BIT361: Security Management and Governance Report for PAI Company
VerifiedAdded on 2022/12/09
|13
|3017
|422
Report
AI Summary
This report addresses the development of a security management program for Power AI (PAI), a company specializing in artificial intelligence solutions for power management. The report, prepared by Secure Security Services (SSS), outlines the needs and requirements for an ICT Security Program, focusing on protecting PAI's intellectual property. It includes a discussion of security policies, management plans, tasks, roles, and responsibilities within the security team. The report also details a model for developing a security management plan, encompassing legal and statutory requirements, risk management strategies, and contingency plans. Furthermore, the report assesses the costs and benefits associated with implementing the security program, emphasizing the importance of data confidentiality, integrity, and availability to safeguard PAI's sensitive information and ensure its continuous operations.
Running head: SECURITY MANAGEMENT AND GOVERNANCE
Security management and governance
Institution
Student name
Date
Security management and governance
Institution
Student name
Date
Paraphrase This Document
Need a fresh take? Get an instant paraphrase of this document with our AI Paraphraser
Security management and governance
Executive summary
Information technology-based companies are at the high risk of faults associated with
information tampering effects. The information is either erroneous or intentionally tampered with
by individuals and at time viruses and malware. In this document, I will report on the strategy
and the mechanism of managing these risks in the PAI Company. PAI is a company based on
the knowledge of artificial intelligence in making systems handling the power usage storage and
generation. Error in this plant will result in immense faults, and hence the topic is worth
discussion.
2
Executive summary
Information technology-based companies are at the high risk of faults associated with
information tampering effects. The information is either erroneous or intentionally tampered with
by individuals and at time viruses and malware. In this document, I will report on the strategy
and the mechanism of managing these risks in the PAI Company. PAI is a company based on
the knowledge of artificial intelligence in making systems handling the power usage storage and
generation. Error in this plant will result in immense faults, and hence the topic is worth
discussion.
2
Security management and governance
Table of Contents
Executive summary.....................................................................................................................................1
Introduction.................................................................................................................................................2
Benefits of having a security management plan..........................................................................................3
Reasons for having the policy......................................................................................................................4
Security policy and security management plan...........................................................................................4
Task, roles, and responsibilities of the security managing team.................................................................4
Model for the development of a security management plan......................................................................5
Legal and statutory requirements and the benefits....................................................................................6
Benefits of risk management and contingency plan on the mentioned CBA...............................................8
Patient information.....................................................................................................................................9
Responsibility of the user or the vendor.....................................................................................................9
Conclusion...................................................................................................................................................9
References.................................................................................................................................................10
3
Table of Contents
Executive summary.....................................................................................................................................1
Introduction.................................................................................................................................................2
Benefits of having a security management plan..........................................................................................3
Reasons for having the policy......................................................................................................................4
Security policy and security management plan...........................................................................................4
Task, roles, and responsibilities of the security managing team.................................................................4
Model for the development of a security management plan......................................................................5
Legal and statutory requirements and the benefits....................................................................................6
Benefits of risk management and contingency plan on the mentioned CBA...............................................8
Patient information.....................................................................................................................................9
Responsibility of the user or the vendor.....................................................................................................9
Conclusion...................................................................................................................................................9
References.................................................................................................................................................10
3
⊘ This is a preview!⊘
Do you want full access?
Subscribe today to unlock all pages.
Trusted by 1+ million students worldwide
Security management and governance
Introduction
PAI is an artificial intelligence based company owned by private individuals and located in
Preston having an average of 50 workers with the half of the number being involved in the
process of designing, developing testing, and the implementation of the products dealt. The
company has sales, development and support team, finance, information technology, and human
resource as the major departments in the organization. The items produced has a significant
similarity in the engine make up bearing on the fact that, they are all built in the foundation of
artificial intelligence.
The design and the entire production is under one roof, and therefore the company may face a
tremendous loss in case the information that is to be used is lost or declared illegal. Further, the
company may be subjected to heavy damage in case the data in use is provided by the rivals or
the competing firms with malice (Barton, Tejay, Lane, & Terrell, 2016).
Benefits of having a security management plan
The organization has embraced data and information security measures like the use of cloud
computing, use of the firewalls, antivirus, encryption and the use of passwords. Although these
measures are not foolproof, it has helped PAI company in a significant manner. The evidence to
this is the improvement in the integrity of the information possessed by the company. The
measure of integrity the company information department has is easily measured by the level of
accuracy and the completeness of the knowledge owned by the company. This implies that the
organization no more suffers from the problem of inaccurate and incomplete data which could
cost the organization heavily in terms of loss in case the information was used.
4
Introduction
PAI is an artificial intelligence based company owned by private individuals and located in
Preston having an average of 50 workers with the half of the number being involved in the
process of designing, developing testing, and the implementation of the products dealt. The
company has sales, development and support team, finance, information technology, and human
resource as the major departments in the organization. The items produced has a significant
similarity in the engine make up bearing on the fact that, they are all built in the foundation of
artificial intelligence.
The design and the entire production is under one roof, and therefore the company may face a
tremendous loss in case the information that is to be used is lost or declared illegal. Further, the
company may be subjected to heavy damage in case the data in use is provided by the rivals or
the competing firms with malice (Barton, Tejay, Lane, & Terrell, 2016).
Benefits of having a security management plan
The organization has embraced data and information security measures like the use of cloud
computing, use of the firewalls, antivirus, encryption and the use of passwords. Although these
measures are not foolproof, it has helped PAI company in a significant manner. The evidence to
this is the improvement in the integrity of the information possessed by the company. The
measure of integrity the company information department has is easily measured by the level of
accuracy and the completeness of the knowledge owned by the company. This implies that the
organization no more suffers from the problem of inaccurate and incomplete data which could
cost the organization heavily in terms of loss in case the information was used.
4
Paraphrase This Document
Need a fresh take? Get an instant paraphrase of this document with our AI Paraphraser
Security management and governance
The company has also benefited from the assured availability of the information whenever
needed. Insecurity to details of the organization in aspects like viruses could eat up the
information, and it would not be available for use on demand. The availability advantage has two
faces; the information should always be open to the authorized persons and unavailable to the
unauthorized people. When the data in need is unavailable in the time of need, it means that a
business opportunity is lost. This is simply a loss the company has avoided by applying
information security measure (Veiga, & Martins, 2015).
The third benefit the organization has gained from the use and employment of security measures
is confidentiality. The organization is assured that it can’t suffer from the danger of the
information it has gathered through hard research and modification stolen by the competitors.
The company has been assured that the risk of the information falling in the wrong person,
premise or organization is minimal.
Reasons for having the policy
The company has information security policies for the most oblivious purposes. The information
the company matters if protected from falling in the wrong hands, thus disclosing the success
secrete of the organization or other confidential details of the organization. The availability of
the information also assures the organization continuous running and operations thus
contributing heavily to the success of the organization.
Security policy and security management plan
Security policies of the PAI Company state that anyone authorized the use of a given piece of
information must be loyal to the organization and should not leak the information to the outsiders
5
The company has also benefited from the assured availability of the information whenever
needed. Insecurity to details of the organization in aspects like viruses could eat up the
information, and it would not be available for use on demand. The availability advantage has two
faces; the information should always be open to the authorized persons and unavailable to the
unauthorized people. When the data in need is unavailable in the time of need, it means that a
business opportunity is lost. This is simply a loss the company has avoided by applying
information security measure (Veiga, & Martins, 2015).
The third benefit the organization has gained from the use and employment of security measures
is confidentiality. The organization is assured that it can’t suffer from the danger of the
information it has gathered through hard research and modification stolen by the competitors.
The company has been assured that the risk of the information falling in the wrong person,
premise or organization is minimal.
Reasons for having the policy
The company has information security policies for the most oblivious purposes. The information
the company matters if protected from falling in the wrong hands, thus disclosing the success
secrete of the organization or other confidential details of the organization. The availability of
the information also assures the organization continuous running and operations thus
contributing heavily to the success of the organization.
Security policy and security management plan
Security policies of the PAI Company state that anyone authorized the use of a given piece of
information must be loyal to the organization and should not leak the information to the outsiders
5
Security management and governance
or people with malicious intentions. Also, any information that needs to be changed or amended
must be communicated to the head of the information technology department, and change should
only commence only after acceptance of the request (Wu, Guo, & Wu, 2017)
Information is an essential and vital asset just like the physical possession of the organization.
Therefore, it should be safeguarded all time round. Information security is managed by the
implementation of policies like the use of antiviruses to protect the information from virus attack
and malware. The information access should also be regulated through the use of the password
and encryption.
Task, roles, and responsibilities of the security managing team
The user of the information should ensure that the logs out of the information site or the system
to avoid access by unauthorized individuals when they are not around. They should also ensure
that they don’t leave any information on the monitor or the desk that may contain the passwords
to relevant information. The information technology team should ensure that the information
systems are enhanced with strong passwords and the passwords are changed regularly say thirty
days. This will ensure that the information cannot be accessed by recent ex-workers. The team
has the responsibility and the mandate of ensuring that the systems log out automatically after a
given period of idleness. Further, they should ensure that the systems in use are up to date to
cope with the daily growing discovery of the viruses and the malware (Goodman, Straub, &
Baskerville, 2016).
The management of the organization has the responsibility of ensuring that they facilitate the
information department with a room that is out of the binding to the unauthorized personnel’s to
avoid inconveniences. Also, it should facilitate the information department with the necessary
6
or people with malicious intentions. Also, any information that needs to be changed or amended
must be communicated to the head of the information technology department, and change should
only commence only after acceptance of the request (Wu, Guo, & Wu, 2017)
Information is an essential and vital asset just like the physical possession of the organization.
Therefore, it should be safeguarded all time round. Information security is managed by the
implementation of policies like the use of antiviruses to protect the information from virus attack
and malware. The information access should also be regulated through the use of the password
and encryption.
Task, roles, and responsibilities of the security managing team
The user of the information should ensure that the logs out of the information site or the system
to avoid access by unauthorized individuals when they are not around. They should also ensure
that they don’t leave any information on the monitor or the desk that may contain the passwords
to relevant information. The information technology team should ensure that the information
systems are enhanced with strong passwords and the passwords are changed regularly say thirty
days. This will ensure that the information cannot be accessed by recent ex-workers. The team
has the responsibility and the mandate of ensuring that the systems log out automatically after a
given period of idleness. Further, they should ensure that the systems in use are up to date to
cope with the daily growing discovery of the viruses and the malware (Goodman, Straub, &
Baskerville, 2016).
The management of the organization has the responsibility of ensuring that they facilitate the
information department with a room that is out of the binding to the unauthorized personnel’s to
avoid inconveniences. Also, it should facilitate the information department with the necessary
6
⊘ This is a preview!⊘
Do you want full access?
Subscribe today to unlock all pages.
Trusted by 1+ million students worldwide
Security management and governance
inputs to ensure the security of the information is attained. This could be through the provision of
the facilities enhancing the cloud computing and the network security systems.
Model for the development of a security management plan
The availability, confidentiality, and integrity of a piece of information of the organization are
secured and maintained in various facets. First is the act of the organization to come up with the
security policy. Second, the management should evaluate and analyze the risks and the impact of
the risk to determine whether it is worth investing in it. It is important to note that no plan is
foolproof in securing data. This implies that however, the organization heavily invest in the
security of the organization information some loophole will pave away to threaten the
information security hence the organization should set up the plan and the mechanism of
handling the effect of the risk and recovery of the lost information.
The security policy in PAI Company has a big focus on the loyalty of the users of the
information and regulation of how the information and the gateways to the information access
are shared. The policy states that the responsible and mandated information handle should not
let it fall on the extended hands. This will provide information security by protecting it from
access by unauthorized persons (Zhang, & Roe, 2019).
The company will need to further evaluate the possible risk of attacks through viruses and
malware or hijacks of the data when it is being relayed from one network to another. The
information may fall in the wrong hands also during the disposal of the old and outdated
computers. It is therefore essential that before disposal of any machine as waste the information
technicians should make all the disks unreadable before disposal. Otherwise, the organization
risks the information to be accessed by wrong persons.
7
inputs to ensure the security of the information is attained. This could be through the provision of
the facilities enhancing the cloud computing and the network security systems.
Model for the development of a security management plan
The availability, confidentiality, and integrity of a piece of information of the organization are
secured and maintained in various facets. First is the act of the organization to come up with the
security policy. Second, the management should evaluate and analyze the risks and the impact of
the risk to determine whether it is worth investing in it. It is important to note that no plan is
foolproof in securing data. This implies that however, the organization heavily invest in the
security of the organization information some loophole will pave away to threaten the
information security hence the organization should set up the plan and the mechanism of
handling the effect of the risk and recovery of the lost information.
The security policy in PAI Company has a big focus on the loyalty of the users of the
information and regulation of how the information and the gateways to the information access
are shared. The policy states that the responsible and mandated information handle should not
let it fall on the extended hands. This will provide information security by protecting it from
access by unauthorized persons (Zhang, & Roe, 2019).
The company will need to further evaluate the possible risk of attacks through viruses and
malware or hijacks of the data when it is being relayed from one network to another. The
information may fall in the wrong hands also during the disposal of the old and outdated
computers. It is therefore essential that before disposal of any machine as waste the information
technicians should make all the disks unreadable before disposal. Otherwise, the organization
risks the information to be accessed by wrong persons.
7
Paraphrase This Document
Need a fresh take? Get an instant paraphrase of this document with our AI Paraphraser
Security management and governance
The evolution in information technology has brought portable information storage devices to
existence. These devices range from the laptops, smartphones, tablets, and smart watches; these
devices are being used to store organizations information in the new organization with PIA
Company being one in the example. These devices are subject to misplacement and easy to lose
them. When they fall in the wrong hands, the security of the organizations
Legal and statutory requirements and the benefits
The technology advancement in the field of information technology is growing fast and blowing
in the speed of the wind. With the Google technology, a piece of information is likely to be
accessed by billions of people as long as they have an interest and the gadgets to access the
information in the discussion. It is, therefore, the mandate of the ruling body to formulate a rule
and ensure it is adhered to as long as a piece of information is concerned.
PIA company does not only believe in the security of information to be the safeguard of the
organization from attacks by the malware and viruses or access by unauthorized users but also
the use of legally owned information abiding by the law. The company has a good understanding
of the importance and the benefit accrued to the use of legally owned information (Safa, Solms,
& Furnell, 2016).
PAI Company information law compliance is evident from the grass root. The organization has a
valid and original working license pinned in the office of the management body. This is proof
that the organization is operating in regal a manner. Therefore it can receive government accrued
benefits like the subsidies on electricity bills, lowered business registration cost, or provision of
the raw materials at a low cost.
8
The evolution in information technology has brought portable information storage devices to
existence. These devices range from the laptops, smartphones, tablets, and smart watches; these
devices are being used to store organizations information in the new organization with PIA
Company being one in the example. These devices are subject to misplacement and easy to lose
them. When they fall in the wrong hands, the security of the organizations
Legal and statutory requirements and the benefits
The technology advancement in the field of information technology is growing fast and blowing
in the speed of the wind. With the Google technology, a piece of information is likely to be
accessed by billions of people as long as they have an interest and the gadgets to access the
information in the discussion. It is, therefore, the mandate of the ruling body to formulate a rule
and ensure it is adhered to as long as a piece of information is concerned.
PIA company does not only believe in the security of information to be the safeguard of the
organization from attacks by the malware and viruses or access by unauthorized users but also
the use of legally owned information abiding by the law. The company has a good understanding
of the importance and the benefit accrued to the use of legally owned information (Safa, Solms,
& Furnell, 2016).
PAI Company information law compliance is evident from the grass root. The organization has a
valid and original working license pinned in the office of the management body. This is proof
that the organization is operating in regal a manner. Therefore it can receive government accrued
benefits like the subsidies on electricity bills, lowered business registration cost, or provision of
the raw materials at a low cost.
8
Security management and governance
Educating the persons responsible for a certain data piece on the need for having it secured is
always better than just letting the information leak only to start legal processes when it’s too late.
Following the legal procedure is excellent and useful but it will always be late. Assuming the
intention of the attack to the data was meant to wreck it, the company will learn of the effect
when it is already beyond the extent it can manage to recover it.
The information of the organization should not be secured from the external attacks and access
only but also from the access by the internal unauthorized staff. This help in keeping the affairs
of the individual in the company private and secure. It is against the law to let other people know
the salary of your employees without their consent. Basically, the information of a person
working in the organization should only be accessed by an outsider if only the person in question
has a hand in it. This will reduce the internal conflicts experienced in most of the organization
over the loss of confidentiality with how their data is held and shared (Cavelty, & Mauer, 2016).
The loose of the privacy of the employee’s information handling is detrimental, and it can bring
down the organization when the employees start being resistant to information provided to the
organization (Fazlida, & Said, 2015). Employees with confidence on the processing of the
information they had initially offered to the organization have a high productivity rate resulting
from the boosted morale and efficiency in communication, payments or other information related
activities of the organization.
While on the other hand productivity of the data loss or illegal share is low as much time is
wasted in arguments on why and how. In this case, also, you can imagine how weird and
dangerous it can be trying to explain to an employee that his salary and payment data has been
completely lost or eaten up by viruses when he expects payment to commence the following day.
9
Educating the persons responsible for a certain data piece on the need for having it secured is
always better than just letting the information leak only to start legal processes when it’s too late.
Following the legal procedure is excellent and useful but it will always be late. Assuming the
intention of the attack to the data was meant to wreck it, the company will learn of the effect
when it is already beyond the extent it can manage to recover it.
The information of the organization should not be secured from the external attacks and access
only but also from the access by the internal unauthorized staff. This help in keeping the affairs
of the individual in the company private and secure. It is against the law to let other people know
the salary of your employees without their consent. Basically, the information of a person
working in the organization should only be accessed by an outsider if only the person in question
has a hand in it. This will reduce the internal conflicts experienced in most of the organization
over the loss of confidentiality with how their data is held and shared (Cavelty, & Mauer, 2016).
The loose of the privacy of the employee’s information handling is detrimental, and it can bring
down the organization when the employees start being resistant to information provided to the
organization (Fazlida, & Said, 2015). Employees with confidence on the processing of the
information they had initially offered to the organization have a high productivity rate resulting
from the boosted morale and efficiency in communication, payments or other information related
activities of the organization.
While on the other hand productivity of the data loss or illegal share is low as much time is
wasted in arguments on why and how. In this case, also, you can imagine how weird and
dangerous it can be trying to explain to an employee that his salary and payment data has been
completely lost or eaten up by viruses when he expects payment to commence the following day.
9
⊘ This is a preview!⊘
Do you want full access?
Subscribe today to unlock all pages.
Trusted by 1+ million students worldwide
Security management and governance
Benefits of risk management and contingency plan on the mentioned
CBA
PIA will be in a better position to handle the failures related to data loss. Recovery is always a
complicated and expensive process than employing security measures for data protection
(Soomro, Shah, & Ahmed, 2016). The following are the steps the PIA Company should adhere
to ensure that it manages the risks associated with the data it holds efficiently;
(1) Ensure every data of confidential need or privacy is encrypted and no third party can access
it.
(2) Having sensitive information equipped with passwords that are changed regularly to
prevent attacks from ex-workers.
(3) Information relayed over a network should be protected.
(4) Embracing a remote device location mechanism to handle the loss of data that may result
from losing a device.
Patient information
The health information on a person or the employee is private and should, therefore, be handled
with a lot of care to protect it from falling to the wrong hands. It’s against the government policy
to share the information of a person’s health status, as a matter of fact; individuals have been
subject to harsh rules over sharing of people health status information.
10
Benefits of risk management and contingency plan on the mentioned
CBA
PIA will be in a better position to handle the failures related to data loss. Recovery is always a
complicated and expensive process than employing security measures for data protection
(Soomro, Shah, & Ahmed, 2016). The following are the steps the PIA Company should adhere
to ensure that it manages the risks associated with the data it holds efficiently;
(1) Ensure every data of confidential need or privacy is encrypted and no third party can access
it.
(2) Having sensitive information equipped with passwords that are changed regularly to
prevent attacks from ex-workers.
(3) Information relayed over a network should be protected.
(4) Embracing a remote device location mechanism to handle the loss of data that may result
from losing a device.
Patient information
The health information on a person or the employee is private and should, therefore, be handled
with a lot of care to protect it from falling to the wrong hands. It’s against the government policy
to share the information of a person’s health status, as a matter of fact; individuals have been
subject to harsh rules over sharing of people health status information.
10
Paraphrase This Document
Need a fresh take? Get an instant paraphrase of this document with our AI Paraphraser
Security management and governance
Responsibility of the user or the vendor
The user must ensure that he does not willingly or unwillingly share the information of the
organization, further; he should ensure that all the data is protected with a password and he does
not leave any suspicious information in the monitors that could act a link to the passwords
(Rebollo, Mellado, Medina, & Mouratidis, 2015).
Conclusion
Information of the organization is an asset just like other physical assets; therefore, needs to be
handled with a lot of confidentiality like other assets. If the organization can employ security
personnel at the gate of the organization, it should not hesitate to have data security personnel.
11
Responsibility of the user or the vendor
The user must ensure that he does not willingly or unwillingly share the information of the
organization, further; he should ensure that all the data is protected with a password and he does
not leave any suspicious information in the monitors that could act a link to the passwords
(Rebollo, Mellado, Medina, & Mouratidis, 2015).
Conclusion
Information of the organization is an asset just like other physical assets; therefore, needs to be
handled with a lot of confidentiality like other assets. If the organization can employ security
personnel at the gate of the organization, it should not hesitate to have data security personnel.
11
Security management and governance
References
Barton, K. A., Tejay, G., Lane, M., & Terrell, S. (2016). Information system security
commitment: A study of external influences on senior management. Computers &
Security, 59, 9-25.
Brotby, W. K., & Hinson, G. (2016). Pragmatic security metrics: applying metametrics to
information security. Auerbach Publications.
Cavelty, M. D., & Mauer, V. (2016). Power and security in the information age: Investigating
the role of the state in cyberspace. Routledge.
Da Veiga, A., & Martins, N. (2015). Improving the information security culture through
monitoring and implementation actions illustrated through a case study. Computers &
Security, 49, 162-176.
Fazlida, M. R., & Said, J. (2015). Information security: Risk, governance and implementation
setback. Procedia Economics and Finance, 28, 243-248.
Goodman, S., Straub, D. W., & Baskerville, R. (2016). Information security: policy, processes,
and practices. Routledge.
Layton, T. P. (2016). Information Security: Design, implementation, measurement, and
compliance. Auerbach Publications.
Rebollo, O., Mellado, D., Fernández-Medina, E., & Mouratidis, H. (2015). Empirical evaluation
of a cloud computing information security governance framework. Information and
Software Technology, 58, 44-57.
12
References
Barton, K. A., Tejay, G., Lane, M., & Terrell, S. (2016). Information system security
commitment: A study of external influences on senior management. Computers &
Security, 59, 9-25.
Brotby, W. K., & Hinson, G. (2016). Pragmatic security metrics: applying metametrics to
information security. Auerbach Publications.
Cavelty, M. D., & Mauer, V. (2016). Power and security in the information age: Investigating
the role of the state in cyberspace. Routledge.
Da Veiga, A., & Martins, N. (2015). Improving the information security culture through
monitoring and implementation actions illustrated through a case study. Computers &
Security, 49, 162-176.
Fazlida, M. R., & Said, J. (2015). Information security: Risk, governance and implementation
setback. Procedia Economics and Finance, 28, 243-248.
Goodman, S., Straub, D. W., & Baskerville, R. (2016). Information security: policy, processes,
and practices. Routledge.
Layton, T. P. (2016). Information Security: Design, implementation, measurement, and
compliance. Auerbach Publications.
Rebollo, O., Mellado, D., Fernández-Medina, E., & Mouratidis, H. (2015). Empirical evaluation
of a cloud computing information security governance framework. Information and
Software Technology, 58, 44-57.
12
⊘ This is a preview!⊘
Do you want full access?
Subscribe today to unlock all pages.
Trusted by 1+ million students worldwide
1 out of 13
Related Documents
Your All-in-One AI-Powered Toolkit for Academic Success.
+13062052269
info@desklib.com
Available 24*7 on WhatsApp / Email
![[object Object]](/_next/static/media/star-bottom.7253800d.svg)
Unlock your academic potential
Copyright © 2020–2025 A2Z Services. All Rights Reserved. Developed and managed by ZUCOL.