Risk Management and Security in Smart Software Pty Ltd Report
VerifiedAdded on 2023/04/24
|19
|4549
|323
Report
AI Summary
This report provides an in-depth analysis of information security management (ISM) at Smart Software Pty Ltd, a leading software organization based in Melbourne. It discusses the application of information security risk management (ISRM) principles, including identification, protection, response, and recovery, tailored to the company's specific context. The report emphasizes the importance of creating business awareness, defining a comprehensive ISRM program, and developing functional capabilities for security and risk management. Metrics and benchmarking are addressed, highlighting the need to align with industry standards like ISO 27000 and NIST. Furthermore, the report explores information security certification and accreditation processes suitable for Smart Software Pty Ltd, outlining eligibility criteria, timelines, and relevant standards. The ultimate goal is to assist Smart Software Pty Ltd in effectively managing its security risks, protecting its information assets, and ensuring compliance with industry regulations. Desklib provides access to this document and many other solved assignments for students.
Contribute Materials
Your contribution can guide someone’s learning journey. Share your
documents today.
INFORMATION SECURITY MANAGEMENT
Information Security Management
Name of the Student
Name of the University
Author Note:
Information Security Management
Name of the Student
Name of the University
Author Note:
Secure Best Marks with AI Grader
Need help grading? Try our AI Grader for instant feedback on your assignments.
iINFORMATION SECURITY MANAGEMENT
Executive Summary
Smart Software Pty Ltd is known to be a leading software organization which is based in
Melbourne. The organization tends to develop a large number of software for their Australian
clients who are based in Melbourne, Sydney and Brisbane. This particular software organization
aims to manage six teams which tends to manage development team, developing codes of
software, sales and project team management. In the coming pages of the report, a discussion has
been provided with respect to application of information risk management. Along with,
information certification and accreditation for this organization has been discussed with respect
to scenario.
Executive Summary
Smart Software Pty Ltd is known to be a leading software organization which is based in
Melbourne. The organization tends to develop a large number of software for their Australian
clients who are based in Melbourne, Sydney and Brisbane. This particular software organization
aims to manage six teams which tends to manage development team, developing codes of
software, sales and project team management. In the coming pages of the report, a discussion has
been provided with respect to application of information risk management. Along with,
information certification and accreditation for this organization has been discussed with respect
to scenario.
iiINFORMATION SECURITY MANAGEMENT
Table of Contents
Introduction..........................................................................................................................4
Discussion............................................................................................................................4
Information security risk management (ISRM)...............................................................4
Creating business awareness........................................................................................7
Defining the program...................................................................................................7
Developing program....................................................................................................8
Metrics and benchmarking..........................................................................................9
Operation and Implementation....................................................................................9
Information Security Certification.................................................................................10
Accreditation to Smart Pty ltd.......................................................................................11
Snapshot.....................................................................................................................12
Private Edition Services.............................................................................................12
Timeline and Process.................................................................................................12
Standard for Smart Software Pty Ltd.........................................................................13
Eligibility Criteria......................................................................................................13
Fee Information.........................................................................................................13
Conclusion.........................................................................................................................14
References..........................................................................................................................14
Table of Contents
Introduction..........................................................................................................................4
Discussion............................................................................................................................4
Information security risk management (ISRM)...............................................................4
Creating business awareness........................................................................................7
Defining the program...................................................................................................7
Developing program....................................................................................................8
Metrics and benchmarking..........................................................................................9
Operation and Implementation....................................................................................9
Information Security Certification.................................................................................10
Accreditation to Smart Pty ltd.......................................................................................11
Snapshot.....................................................................................................................12
Private Edition Services.............................................................................................12
Timeline and Process.................................................................................................12
Standard for Smart Software Pty Ltd.........................................................................13
Eligibility Criteria......................................................................................................13
Fee Information.........................................................................................................13
Conclusion.........................................................................................................................14
References..........................................................................................................................14
1INFORMATION SECURITY MANAGEMENT
Introduction
Smart Software Pty Ltd is known to be a leading software organization which is based in
Melbourne. This particular organization is based in Australia which develops software for
business clients in different regions of the world. This organization is handled by CEO who
manages six teams under it like development team, QA team, UX team, Marketing and Sales
team. The development team of this organization aims to develop large number of software
which is needed for UX team user interference. QA team of this organization focus on managing
large number of IT-based resources and operation. Sales and marketing team of this organization
focus on new kind of clients and sales production to clients. Team of project management focus
on managing various kind of software development and making sure that project is completed on
given time. It mainly focuses on understanding the overall needs of the clients. Apart from there
is project manager, who tends to look after various aspects like budget and account who keep a
track of the accounting. It is expected that the overall turnover is around 8 million dollars per
annum.
In the coming pages of the report, an idea has been provided with respect to application
of the principal for information security risk management. After that, an information security
certification and accreditation for the organization has been given for this organization. At
present, the consequence of recent strategic planning has been discussed in details. Smart
Software is now focusing on evaluation of various kind of security risk. The organization is now
reviewing their security policies along with upgrading the security management based services.
Introduction
Smart Software Pty Ltd is known to be a leading software organization which is based in
Melbourne. This particular organization is based in Australia which develops software for
business clients in different regions of the world. This organization is handled by CEO who
manages six teams under it like development team, QA team, UX team, Marketing and Sales
team. The development team of this organization aims to develop large number of software
which is needed for UX team user interference. QA team of this organization focus on managing
large number of IT-based resources and operation. Sales and marketing team of this organization
focus on new kind of clients and sales production to clients. Team of project management focus
on managing various kind of software development and making sure that project is completed on
given time. It mainly focuses on understanding the overall needs of the clients. Apart from there
is project manager, who tends to look after various aspects like budget and account who keep a
track of the accounting. It is expected that the overall turnover is around 8 million dollars per
annum.
In the coming pages of the report, an idea has been provided with respect to application
of the principal for information security risk management. After that, an information security
certification and accreditation for the organization has been given for this organization. At
present, the consequence of recent strategic planning has been discussed in details. Smart
Software is now focusing on evaluation of various kind of security risk. The organization is now
reviewing their security policies along with upgrading the security management based services.
Secure Best Marks with AI Grader
Need help grading? Try our AI Grader for instant feedback on your assignments.
2INFORMATION SECURITY MANAGEMENT
Discussion
Information security risk management (ISRM)
Information security risk management (ISRM) can be stated as a process of managing
various kind of risk. It is associated with use of information technology in Smart software Pty
Ltd. It focuses on identifying, treating and lastly accessing to the integrity and availability for
this organizational asset (Kiedrowicz and Stanik 2015). The main goal of this process is all about
treating risk concerning organization overall tolerance of risk. The end goal of this particular
method is all about understanding the overall risk tolerance. The business of this organization
focuses on the fact of addressing various kind of risk. It is all about understanding and achieving
the given risk level for this particular organization (Jacobsson and Davidsson 2015). There are
large number of framework which can help this software organization to building ISRM strategy.
One of the common kinds of framework in the cybersecurity is all about building proper kind of
strategy. It comprises of series of steps like
Identification: Various kind of activity in this group is all about development of proper
kind of understanding with respect to cybersecurity risk in the given system. It mainly tends to
highlight large number of factors like system, people, data and lastly capabilities (Ismail et al.
2018). By the help of business context, all the present business needs and related risk can help
this organization in understanding threats. In this step, the main focus in all about giving priority
to the security efforts. There is large number of activities in this particular asset management,
governing and carrying out risk assessment (Michael 2016).
Protection: Smart Software Pty Ltd focus on implementing certain number of safeguard
and security-based control which is required for protecting the required assets from any kind of
Discussion
Information security risk management (ISRM)
Information security risk management (ISRM) can be stated as a process of managing
various kind of risk. It is associated with use of information technology in Smart software Pty
Ltd. It focuses on identifying, treating and lastly accessing to the integrity and availability for
this organizational asset (Kiedrowicz and Stanik 2015). The main goal of this process is all about
treating risk concerning organization overall tolerance of risk. The end goal of this particular
method is all about understanding the overall risk tolerance. The business of this organization
focuses on the fact of addressing various kind of risk. It is all about understanding and achieving
the given risk level for this particular organization (Jacobsson and Davidsson 2015). There are
large number of framework which can help this software organization to building ISRM strategy.
One of the common kinds of framework in the cybersecurity is all about building proper kind of
strategy. It comprises of series of steps like
Identification: Various kind of activity in this group is all about development of proper
kind of understanding with respect to cybersecurity risk in the given system. It mainly tends to
highlight large number of factors like system, people, data and lastly capabilities (Ismail et al.
2018). By the help of business context, all the present business needs and related risk can help
this organization in understanding threats. In this step, the main focus in all about giving priority
to the security efforts. There is large number of activities in this particular asset management,
governing and carrying out risk assessment (Michael 2016).
Protection: Smart Software Pty Ltd focus on implementing certain number of safeguard
and security-based control which is required for protecting the required assets from any kind of
3INFORMATION SECURITY MANAGEMENT
cyber threats (Grover, Reinicke and Cummings 2016). There is large number of activities which
helps in carrying out identity management and access based control. Apart from this, it also
focusses on promoting required awareness and training to the staff members.
Response: Smart Software Pty Ltd focus on addressing the incident of cyber-security
attack (Smit, Zoet and Slot 2016). There is large number of organization which makes use of
certain number of techniques which can create huge amount of impact on the incident. Also, it
tends to focus on certain number of things like response planning, communication, mitigation,
improvement and lastly proper kind of analysis.
Recover: Smart Software Pty Ltd focus on developing along with implementing certain
number of activities which is needed for restoring the given activities. It is mainly impacted by a
list of security-based incidents (Skopik, Settanni and Fiedler 2016). The group members tend to
provide aim which is needed for recovery of thing in timely way. It can be stated as normal way
for reducing the impact from any kind of incident. It mainly includes various kind of phases like
planning, recovery and lasting improvements.
ISRM can be stated as an ongoing method for identifying, assessing along with making
response for the given security risk (Kröger and Sansavini 2016). For managing the risk
ineffective way, organization should focus on the likelihood for the events that can pose a threat
to IT environment. Apart from this, it tends to address the overall effect on each kind of risk.
There is mainly three kinds of criteria for understanding the ISRM strategy ineffective way.
It focuses on understanding the unacceptable kind of risk which needs to be
identified and addressed properly.
It emphasizes that both money and effort are not being wasted.
cyber threats (Grover, Reinicke and Cummings 2016). There is large number of activities which
helps in carrying out identity management and access based control. Apart from this, it also
focusses on promoting required awareness and training to the staff members.
Response: Smart Software Pty Ltd focus on addressing the incident of cyber-security
attack (Smit, Zoet and Slot 2016). There is large number of organization which makes use of
certain number of techniques which can create huge amount of impact on the incident. Also, it
tends to focus on certain number of things like response planning, communication, mitigation,
improvement and lastly proper kind of analysis.
Recover: Smart Software Pty Ltd focus on developing along with implementing certain
number of activities which is needed for restoring the given activities. It is mainly impacted by a
list of security-based incidents (Skopik, Settanni and Fiedler 2016). The group members tend to
provide aim which is needed for recovery of thing in timely way. It can be stated as normal way
for reducing the impact from any kind of incident. It mainly includes various kind of phases like
planning, recovery and lasting improvements.
ISRM can be stated as an ongoing method for identifying, assessing along with making
response for the given security risk (Kröger and Sansavini 2016). For managing the risk
ineffective way, organization should focus on the likelihood for the events that can pose a threat
to IT environment. Apart from this, it tends to address the overall effect on each kind of risk.
There is mainly three kinds of criteria for understanding the ISRM strategy ineffective way.
It focuses on understanding the unacceptable kind of risk which needs to be
identified and addressed properly.
It emphasizes that both money and effort are not being wasted.
4INFORMATION SECURITY MANAGEMENT
It can easily provide the senior management for understanding the risk profile
along with treatment.
A large number of focus is made on multi-phase approach which is needed for ISRM
program which is very effective. It can easily result in more comprehensive kind of program
along with understanding the process of risk management (Rosado et al., 2015). It can be
achieved by making an understanding of various kind of required steps. It will ultimately break
the required ISRM method into more manageable kind of action. It is required for fixing various
kind of issues in more easy way (Kott and Arnold 2015).
Creating business awareness
Smart Software Pty Ltd needs to have an understanding concerning the business
condition of this organization(Sadgrove 2016). It mainly tends to focus on the various kind of
budget, complexity of the given business process. Organization needs to address the present risk
profile along with detail description of every kind of risk.
Defining the program
Smart Software Pty Ltd needs to define the program of ISRM by addressing a large
number of points like
Annual plan which is followed by high level three-year plan: An analysis has been
done concerning certain number of goals and objectives which requires to be met. This particular
plan needs to be adjusted so that it can accommodate various kind of changes in the business and
their activities(Singhal and Ou 2017). There are some instances where the capability is proper
place along with required business condition. The timeframe is mainly needed for proper kind of
implementation of program for the interval of 30 to 36 months.
It can easily provide the senior management for understanding the risk profile
along with treatment.
A large number of focus is made on multi-phase approach which is needed for ISRM
program which is very effective. It can easily result in more comprehensive kind of program
along with understanding the process of risk management (Rosado et al., 2015). It can be
achieved by making an understanding of various kind of required steps. It will ultimately break
the required ISRM method into more manageable kind of action. It is required for fixing various
kind of issues in more easy way (Kott and Arnold 2015).
Creating business awareness
Smart Software Pty Ltd needs to have an understanding concerning the business
condition of this organization(Sadgrove 2016). It mainly tends to focus on the various kind of
budget, complexity of the given business process. Organization needs to address the present risk
profile along with detail description of every kind of risk.
Defining the program
Smart Software Pty Ltd needs to define the program of ISRM by addressing a large
number of points like
Annual plan which is followed by high level three-year plan: An analysis has been
done concerning certain number of goals and objectives which requires to be met. This particular
plan needs to be adjusted so that it can accommodate various kind of changes in the business and
their activities(Singhal and Ou 2017). There are some instances where the capability is proper
place along with required business condition. The timeframe is mainly needed for proper kind of
implementation of program for the interval of 30 to 36 months.
Paraphrase This Document
Need a fresh take? Get an instant paraphrase of this document with our AI Paraphraser
5INFORMATION SECURITY MANAGEMENT
Defining the arrival point for capability-based management input: The overall input
of arrival comes up with proper kind of capabilities for the given organization(Sajid, Abbas and
Saleem 2016). It is considered to be placed as soon the organization can easily address various
kind of program. An individual can look for required kind of point which is needed for
understanding the goals concerning ISRM.
Availability and capability of the necessary staff: The most vital element in the
domain of any ISRM program which is required for proper kind of staffing (Kott and Arnold
2015). There is large number of organization who does not have any kind of qualified staff
members for achieving the objectives. The main focus is all about addressing the objective of
ISRM programs. Along with this, organization does not have any kind of staff members for
achieving objectives for this program.
Having an understanding concerning organization culture: ISRM can be stated a
program which is considered to be very difficult to use. It is mainly done so that organization
does not support any kind of implementation (Ismail et al. 2018). Based on the organization
culture, an individual need to openly discuss the given ISRM program in the given parties. It
focuses on looking for driving proper adaptation of the given program.
Developing program
In this particular phase, Smart Software Pty Ltd needs to address the functional
capabilities and its control. It is related to security and risk management of various aspects like
vulnerability, incident response, training and communication (Shameli-Sendi, Aghababaei-
Barzegar and Cheriet 2016). The governance model helps in understanding the roles and
responsibility of each of the ISRM strategy. If Smart Software Pty Ltd choose outsourcing for
Defining the arrival point for capability-based management input: The overall input
of arrival comes up with proper kind of capabilities for the given organization(Sajid, Abbas and
Saleem 2016). It is considered to be placed as soon the organization can easily address various
kind of program. An individual can look for required kind of point which is needed for
understanding the goals concerning ISRM.
Availability and capability of the necessary staff: The most vital element in the
domain of any ISRM program which is required for proper kind of staffing (Kott and Arnold
2015). There is large number of organization who does not have any kind of qualified staff
members for achieving the objectives. The main focus is all about addressing the objective of
ISRM programs. Along with this, organization does not have any kind of staff members for
achieving objectives for this program.
Having an understanding concerning organization culture: ISRM can be stated a
program which is considered to be very difficult to use. It is mainly done so that organization
does not support any kind of implementation (Ismail et al. 2018). Based on the organization
culture, an individual need to openly discuss the given ISRM program in the given parties. It
focuses on looking for driving proper adaptation of the given program.
Developing program
In this particular phase, Smart Software Pty Ltd needs to address the functional
capabilities and its control. It is related to security and risk management of various aspects like
vulnerability, incident response, training and communication (Shameli-Sendi, Aghababaei-
Barzegar and Cheriet 2016). The governance model helps in understanding the roles and
responsibility of each of the ISRM strategy. If Smart Software Pty Ltd choose outsourcing for
6INFORMATION SECURITY MANAGEMENT
the ISRM capabilities of third parties. It is considered to be very much important for
understanding the risk along with ensuring oversight of internal staff.
Metrics and benchmarking
In this phase, Smart Software Pty Ltd needs to focus on certain the metrics for
understanding the overall effectiveness for this ISRM strategy.
Aligning with industry standard and proper guidelines: There is various kind of
standard to ensure the fact that ISRM program can comply with the rules and regulation. It is
mainly inclusive of ISO 27000, NIST standard for this organization (Jacobsson and Davidsson
2015). For this smart software Pty Ltd, ISO 27000 focus on providing new kind of guideline for
building risk management program. It is all about implementing different kind of compliance
standard and framework which is needed for identifying ISRM program. It mainly tends to
understand the function and capabilities.
Making use of KPI for measuring the effectiveness of the function and capabilities
developed through ISRM program: At the time of developing KPI, an individual need to
understand the new kind of ISRM capabilities. It is mainly needed for defining the objective
which is needed for accessing the required value (Kiedrowicz and Stanik 2015). It will help
smart software Pty Ltd on potential impact and arrival guidelines and assign the required values.
Apart from this, the organization can easily connect with the security posture with the business
context of the smart software Pty Ltd.
Operation and Implementation
Smart software Pty Ltd needs to go through the different stages of ISRM that is
identified, detect, respond, recover and protect and lastly repeating them on a regular basis. It is
the ISRM capabilities of third parties. It is considered to be very much important for
understanding the risk along with ensuring oversight of internal staff.
Metrics and benchmarking
In this phase, Smart Software Pty Ltd needs to focus on certain the metrics for
understanding the overall effectiveness for this ISRM strategy.
Aligning with industry standard and proper guidelines: There is various kind of
standard to ensure the fact that ISRM program can comply with the rules and regulation. It is
mainly inclusive of ISO 27000, NIST standard for this organization (Jacobsson and Davidsson
2015). For this smart software Pty Ltd, ISO 27000 focus on providing new kind of guideline for
building risk management program. It is all about implementing different kind of compliance
standard and framework which is needed for identifying ISRM program. It mainly tends to
understand the function and capabilities.
Making use of KPI for measuring the effectiveness of the function and capabilities
developed through ISRM program: At the time of developing KPI, an individual need to
understand the new kind of ISRM capabilities. It is mainly needed for defining the objective
which is needed for accessing the required value (Kiedrowicz and Stanik 2015). It will help
smart software Pty Ltd on potential impact and arrival guidelines and assign the required values.
Apart from this, the organization can easily connect with the security posture with the business
context of the smart software Pty Ltd.
Operation and Implementation
Smart software Pty Ltd needs to go through the different stages of ISRM that is
identified, detect, respond, recover and protect and lastly repeating them on a regular basis. It is
7INFORMATION SECURITY MANAGEMENT
very much important for this organization to come up with certain policy that describes all the
required stages of ISRM (Michael 2016). All the major responsibilities of employees and
schedule of the condition need to be reviewed for the given program. There is large number of
changes in the present IT environment which is related to data breaches in the industry or even
cyber-attacks.
Information Security Certification
In the last few years, various organization around the globe have understood the
importance of cybersecurity breaches which is suffered by organization like Facebook. So, Smart
Software Pty Ltd should take up necessary steps for understanding for making response to
information security breaches (Grover, Reinicke and Cummings 2016). A few members of this
organization are considered to be a part of both team manager and teleworks in which they tend
to work from home. But in some of the cases, they turn to offices for attending meeting and catch
up with teammates. Smart Software Pty Ltd has given help to teleworkers with laptops to visit
frequently can connect to the office networks through VPN. Marketing and sales team members
are required to visit their client offices and provide after-sales services. Smart Software Pty Ltd
can easily make use of different kind of tools and vision control software and application. It
comes up with packing tools which are needed for developing large number of products. Very
few software and tools are licensed but majority of the software is free and open source
(Goodwin et al. 2015). This particular organization can make use of different kind of files and
documents like user needs, software design and software codes. As this organization is focusing
on strategic planning, so an evaluation is carried out with risk and look. It is all about review of
security policies along with upgrading the security management practices.
very much important for this organization to come up with certain policy that describes all the
required stages of ISRM (Michael 2016). All the major responsibilities of employees and
schedule of the condition need to be reviewed for the given program. There is large number of
changes in the present IT environment which is related to data breaches in the industry or even
cyber-attacks.
Information Security Certification
In the last few years, various organization around the globe have understood the
importance of cybersecurity breaches which is suffered by organization like Facebook. So, Smart
Software Pty Ltd should take up necessary steps for understanding for making response to
information security breaches (Grover, Reinicke and Cummings 2016). A few members of this
organization are considered to be a part of both team manager and teleworks in which they tend
to work from home. But in some of the cases, they turn to offices for attending meeting and catch
up with teammates. Smart Software Pty Ltd has given help to teleworkers with laptops to visit
frequently can connect to the office networks through VPN. Marketing and sales team members
are required to visit their client offices and provide after-sales services. Smart Software Pty Ltd
can easily make use of different kind of tools and vision control software and application. It
comes up with packing tools which are needed for developing large number of products. Very
few software and tools are licensed but majority of the software is free and open source
(Goodwin et al. 2015). This particular organization can make use of different kind of files and
documents like user needs, software design and software codes. As this organization is focusing
on strategic planning, so an evaluation is carried out with risk and look. It is all about review of
security policies along with upgrading the security management practices.
Secure Best Marks with AI Grader
Need help grading? Try our AI Grader for instant feedback on your assignments.
8INFORMATION SECURITY MANAGEMENT
Certified Ethical Hacker (CEH): Hackers are nothing but innovator who is constantly
finding new kind of ways for tracking the system information along with exploiting the
vulnerabilities (dos Santos Lonsdale, Lonsdale and Lim 2018). Most of the business organization
like Smart Software Pty Ltd focus on protecting the information system by engaging their
services. It focuses on gaining skills in beating hackers at their own time. This particular
organization can follow this information security intermediate level which is being offered by
International Council for e-commerce consultant.
Certified Information Security Manager (CISM): It can be defined as new kind of top
credential which is needed by various IT professionals for managing, overseeing different kind
of information security system. In the year 2003, CISM was introduced to various kind of
security professional by ISACA (Da Veiga and Martins 2015). The main goal of this certification
is to provide the target needs of various IT professionals by the enterprise level security
management. There is large number of holders of credential which comes up with skill and
advanced process in security risk management and program development.
Comp TIA Security+: It is considered to be a well-respected, vendor natural security
certification (Chafjiri and Mahmoudabadi 2018). Security+ credential holders that are Smart
Software Pty Ltd can easily recognize the processing of superior technical skills and expertise in
different security-related discipline related threats. The only drawback for making of security+ is
that, it known to be an entry-level certification in that IT department employee should have two
years of experience.
Certification information system professional (CISSP): It can be defined as an
advanced level of certification for IT-based industries which comes up with career in the domain
Certified Ethical Hacker (CEH): Hackers are nothing but innovator who is constantly
finding new kind of ways for tracking the system information along with exploiting the
vulnerabilities (dos Santos Lonsdale, Lonsdale and Lim 2018). Most of the business organization
like Smart Software Pty Ltd focus on protecting the information system by engaging their
services. It focuses on gaining skills in beating hackers at their own time. This particular
organization can follow this information security intermediate level which is being offered by
International Council for e-commerce consultant.
Certified Information Security Manager (CISM): It can be defined as new kind of top
credential which is needed by various IT professionals for managing, overseeing different kind
of information security system. In the year 2003, CISM was introduced to various kind of
security professional by ISACA (Da Veiga and Martins 2015). The main goal of this certification
is to provide the target needs of various IT professionals by the enterprise level security
management. There is large number of holders of credential which comes up with skill and
advanced process in security risk management and program development.
Comp TIA Security+: It is considered to be a well-respected, vendor natural security
certification (Chafjiri and Mahmoudabadi 2018). Security+ credential holders that are Smart
Software Pty Ltd can easily recognize the processing of superior technical skills and expertise in
different security-related discipline related threats. The only drawback for making of security+ is
that, it known to be an entry-level certification in that IT department employee should have two
years of experience.
Certification information system professional (CISSP): It can be defined as an
advanced level of certification for IT-based industries which comes up with career in the domain
9INFORMATION SECURITY MANAGEMENT
of information security (Alreemy et al. 2016). It has been designed in such a way that it can
guide various security professional.
SANS GIAC Security Essentials: It is known to be an entry-level credential which has
been designed for various professionals for understanding the terminology of information system
of Smart Software Pty Ltd (Ahmad, Maynard and Shanks 2015). Apart from this, it focuses new
skills and expertise which is needed for occupying hand on security goals.
Accreditation to Smart Pty Ltd
Accreditation can be defined as a process of reviewing which helps the healthcare
organization for understand their overall ability for meeting requirements and established
standard. Accreditation can easily focus on agency dedication and commitment for meeting the
required standard which is defined by the high level of performance (Ab Rahman and Cho 2015).
Private organization Accreditation can be defined as a social kind of service which is needed by
most non-profit organization. It is all about review for the entire organization which is inclusive
of administrative operation.
Snapshot
Four year- accreditation
Proper review of the organization services and administration.
Online process and user friendly
Process generally takes around 12- 18 months
Standard and accreditation are considered to be free.
of information security (Alreemy et al. 2016). It has been designed in such a way that it can
guide various security professional.
SANS GIAC Security Essentials: It is known to be an entry-level credential which has
been designed for various professionals for understanding the terminology of information system
of Smart Software Pty Ltd (Ahmad, Maynard and Shanks 2015). Apart from this, it focuses new
skills and expertise which is needed for occupying hand on security goals.
Accreditation to Smart Pty Ltd
Accreditation can be defined as a process of reviewing which helps the healthcare
organization for understand their overall ability for meeting requirements and established
standard. Accreditation can easily focus on agency dedication and commitment for meeting the
required standard which is defined by the high level of performance (Ab Rahman and Cho 2015).
Private organization Accreditation can be defined as a social kind of service which is needed by
most non-profit organization. It is all about review for the entire organization which is inclusive
of administrative operation.
Snapshot
Four year- accreditation
Proper review of the organization services and administration.
Online process and user friendly
Process generally takes around 12- 18 months
Standard and accreditation are considered to be free.
10INFORMATION SECURITY MANAGEMENT
Private Edition Services
Additional social services
Homeless services
Residential services
Department and disabilities services
Aging services.
Timeline and Process
Smart Software Pty Ltd can easily complete their overall accreditation process in the
interval of 12 to 18 months (Brous, Janssen and Vilminko-Heikkinen 206). It is the CAO
experience for the given time frame which tends to provide the required opportunity for active
involvement of all the parties. It focuses on various aspects like personnel, stakeholders and
sufficient time for the organization. It is all making use of sufficient time for the organization to
understand the growth promoting changes.
Standard for Smart Software Pty Ltd
The standard of this particular organization is mainly divided three major parts like
Administration and Management Standard
Service Delivery Administration Standard
Service Standard
Organization can easily understand the implementation of both kinds of Administrative
and Management (Cavusoglu et al. 2015). Service delivery administration standards can be used
for encompassing various kind of operation which can be applied to various organization. It is
totally irrespective of the service which is being provided. Smart Software Pty Ltd needs to
Private Edition Services
Additional social services
Homeless services
Residential services
Department and disabilities services
Aging services.
Timeline and Process
Smart Software Pty Ltd can easily complete their overall accreditation process in the
interval of 12 to 18 months (Brous, Janssen and Vilminko-Heikkinen 206). It is the CAO
experience for the given time frame which tends to provide the required opportunity for active
involvement of all the parties. It focuses on various aspects like personnel, stakeholders and
sufficient time for the organization. It is all making use of sufficient time for the organization to
understand the growth promoting changes.
Standard for Smart Software Pty Ltd
The standard of this particular organization is mainly divided three major parts like
Administration and Management Standard
Service Delivery Administration Standard
Service Standard
Organization can easily understand the implementation of both kinds of Administrative
and Management (Cavusoglu et al. 2015). Service delivery administration standards can be used
for encompassing various kind of operation which can be applied to various organization. It is
totally irrespective of the service which is being provided. Smart Software Pty Ltd needs to
Paraphrase This Document
Need a fresh take? Get an instant paraphrase of this document with our AI Paraphraser
11INFORMATION SECURITY MANAGEMENT
demonstrate the implementation of some service standard which can reflect on the service which
being provided to it
Eligibility Criteria
COA can easily make use of proper kind of determination of eligibility for receiving the
application from different kind of service organization.
Fee Information
The overall cost of accreditation is based on this Smart Software Pty Ltd size and its
services(Benslimane, Yang and Bahli 2016). There are huge amount of fees associated within the
four years of accreditation which is inclusive of application fee, Site visit cost and lastly
maintenance of accreditation fees.
Conclusion
From the above pages of the report, it can be concluded that this report is all about Smart
Software Pty Ltd. It is considered to be as one of the leading software organization which is
based in Melbourne. The main focus of this organization is all about developing new kind of
software for Australian business clients who are based in different cities of Australian. This
particular organization is handled by CEO who tends to manage six teams under it that are
development team, QA team and developing codes for various malware. QA team aims to test
some kind of software development which is managed by teams for identifying and looking for
bugs in the system of this organization. The project team members of this organization focus on
managing different kind of software development projects which are completed on time. Smart
Software Pty Ltd comes up with financial manager whose proper looks up for budgeting a proper
accountant who keeps track of accounting. It is expected that the overall budget of this
demonstrate the implementation of some service standard which can reflect on the service which
being provided to it
Eligibility Criteria
COA can easily make use of proper kind of determination of eligibility for receiving the
application from different kind of service organization.
Fee Information
The overall cost of accreditation is based on this Smart Software Pty Ltd size and its
services(Benslimane, Yang and Bahli 2016). There are huge amount of fees associated within the
four years of accreditation which is inclusive of application fee, Site visit cost and lastly
maintenance of accreditation fees.
Conclusion
From the above pages of the report, it can be concluded that this report is all about Smart
Software Pty Ltd. It is considered to be as one of the leading software organization which is
based in Melbourne. The main focus of this organization is all about developing new kind of
software for Australian business clients who are based in different cities of Australian. This
particular organization is handled by CEO who tends to manage six teams under it that are
development team, QA team and developing codes for various malware. QA team aims to test
some kind of software development which is managed by teams for identifying and looking for
bugs in the system of this organization. The project team members of this organization focus on
managing different kind of software development projects which are completed on time. Smart
Software Pty Ltd comes up with financial manager whose proper looks up for budgeting a proper
accountant who keeps track of accounting. It is expected that the overall budget of this
12INFORMATION SECURITY MANAGEMENT
organization is around 8 million dollars per annum. As a part of current strategic planning, this
software organization is focusing new kind of security risk along with review of the security
policies. It is mainly needed for upgrading their security management based practices. In the
above pages of the report, an application has been done with respect to principles of information
risk management. Apart from this, an analysis has been done with respect to information security
certification and its accreditation to the organization in the given scenario.
organization is around 8 million dollars per annum. As a part of current strategic planning, this
software organization is focusing new kind of security risk along with review of the security
policies. It is mainly needed for upgrading their security management based practices. In the
above pages of the report, an application has been done with respect to principles of information
risk management. Apart from this, an analysis has been done with respect to information security
certification and its accreditation to the organization in the given scenario.
13INFORMATION SECURITY MANAGEMENT
References
Ab Rahman, N.H. and Choo, K.K.R., 2015. A survey of information security incident handling
in the cloud. computers & security, 49, pp.45-69.
Ahmad, A., Maynard, S.B. and Shanks, G., 2015. A case analysis of information systems and
security incident responses. International Journal of Information Management, 35(6), pp.717-
723.
Alreemy, Z., Chang, V., Walters, R. and Wills, G., 2016. Critical success factors (CSFs) for
information technology governance (ITG). International Journal of Information
Management, 36(6), pp.907-916.
Benslimane, Y., Yang, Z. and Bahli, B., 2016, December. Information Security between
Standards, Certifications and Technologies: An Empirical Study. In Information Science and
Security (ICISS), 2016 International Conference on (pp. 1-5). IEEE.
Brous, P., Janssen, M. and Vilminko-Heikkinen, R., 2016, September. Coordinating decision-
making in data management activities: A systematic review of data governance principles.
In International Conference on Electronic Government and the Information Systems
Perspective (pp. 115-125). Springer, Cham.
Cavusoglu, H., Cavusoglu, H., Son, J.Y. and Benbasat, I., 2015. Institutional pressures in
security management: Direct and indirect influences on organizational investment in information
security control resources. Information & Management, 52(4), pp.385-400.
References
Ab Rahman, N.H. and Choo, K.K.R., 2015. A survey of information security incident handling
in the cloud. computers & security, 49, pp.45-69.
Ahmad, A., Maynard, S.B. and Shanks, G., 2015. A case analysis of information systems and
security incident responses. International Journal of Information Management, 35(6), pp.717-
723.
Alreemy, Z., Chang, V., Walters, R. and Wills, G., 2016. Critical success factors (CSFs) for
information technology governance (ITG). International Journal of Information
Management, 36(6), pp.907-916.
Benslimane, Y., Yang, Z. and Bahli, B., 2016, December. Information Security between
Standards, Certifications and Technologies: An Empirical Study. In Information Science and
Security (ICISS), 2016 International Conference on (pp. 1-5). IEEE.
Brous, P., Janssen, M. and Vilminko-Heikkinen, R., 2016, September. Coordinating decision-
making in data management activities: A systematic review of data governance principles.
In International Conference on Electronic Government and the Information Systems
Perspective (pp. 115-125). Springer, Cham.
Cavusoglu, H., Cavusoglu, H., Son, J.Y. and Benbasat, I., 2015. Institutional pressures in
security management: Direct and indirect influences on organizational investment in information
security control resources. Information & Management, 52(4), pp.385-400.
Secure Best Marks with AI Grader
Need help grading? Try our AI Grader for instant feedback on your assignments.
14INFORMATION SECURITY MANAGEMENT
Chafjiri, M.B. and Mahmoudabadi, A., 2018. Developing a Conceptual Model for Applying the
Principles of Crisis Management for Risk Reduction on Electronic Banking. American Journal
of Computer Science and Technology, 1(1), pp.31-38.
Da Veiga, A. and Martins, N., 2015. Information security culture and information protection
culture: A validated assessment instrument. Computer Law & Security Review, 31(2), pp.243-
256.
dos Santos Lonsdale, M., Lonsdale, D. and Lim, H.W., 2018. The impact of delivering online
information neglecting user-centered information design principles. Cyber security awareness
websites as a case study. Information Design Journal.
Goodwin, C., Nicholas, J.P., Bryant, J., Ciglic, K., Kleiner, A., Kutterer, C., Massagli, A.,
Mckay, A., Mckitrick, P., Neutze, J. and Storch, T., 2015. A framework for cybersecurity
information sharing and risk reduction. Microsoft.
Grover, M., Reinicke, B. and Cummings, J., 2016. How secure is education in Information
Technology? A method for evaluating security education in IT. Information Systems Education
Journal, 14(3), p.29.
Ismail, W., Alwi, N.H.M., Ismail, R., Bahari, M. and Zakaria, O., 2018. Readiness of
Information Security Management Systems (ISMS) Policy on Hospital Staff Using e-Patuh
System. Journal of Telecommunication, Electronic and Computer Engineering (JTEC), 10(1-
11), pp.47-52.
Chafjiri, M.B. and Mahmoudabadi, A., 2018. Developing a Conceptual Model for Applying the
Principles of Crisis Management for Risk Reduction on Electronic Banking. American Journal
of Computer Science and Technology, 1(1), pp.31-38.
Da Veiga, A. and Martins, N., 2015. Information security culture and information protection
culture: A validated assessment instrument. Computer Law & Security Review, 31(2), pp.243-
256.
dos Santos Lonsdale, M., Lonsdale, D. and Lim, H.W., 2018. The impact of delivering online
information neglecting user-centered information design principles. Cyber security awareness
websites as a case study. Information Design Journal.
Goodwin, C., Nicholas, J.P., Bryant, J., Ciglic, K., Kleiner, A., Kutterer, C., Massagli, A.,
Mckay, A., Mckitrick, P., Neutze, J. and Storch, T., 2015. A framework for cybersecurity
information sharing and risk reduction. Microsoft.
Grover, M., Reinicke, B. and Cummings, J., 2016. How secure is education in Information
Technology? A method for evaluating security education in IT. Information Systems Education
Journal, 14(3), p.29.
Ismail, W., Alwi, N.H.M., Ismail, R., Bahari, M. and Zakaria, O., 2018. Readiness of
Information Security Management Systems (ISMS) Policy on Hospital Staff Using e-Patuh
System. Journal of Telecommunication, Electronic and Computer Engineering (JTEC), 10(1-
11), pp.47-52.
15INFORMATION SECURITY MANAGEMENT
Jacobsson, A. and Davidsson, P., 2015, December. Towards a model of privacy and security for
smart homes. In Internet of Things (WF-IoT), 2015 IEEE 2nd World Forum on (pp. 727-732).
IEEE.
Kiedrowicz, M. and Stanik, J., 2015. Selected aspects of risk management in respect of security
of the document lifecycle management system with multiple levels of sensitivity. Information
Management in Practice,(eds) BF Kubiak and J. Maślankowski, pp.231-249.
Kott, A. and Arnold, C., 2015. Towards Approaches to Continuous Assessment of Cyber Risk in
Security of Computer Networks. arXiv preprint arXiv:1512.07937.
Kröger, W. and Sansavini, G., 2016. Principles of disaster risk reduction. Protecting Electricity
Networks from Natural Hazards, p.11.
Michael, R.J., 2016. Air Force IT System Security Compliance with Law and Policy. AIR
COMMAND AND STAFF COLL MAXWELL AFB AL MAXWELL AFB United States.
Rosado, D.G., Sánchez, L.E., Mellado, D. and Medina, E.F., 2015. Content related to computing
security on computer engineering degree according to international professional
certificates. IEEE Latin America Transactions, 13(6), pp.1951-1960.
Sadgrove, K., 2016. The complete guide to business risk management. Routledge.
Sajid, A., Abbas, H. and Saleem, K., 2016. Cloud-assisted IoT-based SCADA systems security:
A review of the state of the art and future challenges. IEEE Access, 4, pp.1375-1384.
Shameli-Sendi, A., Aghababaei-Barzegar, R. and Cheriet, M., 2016. Taxonomy of information
security risk assessment (ISRA). Computers & security, 57, pp.14-30.
Jacobsson, A. and Davidsson, P., 2015, December. Towards a model of privacy and security for
smart homes. In Internet of Things (WF-IoT), 2015 IEEE 2nd World Forum on (pp. 727-732).
IEEE.
Kiedrowicz, M. and Stanik, J., 2015. Selected aspects of risk management in respect of security
of the document lifecycle management system with multiple levels of sensitivity. Information
Management in Practice,(eds) BF Kubiak and J. Maślankowski, pp.231-249.
Kott, A. and Arnold, C., 2015. Towards Approaches to Continuous Assessment of Cyber Risk in
Security of Computer Networks. arXiv preprint arXiv:1512.07937.
Kröger, W. and Sansavini, G., 2016. Principles of disaster risk reduction. Protecting Electricity
Networks from Natural Hazards, p.11.
Michael, R.J., 2016. Air Force IT System Security Compliance with Law and Policy. AIR
COMMAND AND STAFF COLL MAXWELL AFB AL MAXWELL AFB United States.
Rosado, D.G., Sánchez, L.E., Mellado, D. and Medina, E.F., 2015. Content related to computing
security on computer engineering degree according to international professional
certificates. IEEE Latin America Transactions, 13(6), pp.1951-1960.
Sadgrove, K., 2016. The complete guide to business risk management. Routledge.
Sajid, A., Abbas, H. and Saleem, K., 2016. Cloud-assisted IoT-based SCADA systems security:
A review of the state of the art and future challenges. IEEE Access, 4, pp.1375-1384.
Shameli-Sendi, A., Aghababaei-Barzegar, R. and Cheriet, M., 2016. Taxonomy of information
security risk assessment (ISRA). Computers & security, 57, pp.14-30.
16INFORMATION SECURITY MANAGEMENT
Singhal, A. and Ou, X., 2017. Security risk analysis of enterprise networks using probabilistic
attack graphs. In Network Security Metrics (pp. 53-73). Springer, Cham.
Skopik, F., Settanni, G. and Fiedler, R., 2016. A problem shared is a problem halved: A survey
on the dimensions of collective cyber defense through security information sharing. Computers
& Security, 60, pp.154-176.
Smit, K., Zoet, M. and Slot, R., 2016. Compliance Principles for Decision Management
Solutions at the Dutch Government.
Singhal, A. and Ou, X., 2017. Security risk analysis of enterprise networks using probabilistic
attack graphs. In Network Security Metrics (pp. 53-73). Springer, Cham.
Skopik, F., Settanni, G. and Fiedler, R., 2016. A problem shared is a problem halved: A survey
on the dimensions of collective cyber defense through security information sharing. Computers
& Security, 60, pp.154-176.
Smit, K., Zoet, M. and Slot, R., 2016. Compliance Principles for Decision Management
Solutions at the Dutch Government.
1 out of 19
Related Documents
Your All-in-One AI-Powered Toolkit for Academic Success.
+13062052269
info@desklib.com
Available 24*7 on WhatsApp / Email
![[object Object]](/_next/static/media/star-bottom.7253800d.svg)
Unlock your academic potential
© 2024 | Zucol Services PVT LTD | All rights reserved.