PricingBlogAbout Us

7COM1066: Information Security Management and Compliance Report

Verified

Added on  2022/09/09

|8
|1683
|15
Report
AI Summary
This report provides an in-depth analysis of information security management and compliance, focusing on the policies and frameworks implemented by the UK government to protect data in the digital age. It examines various policies, including media protection, data encryption, access control, employee communication monitoring, and email policies. The report highlights high-priority security control techniques such as intrusion detection systems, digital signatures, and disabling peer-to-peer wireless connections to mitigate risks like data breaches and unauthorized access. The discussion section emphasizes the importance of data encryption, employee monitoring, and proper training to prevent data compromise. It also underscores the role of backup systems and incident response teams. The report concludes that effective IT security policies, combined with employee awareness and continuous maintenance, are crucial for preventing data security breaches and ensuring robust organizational performance. The report references relevant academic sources to support its arguments and provides an appendix with a summary of the discussed policies.
tabler-icon-diamond-filled.svg

Contribute Materials

Your contribution can guide someone’s learning journey. Share your documents today.
Document Page
Running head: INFORMATION SECURITY MANAGEMENT AND COMPLIANCE
Information Security Management and Compliance
Name of the Student:
Name of the University:
Author note:
tabler-icon-diamond-filled.svg

Secure Best Marks with AI Grader

Need help grading? Try our AI Grader for instant feedback on your assignments.
Document Page
1INFORMATION SECURITY MANAGEMENT AND COMPLIANCE
Introduction:
Digital age has resulted in the digitalization of all the information system present in most
of the organizations. There are numerous technologies that has developed in the past few years
and they are still improvising. With the development of the technology, the threat to the data
present in the system has increased as well (Aldawood and Skinner 2019). The technological
advancement have given rise to various methods to breach the data in a system. The integrity and
the privacy if the data is at stake if the system of information is accessed by the unauthorized
entities. To protect the data privacy and the integrity, certain policies are implemented by the
United Kingdom Government (Alyami, Boit and El Gayar 2018). This discussion is regarding
such policies and threats which can harm the information system.
Information Technology Policy Framework:
Sl. No. Policy No. Name of the Policies Description
1 E.4.17 Media Protection Adopted on 24th of July, 2018
Status is Active
This policy ensures the protection of the sensitive
data that are stored in the database of the
organization.
The data stored are given protection with
encryption.
2 E.4.7 Data Encryption Adopted on 1st of April, 2011
Status: Active
For ensuring the data security, the information are
encrypted with the help of certain encryption
algorithm such that the data remains secured while
Document Page
2INFORMATION SECURITY MANAGEMENT AND COMPLIANCE
it is transferred (Sehgal et al. 2019).
3 E.4.24 Access Control Adopted on 1st of July, 2019
Status: Active
Only people having the authorized access to the
system can visit the data and use it.
The owner of the system can visit can access the
system and makes necessary changes as possible.
The users are handed over with the log in credential
in a confidential manner (Yin et al. 2019).
4 E.4.8 Monitoring of Employee
Electronic
Communications or Files
Adopted on April 1, 2004
Status: Active
According to this policy, the employee’s electronic
mode of communication within the company or the
organization can be monitored by the authority. The
files can be scanned by the authority for checking
vulnerabilities.
5 E.4.9 Email Policy Adopted on August 4, 2011
Status: Active
This policy states that the employees of the
organization will use the official email address
while accessing the organizational documents or
organizational online assets.
The authority can use the email address for the
purpose of monitoring the employee activities.
High Priority Security Control Techniques of the Organization:
Sl.
No.
Priority High Priority Risk Security Controls Rationales:
Document Page
3INFORMATION SECURITY MANAGEMENT AND COMPLIANCE
1 High The most high
priority risks in
the system
comprises of the
data breach,
Identity theft due
to leakage of the
information and
Unauthorized
access to the
network
For the purpose of the data
leakage, Intrusion Detection
System or the data theft alert
system can be implemented in the
organization (Yar and
Steinmetz 2019).
This helps in notifying the
organizations as soon as the attack
is initiated in the systems. Even
smallest signal of the attack is
detected by the system.
2 High For the unauthorized access to the
data, digital signatures, or
biometrics can be implemented
such that only authorized entities
can access the system.
This only allows the people with
authentic passwords to access the
system.
3 High Disabling the peer to peer
wireless connection helps in the
effective control of the risk due to
the data loss.
Peer to peer access increases the
vulnerability of the data.
Executive Summary:
Introduction:
The importance of the technology has completely dependent on them. The introduction of
the digital age has made the availability of the data at our fingertips and with the evolution of the
cloud computing technology the data is widely available anywhere anytime. All though there are
certain security measures that are taken by the organisation to ensure the integrity of the data, the
breaches still occurs and at times due the faulty infrastructure of the organisation itself (Ellis and
Mohan 2019). Thus security policies are implemented by the Government of United Kingdom to
protect the data that is available online. The report discusses about such security policies which
are used for the mitigation of the data security issues.
Discussion:
One of the greatest issues in the contemporary digital world is the loss of data due to
attack. Most of these attacks are often initiated from the organisation itself. The data are often
not encrypted, the employee devices are not monitored properly, and lack of proper maintenance
tabler-icon-diamond-filled.svg

Secure Best Marks with AI Grader

Need help grading? Try our AI Grader for instant feedback on your assignments.
Document Page
4INFORMATION SECURITY MANAGEMENT AND COMPLIANCE
and improper employee training are few of the reasons due to which data in the organizations are
compromised (Gunkel 2018). To prevent this, the government of the United Kingdom has
implemented some policies for the IT infrastructure of the organisation such that the data
integrity is maintained and the loss of data is prevented. The policies like, access control policies
control and limits the access of the unauthorized entities in the system. The email policies allows
the employee to use the official email id generated for them by the organisation in this way the
company or the institute can monitor the activities by the employees. Different policies have
been implemented and they are being revised regularly to combat with the larger Information
Technology issues in the organizations. This has helped in controlling the data breach and the
loss of the data. Moreover, back up must be generated as an emergency for the immediate
recovery when the attack has already taken place (Solove and Citron 2017). An incident response
team can be effective in this case as they are quick to act in the time of crisis. The policies like
the media protection helps in the securing the data and the media transferred by an individual
with strong encryption algorithms. These helps in securing the data while transferring them.
Conclusion:
Thus from the above report we can conclude that the IT security policy framework
developed by the UK government has helped in mitigating the issues of the data security
breaches in the organizations by certain algorithms. With proper maintenance of these policies
and being aware of the vulnerabilities that are prevailing in the organisations one can prevent
these attacks from taking place. Providing proper training to the employees helps in the
betterment of organisations with improved performance and better results and security.
Document Page
5INFORMATION SECURITY MANAGEMENT AND COMPLIANCE
References:
Aldawood, H. and Skinner, G., 2019. Contemporary Cyber Security Social Engineering
Solutions, Measures, Policies, Tools and Applications: A Critical Appraisal. International
Journal of Security (IJS), 10(1), p.1.
Alyami, H., Boit, J. and El Gayar, O., 2018. A Study of IT Security Policies.
Ellis, R. and Mohan, V. eds., 2019. Rewired: Cybersecurity Governance. John Wiley & Sons.
Gunkel, D.J., 2018. Hacking cyberspace. Routledge.
Sehgal, K., Dua, H.K., Kalra, M., Jain, A. and Sharma, V., 2019. Encryption Using Logistic Map
and RSA Algorithm. In Innovations in Computer Science and Engineering (pp. 183-189).
Springer, Singapore.
Solove, D.J. and Citron, D.K., 2017. Risk and anxiety: A theory of data-breach harms. Tex. L.
Rev., 96, p.737.
Yar, M. and Steinmetz, K.F., 2019. Cybercrime and society. SAGE Publications Limited.
Yin, H., Xiong, Y., Zhang, J., Ou, L., Liao, S. and Qin, Z., 2019. A Key-Policy Searchable
Attribute-Based Encryption Scheme for Efficient Keyword Search and Fine-Grained Access
Control over Encrypted Data. Electronics, 8(3), p.265.
Document Page
6INFORMATION SECURITY MANAGEMENT AND COMPLIANCE
Appendix:
Sl. No. Policy No. Name of the Policies Description
1 E.4.17 Media Protection Adopted on 24th of July, 2018
Status is Active
This policy ensures the protection of the sensitive
data that are stored in the database of the
organization.
The data stored are given protection with
encryption.
2 E.4.7 Data Encryption Adopted on 1st of April, 2011
Status: Active
For ensuring the data security, the information are
encrypted with the help of certain encryption
algorithm such that the data remains secured while
it is transferred.
3 E.4.24 Access Control Adopted on 1st of July, 2019
Status: Active
Only people having the authorized access to the
system can visit the data and use it.
The owner of the system can visit can access the
system and makes necessary changes as possible.
The users are handed over with the log in credential
in a confidential manner.
4 E.4.8 Monitoring of Employee
Electronic
Communications or Files
Adopted on April 1, 2004
Status: Active
tabler-icon-diamond-filled.svg

Paraphrase This Document

Need a fresh take? Get an instant paraphrase of this document with our AI Paraphraser
Document Page
7INFORMATION SECURITY MANAGEMENT AND COMPLIANCE
According to this policy, the employee’s electronic
mode of communication within the company or the
organization can be monitored by the authority. The
files can be scanned by the authority for checking
vulnerabilities.
5 E.4.9 Email Policy Adopted on August 4, 2011
Status: Active
This policy states that the employees of the
organization will use the official email address
while accessing the organizational documents or
organizational online assets.
The authority can use the email address for the
purpose of monitoring the employee activities.
chevron_up_icon
1 out of 8
circle_padding
hide_on_mobile
zoom_out_icon
logo.png

Your All-in-One AI-Powered Toolkit for Academic Success.

  +13062052269
info@desklib.com

Available 24*7 on WhatsApp / Email

[object Object]
Unlock your academic potential

© 2024   |   Zucol Services PVT LTD   |   All rights reserved.