ISY3006: Security Policy for University of Southern Queensland
VerifiedAdded on 2022/10/10
|10
|2776
|284
Report
AI Summary
This report develops a basic security policy for the University of Southern Queensland (excluding banking/mortgage) as per ISY3006 Information Security assessment guidelines. It identifies the university's information as a critical asset and outlines policies to protect it, defining responsibilities for information handling and processing. The report categorizes information availability levels (open, private, confidential) and emphasizes maintaining data integrity. It addresses key threats like social engineering, malware, and lack of security awareness, proposing measures to mitigate these risks. The policy includes rules for system administration, usage regulations, and assigns responsibilities to various stakeholders, including information owners, system administrators, and security officers. Breaches of security controls must be reported and examined by the security officer. The document also touches on data protection, information freedom, IT facility utilization, computer system examination, mobile device usage, and record retention policies, offering a comprehensive approach to information security at the university. Access solved assignments and past papers on Desklib.
Running head: INFORMATION SECURITY
INFORMATION SECURITY
Name of the Student
Name of the Organization
Author Note
INFORMATION SECURITY
Name of the Student
Name of the Organization
Author Note
Paraphrase This Document
Need a fresh take? Get an instant paraphrase of this document with our AI Paraphraser
1INFORMATION SECURITY
Answer to Question (a)
Information is considered to be an important asset of the university and this
particularly because of the fact that within a university which is basically an organization
driven by the knowledge where various information relates to teaching, research,
management as well as administration. The organization which has been selected is
University of Southern Queensland This particular policy which will be developed will be
hugely concerned regarding all the various information which are held by the University of
Southern Queensland and utilised by all the members of it within their respective official
capabilities like the students and the staffs. The policy will be particularly defining all the
various responsibilities of each and every person with respect to the particular kind of
utilisation of information and all the processing systems of the information (Collins, 2016).
All the various members of the University of Southern Queensland are greatly held
responsible for all the information handled by all of them. Failing towards complying with
this particular policy will be directly resulting in actions which will be disciplinary.
Policy
Information must be well protected in a specific line with all the various laws which will
be greatly relevant and the policies of the University of Southern Queensland, mainly all
those which will be directly related to the protection of data and the information freedom.
Information must be made totally available for all of those who have been legitimating
requirement for it.
Information must be well categorised as the proper availability level involving the open,
private and the most confidential one.
The particular integrity of information must be well maintained and information must be
proper, constant and totally complete with all other kinds of information.
Answer to Question (a)
Information is considered to be an important asset of the university and this
particularly because of the fact that within a university which is basically an organization
driven by the knowledge where various information relates to teaching, research,
management as well as administration. The organization which has been selected is
University of Southern Queensland This particular policy which will be developed will be
hugely concerned regarding all the various information which are held by the University of
Southern Queensland and utilised by all the members of it within their respective official
capabilities like the students and the staffs. The policy will be particularly defining all the
various responsibilities of each and every person with respect to the particular kind of
utilisation of information and all the processing systems of the information (Collins, 2016).
All the various members of the University of Southern Queensland are greatly held
responsible for all the information handled by all of them. Failing towards complying with
this particular policy will be directly resulting in actions which will be disciplinary.
Policy
Information must be well protected in a specific line with all the various laws which will
be greatly relevant and the policies of the University of Southern Queensland, mainly all
those which will be directly related to the protection of data and the information freedom.
Information must be made totally available for all of those who have been legitimating
requirement for it.
Information must be well categorised as the proper availability level involving the open,
private and the most confidential one.
The particular integrity of information must be well maintained and information must be
proper, constant and totally complete with all other kinds of information.
2INFORMATION SECURITY
All the various University members who will be possessing the access to all the specific
information must be hugely responsible towards handling it properly as per the
classification will be done.
The staffs of the University of Southern Queensland must be entirely held responsible for
making sure that proper processes as well as systems are utilised for processing.
Information must be well protected against any kind of access which will be totally
unauthorised.
There must be the production of agreements of service level and that must be well tested
for making sure that all various important services of information are made totally
available within all the levels of service which have been well defined (Bojanc and
Jerman-Blažič 2013).
The particular compliance with this particular kind of policy will be considered to be
compulsory for all the associated members of the university which have been utilising the
information of the University of Southern Queensland. All the various kinds of breaches
of the security controls of information must be properly reported to and must be properly
examined by the security officer of security.
There is also another policy as well which must be maintained in the conjunction with all
the security policies of the University of Southern Queensland which will be related to the
utilisation of information. This policy will be involving:
Policy for the protection of data
Policy for the information freedom
Regulations for the utilisation of the facilities of IT at the university
Policy for the proper examination of the various computers or systems within the
university.
Policy upon the utilisation of systems and devices of mobile
All the various University members who will be possessing the access to all the specific
information must be hugely responsible towards handling it properly as per the
classification will be done.
The staffs of the University of Southern Queensland must be entirely held responsible for
making sure that proper processes as well as systems are utilised for processing.
Information must be well protected against any kind of access which will be totally
unauthorised.
There must be the production of agreements of service level and that must be well tested
for making sure that all various important services of information are made totally
available within all the levels of service which have been well defined (Bojanc and
Jerman-Blažič 2013).
The particular compliance with this particular kind of policy will be considered to be
compulsory for all the associated members of the university which have been utilising the
information of the University of Southern Queensland. All the various kinds of breaches
of the security controls of information must be properly reported to and must be properly
examined by the security officer of security.
There is also another policy as well which must be maintained in the conjunction with all
the security policies of the University of Southern Queensland which will be related to the
utilisation of information. This policy will be involving:
Policy for the protection of data
Policy for the information freedom
Regulations for the utilisation of the facilities of IT at the university
Policy for the proper examination of the various computers or systems within the
university.
Policy upon the utilisation of systems and devices of mobile
⊘ This is a preview!⊘
Do you want full access?
Subscribe today to unlock all pages.
Trusted by 1+ million students worldwide
3INFORMATION SECURITY
Retention policy for the various records
All the various stakeholders of the University of Southern Queensland who are
entirely held responsible for the security of the information will be involving owners of
information, administrators of the systems, and services staff for computing, officer for the
information security, security manager for the information of faculty, controller of the data
and the manager of the records of the university (AlHogail and Mirza 2014).
Owners of the information
A number of members of the University of Southern Queensland will be possessing
with the responsibility for maintaining integrity as well as the availability of the information
involving the Heads of the departments, admins of the various departments, IT supporting
staffs of the department, managers of the systems and the managers of the project (Crossler et
al. 2013).
Administrators of the systems
The administrators of the systems of computer will be entirely held responsible for
making sure that all the various systems of the computer are being managed in an efficient
manner for ensuring both information availability as well as integrity (Safa, Von Solms and
Furnell 2016).
Staffs for the services of computing
The particular director of the services of computing will possessing with the greater
responsibility for making sure that the delivery of the various objectives of the policy with
that of that of the university will be proper. Various staffs in the department of the computer
service are greatly held responsible for making sure that the operation of the IT infrastructure
of the university will be entirely consistent with that of the various policy demands.
Retention policy for the various records
All the various stakeholders of the University of Southern Queensland who are
entirely held responsible for the security of the information will be involving owners of
information, administrators of the systems, and services staff for computing, officer for the
information security, security manager for the information of faculty, controller of the data
and the manager of the records of the university (AlHogail and Mirza 2014).
Owners of the information
A number of members of the University of Southern Queensland will be possessing
with the responsibility for maintaining integrity as well as the availability of the information
involving the Heads of the departments, admins of the various departments, IT supporting
staffs of the department, managers of the systems and the managers of the project (Crossler et
al. 2013).
Administrators of the systems
The administrators of the systems of computer will be entirely held responsible for
making sure that all the various systems of the computer are being managed in an efficient
manner for ensuring both information availability as well as integrity (Safa, Von Solms and
Furnell 2016).
Staffs for the services of computing
The particular director of the services of computing will possessing with the greater
responsibility for making sure that the delivery of the various objectives of the policy with
that of that of the university will be proper. Various staffs in the department of the computer
service are greatly held responsible for making sure that the operation of the IT infrastructure
of the university will be entirely consistent with that of the various policy demands.
Paraphrase This Document
Need a fresh take? Get an instant paraphrase of this document with our AI Paraphraser
4INFORMATION SECURITY
Security officer of the information
The security officer of the information is greatly held responsible for particularly
examining all the various breaches of the policy which may be suspected (Joshi and Singh
2017). The officer is also capable of providing support in offering advice to all the various
departments of the University of Southern Queensland.
Security manager of the information of faculty
All the various managers of security of the faculty information are greatly held
responsible for properly implementing the entire policy within all the various faculties.
Controller of data
The controller of data will be capable of bearing with the legal responsibility for
making sure that the University of Southern Queensland is meeting all the responsibilities
which will be legal for the security of information. As the act of the Data Protection, the
university has been considered to be the designated controller of the data (B. Kim 2014).
Records manager of the university
The Records Manager of the University of Southern Queensland is known to be
greatly responsible for the proper management of the centre of records. This particular center
is known for offering a storage which will be medium termed for a wide range of various
records of the university (Cárdenas, Manadhata and Rajan 2013). Such kinds of records are
not at all needed within the departments but may be required in some specific occasions or
rather be retained for certain kinds of reasons which will be totally legal. The center of
records will be informing each of the departments whenever any of the records will be
remaining due for certain kinds of reviews or rather destruction and will even be making a
number of recommendations as to their specific disposal.
Security officer of the information
The security officer of the information is greatly held responsible for particularly
examining all the various breaches of the policy which may be suspected (Joshi and Singh
2017). The officer is also capable of providing support in offering advice to all the various
departments of the University of Southern Queensland.
Security manager of the information of faculty
All the various managers of security of the faculty information are greatly held
responsible for properly implementing the entire policy within all the various faculties.
Controller of data
The controller of data will be capable of bearing with the legal responsibility for
making sure that the University of Southern Queensland is meeting all the responsibilities
which will be legal for the security of information. As the act of the Data Protection, the
university has been considered to be the designated controller of the data (B. Kim 2014).
Records manager of the university
The Records Manager of the University of Southern Queensland is known to be
greatly responsible for the proper management of the centre of records. This particular center
is known for offering a storage which will be medium termed for a wide range of various
records of the university (Cárdenas, Manadhata and Rajan 2013). Such kinds of records are
not at all needed within the departments but may be required in some specific occasions or
rather be retained for certain kinds of reasons which will be totally legal. The center of
records will be informing each of the departments whenever any of the records will be
remaining due for certain kinds of reviews or rather destruction and will even be making a
number of recommendations as to their specific disposal.
5INFORMATION SECURITY
Answer to Question (b)
With the growing issue of cyber security, the creation of a kind of secure environment
for offering education has become a huge priority for the University of Southern Queensland.
The top three threats which have been observed to greatly face by the university are the social
engineering, ransomware and the huge lack of awareness of various accidents.
Social engineering: A number of various cyber criminals who well knows about various
techniques of intrusion possess a life of shelf, They have greatly turned towards all the
various methods that are reliable as well as non-technical like that of social engineering
which is known to be greatly relying upon the particular kind of social interactions as well as
manipulation which will be fully psychological for gaining a huge access towards any kind of
data which will be highly confidential (Kolkowska and Dhillon 2013). This particular form of
the intrusion is considered to be both effective as well as totally unpredictable.
Malware: Various experts of security have been able to observe a lot of risk in the security of
the mobile device since all the earlier levels of the internet connectivity. The minimal foul of
mobile is known to be playing a great role among the huge list of all the various recent kinds
of attacks possess a number of various users much lesser as concerned rather the they must
be. By particularly considering the reliance of the culture which is unbreakable on the various
cell phones and regarding how all the various smaller cybercriminals have totally targeted all
of them, it may be greatly creating a kind of threat which will be catastrophic (Van Tilborg
and Jajodia 2014).
Lack of awareness: It has been observed that there has been a great neglect in the appropriate
configuration and the software of security is even outdated. It has also been noticed that there
is a huge lack of both encryption as well as technology of security. All the various new tools
have come up with the capability of properly customizing for fitting with all the various
Answer to Question (b)
With the growing issue of cyber security, the creation of a kind of secure environment
for offering education has become a huge priority for the University of Southern Queensland.
The top three threats which have been observed to greatly face by the university are the social
engineering, ransomware and the huge lack of awareness of various accidents.
Social engineering: A number of various cyber criminals who well knows about various
techniques of intrusion possess a life of shelf, They have greatly turned towards all the
various methods that are reliable as well as non-technical like that of social engineering
which is known to be greatly relying upon the particular kind of social interactions as well as
manipulation which will be fully psychological for gaining a huge access towards any kind of
data which will be highly confidential (Kolkowska and Dhillon 2013). This particular form of
the intrusion is considered to be both effective as well as totally unpredictable.
Malware: Various experts of security have been able to observe a lot of risk in the security of
the mobile device since all the earlier levels of the internet connectivity. The minimal foul of
mobile is known to be playing a great role among the huge list of all the various recent kinds
of attacks possess a number of various users much lesser as concerned rather the they must
be. By particularly considering the reliance of the culture which is unbreakable on the various
cell phones and regarding how all the various smaller cybercriminals have totally targeted all
of them, it may be greatly creating a kind of threat which will be catastrophic (Van Tilborg
and Jajodia 2014).
Lack of awareness: It has been observed that there has been a great neglect in the appropriate
configuration and the software of security is even outdated. It has also been noticed that there
is a huge lack of both encryption as well as technology of security. All the various new tools
have come up with the capability of properly customizing for fitting with all the various
⊘ This is a preview!⊘
Do you want full access?
Subscribe today to unlock all pages.
Trusted by 1+ million students worldwide
6INFORMATION SECURITY
requirements of the university (Siponen, Mahmood and Pahnila 2014). The University of
Southern Queensland may be neglecting the great importance of the appropriate configuring
of the settings of security. There may also a kind of data breach which may be resulting from
enabling only one of the various functionalities which will be critical required for the total
protection of the information of the organization. It may also happen that the security
software may be totally outdated and that must be requiring a security software as a specific
step for defending against all the various threats which will be well known. Software is
known to be actually developed for defending against all the various threats (Parsons et al.
2017). This will be actually meaning that any kind of code which will be malicious may be
directly hitting the version of the software of security which will be totally outdated and this
may be going totally undetected. It is to be also known that if the University of Southern
Queensland is distributing phones or not, any kind of confidential data may be still accessed
on all the various devices which will be personal. Hugely investing in the software which
possess with the capability of monitoring the network’s security has greatly become an
increasing trend and the software is actually designed for sending various alerts whenever
any kinds of attempts of intrusion will be occurring. Hence, inadequate security of the
technology may be greatly effecting the security of the organization.
Above are all the various kinds of threats of the University of Southern Queensland
that must be managed for maintaining the security of the organization. The policy will be
helping a lot handling all of these various kinds of threats in a proper manner. There are a
number of various rules as well as regulations under the policy of the University of Southern
Queensland (Lin et al. 2013). Each and every systems which are linked to the network of the
university must be greatly subjecting towards the administration of the system which is
formal. The university has been well possessing a number of various regulations which will
be highly formal covering all the uses as well as the misuses of the various facilities of
requirements of the university (Siponen, Mahmood and Pahnila 2014). The University of
Southern Queensland may be neglecting the great importance of the appropriate configuring
of the settings of security. There may also a kind of data breach which may be resulting from
enabling only one of the various functionalities which will be critical required for the total
protection of the information of the organization. It may also happen that the security
software may be totally outdated and that must be requiring a security software as a specific
step for defending against all the various threats which will be well known. Software is
known to be actually developed for defending against all the various threats (Parsons et al.
2017). This will be actually meaning that any kind of code which will be malicious may be
directly hitting the version of the software of security which will be totally outdated and this
may be going totally undetected. It is to be also known that if the University of Southern
Queensland is distributing phones or not, any kind of confidential data may be still accessed
on all the various devices which will be personal. Hugely investing in the software which
possess with the capability of monitoring the network’s security has greatly become an
increasing trend and the software is actually designed for sending various alerts whenever
any kinds of attempts of intrusion will be occurring. Hence, inadequate security of the
technology may be greatly effecting the security of the organization.
Above are all the various kinds of threats of the University of Southern Queensland
that must be managed for maintaining the security of the organization. The policy will be
helping a lot handling all of these various kinds of threats in a proper manner. There are a
number of various rules as well as regulations under the policy of the University of Southern
Queensland (Lin et al. 2013). Each and every systems which are linked to the network of the
university must be greatly subjecting towards the administration of the system which is
formal. The university has been well possessing a number of various regulations which will
be highly formal covering all the uses as well as the misuses of the various facilities of
Paraphrase This Document
Need a fresh take? Get an instant paraphrase of this document with our AI Paraphraser
7INFORMATION SECURITY
computing. Such regulations which are formal are to be applied to all the various
administered systems of all the various departments. In the particular case of all the linked
computers, the head of the departments will be held responsible as they will be possessing all
the various delegate powers and responsibilities (Tsohou, Karyda and Kokolakis 2015). All
the various responsibilities for both the administration as well as the system’s security must
be entirely assigned to the staff’s permanent member which will be totally trained and will be
also be competent technically. This particular role is known to be the administrator of the
system. All the various members of the University of Southern Queensland who will be
assigned for the particular function of the administrator of the system must possess enough
time for maintaining the levels of security on all the various computers under control. The
policy will be allowing for various arrangements for ensuring proper update of the various
applications for maintaining security whenever there will be required. All the various policies
for the protection or safeguarding the information of the University of Southern Queensland
will be helping a lot in securing various information assets of the university.
It is to be well remembered that there may be a number of various threats as well as
risks which may be associated with the university and for all of these the security policy will
be helping a lot in providing protection from all of them. All the various stakeholders who
have been allocated with their respective tasks must be operating properly for ensuring
security of entire University of Southern Queensland. The policy will be definitely helping
the university a lot in providing a safeguard from various kinds of attacks as well as threats to
the university. All of the members of the university must be following all of the policies for
the betterment of the university.
computing. Such regulations which are formal are to be applied to all the various
administered systems of all the various departments. In the particular case of all the linked
computers, the head of the departments will be held responsible as they will be possessing all
the various delegate powers and responsibilities (Tsohou, Karyda and Kokolakis 2015). All
the various responsibilities for both the administration as well as the system’s security must
be entirely assigned to the staff’s permanent member which will be totally trained and will be
also be competent technically. This particular role is known to be the administrator of the
system. All the various members of the University of Southern Queensland who will be
assigned for the particular function of the administrator of the system must possess enough
time for maintaining the levels of security on all the various computers under control. The
policy will be allowing for various arrangements for ensuring proper update of the various
applications for maintaining security whenever there will be required. All the various policies
for the protection or safeguarding the information of the University of Southern Queensland
will be helping a lot in securing various information assets of the university.
It is to be well remembered that there may be a number of various threats as well as
risks which may be associated with the university and for all of these the security policy will
be helping a lot in providing protection from all of them. All the various stakeholders who
have been allocated with their respective tasks must be operating properly for ensuring
security of entire University of Southern Queensland. The policy will be definitely helping
the university a lot in providing a safeguard from various kinds of attacks as well as threats to
the university. All of the members of the university must be following all of the policies for
the betterment of the university.
8INFORMATION SECURITY
References
AlHogail, A. and Mirza, A., 2014, January. Information security culture: a definition and a
literature review. In 2014 World Congress on Computer Applications and Information
Systems (WCCAIS) (pp. 1-7). IEEE.
B. Kim, E., 2014. Recommendations for information security awareness training for college
students. Information Management & Computer Security, 22(1), pp.115-126.
Bojanc, R. and Jerman-Blažič, B., 2013. A quantitative model for information-security risk
management. Engineering management journal, 25(2), pp.25-37.
Cárdenas, A.A., Manadhata, P.K. and Rajan, S.P., 2013. Big data analytics for security. IEEE
Security & Privacy, 11(6), pp.74-76.
Collins, A. ed., 2016. Contemporary security studies. Oxford university press.
Crossler, R.E., Johnston, A.C., Lowry, P.B., Hu, Q., Warkentin, M. and Baskerville, R.,
2013. Future directions for behavioral information security research. computers & security,
32, pp.90-101.
Joshi, C. and Singh, U.K., 2017. Information security risks management framework–A step
towards mitigating security risks in university network. Journal of Information Security and
Applications, 35, pp.128-137.
Kolkowska, E. and Dhillon, G., 2013. Organizational power and information security rule
compliance. Computers & Security, 33, pp.3-11.
References
AlHogail, A. and Mirza, A., 2014, January. Information security culture: a definition and a
literature review. In 2014 World Congress on Computer Applications and Information
Systems (WCCAIS) (pp. 1-7). IEEE.
B. Kim, E., 2014. Recommendations for information security awareness training for college
students. Information Management & Computer Security, 22(1), pp.115-126.
Bojanc, R. and Jerman-Blažič, B., 2013. A quantitative model for information-security risk
management. Engineering management journal, 25(2), pp.25-37.
Cárdenas, A.A., Manadhata, P.K. and Rajan, S.P., 2013. Big data analytics for security. IEEE
Security & Privacy, 11(6), pp.74-76.
Collins, A. ed., 2016. Contemporary security studies. Oxford university press.
Crossler, R.E., Johnston, A.C., Lowry, P.B., Hu, Q., Warkentin, M. and Baskerville, R.,
2013. Future directions for behavioral information security research. computers & security,
32, pp.90-101.
Joshi, C. and Singh, U.K., 2017. Information security risks management framework–A step
towards mitigating security risks in university network. Journal of Information Security and
Applications, 35, pp.128-137.
Kolkowska, E. and Dhillon, G., 2013. Organizational power and information security rule
compliance. Computers & Security, 33, pp.3-11.
⊘ This is a preview!⊘
Do you want full access?
Subscribe today to unlock all pages.
Trusted by 1+ million students worldwide
9INFORMATION SECURITY
Lin, C., Su, W.B., Meng, K., Liu, Q. and Liu, W.D., 2013. Cloud computing security:
architecture, mechanism and modeling. Chinese journal of computers, 36(9), pp.1765-1784.
Parsons, K., Calic, D., Pattinson, M., Butavicius, M., McCormac, A. and Zwaans, T., 2017.
The human aspects of information security questionnaire (HAIS-Q): two further validation
studies. Computers & Security, 66, pp.40-51.
Safa, N.S., Von Solms, R. and Furnell, S., 2016. Information security policy compliance
model in organizations. computers & security, 56, pp.70-82.
Siponen, M., Mahmood, M.A. and Pahnila, S., 2014. Employees’ adherence to information
security policies: An exploratory field study. Information & management, 51(2), pp.217-224.
Tsohou, A., Karyda, M. and Kokolakis, S., 2015. Analyzing the role of cognitive and cultural
biases in the internalization of information security policies: Recommendations for
information security awareness programs. Computers & security, 52, pp.128-141.
Van Tilborg, H.C. and Jajodia, S. eds., 2014. Encyclopedia of cryptography and security.
Springer Science & Business Media.
Lin, C., Su, W.B., Meng, K., Liu, Q. and Liu, W.D., 2013. Cloud computing security:
architecture, mechanism and modeling. Chinese journal of computers, 36(9), pp.1765-1784.
Parsons, K., Calic, D., Pattinson, M., Butavicius, M., McCormac, A. and Zwaans, T., 2017.
The human aspects of information security questionnaire (HAIS-Q): two further validation
studies. Computers & Security, 66, pp.40-51.
Safa, N.S., Von Solms, R. and Furnell, S., 2016. Information security policy compliance
model in organizations. computers & security, 56, pp.70-82.
Siponen, M., Mahmood, M.A. and Pahnila, S., 2014. Employees’ adherence to information
security policies: An exploratory field study. Information & management, 51(2), pp.217-224.
Tsohou, A., Karyda, M. and Kokolakis, S., 2015. Analyzing the role of cognitive and cultural
biases in the internalization of information security policies: Recommendations for
information security awareness programs. Computers & security, 52, pp.128-141.
Van Tilborg, H.C. and Jajodia, S. eds., 2014. Encyclopedia of cryptography and security.
Springer Science & Business Media.
1 out of 10
Related Documents
Your All-in-One AI-Powered Toolkit for Academic Success.
+13062052269
info@desklib.com
Available 24*7 on WhatsApp / Email
![[object Object]](/_next/static/media/star-bottom.7253800d.svg)
Unlock your academic potential
Copyright © 2020–2026 A2Z Services. All Rights Reserved. Developed and managed by ZUCOL.