Power AI: Security Management and Governance Report (BIT361 Module)
VerifiedAdded on 2023/03/17
|17
|3817
|35
Report
AI Summary
This report details the development of an ICT Security Program for Power AI (PAI), a company specializing in artificial intelligence systems. The report begins with an executive summary and table of contents, then outlines the advantages of a security management program, emphasizing the protection of technological information, increased resilience to cyberattacks, and cost reduction. It then develops a detailed security policy and management plan, including regulatory review, asset inventory, data classification, and incident response planning. The report identifies key functions, tasks, responsibilities, and roles within the security management program, including the three levels of data access control: management, operational, and technical. It discusses the COBIT model as the most suitable framework for PAI's security program. The report also discusses the implications of statutory and legal requirements, such as the Privacy Act 2018 and the Corporations Act 2001, and the advantages of a formal approach. The appendix includes a risk management plan, analysis of threats, vulnerabilities, and attacks, and plans for managing risks and responsibilities for users and vendors. The report concludes with references.
Running head: SECURITY AND GOVERNANCE
Security Management and Governance
Name of the Student
Name of the University
Author’s Note:
Security Management and Governance
Name of the Student
Name of the University
Author’s Note:
Paraphrase This Document
Need a fresh take? Get an instant paraphrase of this document with our AI Paraphraser
1
SECURITY AND GOVERNANCE
Executive Summary
The main aim of this report is knowing about case study of Power AI. PAI has total of 50
employee and amongst them 25 are directly included within the designing, development,
testing as well as implementation of products. All of the employee positions are stable and
the turnover of employees is quite high for the huge demand of IT staff with proper
knowledge of AI system. The senior management comprises of 3 employees, who are Sales
Manager, Finance Manager and IT Manager and business owner. The security management
and governance program would be extremely important for Power AI. This type of program
is responsible for providing several significant advantages and major security to the
respective organization. The information and systems that are present within the organization
are involved within this specific security management and governance program. This report
has clearly outlined a security program for PAI and the details regarding risks and mitigation
strategies for assets and data.
SECURITY AND GOVERNANCE
Executive Summary
The main aim of this report is knowing about case study of Power AI. PAI has total of 50
employee and amongst them 25 are directly included within the designing, development,
testing as well as implementation of products. All of the employee positions are stable and
the turnover of employees is quite high for the huge demand of IT staff with proper
knowledge of AI system. The senior management comprises of 3 employees, who are Sales
Manager, Finance Manager and IT Manager and business owner. The security management
and governance program would be extremely important for Power AI. This type of program
is responsible for providing several significant advantages and major security to the
respective organization. The information and systems that are present within the organization
are involved within this specific security management and governance program. This report
has clearly outlined a security program for PAI and the details regarding risks and mitigation
strategies for assets and data.
2
SECURITY AND GOVERNANCE
Table of Contents
Part A: Report............................................................................................................................3
1. Brief Description on Advantages derived from Security Management as an ongoing
Process and Reasons for having a Security Program Policy..................................................3
2. Development of a Detailed Security Policy and Security Management Plan....................4
3. Identification of main Functions, Tasks, Responsibilities and Roles for Security
Management Program for PAI and Roles of Several Individuals and Groups in Governance
................................................................................................................................................6
4. Identification of Main Methods and Models to Develop Security Management Program 7
5. Detailed Discussion on Implications of Statutory and Legal Requirements and Main
Advantages for Formal Approach..........................................................................................8
Part B: Appendix........................................................................................................................9
1. Risk Management Plan......................................................................................................9
2. Threats, Vulnerabilities and Attacks of the Formal Plan.................................................10
3. Plan for Managing Risks and Threats..............................................................................11
4. Responsibility for Users and Vendors..............................................................................12
Summary..................................................................................................................................13
References................................................................................................................................14
SECURITY AND GOVERNANCE
Table of Contents
Part A: Report............................................................................................................................3
1. Brief Description on Advantages derived from Security Management as an ongoing
Process and Reasons for having a Security Program Policy..................................................3
2. Development of a Detailed Security Policy and Security Management Plan....................4
3. Identification of main Functions, Tasks, Responsibilities and Roles for Security
Management Program for PAI and Roles of Several Individuals and Groups in Governance
................................................................................................................................................6
4. Identification of Main Methods and Models to Develop Security Management Program 7
5. Detailed Discussion on Implications of Statutory and Legal Requirements and Main
Advantages for Formal Approach..........................................................................................8
Part B: Appendix........................................................................................................................9
1. Risk Management Plan......................................................................................................9
2. Threats, Vulnerabilities and Attacks of the Formal Plan.................................................10
3. Plan for Managing Risks and Threats..............................................................................11
4. Responsibility for Users and Vendors..............................................................................12
Summary..................................................................................................................................13
References................................................................................................................................14
⊘ This is a preview!⊘
Do you want full access?
Subscribe today to unlock all pages.
Trusted by 1+ million students worldwide
3
SECURITY AND GOVERNANCE
Part A: Report
1. Brief Description on Advantages derived from Security Management as an ongoing
Process and Reasons for having a Security Program Policy
Few important and noteworthy benefits, which can be easily derived from an ongoing
process of a security management program in PAI are provided below:
a) Helping in Protection of Every Technological Information Form: Since PAI has
to deal with both artificial intelligence and hardware, it is extremely important to secure each
and every form of information such as current state of their business, which would need AI,
appropriate reasons to implement these systems of artificial intelligence as well as advantages
gained from the AI systems (Peltier 2016).
b) Increment of Resilience to all types of Cyber Attacks: An information and
communication technology security program would be quite efficient for PAI to increment
the respective resilience towards every type of cyber-attack. This particular program could
easily and promptly detect the attacks on sensitive information without even involving issues
(Sennewald and Baillie 2015).
c) Providing Proper Framework for keeping Services and Products of PAI
Protected: The third advantage of this program would be that it can provide a correct and
suitable framework to keep all assets, services and products much more upgraded and
protected.
d) Reducing Expenses: Another important and significant that PAI would be enjoying
from this program is that this type of program ensures that the organization is not incurring
huge expenses during management of security of software data (Disterer 2013).
SECURITY AND GOVERNANCE
Part A: Report
1. Brief Description on Advantages derived from Security Management as an ongoing
Process and Reasons for having a Security Program Policy
Few important and noteworthy benefits, which can be easily derived from an ongoing
process of a security management program in PAI are provided below:
a) Helping in Protection of Every Technological Information Form: Since PAI has
to deal with both artificial intelligence and hardware, it is extremely important to secure each
and every form of information such as current state of their business, which would need AI,
appropriate reasons to implement these systems of artificial intelligence as well as advantages
gained from the AI systems (Peltier 2016).
b) Increment of Resilience to all types of Cyber Attacks: An information and
communication technology security program would be quite efficient for PAI to increment
the respective resilience towards every type of cyber-attack. This particular program could
easily and promptly detect the attacks on sensitive information without even involving issues
(Sennewald and Baillie 2015).
c) Providing Proper Framework for keeping Services and Products of PAI
Protected: The third advantage of this program would be that it can provide a correct and
suitable framework to keep all assets, services and products much more upgraded and
protected.
d) Reducing Expenses: Another important and significant that PAI would be enjoying
from this program is that this type of program ensures that the organization is not incurring
huge expenses during management of security of software data (Disterer 2013).
Paraphrase This Document
Need a fresh take? Get an instant paraphrase of this document with our AI Paraphraser
4
SECURITY AND GOVERNANCE
Few important and noteworthy reasons to have a proper policy within the organization
of PAI are provided below:
a) Ensuring Resumption of Vital Business Procedures in timely Manner: One of the
most vital reasons for keeping a security management policy is PAI is ensuring resumption of
important business operations and procedures within timely manner (Von Solms and Van
Niekerk 2013). It is extremely important for periodical check-ups for software upgrades as
well as providing a major insight on a regular basis. Thus, PAI will have the capability of
executing such business procedures in an efficient manner.
b) Improvement in Company Culture: This type of security policy is also required for
bringing major improvements in the company culture. As PAI is developing software for
clients and they majorly emphasizes on development of AI system, PAI should improvise the
organizational culture for developing every application effectively (Jaferian et al. 2014).
c) Protecting CIA of Data and Software: CIA or confidentiality, integrity and
availability of both data and software could be highly protected by undertaking a collection of
few technical and physical controls. Hence, better analysis as well as development of the
artificial intelligence products would be secured easily (Chander, Jain and Shankar 2013).
2. Development of a Detailed Security Policy and Security Management Plan
The security management planning as well as security policy must be properly
developed by Power AI with the significant purpose of maintaining integrity in information
and even for fulfilment of legislative and regulatory requirements (Sylves 2019). Few
important and significant steps for successful development of a security management
planning and security policy for securing the respective artificial intelligence products or
services in Power AI are provided below:
SECURITY AND GOVERNANCE
Few important and noteworthy reasons to have a proper policy within the organization
of PAI are provided below:
a) Ensuring Resumption of Vital Business Procedures in timely Manner: One of the
most vital reasons for keeping a security management policy is PAI is ensuring resumption of
important business operations and procedures within timely manner (Von Solms and Van
Niekerk 2013). It is extremely important for periodical check-ups for software upgrades as
well as providing a major insight on a regular basis. Thus, PAI will have the capability of
executing such business procedures in an efficient manner.
b) Improvement in Company Culture: This type of security policy is also required for
bringing major improvements in the company culture. As PAI is developing software for
clients and they majorly emphasizes on development of AI system, PAI should improvise the
organizational culture for developing every application effectively (Jaferian et al. 2014).
c) Protecting CIA of Data and Software: CIA or confidentiality, integrity and
availability of both data and software could be highly protected by undertaking a collection of
few technical and physical controls. Hence, better analysis as well as development of the
artificial intelligence products would be secured easily (Chander, Jain and Shankar 2013).
2. Development of a Detailed Security Policy and Security Management Plan
The security management planning as well as security policy must be properly
developed by Power AI with the significant purpose of maintaining integrity in information
and even for fulfilment of legislative and regulatory requirements (Sylves 2019). Few
important and significant steps for successful development of a security management
planning and security policy for securing the respective artificial intelligence products or
services in Power AI are provided below:
5
SECURITY AND GOVERNANCE
a) Performing the Regulatory Reviewing: The first and the foremost step in
developing a security management planning as well as security policy is performing the
regulatory reviewing (Tu and Yuan 2014). The requirement of such plan or policy is being
identified in this particular step.
b) Specifying Governance, Oversight and Responsibility: The second important and
significant step in this developing a security management planning as well as security policy
is specifying organizational governance, oversight and responsibility of the subsequent
organization.
c) Undertaking Inventory of Assets: The third distinctive and vital step for
development of a security management planning as well as security policy would be
undertaking or considering the inventory of assets so that it becomes quite easy to bring out
major advantages or benefits from organizational assets (Karangelos, E., Panciatici, P. and
Wehenkel 2013).
d) Data Classification: Each and every type of data is needed to be properly analysed
so that data classification is being done in an effective and efficient manner. In PAI, the data
related to AI is termed as extremely vital.
e) Evaluating all Available Security Safeguards: PAI requires to evaluate all types of
available safeguards of security and this is extremely important for this organization (Fenz et
al. 2014). This particular step is extremely important for understanding the types of risks and
threats that are to be dealt within the business.
f) Performance of Assessment for Third Party Threats: The third party threats are
extremely vulnerable for PAI and AI related data, hence these threats are required to be
analysed properly to obtain an overall concept of the risk assessment for reducing all kinds of
vulnerabilities.
SECURITY AND GOVERNANCE
a) Performing the Regulatory Reviewing: The first and the foremost step in
developing a security management planning as well as security policy is performing the
regulatory reviewing (Tu and Yuan 2014). The requirement of such plan or policy is being
identified in this particular step.
b) Specifying Governance, Oversight and Responsibility: The second important and
significant step in this developing a security management planning as well as security policy
is specifying organizational governance, oversight and responsibility of the subsequent
organization.
c) Undertaking Inventory of Assets: The third distinctive and vital step for
development of a security management planning as well as security policy would be
undertaking or considering the inventory of assets so that it becomes quite easy to bring out
major advantages or benefits from organizational assets (Karangelos, E., Panciatici, P. and
Wehenkel 2013).
d) Data Classification: Each and every type of data is needed to be properly analysed
so that data classification is being done in an effective and efficient manner. In PAI, the data
related to AI is termed as extremely vital.
e) Evaluating all Available Security Safeguards: PAI requires to evaluate all types of
available safeguards of security and this is extremely important for this organization (Fenz et
al. 2014). This particular step is extremely important for understanding the types of risks and
threats that are to be dealt within the business.
f) Performance of Assessment for Third Party Threats: The third party threats are
extremely vulnerable for PAI and AI related data, hence these threats are required to be
analysed properly to obtain an overall concept of the risk assessment for reducing all kinds of
vulnerabilities.
⊘ This is a preview!⊘
Do you want full access?
Subscribe today to unlock all pages.
Trusted by 1+ million students worldwide
6
SECURITY AND GOVERNANCE
g) Creating an Incident Response Planning: An incident response planning is
important for management of situations that result from several IT security breaches or
incidents (Fennelly 2016). This type of planning is being utilized in enterprise IT facilities or
environments for the core purpose of identifying, responding, limiting as well as
counteracting security incidents when they occur.
h) Training as well as Testing of Staff: The final step in developing a security
management planning as well as security policy for PAI is training and examining staff or
employees (Webb et al. 2014). It is needed for evaluation of the staff.
3. Identification of main Functions, Tasks, Responsibilities and Roles for Security
Management Program for PAI and Roles of Several Individuals and Groups in
Governance
There are three distinctive levels for data access control in Power AI in governance
and these are provided below:
a) Management Level: The management level involves recovery, corrective,
detective, compensating, preventative and deterrent (Paryasto, Alamsyah and Rahardjo
2014). All such categories include security policies, disaster recovery planning, registration
procedures, and periodical violation review report as well as duty separation.
b) Operational Level: All the above provided categories in management level are to
be protected by operational level and this level includes in depth defence, fire suppression
systems, CCTVs, warning signs and guards and fences.
c) Technical Level: This is the final level that is to be analysed in PAI for governance
management (Peltier 2013). All the five categories mentioned in management level include
security of warning barriers, log monitors, regular backups of data, keystroke monitoring and
forensic process.
SECURITY AND GOVERNANCE
g) Creating an Incident Response Planning: An incident response planning is
important for management of situations that result from several IT security breaches or
incidents (Fennelly 2016). This type of planning is being utilized in enterprise IT facilities or
environments for the core purpose of identifying, responding, limiting as well as
counteracting security incidents when they occur.
h) Training as well as Testing of Staff: The final step in developing a security
management planning as well as security policy for PAI is training and examining staff or
employees (Webb et al. 2014). It is needed for evaluation of the staff.
3. Identification of main Functions, Tasks, Responsibilities and Roles for Security
Management Program for PAI and Roles of Several Individuals and Groups in
Governance
There are three distinctive levels for data access control in Power AI in governance
and these are provided below:
a) Management Level: The management level involves recovery, corrective,
detective, compensating, preventative and deterrent (Paryasto, Alamsyah and Rahardjo
2014). All such categories include security policies, disaster recovery planning, registration
procedures, and periodical violation review report as well as duty separation.
b) Operational Level: All the above provided categories in management level are to
be protected by operational level and this level includes in depth defence, fire suppression
systems, CCTVs, warning signs and guards and fences.
c) Technical Level: This is the final level that is to be analysed in PAI for governance
management (Peltier 2013). All the five categories mentioned in management level include
security of warning barriers, log monitors, regular backups of data, keystroke monitoring and
forensic process.
Paraphrase This Document
Need a fresh take? Get an instant paraphrase of this document with our AI Paraphraser
7
SECURITY AND GOVERNANCE
4. Identification of Main Methods and Models to Develop Security Management
Program
The most suitable model, which could eventually make the entire security
management program much more efficient and effective in Power AI as compared to any
other security program would be Control Objectives for Information and Related Technology
or COBIT and the details of this particular model are provided below:
a) Fulfilling all Needs of Stakeholders: This is the first and the most important step
in COBIT model for PAI (Wei et al. 2014). The stakeholders are the most important parts of
an organization and hence it is required to fulfil each and every need of stakeholder. To gain
such distinctive advantages, it is extremely important to develop security policy of
information. As the organizational management is majorly concerned regarding all types of
intellectual properties, it is vital to identify each and every risk, hence identifying all types of
challenges or gaps in business processes (Siponen, Mahmood and Pahnila 2014).
b) Covering up of End to End Enterprises: The respective enterprise end to end is
being effectively and efficiently covered so that it becomes much easy to reduce all types of
complexities in a better manner (Kanatov, Atymtayeva and Yagaliyeva 2014).
c) Applying a Single Incorporated Framework: A single incorporated and integrated
framework is being successfully applied in this particular step with the major purpose that
PAI can understand every risk for systems and equipment.
d) Allowing Holistic Approach: Holistic approach is needed for considering the social
factors within Power AI.
e) Separating Management and Governance: The final step is to separate
management and governance so that privacy as well as security of confidential data is being
maintained in a better manner (Oppliger 2015). All kinds of illegal data extraction is being
SECURITY AND GOVERNANCE
4. Identification of Main Methods and Models to Develop Security Management
Program
The most suitable model, which could eventually make the entire security
management program much more efficient and effective in Power AI as compared to any
other security program would be Control Objectives for Information and Related Technology
or COBIT and the details of this particular model are provided below:
a) Fulfilling all Needs of Stakeholders: This is the first and the most important step
in COBIT model for PAI (Wei et al. 2014). The stakeholders are the most important parts of
an organization and hence it is required to fulfil each and every need of stakeholder. To gain
such distinctive advantages, it is extremely important to develop security policy of
information. As the organizational management is majorly concerned regarding all types of
intellectual properties, it is vital to identify each and every risk, hence identifying all types of
challenges or gaps in business processes (Siponen, Mahmood and Pahnila 2014).
b) Covering up of End to End Enterprises: The respective enterprise end to end is
being effectively and efficiently covered so that it becomes much easy to reduce all types of
complexities in a better manner (Kanatov, Atymtayeva and Yagaliyeva 2014).
c) Applying a Single Incorporated Framework: A single incorporated and integrated
framework is being successfully applied in this particular step with the major purpose that
PAI can understand every risk for systems and equipment.
d) Allowing Holistic Approach: Holistic approach is needed for considering the social
factors within Power AI.
e) Separating Management and Governance: The final step is to separate
management and governance so that privacy as well as security of confidential data is being
maintained in a better manner (Oppliger 2015). All kinds of illegal data extraction is being
8
SECURITY AND GOVERNANCE
stopped by incorporation of this particular model and thus significant attack trends could be
determined.
5. Detailed Discussion on Implications of Statutory and Legal Requirements and Main
Advantages for Formal Approach
Few distinctive laws, which are suitable for the organization of PAI for security of
their applications and intellectual properties are provided below:
a) Privacy Act 2018: Every intellectual property is being secured by this particular
law (Brooks and Corkill 2014).
b) Corporations Act 2001: All the employees of PAI would eventually follow
regulations and ethics related to work by incorporation of this act.
c) Privacy and Data Protection Act 2014: As per this act, confidential information
and data are protected under every circumstance in PAI.
d) Security of Critical Infrastructure Act 2018: Organizational infrastructure are
secured by incorporation of this act and hence security is maintained efficiently (Bojanc and
Jerman-Blažič 2013).
The major advantages of this formal approach is that it can bring high security
towards intellectual properties, thus securing CIA for information.
SECURITY AND GOVERNANCE
stopped by incorporation of this particular model and thus significant attack trends could be
determined.
5. Detailed Discussion on Implications of Statutory and Legal Requirements and Main
Advantages for Formal Approach
Few distinctive laws, which are suitable for the organization of PAI for security of
their applications and intellectual properties are provided below:
a) Privacy Act 2018: Every intellectual property is being secured by this particular
law (Brooks and Corkill 2014).
b) Corporations Act 2001: All the employees of PAI would eventually follow
regulations and ethics related to work by incorporation of this act.
c) Privacy and Data Protection Act 2014: As per this act, confidential information
and data are protected under every circumstance in PAI.
d) Security of Critical Infrastructure Act 2018: Organizational infrastructure are
secured by incorporation of this act and hence security is maintained efficiently (Bojanc and
Jerman-Blažič 2013).
The major advantages of this formal approach is that it can bring high security
towards intellectual properties, thus securing CIA for information.
⊘ This is a preview!⊘
Do you want full access?
Subscribe today to unlock all pages.
Trusted by 1+ million students worldwide
9
SECURITY AND GOVERNANCE
Part B: Appendix
1. Risk Management Plan
Risk management or risk assessment of every important and significant risk is
extremely vital for PAI.
i) There are some of the major benefits that any risk management plan could be
bringing to this organization and these are noted below:
a) Efficient Decision Making Process: The first advantage is that this type of plan is
extremely important for making decision making process efficient and hence helping the
organization.
b) Providing High Quality of Data: The data of the organization would become of
high quality with eradication of risks and threats by risk management plan.
c) Removing Issues and Complexities: Each and every risk and complexity could be
easily removed effectively by not facing any problem.
d) Easy in Spotting Projects: PAI would be able to spot better projects after
eradication of risks from their existing information systems and hence can enjoy profit to a
high level.
There are some of the major and most significant steps for making a risk management
plan and these steps are noted below:
i) Proper Identification of Threats and Risks.
ii) Detailed Analysis of every Identified Threat and Risk.
iii) Suitable Action undertaken for every Identified Threat and Risk.
iv) Risk Monitoring.
SECURITY AND GOVERNANCE
Part B: Appendix
1. Risk Management Plan
Risk management or risk assessment of every important and significant risk is
extremely vital for PAI.
i) There are some of the major benefits that any risk management plan could be
bringing to this organization and these are noted below:
a) Efficient Decision Making Process: The first advantage is that this type of plan is
extremely important for making decision making process efficient and hence helping the
organization.
b) Providing High Quality of Data: The data of the organization would become of
high quality with eradication of risks and threats by risk management plan.
c) Removing Issues and Complexities: Each and every risk and complexity could be
easily removed effectively by not facing any problem.
d) Easy in Spotting Projects: PAI would be able to spot better projects after
eradication of risks from their existing information systems and hence can enjoy profit to a
high level.
There are some of the major and most significant steps for making a risk management
plan and these steps are noted below:
i) Proper Identification of Threats and Risks.
ii) Detailed Analysis of every Identified Threat and Risk.
iii) Suitable Action undertaken for every Identified Threat and Risk.
iv) Risk Monitoring.
Paraphrase This Document
Need a fresh take? Get an instant paraphrase of this document with our AI Paraphraser
10
SECURITY AND GOVERNANCE
v) Removal of Risks.
Contingency planning and risk analysis is extremely important for helping any
specific organization to respond efficiently towards the future event and making an
alternative plan for actions. Risk analysis helps them in analysing all types of risks and hence
ensuring that risks are identified in a better manner without much complexities. With the help
of CBA or cost benefit analysis, the organization can analyse their decisions and calculate
benefits or profits for the business.
2. Threats, Vulnerabilities and Attacks of the Formal Plan
There are four categories of assets, which involve people, process, hardware and
software and four types of threats are internal, external, deliberate and accidental. The most
significant risks, vulnerabilities as well as attacks under these above mentioned threat
categories for formal plan are provided below:
a) Ransomware: The first kind of malware majorly is responsible for encrypting all
types of files as well as locking the entire system to make it completely inaccessible. It is
quite common for systems that deal with confidential information. It is an external and
deliberate threat.
b) Extortion of Information: Information extortion is the second risk that is to be
considered in this particular scenario. Organizational intellectual properties are often hacked
for extracting information in an effective manner. It is an internal as well as deliberate threat.
c) Trojan Horse: Another significant and important attack or threat towards patient
information for the organization of Power AI is Trojan horse. The most important purpose of
such distinctive threat is concealing the information in software that might seem ethical and
legal regarding software execution. This would lead to information theft and even losing of
data forever. It is an accidental threat category.
SECURITY AND GOVERNANCE
v) Removal of Risks.
Contingency planning and risk analysis is extremely important for helping any
specific organization to respond efficiently towards the future event and making an
alternative plan for actions. Risk analysis helps them in analysing all types of risks and hence
ensuring that risks are identified in a better manner without much complexities. With the help
of CBA or cost benefit analysis, the organization can analyse their decisions and calculate
benefits or profits for the business.
2. Threats, Vulnerabilities and Attacks of the Formal Plan
There are four categories of assets, which involve people, process, hardware and
software and four types of threats are internal, external, deliberate and accidental. The most
significant risks, vulnerabilities as well as attacks under these above mentioned threat
categories for formal plan are provided below:
a) Ransomware: The first kind of malware majorly is responsible for encrypting all
types of files as well as locking the entire system to make it completely inaccessible. It is
quite common for systems that deal with confidential information. It is an external and
deliberate threat.
b) Extortion of Information: Information extortion is the second risk that is to be
considered in this particular scenario. Organizational intellectual properties are often hacked
for extracting information in an effective manner. It is an internal as well as deliberate threat.
c) Trojan Horse: Another significant and important attack or threat towards patient
information for the organization of Power AI is Trojan horse. The most important purpose of
such distinctive threat is concealing the information in software that might seem ethical and
legal regarding software execution. This would lead to information theft and even losing of
data forever. It is an accidental threat category.
11
SECURITY AND GOVERNANCE
d) Data Sabotage: The next significant threat or vulnerability, which is to be analysed
is data sabotage. This could be done by organizational members themselves. It can either be
internal or deliberate or accidental threat.
e) Intellectual Property Theft: Another distinctive threat is the theft of intellectual
properties in PAI. Copyrights and patents are being violated by this threat and hence there
could be some of the major issues related to intellectual properties. It is a deliberate or
accidental threat.
f) Identity Theft: The other significant threat or risk would be identity theft. Such
distinctive risk is responsible for ensuring to act as other entity to eventually obtain all
personal information for any individual to access confidential data that is needed to access. It
is an internal threat.
3. Plan for Managing Risks and Threats
A proper plan to manage all types of risks for patient information in PAI is provided
below:
Threat, Vulnerability
and Attack
Set of Priorities Recommended Controls
Ransomware High Periodical up gradations of data backup
systems and software.
Extortion of
Information
Low Proper creation of file backup and
providing training to employees.
Trojan Horse High Installing protection software of right end
point.
Data Sabotage Medium Maintaining security of the policy and also
maintenance of physical security.
SECURITY AND GOVERNANCE
d) Data Sabotage: The next significant threat or vulnerability, which is to be analysed
is data sabotage. This could be done by organizational members themselves. It can either be
internal or deliberate or accidental threat.
e) Intellectual Property Theft: Another distinctive threat is the theft of intellectual
properties in PAI. Copyrights and patents are being violated by this threat and hence there
could be some of the major issues related to intellectual properties. It is a deliberate or
accidental threat.
f) Identity Theft: The other significant threat or risk would be identity theft. Such
distinctive risk is responsible for ensuring to act as other entity to eventually obtain all
personal information for any individual to access confidential data that is needed to access. It
is an internal threat.
3. Plan for Managing Risks and Threats
A proper plan to manage all types of risks for patient information in PAI is provided
below:
Threat, Vulnerability
and Attack
Set of Priorities Recommended Controls
Ransomware High Periodical up gradations of data backup
systems and software.
Extortion of
Information
Low Proper creation of file backup and
providing training to employees.
Trojan Horse High Installing protection software of right end
point.
Data Sabotage Medium Maintaining security of the policy and also
maintenance of physical security.
⊘ This is a preview!⊘
Do you want full access?
Subscribe today to unlock all pages.
Trusted by 1+ million students worldwide
1 out of 17
Related Documents
Your All-in-One AI-Powered Toolkit for Academic Success.
+13062052269
info@desklib.com
Available 24*7 on WhatsApp / Email
![[object Object]](/_next/static/media/star-bottom.7253800d.svg)
Unlock your academic potential
Copyright © 2020–2025 A2Z Services. All Rights Reserved. Developed and managed by ZUCOL.