Comprehensive Information Security Report for Norwood Systems
VerifiedAdded on 2020/03/04
|24
|4363
|67
Report
AI Summary
This report provides a comprehensive analysis of information security for Norwood Systems, an emerging Australian company. It explores the importance of managerial roles, key security characteristics like confidentiality, integrity, and availability, and identifies potential threats such as intellectual property compromise, software attacks, and theft. The report differentiates between information security management and general business management, discusses relevant laws and ethics, and outlines the ethical foundations of modern codes. It identifies major national and international laws related to InfoSec, current regulations, and the roles involved in strategic planning within Norwood Systems. Furthermore, the report details the importance, benefits, and desired outcomes of information security governance, including program implementation plans. It also covers information security policy, its components, and the process of developing, implementing, and maintaining effective policies to enhance the company's security posture. The report concludes with a discussion of the strategic organizational planning for information security and references relevant literature to support the analysis.
Running head: STRATEGIC INFORMATION SECURITY
Strategic Information Security
Name of the Student
Name of the University
Author’s note
Strategic Information Security
Name of the Student
Name of the University
Author’s note
Paraphrase This Document
Need a fresh take? Get an instant paraphrase of this document with our AI Paraphraser
1STRATEGIC INFORMATION SECURITY
Executive Summary
The organisations all over the world should understand that they must implement information
security in their premises for good. Norwood systems have been chosen for this report. The
managerial role in information security has been depicted in details. The key characteristics
involved in the information security like confidentiality, integrity, availability, authorization,
accountability have been described in this report as well. The threats to intellectual property,
deviations in quality of service, espionage or trespass, software attacks and theft have been
well explained in this report. The key features of leadership and management, differentiation
between law and ethics have been discussed well in this report. The primary laws related to
the practice of InfoSec have been explained too. The role of action in planning in the
organisations in the form of the vision statement, mission and vision statement has been
elaborately mentioned. The plan, objective, benefits and outcome of the information security
governance have been depicted also.
Executive Summary
The organisations all over the world should understand that they must implement information
security in their premises for good. Norwood systems have been chosen for this report. The
managerial role in information security has been depicted in details. The key characteristics
involved in the information security like confidentiality, integrity, availability, authorization,
accountability have been described in this report as well. The threats to intellectual property,
deviations in quality of service, espionage or trespass, software attacks and theft have been
well explained in this report. The key features of leadership and management, differentiation
between law and ethics have been discussed well in this report. The primary laws related to
the practice of InfoSec have been explained too. The role of action in planning in the
organisations in the form of the vision statement, mission and vision statement has been
elaborately mentioned. The plan, objective, benefits and outcome of the information security
governance have been depicted also.
2STRATEGIC INFORMATION SECURITY
Table of Contents
Introduction................................................................................................................................4
1. The importance of the manager’s role in securing Norwood System’s use of information
technology..................................................................................................................................5
2. List and discussion of the key characteristics of information security that Norwood
Systems must be aware of..........................................................................................................5
3. The dominant categories of threats to information security that will affect Norwood
Systems......................................................................................................................................6
4. Discussion of the key characteristics of leadership and management in Norwood Systems.7
5. Differentiate information security management from general business management...........7
6. Law and ethics that Norwood Systems must adopt...............................................................8
7. The ethical foundations and approaches that underlie modern codes of ethics.....................8
8. Identification of major national and international laws that relate to the practice of InfoSec
....................................................................................................................................................8
9. Discuss current laws, regulations, and relevant professional organizations..........................9
10. Identification of the roles in Norwood Systems that are active in planning........................9
11. Strategic organizational planning of Norwood Systems for information security (InfoSec)
..................................................................................................................................................10
12. Discussion of the importance, benefits, and desired outcomes of information security
governance and how such a program would be implemented for Norwood Systems.............10
13. Explanation of the principal components of InfoSec system implementation planning in
Norwood System......................................................................................................................12
14. Information security policy and its central role in a successful information security
program....................................................................................................................................13
15. The three major types of information security policy and discussion of the major
components of each..................................................................................................................13
16. Explanation of what is needed to implement effective policy in Norwood Systems.........14
17. Discussion of the process of developing, implementing, and maintaining various types of
information security policies in Norwood Systems.................................................................15
18. Norwood System (Chosen organization) implementing security policies to enhance their
company’s security...................................................................................................................15
Conclusion................................................................................................................................16
References................................................................................................................................17
Appendices...............................................................................................................................21
Appendix A: Relevant U.S. Laws........................................................................................21
Appendix B: Mission statement...........................................................................................22
Table of Contents
Introduction................................................................................................................................4
1. The importance of the manager’s role in securing Norwood System’s use of information
technology..................................................................................................................................5
2. List and discussion of the key characteristics of information security that Norwood
Systems must be aware of..........................................................................................................5
3. The dominant categories of threats to information security that will affect Norwood
Systems......................................................................................................................................6
4. Discussion of the key characteristics of leadership and management in Norwood Systems.7
5. Differentiate information security management from general business management...........7
6. Law and ethics that Norwood Systems must adopt...............................................................8
7. The ethical foundations and approaches that underlie modern codes of ethics.....................8
8. Identification of major national and international laws that relate to the practice of InfoSec
....................................................................................................................................................8
9. Discuss current laws, regulations, and relevant professional organizations..........................9
10. Identification of the roles in Norwood Systems that are active in planning........................9
11. Strategic organizational planning of Norwood Systems for information security (InfoSec)
..................................................................................................................................................10
12. Discussion of the importance, benefits, and desired outcomes of information security
governance and how such a program would be implemented for Norwood Systems.............10
13. Explanation of the principal components of InfoSec system implementation planning in
Norwood System......................................................................................................................12
14. Information security policy and its central role in a successful information security
program....................................................................................................................................13
15. The three major types of information security policy and discussion of the major
components of each..................................................................................................................13
16. Explanation of what is needed to implement effective policy in Norwood Systems.........14
17. Discussion of the process of developing, implementing, and maintaining various types of
information security policies in Norwood Systems.................................................................15
18. Norwood System (Chosen organization) implementing security policies to enhance their
company’s security...................................................................................................................15
Conclusion................................................................................................................................16
References................................................................................................................................17
Appendices...............................................................................................................................21
Appendix A: Relevant U.S. Laws........................................................................................21
Appendix B: Mission statement...........................................................................................22
⊘ This is a preview!⊘
Do you want full access?
Subscribe today to unlock all pages.
Trusted by 1+ million students worldwide
3STRATEGIC INFORMATION SECURITY
Appendix C: Vision statement.............................................................................................23
Appendix D: Values statement.............................................................................................24
Appendix C: Vision statement.............................................................................................23
Appendix D: Values statement.............................................................................................24
Paraphrase This Document
Need a fresh take? Get an instant paraphrase of this document with our AI Paraphraser
4STRATEGIC INFORMATION SECURITY
Introduction
The organisations all over the world should understand that they must implement
information security in their premises for good. Norwood systems, an Australian emerging
company has been chosen for this report. As they are an emerging company, they have the
security risks, they have to understand it and must implement the security policies and laws in
their company to mitigate the security risks in their company (Baskerville et al. 2014). The
managerial role in information security and the key security features which Norwood
Systems must adopt in their company have been depicted in the report.
This report will grandstand the security key features like confidentiality, integrity,
availability, authorization, accountability, the threats like intellectual property, deviations in
quality of service, espionage or trespass, software attacks and theft and have been highlighted
and the process and also been discussed to mitigate those threats. The report also showcases
the practice of InfoSec, the role of active planning in organisations in the form of mission,
vision and value statement.
1. The importance of the manager’s role in securing Norwood System’s use
of information technology
The organisations or associations must understand that information security must include the
team of Norwood System managers from the field of information security and IT (Galliers
and Leidner 2014). They have three kinds of role
Informational role: Deals with collecting, handling, and utilizing data via which one
can achieve any goal.
Interpersonal role: Deals with connecting with the bosses and his subordinates that
assist in the completion of the task (Layton 2016).
Introduction
The organisations all over the world should understand that they must implement
information security in their premises for good. Norwood systems, an Australian emerging
company has been chosen for this report. As they are an emerging company, they have the
security risks, they have to understand it and must implement the security policies and laws in
their company to mitigate the security risks in their company (Baskerville et al. 2014). The
managerial role in information security and the key security features which Norwood
Systems must adopt in their company have been depicted in the report.
This report will grandstand the security key features like confidentiality, integrity,
availability, authorization, accountability, the threats like intellectual property, deviations in
quality of service, espionage or trespass, software attacks and theft and have been highlighted
and the process and also been discussed to mitigate those threats. The report also showcases
the practice of InfoSec, the role of active planning in organisations in the form of mission,
vision and value statement.
1. The importance of the manager’s role in securing Norwood System’s use
of information technology
The organisations or associations must understand that information security must include the
team of Norwood System managers from the field of information security and IT (Galliers
and Leidner 2014). They have three kinds of role
Informational role: Deals with collecting, handling, and utilizing data via which one
can achieve any goal.
Interpersonal role: Deals with connecting with the bosses and his subordinates that
assist in the completion of the task (Layton 2016).
5STRATEGIC INFORMATION SECURITY
Decision role: Deals with a selection of correct methodologies, facing challenges and
solve problems.
2. List and discussion of the key characteristics of information security that
Norwood Systems must be aware of
Norwood Systems must be aware of confidentiality, integrity, availability, identification,
authorization and accountability that information security offers.
Confidentiality deals with restriction of data to the specific individuals and avoids the
rest. The securities measures involve are information order, secure database record, general
security applications’ approaches and encryption process (D'Arcy, Herath, and Shoss 2014).
The integrity of data is compromised when it is presented to corruption, or other
interruption of its authentic phase and corruption mainly occurs while data is being
transmitted. Therefore, the state of a data can be identified whether it is complete or
corrupted (Peltier 2016).
Availability of data means that the data can only be accessed by authorised or approved
clients
Identification and authentication are established by client name or client ID.
Authorization deals with the permission of an individual by the specific authority to
access, change and delete the substance of the data resource (Galliers and Leidner 2014).
Accountability of data incurs when a control gives assurance that each movement
attempted can be attributed to a computerized process.
Decision role: Deals with a selection of correct methodologies, facing challenges and
solve problems.
2. List and discussion of the key characteristics of information security that
Norwood Systems must be aware of
Norwood Systems must be aware of confidentiality, integrity, availability, identification,
authorization and accountability that information security offers.
Confidentiality deals with restriction of data to the specific individuals and avoids the
rest. The securities measures involve are information order, secure database record, general
security applications’ approaches and encryption process (D'Arcy, Herath, and Shoss 2014).
The integrity of data is compromised when it is presented to corruption, or other
interruption of its authentic phase and corruption mainly occurs while data is being
transmitted. Therefore, the state of a data can be identified whether it is complete or
corrupted (Peltier 2016).
Availability of data means that the data can only be accessed by authorised or approved
clients
Identification and authentication are established by client name or client ID.
Authorization deals with the permission of an individual by the specific authority to
access, change and delete the substance of the data resource (Galliers and Leidner 2014).
Accountability of data incurs when a control gives assurance that each movement
attempted can be attributed to a computerized process.
⊘ This is a preview!⊘
Do you want full access?
Subscribe today to unlock all pages.
Trusted by 1+ million students worldwide
6STRATEGIC INFORMATION SECURITY
3. The dominant categories of threats to information security that will
affect Norwood Systems
Compromises to Intellectual Property: It comprises trademarks, trade secrets, patents
and copyrights; IP is secured by copyright laws, carries the desire of legitimate attribution
and possibly needs the acquisition of authorization for its utilization, as specified by the law
(Galliers and Leidner 2014).
Deviations in Quality of Service: Norwood Systems’ data framework relies upon the
effective operation of numerous related interdependent supportive networks, it includes
power lattices, information and telecommunications systems, service providers, and janitorial
staff too.
Espionage or Trespass: While an unapproved individual of Norwood Systems
accesses data an organization is trying to protect; this is called as espionage or trespass.
Software Attacks: The software attacks happen while one individual of Norwood
Systems design and execute software to attack one’s system (Ogiela 2015).
Theft: The theft can be controlled effortlessly utilizing a range of measures, from
locked doors to trained security work force. It can be also controlled by the establishment of
alert frameworks. However, in the case of electronic theft, data is copied without owner’s
acknowledgement (Law, Buhalis and Cobanoglu 2014).
4. Discussion of the key characteristics of leadership and management in
Norwood Systems
A successful leader impacts employees to make them willing to achieve targets
(Flores, Antonsen and Ekstedt 2014). Here in Norwood Systems, one is expected to show
3. The dominant categories of threats to information security that will
affect Norwood Systems
Compromises to Intellectual Property: It comprises trademarks, trade secrets, patents
and copyrights; IP is secured by copyright laws, carries the desire of legitimate attribution
and possibly needs the acquisition of authorization for its utilization, as specified by the law
(Galliers and Leidner 2014).
Deviations in Quality of Service: Norwood Systems’ data framework relies upon the
effective operation of numerous related interdependent supportive networks, it includes
power lattices, information and telecommunications systems, service providers, and janitorial
staff too.
Espionage or Trespass: While an unapproved individual of Norwood Systems
accesses data an organization is trying to protect; this is called as espionage or trespass.
Software Attacks: The software attacks happen while one individual of Norwood
Systems design and execute software to attack one’s system (Ogiela 2015).
Theft: The theft can be controlled effortlessly utilizing a range of measures, from
locked doors to trained security work force. It can be also controlled by the establishment of
alert frameworks. However, in the case of electronic theft, data is copied without owner’s
acknowledgement (Law, Buhalis and Cobanoglu 2014).
4. Discussion of the key characteristics of leadership and management in
Norwood Systems
A successful leader impacts employees to make them willing to achieve targets
(Flores, Antonsen and Ekstedt 2014). Here in Norwood Systems, one is expected to show
Paraphrase This Document
Need a fresh take? Get an instant paraphrase of this document with our AI Paraphraser
7STRATEGIC INFORMATION SECURITY
others how it is done and exhibit individual traits that ingrain a yearning in other employees
to follow, the leadership gives a reason, proper route and inspiration to the employees that
follow.
By correlation, a manager directs the assets of Norwood Systems. The manager makes
budgets, approves consumptions and hires workers. An effective manager can become a
successful leader.
5. Differentiate information security management from general business
management
One of the kind elements of information security management is known as the six Ps-
Project Management Planning, Protection, People, Policy, Programs (Lowry and Moody
2015). The InfoSec management works like all other management units, yet the primary
objectives of the InfoSec management team of Norwood Systems are distinctive in that they
concentrate on the protected operation of the organization.
6. Law and ethics that Norwood Systems must adopt
Laws are formally received principles for acceptable conduct in current society
whereas ethics are socially acceptable conduct (Jayanthi 2017). The primary contrast between
laws and morals is that laws bear endorse of a governing expert which ethics cannot.
Norwood Systems must abide by the law and ethics and should make their company’s
security system strong.
others how it is done and exhibit individual traits that ingrain a yearning in other employees
to follow, the leadership gives a reason, proper route and inspiration to the employees that
follow.
By correlation, a manager directs the assets of Norwood Systems. The manager makes
budgets, approves consumptions and hires workers. An effective manager can become a
successful leader.
5. Differentiate information security management from general business
management
One of the kind elements of information security management is known as the six Ps-
Project Management Planning, Protection, People, Policy, Programs (Lowry and Moody
2015). The InfoSec management works like all other management units, yet the primary
objectives of the InfoSec management team of Norwood Systems are distinctive in that they
concentrate on the protected operation of the organization.
6. Law and ethics that Norwood Systems must adopt
Laws are formally received principles for acceptable conduct in current society
whereas ethics are socially acceptable conduct (Jayanthi 2017). The primary contrast between
laws and morals is that laws bear endorse of a governing expert which ethics cannot.
Norwood Systems must abide by the law and ethics and should make their company’s
security system strong.
8STRATEGIC INFORMATION SECURITY
7. The ethical foundations and approaches that underlie modern codes of
ethics
Norwood System has built up sets of principles and additionally codes of morals that
individuals are relied upon to follow. The codes of morals can positively affect a person's
judgment with respect to computer utilization (Andress 2014). It is the individual duty of
security experts of Norwood Systems to act morally as per the arrangements and
methodology of their superiors, their expert organisations, and the laws of society.
8. Identification of major national and international laws that relate to the
practice of InfoSec
Constitutional law— this law involves U.S. Constitution, a state constitution, or
neighbourhood constitution, standing rules, or sanction.
Statutory law— this law involves an authoritative branch particularly entrusted with
the creation and distribution of laws.
Regulatory or administrative law— this law involves an official branch or approved
administrative organization, and incorporates official controls (Stergiopoulos et al. 2017).
Common law, case law, and precedent— this law involves a legal branch or
oversight board and includes the translation of law in light of the activities of a past as well as
board
7. The ethical foundations and approaches that underlie modern codes of
ethics
Norwood System has built up sets of principles and additionally codes of morals that
individuals are relied upon to follow. The codes of morals can positively affect a person's
judgment with respect to computer utilization (Andress 2014). It is the individual duty of
security experts of Norwood Systems to act morally as per the arrangements and
methodology of their superiors, their expert organisations, and the laws of society.
8. Identification of major national and international laws that relate to the
practice of InfoSec
Constitutional law— this law involves U.S. Constitution, a state constitution, or
neighbourhood constitution, standing rules, or sanction.
Statutory law— this law involves an authoritative branch particularly entrusted with
the creation and distribution of laws.
Regulatory or administrative law— this law involves an official branch or approved
administrative organization, and incorporates official controls (Stergiopoulos et al. 2017).
Common law, case law, and precedent— this law involves a legal branch or
oversight board and includes the translation of law in light of the activities of a past as well as
board
⊘ This is a preview!⊘
Do you want full access?
Subscribe today to unlock all pages.
Trusted by 1+ million students worldwide
9STRATEGIC INFORMATION SECURITY
9. Discuss current laws, regulations, and relevant professional
organizations
The recent laws, regulations related to the organisations are privacy of PHI, Defense
information protection, national cyber infrastructure protection (Refer to Appendix A)
10. Identification of the roles in Norwood Systems that are active in
planning
An association's leaders to actualize compelling planning, usually start from already
created positions that openly express the association's entrepreneurial, moral, and
philosophical viewpoints (Kolkowska and Dhillon 2013). Specific documents have developed
based on the viewpoints-mission, value and vision statement. Norwood Systems management
should look at these mission, value and vision statement.
Vision statement: The Vision statement proclaims the goal of the organisation and the
details where the organisations want to go and achieve, the vision statement also states the
future plans (Refer to Appendix C).
Values statement: The values statement contains the associations’ principles on how
the particular goals will be achieved and as well as the conducts that must abide by the
organisations’ employees (Refer to Appendix D).
Mission statement: The mission statement describes how the organisations plan and
design to achieve the goal or the plans they have made for future (Refer to Appendix B).
9. Discuss current laws, regulations, and relevant professional
organizations
The recent laws, regulations related to the organisations are privacy of PHI, Defense
information protection, national cyber infrastructure protection (Refer to Appendix A)
10. Identification of the roles in Norwood Systems that are active in
planning
An association's leaders to actualize compelling planning, usually start from already
created positions that openly express the association's entrepreneurial, moral, and
philosophical viewpoints (Kolkowska and Dhillon 2013). Specific documents have developed
based on the viewpoints-mission, value and vision statement. Norwood Systems management
should look at these mission, value and vision statement.
Vision statement: The Vision statement proclaims the goal of the organisation and the
details where the organisations want to go and achieve, the vision statement also states the
future plans (Refer to Appendix C).
Values statement: The values statement contains the associations’ principles on how
the particular goals will be achieved and as well as the conducts that must abide by the
organisations’ employees (Refer to Appendix D).
Mission statement: The mission statement describes how the organisations plan and
design to achieve the goal or the plans they have made for future (Refer to Appendix B).
Paraphrase This Document
Need a fresh take? Get an instant paraphrase of this document with our AI Paraphraser
10STRATEGIC INFORMATION SECURITY
11. Strategic organizational planning of Norwood Systems for information
security (InfoSec)
Norwood Systems must adopt the general strategic planning to secure their Cloud
Corona.At first, the association's general strategic plan is converted into key objectives for
each operation, the subsequent stage is to make an interpretation of these procedures into
assignments with particular achievable, quantifiable, and time-bound goals (Safa et al. 2016).
12. Discussion of the importance, benefits, and desired outcomes of
information security governance and how such a program would be
implemented for Norwood Systems
Plan, objective and benefits of information security governance
Norwood Systems in their premises must plan and analyse the benefits
Proper strategic plan
Establishment of the plan objectives step by step
Measurement of advancement of the plan objectives
To verify that the objectives are fulfilled well (Stergiopoulos et al. 2017)
To validate that the requirements of the plan or product properly met
Outcomes of information security governance
• Strategic arrangement of InfoSec with business methodology to help hierarchical targets
• Risk administration by executing proper measures to oversee and moderate threats to data
assets
11. Strategic organizational planning of Norwood Systems for information
security (InfoSec)
Norwood Systems must adopt the general strategic planning to secure their Cloud
Corona.At first, the association's general strategic plan is converted into key objectives for
each operation, the subsequent stage is to make an interpretation of these procedures into
assignments with particular achievable, quantifiable, and time-bound goals (Safa et al. 2016).
12. Discussion of the importance, benefits, and desired outcomes of
information security governance and how such a program would be
implemented for Norwood Systems
Plan, objective and benefits of information security governance
Norwood Systems in their premises must plan and analyse the benefits
Proper strategic plan
Establishment of the plan objectives step by step
Measurement of advancement of the plan objectives
To verify that the objectives are fulfilled well (Stergiopoulos et al. 2017)
To validate that the requirements of the plan or product properly met
Outcomes of information security governance
• Strategic arrangement of InfoSec with business methodology to help hierarchical targets
• Risk administration by executing proper measures to oversee and moderate threats to data
assets
11STRATEGIC INFORMATION SECURITY
• Resource administration by using InfoSec information and foundation productively and
successfully
• Performance estimation by measuring, checking, and announcing InfoSec administration
measurements to guarantee that authoritative destinations are accomplished (Posey et al.
2014)
• Value conveyance by enhancing InfoSec interests in help of authoritative goals
Program implementation plan by Norwood Systems
1. Creating and advancing a culture that perceives the criticality of data and InfoSec to the
Norwood Systems.
2. Verifying that administration's interest in InfoSec is legitimately lined up with hierarchical
systems and the Norwood System's risk environment (Stergiopoulos et al. 2017).
3. Mandating and guaranteeing that a far reaching InfoSec program is produced and executed.
4. Requiring reports from the different layers of administration on the InfoSec program's
viability and adequacy.
13. Explanation of the principal components of InfoSec system
implementation planning in Norwood System
InfoSec system implementation planning creates a key data security design with a
dream for the future of data security at Norwood Systems, understands the essential business
exercises performed by Norwood Systems, and in view of this comprehension, recommends
suitable data security arrangements that interestingly ensure these exercises, develops activity
designs, plans, spending plans, status reports and other best administration communications
planned to enhance the status of data security at Norwood Systems (Safa et al. 2016).
• Resource administration by using InfoSec information and foundation productively and
successfully
• Performance estimation by measuring, checking, and announcing InfoSec administration
measurements to guarantee that authoritative destinations are accomplished (Posey et al.
2014)
• Value conveyance by enhancing InfoSec interests in help of authoritative goals
Program implementation plan by Norwood Systems
1. Creating and advancing a culture that perceives the criticality of data and InfoSec to the
Norwood Systems.
2. Verifying that administration's interest in InfoSec is legitimately lined up with hierarchical
systems and the Norwood System's risk environment (Stergiopoulos et al. 2017).
3. Mandating and guaranteeing that a far reaching InfoSec program is produced and executed.
4. Requiring reports from the different layers of administration on the InfoSec program's
viability and adequacy.
13. Explanation of the principal components of InfoSec system
implementation planning in Norwood System
InfoSec system implementation planning creates a key data security design with a
dream for the future of data security at Norwood Systems, understands the essential business
exercises performed by Norwood Systems, and in view of this comprehension, recommends
suitable data security arrangements that interestingly ensure these exercises, develops activity
designs, plans, spending plans, status reports and other best administration communications
planned to enhance the status of data security at Norwood Systems (Safa et al. 2016).
⊘ This is a preview!⊘
Do you want full access?
Subscribe today to unlock all pages.
Trusted by 1+ million students worldwide
1 out of 24
Related Documents
Your All-in-One AI-Powered Toolkit for Academic Success.
+13062052269
info@desklib.com
Available 24*7 on WhatsApp / Email
![[object Object]](/_next/static/media/star-bottom.7253800d.svg)
Unlock your academic potential
Copyright © 2020–2026 A2Z Services. All Rights Reserved. Developed and managed by ZUCOL.