safely secured.
The user id should be unique so that no duplication is possible. The authorized users only have
the power to access the data or upload data into the system (Al-Omari, El-Gayar and Deokar
2012). The authorized user have no permission to use or access the data outside the organization
as all the information should be handled and stored by the information system of A4A and will
remain its property irrespective of the location in which the members work. Once uploaded in the
information system of A4A, the data or the information will be termed as the property of
organization and by no means it should be replicated or circulated. The authorized users are
allowed to access the information system but are not allowed to circulate it. The registration
3
ISSP
procedure of the members is properly secured by cryptographic methods and no duplication of
data is possible (Pensak et al. 2001).
4. Prohibited Uses
The people who are not members of A4A are prohibited to use the information system.
The members who are working at the institution are not allowed to replicate or circulate the
information and data of the organization without the organization’s permission. Any replication
of the data if found will be considered as the breach of the copyright policy and legal actions will
be taken against the members if found guilty. The authorities reserve the right to detain and
blacklist the member. The registered universities and colleges in Australia and Southeast Asia
can only access the information (Wang et al. 2010). The information can be used by these
colleges and universities for their own purpose and should not be replicated and circulated in any
manner. The copyright law prohibits the circulation of A4A materials beyond the group of
registered colleges and universities (Whitman, Townsend and Aalberts 2001). If this law is
violated, A4A reserves the right to take legal actions against those colleges and universities. The
type of actions to be taken against the violator of the policy will be decided by A4A.
5. Systems Management
It is the responsibility of the manger of A4A to ensure that the access of the information
system has only been given to the authorized members of the organization. This can be ensured
by allowing entry to the system only to the registered members after proper authentication by
inputting the user id and password. It is the responsibility of the A4A to define the authentication
and registration requirements as well as development and definition of necessary compliance
standards (Laudon et al. 2012). A4A reserves the right to audit all data associated with the
ISSP
procedure of the members is properly secured by cryptographic methods and no duplication of
data is possible (Pensak et al. 2001).
4. Prohibited Uses
The people who are not members of A4A are prohibited to use the information system.
The members who are working at the institution are not allowed to replicate or circulate the
information and data of the organization without the organization’s permission. Any replication
of the data if found will be considered as the breach of the copyright policy and legal actions will
be taken against the members if found guilty. The authorities reserve the right to detain and
blacklist the member. The registered universities and colleges in Australia and Southeast Asia
can only access the information (Wang et al. 2010). The information can be used by these
colleges and universities for their own purpose and should not be replicated and circulated in any
manner. The copyright law prohibits the circulation of A4A materials beyond the group of
registered colleges and universities (Whitman, Townsend and Aalberts 2001). If this law is
violated, A4A reserves the right to take legal actions against those colleges and universities. The
type of actions to be taken against the violator of the policy will be decided by A4A.
5. Systems Management
It is the responsibility of the manger of A4A to ensure that the access of the information
system has only been given to the authorized members of the organization. This can be ensured
by allowing entry to the system only to the registered members after proper authentication by
inputting the user id and password. It is the responsibility of the A4A to define the authentication
and registration requirements as well as development and definition of necessary compliance
standards (Laudon et al. 2012). A4A reserves the right to audit all data associated with the
Secure Best Marks with AI Grader
Need help grading? Try our AI Grader for instant feedback on your assignments.
4
ISSP
information system. A4A is responsible for handling the information and storing it in a secure
manner. The information must be stored in the database of the information system properly in
order to ensure compliance with various regulations and to guard the future of the organization.
A4A reserves all rights to limit the information use (Peppard and Ward 2016). It reserves the
right to monitor, access and review then information stored in the system and the members who
are accessing the information. It is the responsibility of A4A to keep the passwords and the
accounts secure in order to prevent any unauthorized access. Furthermore, it is the responsibility
of A4A to ensure that the any information security issues and incident is properly taken care of.
Moreover, it is also the responsibility of the members to ensure that they have the appropriate
credentials and are authorized to use the services (Coronel and Morris 2016). Moreover, the
members should take extreme caution while operating the information system of the
organization.
6. Violations of Policy
In the event of inappropriate use of the information system of A4A and its relevant data,
A4A reserves the right to take whatever actions deemed appropriate for the specific situation
including, but not limited to the termination of the member, blacklist him or her or take legal
actions against the member. Guidelines for action, which includes a warning for the first time
violators, are warned by dropping a formal email for further occurrences. All violations of this
policy should be reported to the manager of A4A who will in turn report the violation to the
information security department for further actions (Belleflamme and Peitz 2014). The
information security department or the personnel will be responsible for verifying the occurrence
of the infringement of the copyright policy before taking any actions. The warning given to the
members should be formal and specific according to the policy. The warning would be an
ISSP
information system. A4A is responsible for handling the information and storing it in a secure
manner. The information must be stored in the database of the information system properly in
order to ensure compliance with various regulations and to guard the future of the organization.
A4A reserves all rights to limit the information use (Peppard and Ward 2016). It reserves the
right to monitor, access and review then information stored in the system and the members who
are accessing the information. It is the responsibility of A4A to keep the passwords and the
accounts secure in order to prevent any unauthorized access. Furthermore, it is the responsibility
of A4A to ensure that the any information security issues and incident is properly taken care of.
Moreover, it is also the responsibility of the members to ensure that they have the appropriate
credentials and are authorized to use the services (Coronel and Morris 2016). Moreover, the
members should take extreme caution while operating the information system of the
organization.
6. Violations of Policy
In the event of inappropriate use of the information system of A4A and its relevant data,
A4A reserves the right to take whatever actions deemed appropriate for the specific situation
including, but not limited to the termination of the member, blacklist him or her or take legal
actions against the member. Guidelines for action, which includes a warning for the first time
violators, are warned by dropping a formal email for further occurrences. All violations of this
policy should be reported to the manager of A4A who will in turn report the violation to the
information security department for further actions (Belleflamme and Peitz 2014). The
information security department or the personnel will be responsible for verifying the occurrence
of the infringement of the copyright policy before taking any actions. The warning given to the
members should be formal and specific according to the policy. The warning would be an
5
ISSP
ultimatum to the members, further infringement or violation of the copyright policy will be
considered as a serious offence, and necessary actions will be taken against the member. The
violation of the policy should no way be justified or can be justified and the violator would be
entitled to strict actions taken against him/her (Bridy 2012).
7. Policy Review and Modification
The policy will be periodically reviewed by the A4A information security on an annual
basis or as necessitated by the changes in the terms and policy of A4A, and would be modified
when appropriate. The policy is expected to be upgraded time to time. The modification of the
policy includes inclusion of additional clauses as the system changes or evaluates over the course
of time. The review of policy includes analysis of the appropriateness of the existing policies and
services (Peltier 2004). It is the responsibility of A4A to ensure that the policies and procedures
are reviewed and amended. The review policy is to be ensured by setting agendas for reviewing
the policies and procedures in regular meetings. Any new policy or procedure can be added to
the copyright policy and the existing policies can be updated time to time. The organization
reserves the right to update their policies whenever they wish to. The review of the policy will be
according to the guidelines set by the organization. The review of the policy will be performed in
a systematic way and will mainly deal with updating or modifying the security policy of the
information security system. The policies and procedures are decided to be amended annually.
This timeframe is subjected to change if there is a need for reviewing the policy within one year
of its enforcement.
8. Limitations of Liability
ISSP
ultimatum to the members, further infringement or violation of the copyright policy will be
considered as a serious offence, and necessary actions will be taken against the member. The
violation of the policy should no way be justified or can be justified and the violator would be
entitled to strict actions taken against him/her (Bridy 2012).
7. Policy Review and Modification
The policy will be periodically reviewed by the A4A information security on an annual
basis or as necessitated by the changes in the terms and policy of A4A, and would be modified
when appropriate. The policy is expected to be upgraded time to time. The modification of the
policy includes inclusion of additional clauses as the system changes or evaluates over the course
of time. The review of policy includes analysis of the appropriateness of the existing policies and
services (Peltier 2004). It is the responsibility of A4A to ensure that the policies and procedures
are reviewed and amended. The review policy is to be ensured by setting agendas for reviewing
the policies and procedures in regular meetings. Any new policy or procedure can be added to
the copyright policy and the existing policies can be updated time to time. The organization
reserves the right to update their policies whenever they wish to. The review of the policy will be
according to the guidelines set by the organization. The review of the policy will be performed in
a systematic way and will mainly deal with updating or modifying the security policy of the
information security system. The policies and procedures are decided to be amended annually.
This timeframe is subjected to change if there is a need for reviewing the policy within one year
of its enforcement.
8. Limitations of Liability
6
ISSP
A4A assumes no liability for unauthorized acts that violate local, state or federal
legislations. In the event of such an act occurring, A4A will immediately terminate its
relationship with the violator and blacklist the violator. Furthermore, the A4A will not provide
any legal protection and assistance to the violator. All the members will be notified about the
security and the copyright policy and even after having a clear idea of the policy, any member
violates the law, the member will be appropriately punished. The organization reserves the right
to punish the member by terminating his/ her membership and/or taking legal actions against the
member. The members or outsider who will infringe the copyright policy will solely be
responsible for the consequences. The organization holds no liability for the intruder and will be
forced to take legal action on occasion of illegal or unauthorized use of the organization’s
resources (Pallante 2012). The copyright policy clearly defines and limits the use of the
organization’s resources and should be by no means used, circulated, or replicated for personal
use or benefits. If a member is found guilty, the organization reserves the right to take suitable
actions against the violator of policy and terms. The new members to be recruited henceforth
must agree to the terms and conditions of the copyright policy before joining the organization.
Therefore, there remains no scope for violating the rules and policies stated in the copyright
policy and thus, the NGO holds no liability for unauthorized use of the organization’s resources
or infringement of the policy (Baskerville and Siponen 2002).
9. Justification
The copyright policy clearly defines that the information provided by the members after
recruitment will not be a property of the member but will be a property of the organization. The
copyright policy is developed stating all limitations of use of resources outside the organization’s
information security system. The members are asked to go through the copyright policies and its
ISSP
A4A assumes no liability for unauthorized acts that violate local, state or federal
legislations. In the event of such an act occurring, A4A will immediately terminate its
relationship with the violator and blacklist the violator. Furthermore, the A4A will not provide
any legal protection and assistance to the violator. All the members will be notified about the
security and the copyright policy and even after having a clear idea of the policy, any member
violates the law, the member will be appropriately punished. The organization reserves the right
to punish the member by terminating his/ her membership and/or taking legal actions against the
member. The members or outsider who will infringe the copyright policy will solely be
responsible for the consequences. The organization holds no liability for the intruder and will be
forced to take legal action on occasion of illegal or unauthorized use of the organization’s
resources (Pallante 2012). The copyright policy clearly defines and limits the use of the
organization’s resources and should be by no means used, circulated, or replicated for personal
use or benefits. If a member is found guilty, the organization reserves the right to take suitable
actions against the violator of policy and terms. The new members to be recruited henceforth
must agree to the terms and conditions of the copyright policy before joining the organization.
Therefore, there remains no scope for violating the rules and policies stated in the copyright
policy and thus, the NGO holds no liability for unauthorized use of the organization’s resources
or infringement of the policy (Baskerville and Siponen 2002).
9. Justification
The copyright policy clearly defines that the information provided by the members after
recruitment will not be a property of the member but will be a property of the organization. The
copyright policy is developed stating all limitations of use of resources outside the organization’s
information security system. The members are asked to go through the copyright policies and its
Paraphrase This Document
Need a fresh take? Get an instant paraphrase of this document with our AI Paraphraser
7
ISSP
terms and conditions thoroughly. Therefore, the violation of the policy by no means will be
tolerated. The policy is justified as the as the members are working for the organization and the
organization is providing the accommodation, meals, medical and travel expenses to the
members. Therefore, it is the liability of the members to abide by the copyright and the
information security policy of the organization. Furthermore, the organization has the right to
enforce a copyright policy as it is a registered NGO and the resources of the NGO should not be
subjected to misuse. Therefore, it can be said that the policy is justified to enforce in order to
prevent any sort of misuse or illegal circulation of the A4A resources. A$A was established last
year and therefore, it is mandatory to enforce a copyright policy in order to prevent the
unauthorized access of data. This set of information security policy is subjected to up gradation
and review from time to time in order to add or update certain clauses mentioned in the copyright
policy.
ISSP
terms and conditions thoroughly. Therefore, the violation of the policy by no means will be
tolerated. The policy is justified as the as the members are working for the organization and the
organization is providing the accommodation, meals, medical and travel expenses to the
members. Therefore, it is the liability of the members to abide by the copyright and the
information security policy of the organization. Furthermore, the organization has the right to
enforce a copyright policy as it is a registered NGO and the resources of the NGO should not be
subjected to misuse. Therefore, it can be said that the policy is justified to enforce in order to
prevent any sort of misuse or illegal circulation of the A4A resources. A$A was established last
year and therefore, it is mandatory to enforce a copyright policy in order to prevent the
unauthorized access of data. This set of information security policy is subjected to up gradation
and review from time to time in order to add or update certain clauses mentioned in the copyright
policy.
8
ISSP
10. References
Al-Omari, A., El-Gayar, O. and Deokar, A., 2012, January. Security policy compliance: User
acceptance perspective. In System Science (HICSS), 2012 45th Hawaii International Conference
on (pp. 3317-3326). IEEE.
Baskerville, R. and Siponen, M., 2002. An information security meta-policy for emergent
organizations. Logistics Information Management, 15(5/6), pp.337-346.
Belleflamme, P. and Peitz, M., 2014. Digital piracy (pp. 1-8). Springer New York.
Bridy, A., 2012. Copyright policymaking as procedural democratic process: A discourse-
theoretic perspective on acta, sopa, and pipa. Cardozo Arts & Ent. LJ, 30, p.153.
Coronel, C. and Morris, S., 2016. Database systems: design, implementation, & management.
Cengage Learning.
Höne, K. and Eloff, J.H.P., 2002. Information security policy—what do international information
security standards say?. Computers & Security, 21(5), pp.402-409.
Ifinedo, P., 2014. Information systems security policy compliance: An empirical study of the
effects of socialisation, influence, and cognition. Information & Management, 51(1), pp.69-79.
Laudon, K.C., Laudon, J.P., Brabston, M.E., Chaney, M., Hawkins, L. and Gaskin, S., 2012.
Management Information Systems: Managing the Digital Firm, Seventh Canadian Edition (7th.
Pearson.
Pallante, M.A., 2012. The Next Great Copyright Act. Colum. JL & Arts, 36, p.315.
ISSP
10. References
Al-Omari, A., El-Gayar, O. and Deokar, A., 2012, January. Security policy compliance: User
acceptance perspective. In System Science (HICSS), 2012 45th Hawaii International Conference
on (pp. 3317-3326). IEEE.
Baskerville, R. and Siponen, M., 2002. An information security meta-policy for emergent
organizations. Logistics Information Management, 15(5/6), pp.337-346.
Belleflamme, P. and Peitz, M., 2014. Digital piracy (pp. 1-8). Springer New York.
Bridy, A., 2012. Copyright policymaking as procedural democratic process: A discourse-
theoretic perspective on acta, sopa, and pipa. Cardozo Arts & Ent. LJ, 30, p.153.
Coronel, C. and Morris, S., 2016. Database systems: design, implementation, & management.
Cengage Learning.
Höne, K. and Eloff, J.H.P., 2002. Information security policy—what do international information
security standards say?. Computers & Security, 21(5), pp.402-409.
Ifinedo, P., 2014. Information systems security policy compliance: An empirical study of the
effects of socialisation, influence, and cognition. Information & Management, 51(1), pp.69-79.
Laudon, K.C., Laudon, J.P., Brabston, M.E., Chaney, M., Hawkins, L. and Gaskin, S., 2012.
Management Information Systems: Managing the Digital Firm, Seventh Canadian Edition (7th.
Pearson.
Pallante, M.A., 2012. The Next Great Copyright Act. Colum. JL & Arts, 36, p.315.
9
ISSP
Peltier, T.R., 2004. Information security policies and procedures: a practitioner's reference. CRC
Press.
Pensak, D.A., Cristy, J.J. and Singles, S.J., Authentica, Inc., 2001. Information security
architecture for encrypting documents for remote access while maintaining access control. U.S.
Patent 6,289,450.
Peppard, J. and Ward, J., 2016. The strategic management of information systems: Building a
digital strategy. John Wiley & Sons.
Safa, N.S., Von Solms, R. and Furnell, S., 2016. Information security policy compliance model
in organizations. computers & security, 56, pp.70-82.
Sommestad, T., Hallberg, J., Lundholm, K. and Bengtsson, J., 2014. Variables influencing
information security policy compliance: a systematic review of quantitative studies. Information
Management & Computer Security, 22(1), pp.42-75.
Wang, C., Wang, Q., Ren, K. and Lou, W., 2010, March. Privacy-preserving public auditing for
data storage security in cloud computing. In Infocom, 2010 proceedings ieee (pp. 1-9). Ieee.
Whitman, M.E., Townsend, A.M. and Aalberts, R.J., 2001. Information systems security and the
need for policy. In Information security management: Global challenges in the new millennium
(pp. 9-18). IGI Global.
ISSP
Peltier, T.R., 2004. Information security policies and procedures: a practitioner's reference. CRC
Press.
Pensak, D.A., Cristy, J.J. and Singles, S.J., Authentica, Inc., 2001. Information security
architecture for encrypting documents for remote access while maintaining access control. U.S.
Patent 6,289,450.
Peppard, J. and Ward, J., 2016. The strategic management of information systems: Building a
digital strategy. John Wiley & Sons.
Safa, N.S., Von Solms, R. and Furnell, S., 2016. Information security policy compliance model
in organizations. computers & security, 56, pp.70-82.
Sommestad, T., Hallberg, J., Lundholm, K. and Bengtsson, J., 2014. Variables influencing
information security policy compliance: a systematic review of quantitative studies. Information
Management & Computer Security, 22(1), pp.42-75.
Wang, C., Wang, Q., Ren, K. and Lou, W., 2010, March. Privacy-preserving public auditing for
data storage security in cloud computing. In Infocom, 2010 proceedings ieee (pp. 1-9). Ieee.
Whitman, M.E., Townsend, A.M. and Aalberts, R.J., 2001. Information systems security and the
need for policy. In Information security management: Global challenges in the new millennium
(pp. 9-18). IGI Global.
1 out of 10
Related Documents
Your All-in-One AI-Powered Toolkit for Academic Success.
+13062052269
info@desklib.com
Available 24*7 on WhatsApp / Email
![[object Object]](/_next/static/media/star-bottom.7253800d.svg)
Unlock your academic potential
© 2024 | Zucol Services PVT LTD | All rights reserved.