Developing a Comprehensive Security Policy for PAI Software Company
VerifiedAdded on 2025/04/28
|17
|2887
|358
AI Summary
Desklib provides past papers and solved assignments. This report details a security management plan for PAI.
BIT361
SECURITY MANAGEMENT AND
GOVERNANCE
Student name:
Student id:
SECURITY MANAGEMENT AND
GOVERNANCE
Student name:
Student id:
Paraphrase This Document
Need a fresh take? Get an instant paraphrase of this document with our AI Paraphraser
Table of Contents
Executive Summary.........................................................................................................................3
Introduction......................................................................................................................................4
Discussion of benefits of a Security management plan...................................................................5
Discuss the development of a Security Policy and Security Management Plan..............................6
Description of the functions, tasks, roles and responsibilities and roles of different
individuals/groups would play in terms of governance in general..................................................7
Identify any models or methods that may be relevant for the development of a Security
Management Program......................................................................................................................8
Discuss the implications of legal and statutory requirements and the benefits your formal
approach would bring....................................................................................................................10
Conclusion.....................................................................................................................................11
Reference:......................................................................................................................................12
Appendix........................................................................................................................................13
Benefits and steps of the Risk Management plan and contingency plan...................................13
Identification of threats and vulnerabilities...............................................................................15
Identification of Assets..............................................................................................................15
1
Executive Summary.........................................................................................................................3
Introduction......................................................................................................................................4
Discussion of benefits of a Security management plan...................................................................5
Discuss the development of a Security Policy and Security Management Plan..............................6
Description of the functions, tasks, roles and responsibilities and roles of different
individuals/groups would play in terms of governance in general..................................................7
Identify any models or methods that may be relevant for the development of a Security
Management Program......................................................................................................................8
Discuss the implications of legal and statutory requirements and the benefits your formal
approach would bring....................................................................................................................10
Conclusion.....................................................................................................................................11
Reference:......................................................................................................................................12
Appendix........................................................................................................................................13
Benefits and steps of the Risk Management plan and contingency plan...................................13
Identification of threats and vulnerabilities...............................................................................15
Identification of Assets..............................................................................................................15
1
Executive Summary
Security is the major concern of every organization and is an important part of it as there is the
importance of information security in protecting the company’s legal and important information.
Developing a proper and accurate security plan is very essential and it can be developed on the
basis of the results obtained after the risk assessment plan. This report will discuss the
development of the security policies and security management plan for providing the security of
the intellectual property of the company PAI. For developing the security plan, BEVA model is
explained in this report that the company can use. Implementing a security plan would bring
benefits to the company which is also explained.
2
Security is the major concern of every organization and is an important part of it as there is the
importance of information security in protecting the company’s legal and important information.
Developing a proper and accurate security plan is very essential and it can be developed on the
basis of the results obtained after the risk assessment plan. This report will discuss the
development of the security policies and security management plan for providing the security of
the intellectual property of the company PAI. For developing the security plan, BEVA model is
explained in this report that the company can use. Implementing a security plan would bring
benefits to the company which is also explained.
2
⊘ This is a preview!⊘
Do you want full access?
Subscribe today to unlock all pages.
Trusted by 1+ million students worldwide
Introduction
PAI (Power AI) is a software-based company that develops software for businesses and
industries. The main focus of the company is on the establishment of the system based on
Artificial Intelligence for controlling the power use, generation, and storing the large pieces of
information. The location of the company is in Preston and it currently has 50 working
employees, among 25 are involved directly in the designing, developing, and testing of the
products. There are two major units of the company, development, and support; sales and others
are accounts, Human Resource, and Finance. It includes three senior manager, Finance Manager,
IT manager, and Sales manager and two other employees, HR and business owner.
But there are some security issues with the company and the big security concern is its
Intellectual Property. The development products which the IT service team develop are ported to
the sales system in an executable form which the provider of cloud application provides but in
between, the competitors illegally copy the source code and this would give them immense cost
benefit. So, this report covers the security policies made by SSS (Secure Security Service), a
consultant company that the company PAI should follow and explains the benefits of the security
management plan and its development.
3
PAI (Power AI) is a software-based company that develops software for businesses and
industries. The main focus of the company is on the establishment of the system based on
Artificial Intelligence for controlling the power use, generation, and storing the large pieces of
information. The location of the company is in Preston and it currently has 50 working
employees, among 25 are involved directly in the designing, developing, and testing of the
products. There are two major units of the company, development, and support; sales and others
are accounts, Human Resource, and Finance. It includes three senior manager, Finance Manager,
IT manager, and Sales manager and two other employees, HR and business owner.
But there are some security issues with the company and the big security concern is its
Intellectual Property. The development products which the IT service team develop are ported to
the sales system in an executable form which the provider of cloud application provides but in
between, the competitors illegally copy the source code and this would give them immense cost
benefit. So, this report covers the security policies made by SSS (Secure Security Service), a
consultant company that the company PAI should follow and explains the benefits of the security
management plan and its development.
3
Paraphrase This Document
Need a fresh take? Get an instant paraphrase of this document with our AI Paraphraser
Discussion of benefits of a Security management plan
PAI develops the software for the business use and industrial work and specifically focus on the
development of the systems that are based on the Artificial Intelligence used for the storage and
power use controlling. But there is the biggest security problem in the company which is
Intellectual Property where the competitors develop the same copies illegally. So, it is essential
for the company to implement an ICT based security management plan. The security program is
a standard set of information of the company such as its procedures, standards, policies, and
guidelines. There is an international standard called ISO 27001 that provides the requirements
and specifications to implement the security management which will help the company PAI in
managing, auditing, monitoring, and enhancing its security. Some of the benefits are (Chloe,
2018):
It will help the company to secure all kinds of information other than intellectual property
such as digital documents, company secrets, personal information, data stored on the cloud,
and other details.
It will provide a framework that is centrally managed means keep all the documents and
information of the developed system at one place in a safe manner.
It will also increase the flexibility to the cyber-crimes and attacks means data stored online
remain safe and the competitor will not be able to theft any information by performing any
cyber-attack.
Another benefit is that it will protect the availability, confidentiality, and integrity of the
information by providing a set of physical and technical procedures.
It is important to have the security policies and security management plan because firstly, it
secures the company’s intellectual properties and covers the entire company, not only the IT
department. Also, it enables all the senior management and other employees to understand the
risks and encirclement the security control as their daily practices (It governance, 2018).
4
PAI develops the software for the business use and industrial work and specifically focus on the
development of the systems that are based on the Artificial Intelligence used for the storage and
power use controlling. But there is the biggest security problem in the company which is
Intellectual Property where the competitors develop the same copies illegally. So, it is essential
for the company to implement an ICT based security management plan. The security program is
a standard set of information of the company such as its procedures, standards, policies, and
guidelines. There is an international standard called ISO 27001 that provides the requirements
and specifications to implement the security management which will help the company PAI in
managing, auditing, monitoring, and enhancing its security. Some of the benefits are (Chloe,
2018):
It will help the company to secure all kinds of information other than intellectual property
such as digital documents, company secrets, personal information, data stored on the cloud,
and other details.
It will provide a framework that is centrally managed means keep all the documents and
information of the developed system at one place in a safe manner.
It will also increase the flexibility to the cyber-crimes and attacks means data stored online
remain safe and the competitor will not be able to theft any information by performing any
cyber-attack.
Another benefit is that it will protect the availability, confidentiality, and integrity of the
information by providing a set of physical and technical procedures.
It is important to have the security policies and security management plan because firstly, it
secures the company’s intellectual properties and covers the entire company, not only the IT
department. Also, it enables all the senior management and other employees to understand the
risks and encirclement the security control as their daily practices (It governance, 2018).
4
5
⊘ This is a preview!⊘
Do you want full access?
Subscribe today to unlock all pages.
Trusted by 1+ million students worldwide
Discuss the development of a Security Policy and Security Management Plan
The term Security policy means well-distinguished, comprehensive, and clear rules, plans, and
practices that control access to the company’s system including its information. Security policy
is important for the company PAI because it not only secure the company’s intellectual
properties but also protects the company and each employee as a whole. Generally, the
development of the security policy depends on the outcomes obtained from the risk assessment
which is later discussed in the appendix section because the findings obtained from the risks
assessment plan helps in identifying the concise security requirements. These requirements will
be needed in order to:
Determine the complex system and sensitive information of the company.
Demonstrate security objectives and goals.
Integrate resident, state, and centralized laws and also the moral standards that are relevant.
Ensure that the essential mechanism for the completion of the objectives and the goals are in
accurate place (NCES, ns).
The security policy should be developed in such a manner that it creates a logical manner to the
audience. For developing the security policy for the company PAI, some necessary key points
must include such as policies should be concise means focus on consequences and expectations
by explaining the rational accurately; should use easy and simple language; and it should not be
in suggestive matter, rather it should be in ordered form (Alshaikh et al. 2015). Since the
company PAI is making and implementing the security policy throughout the company, it should
also consider some checklist points includes:
Are the findings from the risk assessment of the organization is available?
Do the security policy agreements, practices, and arrangements written for the company have
been reviewed with the other company’s policies for ensuring that company policy is on
track?
Have the senior management employees and other employees have been included in the
process of the security policy?
Are security regulations imposed at all levels of the company in an equal manner?
6
The term Security policy means well-distinguished, comprehensive, and clear rules, plans, and
practices that control access to the company’s system including its information. Security policy
is important for the company PAI because it not only secure the company’s intellectual
properties but also protects the company and each employee as a whole. Generally, the
development of the security policy depends on the outcomes obtained from the risk assessment
which is later discussed in the appendix section because the findings obtained from the risks
assessment plan helps in identifying the concise security requirements. These requirements will
be needed in order to:
Determine the complex system and sensitive information of the company.
Demonstrate security objectives and goals.
Integrate resident, state, and centralized laws and also the moral standards that are relevant.
Ensure that the essential mechanism for the completion of the objectives and the goals are in
accurate place (NCES, ns).
The security policy should be developed in such a manner that it creates a logical manner to the
audience. For developing the security policy for the company PAI, some necessary key points
must include such as policies should be concise means focus on consequences and expectations
by explaining the rational accurately; should use easy and simple language; and it should not be
in suggestive matter, rather it should be in ordered form (Alshaikh et al. 2015). Since the
company PAI is making and implementing the security policy throughout the company, it should
also consider some checklist points includes:
Are the findings from the risk assessment of the organization is available?
Do the security policy agreements, practices, and arrangements written for the company have
been reviewed with the other company’s policies for ensuring that company policy is on
track?
Have the senior management employees and other employees have been included in the
process of the security policy?
Are security regulations imposed at all levels of the company in an equal manner?
6
Paraphrase This Document
Need a fresh take? Get an instant paraphrase of this document with our AI Paraphraser
Are the outsiders of the company need to sign the agreements made for the security policy to
ensure that they are aware of their roles? (NCES, ns).
Description of the functions, tasks, roles and responsibilities and roles of
different individuals/groups would play in terms of governance in general
As the company PAI is going to implement the security management plan, there are some
functions and principles of a plan that the company should consider. The security management
plan of an organization outlines several tasks, roles, functions, and responsibilities regarding the
security arrangements. The company PAI should make the plans for security management on the
basis of the results obtained from the activities of risk management. The plan made should
provide an opportunity to the senior management team of the company for highlighting the
security importance and reiterate the requirement for the risk management ineffective manner
(Chandana, 2018).
The roles of different people in terms of governance for the security management plan are:
1. IT security manager: There are some responsibilities that should be followed by every IT
professionals such as:
Implementing all the policies and control techniques for securing the company.
Track all the on-going process and ensure that the information keeps secure within the
company.
Also, make sure, those who do not follow the security policies should be exempted from
the access.
Coordinating with the risk executive, and other members of the company regarding the
security information and make sure that the risks are maintained at level.
2. Business owner: The roles and responsibilities of the business owner regarding the security
management plans are:
Developing, managing, and providing all the details regarding the security documents
under the PAI’s security management plan.
Maintain all the information precisely and up to date such as milestones, action plans,
security assessment-based documentation, etc.
7
ensure that they are aware of their roles? (NCES, ns).
Description of the functions, tasks, roles and responsibilities and roles of
different individuals/groups would play in terms of governance in general
As the company PAI is going to implement the security management plan, there are some
functions and principles of a plan that the company should consider. The security management
plan of an organization outlines several tasks, roles, functions, and responsibilities regarding the
security arrangements. The company PAI should make the plans for security management on the
basis of the results obtained from the activities of risk management. The plan made should
provide an opportunity to the senior management team of the company for highlighting the
security importance and reiterate the requirement for the risk management ineffective manner
(Chandana, 2018).
The roles of different people in terms of governance for the security management plan are:
1. IT security manager: There are some responsibilities that should be followed by every IT
professionals such as:
Implementing all the policies and control techniques for securing the company.
Track all the on-going process and ensure that the information keeps secure within the
company.
Also, make sure, those who do not follow the security policies should be exempted from
the access.
Coordinating with the risk executive, and other members of the company regarding the
security information and make sure that the risks are maintained at level.
2. Business owner: The roles and responsibilities of the business owner regarding the security
management plans are:
Developing, managing, and providing all the details regarding the security documents
under the PAI’s security management plan.
Maintain all the information precisely and up to date such as milestones, action plans,
security assessment-based documentation, etc.
7
Perform the testing using security methods in an operational system (Uranus, 2018).
8
8
⊘ This is a preview!⊘
Do you want full access?
Subscribe today to unlock all pages.
Trusted by 1+ million students worldwide
Identify any models or methods that may be relevant for the development of a
Security Management Program
Apart from the security management plan and the security policies, the company PAI should also
implement some model that should be relevant to the security program. According to Jeanne &
Rachel (2008), developed a security audit method called BEVA which can be used to analyze the
weak points in the security policy or system of the company. By implementing this method, the
company can point the privacy protection in different sections of a domain such as security
policy; environmental and physical security; access control; asset management; establishment
and development; management of the company’s intellectual properties; human resource
security; and operations and communication management.
All these areas comprise of the different security measures and these measures will be examined
depending on various subcriteria. Then, on the basis of the present security of the company PAI
which is the development of the products by the competitors that are similar and intellectual
property, the company should ask the question to their employees with the help of this model
(audit checklist questionnaire). Then a rate will be given to the security factors starting from A to
E where A indicates low importance and E indicates high importance. In the BEVA method, the
security state can be expressed into the Sfr’s (Security Factors) and at last, common security
score (Ss) is given to all measures. When the question is asked, employees are asked to score
them among 1 to 4 and then the evaluation is calculated. The method BEVA will perform the
calculation as:
Sfr s = sum [ eval (i,j) * w (i,j)]/ sum w (i,k)
Ss = sum [eval (1,36) *w (1,36)]/sum w (1,36)
9
Security Management Program
Apart from the security management plan and the security policies, the company PAI should also
implement some model that should be relevant to the security program. According to Jeanne &
Rachel (2008), developed a security audit method called BEVA which can be used to analyze the
weak points in the security policy or system of the company. By implementing this method, the
company can point the privacy protection in different sections of a domain such as security
policy; environmental and physical security; access control; asset management; establishment
and development; management of the company’s intellectual properties; human resource
security; and operations and communication management.
All these areas comprise of the different security measures and these measures will be examined
depending on various subcriteria. Then, on the basis of the present security of the company PAI
which is the development of the products by the competitors that are similar and intellectual
property, the company should ask the question to their employees with the help of this model
(audit checklist questionnaire). Then a rate will be given to the security factors starting from A to
E where A indicates low importance and E indicates high importance. In the BEVA method, the
security state can be expressed into the Sfr’s (Security Factors) and at last, common security
score (Ss) is given to all measures. When the question is asked, employees are asked to score
them among 1 to 4 and then the evaluation is calculated. The method BEVA will perform the
calculation as:
Sfr s = sum [ eval (i,j) * w (i,j)]/ sum w (i,k)
Ss = sum [eval (1,36) *w (1,36)]/sum w (1,36)
9
Paraphrase This Document
Need a fresh take? Get an instant paraphrase of this document with our AI Paraphraser
After the calculation performed, BEVA generates graphical results of the correlation diagram as
shown in the below diagram and generates some colored lines factors where red line represents
security measures with high importance and needs to consider immediately, yellow line is good
but not much important, and green line shows importance and secured well while the orange
color factors are less important and can be ignored.
Figure 1: Security factors graph and its importance
Thus, the company PAI can also use the BETA model while developing the security
management plan in order to determine the severity of the risks and security factors.
10
shown in the below diagram and generates some colored lines factors where red line represents
security measures with high importance and needs to consider immediately, yellow line is good
but not much important, and green line shows importance and secured well while the orange
color factors are less important and can be ignored.
Figure 1: Security factors graph and its importance
Thus, the company PAI can also use the BETA model while developing the security
management plan in order to determine the severity of the risks and security factors.
10
Discuss the implications of legal and statutory requirements and the benefits
your formal approach would bring
Both the statutory and legal requirements are the one that is an essential part of the law. These
requirements are obligatory to follow else fine will be charged. The term statutory means law
that is passed by the government while regulatory means rule that the regulatory body issued.
The implications of statutory and legal requirements are:
It determines, updates, and maintains all the requirements that are applicable to the company.
The company should make sure that these requirements are used as an input process.
The greatest implication is the communication where it builds strong communication within
the company.
The company PAI should regulate the process outcomes for compliance with the
requirements of statutory and legal (Bridges, 2015).
The approach that is discussed in the above part will bring more benefits if the statutory and
legal requirements are associated with it. When the company follows and implements the
security policies and if the policy has been linked with the legal laws, then the chances of risk
will be reduced as those who founds performing illegal activity will be punished. The products
developed by the company PAI will be registered as their copyright and hence all the
information will remain as trade secrets and end products and the source products will be secured
through copyrights.
11
your formal approach would bring
Both the statutory and legal requirements are the one that is an essential part of the law. These
requirements are obligatory to follow else fine will be charged. The term statutory means law
that is passed by the government while regulatory means rule that the regulatory body issued.
The implications of statutory and legal requirements are:
It determines, updates, and maintains all the requirements that are applicable to the company.
The company should make sure that these requirements are used as an input process.
The greatest implication is the communication where it builds strong communication within
the company.
The company PAI should regulate the process outcomes for compliance with the
requirements of statutory and legal (Bridges, 2015).
The approach that is discussed in the above part will bring more benefits if the statutory and
legal requirements are associated with it. When the company follows and implements the
security policies and if the policy has been linked with the legal laws, then the chances of risk
will be reduced as those who founds performing illegal activity will be punished. The products
developed by the company PAI will be registered as their copyright and hence all the
information will remain as trade secrets and end products and the source products will be secured
through copyrights.
11
⊘ This is a preview!⊘
Do you want full access?
Subscribe today to unlock all pages.
Trusted by 1+ million students worldwide
1 out of 17
Related Documents
Your All-in-One AI-Powered Toolkit for Academic Success.
+13062052269
info@desklib.com
Available 24*7 on WhatsApp / Email
![[object Object]](/_next/static/media/star-bottom.7253800d.svg)
Unlock your academic potential
Copyright © 2020–2025 A2Z Services. All Rights Reserved. Developed and managed by ZUCOL.