Power AI: Risk Assessment and Information Security Management Report

Verified

Added on 2021/01/02

AI Summary

This report provides a comprehensive risk assessment and information security analysis for Power AI, an organization developing AI systems. The report is divided into two parts: Part A focuses on the benefits of a security management plan, development of security policies, defining the security management program, roles and responsibilities within the program, and identification of relevant models and methods, along with legal and statutory laws. Part B delves into the risk assessment process, including asset identification (people, processes, hardware, and software), threat and vulnerability identification, prioritization, and control measures. The report highlights the importance of protecting Power AI's intellectual property and provides recommendations for mitigating risks, such as registering intellectual property rights and implementing robust security measures. The report emphasizes the benefits of risk management, including the protection of software, source code and end products and supporting informed decision-making within the organization. The analysis includes an overview of the company's assets, identified threats and vulnerabilities, and suggested control measures to safeguard against internal and external risks.

Contribute Materials

Your contribution can guide someone’s learning journey. Share your documents today.

Risk assessment and
Information security system

Secure Best Marks with AI Grader

Need help grading? Try our AI Grader for instant feedback on your assignments.

TABLE OF CONTENTS
INTRODUCTION...........................................................................................................................3
Purpose...................................................................................................................................3
Report structure......................................................................................................................3
PART A...........................................................................................................................................3
EXECUTIVE SUMMARY.............................................................................................................3
Benefits of security management plan...................................................................................4
Development of security policy and management plan........................................................4
Defining the security management program.........................................................................5
Roles of several groups or the individual...............................................................................5
Identifying the models and the methods.................................................................................6
Legal and statutory laws.........................................................................................................6
PART B............................................................................................................................................6
Risk Assessment and Management..................................................................................................6
1 Presenting the process of risk assessment...........................................................................6
2 Benefits of risk management plan and their performance...................................................7
3 Identification of the asset of the PAI.................................................................................7
4 Identifications the threat and vulnerabilities of PAI...........................................................8
5 Setting out the prioritise......................................................................................................9
6 Suggestion over control measures.......................................................................................9
CONCLUSION..............................................................................................................................10
REFERENCES..............................................................................................................................11

INTRODUCTION
Power AI is the organization which develops software for business, home and industrial
use. It lays special emphasis on development of artificial intelligence systems for controlling
power use, storage and generation in different environments. This has also developed numerous
unique solutions for these stated applications.
Purpose
The objective of this report is to prepare risk management plan for protection of
intellectual property of Power AI. It is facing major security concern so in this aspect, it will
include different examples of assets through different categories people, process, software and
hardware.
Report structure
The present report is categorised in two parts as in A part, merits of security management
plan, development, roles, governance are stated. This will determine methods and models which
are relevant for security management program along with their legal requirements. The part B
will state about risk management process.
PART A
EXECUTIVE SUMMARY
Risk assessment is used for providing description about overall procedure of method
which determines hazards along with risk factors with high potential for causing harm. This
report will give brief description about risk and security management and governance program. It
has shown that, security management is beneficial to business especially in Power AI.
Simultaneously, it has shown development of security policy and security management program
is determination of assets of organization followed through development, implementation and
documentation of policies and process to protect these assets. The models and methods for
developing SM program for PAI are Securing the software development and encryption and the
key management. It has reflected functions, task, roles and responsibilities for security
management program (Al-hashimi and et.al., 2018). Further, it has evaluated about implications
of legal and statutory requirements such as appropriate registrations of copyright, patents in
systematic and timely manner. However, in risk management it has identified risk and process

for solution an recommendation to cost benefit analysis. Thus, application in PAI would enabling
for controlling the corporate IT systems, network, use of information by specifying user’s
function and accessibility.
Benefits of security management plan
It leads to operative effectively along with availability of information as per requirement.
This serves the interest of the business and strikes balance among security measures and value of
the information. It provides competitors significant cost advantage for development of similar
products and makes availability to society or market for attaining defined objectives. The
inappropriate information supply is main reason for substandard product and services. Apart
from this, it will offer added value for an particular information system and contributes for
continuity of Power AI and helps for attaining objectives. It leads to appropriately aligning
objectives and to manage security issues.
Generally, it aims for meeting security requirements along with other external
requirements further to legislation, contracts and externally imposed policies. This will give
basic level of security, independent of external requirements as it is essential for maintaining the
uninterrupted operation of the the Power AI.
Development of security policy and management plan
Security policies are very important for business perspective as it helps in securing
organization with different attack. In this aspect, there must be application of major points which
are identifying risk, observe and learn from others, ensuring that policy is confirmed to legal
requirements, security and risk level must be equal, inclusion of staff for policy development,
training employees, written consent, setting clear penalties and enforcing, upgrading staff and
installing tools as per need (Ayoubi and et.al., 2018). In Power AI, there will be implication of
copyright the information with context to security. Further, security management plan is very
important as it determines assets of organization with people, hardware, software and process.
This is followed through development, implementation, documentation of procedures and
policies for purpose of protecting the assets.

Secure Best Marks with AI Grader

Need help grading? Try our AI Grader for instant feedback on your assignments.

Defining the security management program
Security management program needs the various role and the responsibilities for functioning the
task of the AI company smoothly and efficiently. The following roles and the responsibilities
included in this program are-
Chief officer- He is responsible for development the adoption of the security plan for
delivering the information. Chief officer has the power of assigning the responsibilities to the
security officer of information and the security architect. He will be identifying and builds the
strategic decisions on the basis of the risk acceptance and the information risk.
Information officer- As the responsibility designated by the chief officer, he is
responsible for maintaining, educating and building the campus on security plan. He has the
power to facilitate for compliance of the plan of PAI company by creating collaborative
relationships with the administrative and the academic officials, in consideration with the
structure of campus governance and complying the policy strategies.
Data proprietor- He is the person who is responsible in over-sighting the data or in
computing the system with the access to the protected data. The foremost responsibility of this
person is to determine the function and the purpose of the data resource (Roles and
responsibilities of directors and boards, 2018). By this the AI company could be able to save its
power energy as he identifies for the electronic information within the areas under which they
are been controlled.
Data custodian- He acts as the technical partners who has the responsibility for executing
the data system and the technical management of the data resources as it has been instructed by
the data proprietor.
Roles of several groups or the individual
The board of the AI company plays a major role in its overall governance in terms of the
strategic and the management direction and in delivering the accountable performance of the
corporate as per the goals and the objectives of the organization. An individual must perform its
functions as a quality leader within the firm is one of the main governance role of the individual.
He is been accountable or responsible for all the decisions as he possesses the power of making
the decisions on behalf of the AI company. The role of the group of board of directors under the
governance of the PAI includes setting the structure, strategies, vision, values and the mission for
the firm so that smooth functioning can be ascertained in the business (Roles and

Responsibilities, 2018). All the delegations and assignments are to be made by the directors
adequately so that task can be performed effectively which in turn leads to achievement of goal
with excellence.
Identifying the models and the methods
There are several ways or the methods for developing the security management program are-
Securing the software development- Maintaining the life-cycle for the software development
enables the AI company in establishing the framework that will be defining the performance of
each task in the development process.
Encryption and the key management- This helps the organization in building the program that
focuses on eliminating the irrelevant risk that exist in the organization. It will generate strong
keys and ensure for the key distribution securely.
PAI can ensure security of software, algorithms and software technology by considering
information security standard namely ISO/IEC 27002. Moreover, such code of practice provides
high level of assistance in preventing unauthorized access of users. Thus, using this PAI would
become able to control corporate IT systems, network, application as well as information by
specifying user’s role and access.
Legal and statutory laws
The legal and statutory required for protection of the software, hardware and trade
secreted the company must get all the relevant information protected under intellectual property
act 2014. As per the provision of this act PAI can the exclusive intellectual property right as
registration of trade secrete of its information and copyrights on end products and software. The
registering the rights over these intellectual property a protection is given and it stops people
stealing and copying the name of the software's, inventions, designing and look of end products
and the information that PAI writes, make or produce.
PART B
Risk Assessment and Management
1 Presenting the process of risk assessment
The process of risk assessment start with identification of the risk for PAI the prevailing
risk is related with its intellectual property. Its includes the risk associate with its algorithm,

completed products regrading loss or illegal use of these (Wang and et.al., 2018). Second step
include the risk analysis, for PAI the probability of risk and impact is evaluated as cost
advantage to the competitors and losing information to the rivals. With this comes the third
stage where the risk triggers are identified warning singes for software, hardware and assets is
identified. For the risk associated with software is loss of information and for hardware coy of
the product. With this comes the step of risk resolution idea where actions for threats are indicted
for prevention of the threats and for PAI it is the prevention is related to get a exclusive right
over its software, hardware and assets (Park and Huh, 2018). In the step 5 the action plan for risk
resolution is developed where potential action that can be taken by PAI are identifies. This
includes registration of the intellectual property rights as the trade secretes and copyright of its
information, codes and software. With this comes that last stage of risk assessment of
responsibilities and accountability where the owner of the firm is assessed for each risk. Here the
each of the key employee of various department is assigned to carry out the risk resolution and
identification of threat.
2 Benefits of risk management plan and their performance
Detection of risk:
One of the most important benefits or risks assessment for PAI is that it can protect its
software, information, source code and the end product from getting into hand of competitors
as well in wrong hands (McClintock and Stathakopoulosm, 2019).
Assist in decision making.
Risk management practices let to see where projects need attention, and which projects
these are and asst the management of PAI to take decisions in this regard to mitigate the risk and
take controlling measures.
3 Identification of the asset of the PAI
The assets of the company are dived into 4 sections namely, people, process, hardware and
software. These includes:
Particular Description
People The key important personnel of PAI are the 3
employee from senior management, the IT
manager, finance manager, the sales manager

Paraphrase This Document

Need a fresh take? Get an instant paraphrase of this document with our AI Paraphraser

and the business owner, the IT service
employee and the clouds service provider.
Process The importance process of the PAI includes
designing and development, testing and
implementation of the product (Gottwalt and
et.al., 2018). Out of this the most importance
development process are related with algorithm
development and the sales system where the
final product is ported through the cloud
application.
Hardware The hardware of the company PAI includes the
computers, laptop and other electronic
devices. It also includes the AI engines
Software: :
the main operation of the company
PAI is development of the software and
artificial intelligent system.
4 Identifications the threat and vulnerabilities of PAI
Threats: Detail
Internal: The internal threat to PAI includes unethical
conduct of the employees where they can leak
the information to the competitors and a
technical error can leas exposure of important
information to outsiders.
External: Threats to the PAI includes the competitors
getting access to the information, copying of
the hardware of the company and getting
access to the source code (Dingsøyr, Røyrvik

and Djarraya, 2019).
Deliberately: To the PAI this includes an intentional act by
any of the employee to leak or provide
significant information of the company to the
rival and competitors.
Accidental: For the PAI threat are present by chance with
or with our mistake of a person which includes
a technical error and mishandling of the
information.
Vulnerabilities
For PAI are the one which increase the susceptibility of occurrence of hazard due to physical,
economical, social and environmental factors (Insua and et.al., 2018).
This includes the changing structure of the company and importance given to certain specified
employee which can lead to leak the information and software by other employees.
The IT application under artificial intelligence development are also vulnerable to changes and
defects.
5 Setting out the prioritise
The priorities set under the risk assessment plan are:
With most risk inheritance by the PAI includes the risk related with information, source codes
and the end products which give competitors cost advantage and lead PAI to lose it market
share (Kurbanova Korableva and Kalimullina, 2018).
2. This is related with trade secrets and copyrights must be taken by PAi. Effective and timely
risk assessment must be conducted to mitigate the changes of risk, thereat and vulnerabilities
with in PAI.
6 Suggestion over control measures
TYPE Description

Cost Benefit Analysis:
Cost benefit analysis is a significant element in
the selection of appropriate loss prevention and
control measures. This process can be used by
PAI for weighing the expected costs against
the expected benefit of one or more actions in
order to choose the most appropriate option.
The elements of the cost/benefit analysis
inclines selection of controls based on their
applicability to the mission or goal of a
particular project or enterprise and addressing
the financial and subjective considerations.
Registration of copyrights For an effective measure to control all the
rights must be registered under the Intellectual
property rights act 2014 (Laporte and et.al.,
2018). it is also suggested to take a risk
assessment in every 15 days or month wise
and randomly as well to see the presence of a
risk, threat or vulnerability win PAI.
CONCLUSION
From the above report it can be concluded that for protection of the intellectual property
rights of the company PIA the SSS have developed a security policies and security management
plan. In this regard a plan have been developed with presenting benefits of the same to, the
company for protection of its assets. In the seconds part of the report risk assessment and
management is defined where the process for assessing the risk is outlined. Assets, threats and
vulnerabilities of PAI have been identified under various categories. With this priorities have
been set where more preference must be given to protect the assets of the company, with
suggesting them the controlling measures to mitigate the risk.

Secure Best Marks with AI Grader

Need help grading? Try our AI Grader for instant feedback on your assignments.

REFERENCES
Books and Journals
Al-hashimi, M. and et.al., 2018. INFORMATION SECURITY GOVERNANCE
FRAMEWORKS IN CLOUD COMPUTING AN OVERVIEW. Journal of Advanced
Computer Science and Technology Research. 8(2). pp.67-81.
Ayoubi, S. and et.al., 2018. Machine learning for cognitive network management. IEEE
Communications Magazine. 56(1). pp.158-165.
Dingsøyr, T., Røyrvik, E. and Djarraya, H. K., 2019. Practical knowledge management tool use
in a software consulting company. arXiv preprint arXiv:1903.01889.
Gottwalt, J. and et.al., 2018. Designing a Web-Based Application for Process-Oriented Risk
Management of Drinking-Water Catchments According to the Water Safety Plan Appr
Insua, D. R. and et.al., 2018. A framework for risk management decisions in aviation safety at
state level. Reliability Engineering & System Safety. 179. pp.74-82.
Kurbanova, E., Korableva, O. and Kalimullina, O., 2018, January. Enhancing the effectiveness
of asset management through development of license management system on the basis of
SCCM 2012 program by microsoft company. In 20th International Conference on
Enterprise Information Systems, ICEIS 2018 (pp. 171-178). SciTePress.
Laporte, C. Y. and et.al., 2018. Applying software engineering standards in very small entities:
From startups to grownups. IEEE software. 35(1). pp.99-103.
McClintock, J. A. and Stathakopoulos, G. N., Amazon Technologies Inc, 2019. Security risk
response impact analysis. U.S. Patent Application 10/185,924.
Park, S. and Huh, J. H., 2018. Effect of Cooperation on Manufacturing IT Project Development
and Test Bed for Successful Industry 4.0 Project: Safety Management for
Security. Processes. 6(7). p.88.
Wang, X. J. and et.al., 2018. The new concept of water resources management in China:
ensuring water security in changing environment. Environment, development and
sustainability. 20(2). pp.897-909.
Online

Roles and responsibilities of directors and boards. 2018. [Online]. Available
through:<https://www.brefigroup.co.uk/directors/directors_roles_and_responsibilities.html
>
Roles and Responsibilities. 2018. [Online]. Available through:<https://security.uci.edu/security-
plan/plan-roles.html>