Smart Software Pty Ltd: Information Security Management Report

Verified

Added on 2019/10/08

AI Summary

This report provides a comprehensive analysis of information security management within Smart Software Pty Ltd. It begins by identifying ethical issues related to the mishandling of information resources by staff members, such as unauthorized computer access and violation of internet policies. The report then suggests measures to prevent unethical behavior, including establishing strong security policies and empowering employees through ethics training. It outlines the company's information assets, including electronic document and records management systems (eDRMS) and various software tools, and assesses associated InfoSec risks like social engineering and data loss. Finally, the report recommends the adoption of a cybersecurity framework to manage these risks effectively, detailing its stages of identify, protect, detect, respond, and recover, concluding that this framework will assist Smart Software Pty Ltd in maintaining its IT infrastructure from security threats.

Information Security Management
1

Paraphrase This Document

Need a fresh take? Get an instant paraphrase of this document with our AI Paraphraser

Table of Contents
Introduction......................................................................................................................................2
Main Body.......................................................................................................................................2
a) Ethical issues related to mishandling of various information resources produced at Smart
Software Pty Ltd by the staff members.......................................................................................2
b) Measures that Smart Software Pty Ltd should take to prevent its staff members from
handling information unethically.................................................................................................2
c) Information assets of Smart Software Pty Ltd.........................................................................3
d) InfoSec risks associated with these information assets...........................................................3
e) Risk management framework(s) that could be adopted to manage the InfoSec risks.............4
Conclusion.......................................................................................................................................5
References........................................................................................................................................6
2

Introduction
Information Security Management (ISM) is defined as a set or standard of practices and policies
that systematically engage in managing the sensitive data of an organisation. The key aim of
information security management is to curtail the risk and to ensure business steadiness by pro-
actively restraining the effect of a security breach (Stewart and Jürjens, 2017). The assignment
focuses on analysing the scenario of Smart Software Pty Ltd by discussing it following ethical
issues that often arise with mishandling of information resources.
Main Body
a) Ethical issues related to mishandling of various information resources produced at Smart
Software Pty Ltd by the staff members
Smart Software Pty Ltd is one of the leading software company based in Melbourne that deals in
developing customised software for Australian business clients (McCormac et al. 2017). The
company manages six different teams that have access to vast information resources that are
produced at the cited company. The staff members often engage in the mishandling of the
information resources due to ethical issues such as -
 Unauthorised access to the computers- The key ethical issue related to mishandling of
information resources is unauthorized access to the computers by the staff members of
Smart Software Pty Ltd. The staff members are restricted towards accessing the computer
or system of their senior personnel or manager as it contains crucial information and data
that does not want to get disclosed among the employees (Sauerwein et al. 2018).
 Violating company internet policies- Another ethical issue connected with mishandling
of the information resources arises when the staff members break the company internet
policies by accessing the permitted software. There are the software's within the cited
firm that is closed sourced and permitted to access by some authorities. This form of
behaviour has nothing to do with their work and lead to mishandling of information.
b) Measures that Smart Software Pty Ltd should take to prevent its staff members from handling
information unethically
In order to prevent the staff members from the handling of information unethically, it has been
assessed that Smart Software Pty Ltd. has engaged in several measures such as-
 Establish a strong security policy- The key measure focuses on establishing a strong
security policy in the cited firm so that employees or staff members do not engage in
3

handling unethical information resources (Michael, 2018). Strong security policy must
ensure on putting credentials on the computer system in the case of staff members access
any data so that management has information regarding who have accessed the data.
 Empower employees- Another measure to prevent staff members from the handling of
unethical information is related to empowering the staff. With this measures staff
basically know-how to identify and knob the activities that result in accomplishing the
ethics violations (Nagle et al. 2017). However, successful empowering of the employees
is done by implementing the ethics-training programs for all of them to increase the
efficacy of handling information ethically.
c) Information assets of Smart Software Pty Ltd
Information assets are all those substances of data on which the firm depend on to execute the
operation of its business. Along with this, information assets also comprises of key systems that
are being castoff for processing and handling of the information. It is good for the organisations
that are having masses of a database of all the clients’ information as it support in storing and
accessing the data (Mann, 2017). Through considering the case scenario of Smart Software Pty
Ltd it has been stated that it has a large repository of files and documents such as user
requirement specifications, software designs, software codes, project management documents
etc. that focuses on information asset namely eDRMS (Electronic Document and Records
Management Systems). Along with this, the company also features software engineering tools,
version control software and application packing tools for developing their products. The
selected information asset engages in holding electronic copies of all the important documents.
On the other hand, an eDRMS is measured to contain information related to the tracing of files as
well as official papers. The contents of any documents or files it holds are to be dealt with
separately (Ortmeier, 2017). Therefore, the implementation of information assets supports the
cited firm in conducting the future analysis.
d) InfoSec risks associated with these information assets
From the above assessment of the information assets, it has been stated that there is a certain
InfoSec risk that impacts the system as well as engages in the mishandling of the information
resources. The risks are as follows-
Social engineering: The key risk associated with information asset is related to social
engineering. It is an action of influencing and impelling people towards performing the
4

Paraphrase This Document

Need a fresh take? Get an instant paraphrase of this document with our AI Paraphraser

undertakings as well as exposing confidential information for malicious purposes (Hasbini et al.
2018).
Loss of data: Improper maintenance of information assets results in attaining InfoSec risks that
sometimes result in loss of data. The staff members are unable to maintain information asset as
they required huge configuration for storing and handling of data.
e) Risk management framework(s) that could be adopted to manage the InfoSec risks
In order to manage the InfoSec risks, it has been assessed that Smart Software Pty Ltd could
adopt effective risk management framework that will support the software company in managing
their information resource and maintain security while handling the mass of client data and
information. Cybersecurity framework could be adopted by the company for managing the
InfoSec risks as it comprises of standards, procedures, and best practices to overcome and
minimize the cybersecurity-related risk and issues (Stewart and Jürjens, 2017). The cybersecurity
framework mainly focuses on five stages that include identify, protect, detect, respond and
recover.
Figure 1: Cybersecurity framework
The Cybersecurity frameworks is an effective, flexible as well as cost-effective tactic that will
assist the Smart Software Pty Ltd in promoting and protecting the IT infrastructure from the
security-related risk and issues.
5

Conclusion
From the above assessment, it has been concluded that the information security system plays a
significant role in the business as it engages in determining their success as well as failure.
However, the information or data of the web-based organisations is extremely exposed towards
the risk of security due to the presence of hackers and competitors in the market.
6

References
Hasbini, M.A., Eldabi, T. and Aldallal, A., 2018. Investigating the information security
management role in smart city organisations. World Journal of Entrepreneurship, Management
and Sustainable Development, 14(1), pp.86-98.
Mann, I., 2017. Hacking the human: social engineering techniques and security
countermeasures. Routledge.
McCormac, A., Zwaans, T., Parsons, K., Calic, D., Butavicius, M. and Pattinson, M., 2017.
Individual differences and information security awareness. Computers in Human Behavior, 69,
pp.151-156
Michael, E.W., 2018. MANAGEMENT OF INFORMATION SECURITY. CENGAGE
LEARNING.
Nagle, F., Ransbotham, S. and Westerman, G., 2017. The Effects of Security Management on
Security Events. In Workshop on the Economics of Information Security (WEIS).
Ortmeier, P.J., 2017. Introduction to security. Pearson.
Sauerwein, C., Sillaber, C. and Breu, R., 2018. Shadow cyber threat intelligence and its use in
information security and risk management processes. Multikonferenz Wirtschaftsinformatik
(MKWI 2018).
Stewart, H. and Jürjens, J., 2017. Information security management and the human aspect in
organisations. Information & Computer Security, 25(5), pp.494-534.
7