CIS8018 - Strategic Information Security Report, Semester 2, 2019
VerifiedAdded on 2022/11/26
|17
|4306
|481
Report
AI Summary
This report provides a detailed analysis of strategic information security at the University of Melbourne. It begins with an introduction to information security, defining its role in protecting sensitive data and systems. The report then offers a brief description of the University of Melbourne, followed by a discussion of the issues of information security within the institution, including physical security, operations security, communications security, cyber security, and network security. The report identifies various threats related to the CIA triad (confidentiality, integrity, and availability) and privacy, authentication, authorization, accountability, and identification. These threats include compromise of intellectual properties, deviations in service quality, trespassing or espionage, forces of nature, human errors or failures, data vandalism or sabotage, software attacks, technical hardware and software errors and failures, technological obsolescence, and theft of data or equipment. The report provides suggestions to improve the security aspects in the University of Melbourne and concludes with a summary of the key findings. The report also includes references and an appendix with relevant information about the university.
Running head: STRATEGIC INFORMATION SECURITY
Strategic Information Security: University of Melbourne
Name of the Student
Name of the University
Author’s Note:
Strategic Information Security: University of Melbourne
Name of the Student
Name of the University
Author’s Note:
Paraphrase This Document
Need a fresh take? Get an instant paraphrase of this document with our AI Paraphraser
1
STRATEGIC INFORMATION SECURITY
Abstract
The main purpose of the report is understanding regarding information security in the
University of Melbourne. The most significant responsibilities of InfoSec involve formation
of a set of few business procedures, which would secure the information asset, regardless of
the procedure of formatting the information, whether it is in transit or not. Most of the larger
enterprises eventually employ anyone dedicated security group for successful implementation
as well as maintenance of organizational infuse programs. This type of security group is
being controlled by the chief InfoSec officer within any particular organization. The
programs of InfoSec are being built with the most distinctive purposes of CIA triad that are
confidentiality, integrity and availability of the systems of information technology or even
business data. Various risks to information security with suitable suggestions are provided in
this report for the University of Melbourne.
STRATEGIC INFORMATION SECURITY
Abstract
The main purpose of the report is understanding regarding information security in the
University of Melbourne. The most significant responsibilities of InfoSec involve formation
of a set of few business procedures, which would secure the information asset, regardless of
the procedure of formatting the information, whether it is in transit or not. Most of the larger
enterprises eventually employ anyone dedicated security group for successful implementation
as well as maintenance of organizational infuse programs. This type of security group is
being controlled by the chief InfoSec officer within any particular organization. The
programs of InfoSec are being built with the most distinctive purposes of CIA triad that are
confidentiality, integrity and availability of the systems of information technology or even
business data. Various risks to information security with suitable suggestions are provided in
this report for the University of Melbourne.
2
STRATEGIC INFORMATION SECURITY
Table of Contents
1. Introduction............................................................................................................................3
2. Discussion..............................................................................................................................3
2.1 Brief Description about University of Melbourne...........................................................3
2.2 Issues of Information Security in University of Melbourne............................................4
2.3 Suggestions to Improve the Security Aspects in University of Melbourne.....................9
3. Conclusion............................................................................................................................11
References................................................................................................................................13
Appendix..................................................................................................................................16
STRATEGIC INFORMATION SECURITY
Table of Contents
1. Introduction............................................................................................................................3
2. Discussion..............................................................................................................................3
2.1 Brief Description about University of Melbourne...........................................................3
2.2 Issues of Information Security in University of Melbourne............................................4
2.3 Suggestions to Improve the Security Aspects in University of Melbourne.....................9
3. Conclusion............................................................................................................................11
References................................................................................................................................13
Appendix..................................................................................................................................16
⊘ This is a preview!⊘
Do you want full access?
Subscribe today to unlock all pages.
Trusted by 1+ million students worldwide
3
STRATEGIC INFORMATION SECURITY
1. Introduction
Information security could be stated as a collection of strategies that is required to
manage the policies, tools and processes, required for prevention, detection, and
documentation as well as countering the risks to any kind of digital or non-digitalized
sensitive information (Siponen, Mahmood and Pahnila 2014). The entire group of security is
solely responsible to conduct the procedure to manage risks by which several threats and
vulnerabilities to the various information assets are being constantly assessed. Moreover,
correct protective as well as security controls are eventually decided or even applied (Peltier
2016). This report provides a detailed discussion on strategic InfoSec of a popular university
in Australia, University of Melbourne. Various threats to information security for this
organization would be demonstrated in this report with relevant suggestions to resolve the
issues.
2. Discussion
2.1 Brief Description about University of Melbourne
The University of Melbourne is a popular and significant public research university,
situated in Melbourne, Australia. The university was founded in the year of 1852 and it is
termed as the second oldest Australian universities. Melbourne consists of 10 separate
academic units as well as it subsequently associated with several popular institutes or
research centres like Florey Institute of Neuroscience and Mental Health (The University of
Melbourne. 2019). More than 53000 students are studying in this university and hence it is
extremely important for them to ensure that safety of the sensitive data or information of
these students are safe and secured. However, there are few distinctive threats related to
information security, which are needed to be treated on a priority basis (See Appendix).
STRATEGIC INFORMATION SECURITY
1. Introduction
Information security could be stated as a collection of strategies that is required to
manage the policies, tools and processes, required for prevention, detection, and
documentation as well as countering the risks to any kind of digital or non-digitalized
sensitive information (Siponen, Mahmood and Pahnila 2014). The entire group of security is
solely responsible to conduct the procedure to manage risks by which several threats and
vulnerabilities to the various information assets are being constantly assessed. Moreover,
correct protective as well as security controls are eventually decided or even applied (Peltier
2016). This report provides a detailed discussion on strategic InfoSec of a popular university
in Australia, University of Melbourne. Various threats to information security for this
organization would be demonstrated in this report with relevant suggestions to resolve the
issues.
2. Discussion
2.1 Brief Description about University of Melbourne
The University of Melbourne is a popular and significant public research university,
situated in Melbourne, Australia. The university was founded in the year of 1852 and it is
termed as the second oldest Australian universities. Melbourne consists of 10 separate
academic units as well as it subsequently associated with several popular institutes or
research centres like Florey Institute of Neuroscience and Mental Health (The University of
Melbourne. 2019). More than 53000 students are studying in this university and hence it is
extremely important for them to ensure that safety of the sensitive data or information of
these students are safe and secured. However, there are few distinctive threats related to
information security, which are needed to be treated on a priority basis (See Appendix).
Paraphrase This Document
Need a fresh take? Get an instant paraphrase of this document with our AI Paraphraser
4
STRATEGIC INFORMATION SECURITY
2.2 Issues of Information Security in University of Melbourne
InfoSec is the major exercise of securing and protecting confidential information after
successfully modifying the various information risks (Safa, Von Solms and Furnell 2016).
This type of security is one of the major parts of information risk management. Information
security includes proper prevention or even reduction of the total probability of the
inappropriate or unauthorized disruption, corruption, access, devaluation, disclosure,
utilization, modification and many more. It even involves reduction of every adverse impact
of incident, occurred in the business. It might undertake any kind of form such as physical or
electronic (Xu et al. 2014). The main focus of this type of InfoSec is on the balanced
protection of CIA triad and even maintenance of focus over an efficient as well as effective
deployment of several policies, without even obstructing the total organizational productivity.
The information security is highly achieved through a structured procedure of risk
management, which majorly includes identification of information related assets as well as
potential impacts and vulnerabilities, evaluation of risks or threats, monitoring risk activities,
selection of appropriate security controls and even deciding process of addressing and even
treating the risks by avoidance, mitigation, sharing and accepting them (Soomro, Shah and
Ahmed 2016). In spite of the fact, University of Melbourne has always focused on their
unique strategies and policies regarding information security and ensuring that high security
and privacy measures are being undertaken under every circumstance and also maintaining a
major and distinctive periodical program for enhancement of security in their organization;
there still exists some of the major threats related to the CIA factors of information or data
(Siponen, Mahmood and Pahnila 2014).
The specialized areas of security in University of Melbourne are given below:
STRATEGIC INFORMATION SECURITY
2.2 Issues of Information Security in University of Melbourne
InfoSec is the major exercise of securing and protecting confidential information after
successfully modifying the various information risks (Safa, Von Solms and Furnell 2016).
This type of security is one of the major parts of information risk management. Information
security includes proper prevention or even reduction of the total probability of the
inappropriate or unauthorized disruption, corruption, access, devaluation, disclosure,
utilization, modification and many more. It even involves reduction of every adverse impact
of incident, occurred in the business. It might undertake any kind of form such as physical or
electronic (Xu et al. 2014). The main focus of this type of InfoSec is on the balanced
protection of CIA triad and even maintenance of focus over an efficient as well as effective
deployment of several policies, without even obstructing the total organizational productivity.
The information security is highly achieved through a structured procedure of risk
management, which majorly includes identification of information related assets as well as
potential impacts and vulnerabilities, evaluation of risks or threats, monitoring risk activities,
selection of appropriate security controls and even deciding process of addressing and even
treating the risks by avoidance, mitigation, sharing and accepting them (Soomro, Shah and
Ahmed 2016). In spite of the fact, University of Melbourne has always focused on their
unique strategies and policies regarding information security and ensuring that high security
and privacy measures are being undertaken under every circumstance and also maintaining a
major and distinctive periodical program for enhancement of security in their organization;
there still exists some of the major threats related to the CIA factors of information or data
(Siponen, Mahmood and Pahnila 2014).
The specialized areas of security in University of Melbourne are given below:
5
STRATEGIC INFORMATION SECURITY
i) Physical Security: This type of security can be referred to as the security of data,
networks, software, hardware and personnel from any kind to physical event or action, which
can cause major losses or damages to an institution or enterprise (Safa et al. 2015). Since, the
University of Melbourne has to deal with confidential information, it is extremely important
for to maintain data from physical actions.
ii) Operations Security: Operational security can be maintained by ensuring that
every business process or operation is being executed in an effective manner, so that
maximum effectiveness is being obtained without much complexity.
iii) Communications Security: Another important aspect would be involvement of
communications strategy, which refers to fact that there should not be any type of
unauthorized access to the telecommunication traffic for information getting transferred or
transmitted (D'Arcy, Herath and Shoss 2014).
iv) Cyber Security: This is the most important and significant aspect for the
University of Melbourne as the confidential data of students are required to be secured and
protected from any kind of cyber threat or risk.
v) Network Security: The traffic or network of the university is needed to be secured
from any type of vulnerability or issue, only after consideration of data encryption and
authorization.
There are some of the most significant risks as well as threats that are present within
the organization of University of Melbourne and these are needed to be removed effectively
(Andress 2014). The major categories of threats and risks related to the CIA triad as well as
privacy, authentication, authorization, accountability and identification of the confidential
information or data for the organization are as follows:
STRATEGIC INFORMATION SECURITY
i) Physical Security: This type of security can be referred to as the security of data,
networks, software, hardware and personnel from any kind to physical event or action, which
can cause major losses or damages to an institution or enterprise (Safa et al. 2015). Since, the
University of Melbourne has to deal with confidential information, it is extremely important
for to maintain data from physical actions.
ii) Operations Security: Operational security can be maintained by ensuring that
every business process or operation is being executed in an effective manner, so that
maximum effectiveness is being obtained without much complexity.
iii) Communications Security: Another important aspect would be involvement of
communications strategy, which refers to fact that there should not be any type of
unauthorized access to the telecommunication traffic for information getting transferred or
transmitted (D'Arcy, Herath and Shoss 2014).
iv) Cyber Security: This is the most important and significant aspect for the
University of Melbourne as the confidential data of students are required to be secured and
protected from any kind of cyber threat or risk.
v) Network Security: The traffic or network of the university is needed to be secured
from any type of vulnerability or issue, only after consideration of data encryption and
authorization.
There are some of the most significant risks as well as threats that are present within
the organization of University of Melbourne and these are needed to be removed effectively
(Andress 2014). The major categories of threats and risks related to the CIA triad as well as
privacy, authentication, authorization, accountability and identification of the confidential
information or data for the organization are as follows:
⊘ This is a preview!⊘
Do you want full access?
Subscribe today to unlock all pages.
Trusted by 1+ million students worldwide
6
STRATEGIC INFORMATION SECURITY
i) Compromise to the Intellectual Properties: This is the first and the foremost
category of threat that would be extremely common for the University of Melbourne
regarding their confidential data or information. This particular threat category could
eventually damage any company after having the respective intellectual property stolen from
the organization (Parsons et al. 2014). The organization should never underestimate the value
of the information. The major examples of this type of attack include piracy and copyright
infringement.
ii) Deviations in Service Quality: This is the second vital threat category for
information security in the University of Melbourne. The service qualities often get deviated
majorly and thus issues are needed to be analysed on a priority basis. The major examples of
such type of attack involves WAN service problems (Siponen, Mahmood and Pahnila 2014).
Since this university has almost 53000 students, the network coverage area is quite high and
hence it becomes extremely vital for them to ensure that services of network are not deviated
under any circumstance.
iii) Trespassing or Espionage: It is the core practice to spy or utilize spies for
subsequently obtaining confidential information about the students and the staff (Shropshire,
Warkentin and Sharma 2015). The attackers could keep a track or surveillance on the
information that is to be shared with the students or staff of the university. Eavesdropping is
one of the most basic types of threats or risks that is common for espionage.
iv) Forces of Nature: The major forces of nature include fire, floods, lightning and
earthquake could even effect the security and CIA triad of confidential information. The
university can have the risk of data loss. These forces could even sabotage the information
completely and there could be no method of getting that information back.
STRATEGIC INFORMATION SECURITY
i) Compromise to the Intellectual Properties: This is the first and the foremost
category of threat that would be extremely common for the University of Melbourne
regarding their confidential data or information. This particular threat category could
eventually damage any company after having the respective intellectual property stolen from
the organization (Parsons et al. 2014). The organization should never underestimate the value
of the information. The major examples of this type of attack include piracy and copyright
infringement.
ii) Deviations in Service Quality: This is the second vital threat category for
information security in the University of Melbourne. The service qualities often get deviated
majorly and thus issues are needed to be analysed on a priority basis. The major examples of
such type of attack involves WAN service problems (Siponen, Mahmood and Pahnila 2014).
Since this university has almost 53000 students, the network coverage area is quite high and
hence it becomes extremely vital for them to ensure that services of network are not deviated
under any circumstance.
iii) Trespassing or Espionage: It is the core practice to spy or utilize spies for
subsequently obtaining confidential information about the students and the staff (Shropshire,
Warkentin and Sharma 2015). The attackers could keep a track or surveillance on the
information that is to be shared with the students or staff of the university. Eavesdropping is
one of the most basic types of threats or risks that is common for espionage.
iv) Forces of Nature: The major forces of nature include fire, floods, lightning and
earthquake could even effect the security and CIA triad of confidential information. The
university can have the risk of data loss. These forces could even sabotage the information
completely and there could be no method of getting that information back.
Paraphrase This Document
Need a fresh take? Get an instant paraphrase of this document with our AI Paraphraser
7
STRATEGIC INFORMATION SECURITY
v) Human Errors or Failures: Around 5000 staff are working in this University of
Melbourne, there always exists a high chance of human errors and human failures (Ab
Rahman and Choo 2015). It can either be done intentionally or unintentionally and is not
always acceptable for the organization for ensuring InfoSec. One of the basic examples of
such human error attacks in this particular university would be mistakes from the end of
employees during data management.
vi) Data Vandalism or Sabotage: Another vital type of threat within the organization
of University of Melbourne is data vandalism or sabotage. There always a high chance that
the students or the staff might sabotage or vandalise the confidential data or information
(Sommestad et al. 2014). They could even cause major destruction to the information or
systems, present in the university. Moreover, there is also subsequent chance of systems
getting lost.
vii) Software Attacks: The 7th significant and vital threat category is software attack.
This is considered as one of the most basic and significant threat categories. The most
popular examples of software attacks include DoS attacks, DDoS attacks, man in the middle
attack, phishing attacks, SQL injection attacks, eavesdropping attack, cross site scripting or
XSS attacks and many more (Safa and Von Solms 2016). As these above mentioned cyber
security attacks could be extremely vulnerable for the respective systems and information of
the University of Melbourne, it is evident that the confidential information should be secured
in such a manner that there exists no issue related to them.
The intruders or attackers could eventually bring out few of the most distinctive issues
within the software attack surface and then exploit the surfaces for the core purpose of
reduction of the all types of unauthenticated users or attacks (Siponen, Mahmood and Pahnila
2014). Several exploits are possible with these attacks as it could gain access as well as run
STRATEGIC INFORMATION SECURITY
v) Human Errors or Failures: Around 5000 staff are working in this University of
Melbourne, there always exists a high chance of human errors and human failures (Ab
Rahman and Choo 2015). It can either be done intentionally or unintentionally and is not
always acceptable for the organization for ensuring InfoSec. One of the basic examples of
such human error attacks in this particular university would be mistakes from the end of
employees during data management.
vi) Data Vandalism or Sabotage: Another vital type of threat within the organization
of University of Melbourne is data vandalism or sabotage. There always a high chance that
the students or the staff might sabotage or vandalise the confidential data or information
(Sommestad et al. 2014). They could even cause major destruction to the information or
systems, present in the university. Moreover, there is also subsequent chance of systems
getting lost.
vii) Software Attacks: The 7th significant and vital threat category is software attack.
This is considered as one of the most basic and significant threat categories. The most
popular examples of software attacks include DoS attacks, DDoS attacks, man in the middle
attack, phishing attacks, SQL injection attacks, eavesdropping attack, cross site scripting or
XSS attacks and many more (Safa and Von Solms 2016). As these above mentioned cyber
security attacks could be extremely vulnerable for the respective systems and information of
the University of Melbourne, it is evident that the confidential information should be secured
in such a manner that there exists no issue related to them.
The intruders or attackers could eventually bring out few of the most distinctive issues
within the software attack surface and then exploit the surfaces for the core purpose of
reduction of the all types of unauthenticated users or attacks (Siponen, Mahmood and Pahnila
2014). Several exploits are possible with these attacks as it could gain access as well as run
8
STRATEGIC INFORMATION SECURITY
codes over the respective targeted machine. The flawed functionalities might eventually lead
to subsequent compromise of the total network as well as any other system after enabling the
unverified users, who might be a hacker or a student, who want to steal confidential
information for any kind of wrong intention (Webb et al. 2014). The University of Melbourne
would have authorization levels if the access controls are being loosely deployed. The
firewalls of software could help in blocking the total access to every existing vulnerability for
both staff and students. It is required to maintain overall security for minimization of
vulnerabilities. There is a comprehensive attack surface analysis for setting up the BDS or
breach detection system.
viii) Technical Hardware Errors and Failures: Equipment failure or errors is one of
the most significant issues in technical hardware failure, which occurs if there is any type of
issue related to information security (Nazareth and Choi 2015). The personnel of this
particular university would be facing some of the most distinctive and noteworthy problems
and proper measures are to be undertaken to ensure that major efficiency and effectiveness is
being obtained without much complexity.
ix) Technical Software Errors and Failures: Another significant category of threat to
information security would be technical software failures and errors. These kinds of errors
would have the subsequent scope for getting affected by bugs, code problems and unknown
loopholes. Moreover, the confidential information or data would be stolen without any prior
notification and the user would not get any idea regarding such attack. The data even could
get sabotaged or vandalised due to such errors.
x) Technological Obsolescence: Technological up gradation is extremely important
and should be kept on top priority for the university. As they would be dealing with
confidential information, it is extremely vital for them to ensure that the systems and devices
STRATEGIC INFORMATION SECURITY
codes over the respective targeted machine. The flawed functionalities might eventually lead
to subsequent compromise of the total network as well as any other system after enabling the
unverified users, who might be a hacker or a student, who want to steal confidential
information for any kind of wrong intention (Webb et al. 2014). The University of Melbourne
would have authorization levels if the access controls are being loosely deployed. The
firewalls of software could help in blocking the total access to every existing vulnerability for
both staff and students. It is required to maintain overall security for minimization of
vulnerabilities. There is a comprehensive attack surface analysis for setting up the BDS or
breach detection system.
viii) Technical Hardware Errors and Failures: Equipment failure or errors is one of
the most significant issues in technical hardware failure, which occurs if there is any type of
issue related to information security (Nazareth and Choi 2015). The personnel of this
particular university would be facing some of the most distinctive and noteworthy problems
and proper measures are to be undertaken to ensure that major efficiency and effectiveness is
being obtained without much complexity.
ix) Technical Software Errors and Failures: Another significant category of threat to
information security would be technical software failures and errors. These kinds of errors
would have the subsequent scope for getting affected by bugs, code problems and unknown
loopholes. Moreover, the confidential information or data would be stolen without any prior
notification and the user would not get any idea regarding such attack. The data even could
get sabotaged or vandalised due to such errors.
x) Technological Obsolescence: Technological up gradation is extremely important
and should be kept on top priority for the university. As they would be dealing with
confidential information, it is extremely vital for them to ensure that the systems and devices
⊘ This is a preview!⊘
Do you want full access?
Subscribe today to unlock all pages.
Trusted by 1+ million students worldwide
9
STRATEGIC INFORMATION SECURITY
are working perfectly (Layton 2016). The outdated technologies provide the scope of data
getting stolen easily and promptly and the data is lost completely.
xi) Theft of Data or Equipment: Confidential data might get stolen by the hackers or
intruders; eve the students would get a chance to steal the sensitive data for bringing any type
of vulnerability within this University of Melbourne. The illegal confiscations of information
and equipment are the other vital examples of such distinctive attacks.
2.3 Suggestions to Improve the Security Aspects in University of Melbourne
The CIA triad of information are needed to be maintained under every circumstance
for the University of Melbourne (Lebek et al. 2014). The reason for such maintenance would
be that the data or information of students would be safe and secured. It is extremely vital
within the company since it could easily protect and secure confidential information and
enable organizational functionalities regarding application management for assets and
systems. Few challenges as well as risks are present, which involves implementation of
information security within the company. The data security measures are needed to be
undertaken majorly to ensure that each and every existing security aspect gets improvised to
strengthen the respective security (Dotcenko, Vladyko and Letenko 2014). The most basic
suggestions for improving security aspects of confidential information within the
organization of University of Melbourne are as follows:
i) Establishment of Stronger Passwords: This is the first and the foremost
recommendation to the University of Melbourne for ensuring information security to a high
level. They should involve stronger passwords within their business, so that it becomes much
easier for the users to keep their data safe and secured. Up gradation of passwords in a
periodical manner is also important for this purpose as the intruders would not get idea
regarding the passwords.
STRATEGIC INFORMATION SECURITY
are working perfectly (Layton 2016). The outdated technologies provide the scope of data
getting stolen easily and promptly and the data is lost completely.
xi) Theft of Data or Equipment: Confidential data might get stolen by the hackers or
intruders; eve the students would get a chance to steal the sensitive data for bringing any type
of vulnerability within this University of Melbourne. The illegal confiscations of information
and equipment are the other vital examples of such distinctive attacks.
2.3 Suggestions to Improve the Security Aspects in University of Melbourne
The CIA triad of information are needed to be maintained under every circumstance
for the University of Melbourne (Lebek et al. 2014). The reason for such maintenance would
be that the data or information of students would be safe and secured. It is extremely vital
within the company since it could easily protect and secure confidential information and
enable organizational functionalities regarding application management for assets and
systems. Few challenges as well as risks are present, which involves implementation of
information security within the company. The data security measures are needed to be
undertaken majorly to ensure that each and every existing security aspect gets improvised to
strengthen the respective security (Dotcenko, Vladyko and Letenko 2014). The most basic
suggestions for improving security aspects of confidential information within the
organization of University of Melbourne are as follows:
i) Establishment of Stronger Passwords: This is the first and the foremost
recommendation to the University of Melbourne for ensuring information security to a high
level. They should involve stronger passwords within their business, so that it becomes much
easier for the users to keep their data safe and secured. Up gradation of passwords in a
periodical manner is also important for this purpose as the intruders would not get idea
regarding the passwords.
Paraphrase This Document
Need a fresh take? Get an instant paraphrase of this document with our AI Paraphraser
10
STRATEGIC INFORMATION SECURITY
ii) Involving Strong Firewalls: The second important as well as significant suggestio
to the University of Melbourne for ensuring InfoSec in their organization is involvement of
stronger firewalls (Zhang et al. 2016). These firewalls act as walls for the information and
they get subsequent protection from any kind of attacks or vulnerabilities.
iii) Installation of Antivirus Protection: The University of Melbourne should install
an antivirus protection so that the basic issues of viruses and malicious software within the
respective systems are eventually resolved without type of complexity or issue. The antivirus
provides a shield to the information or data, hence ensuring high efficiency in the business.
iv) Up Gradation of Programs: The programs or software are needed to be upgraded
regularly so that software failure or errors are reduced to a high level, hence reducing issues
of phishing or stolen data from the university (McCormac et al. 2017). This type of program
up gradation even provides proper efficiency and effectiveness regarding information security
and also enhancement of opportunity for easier data management.
v) Securing Laptops and Mobile Phones: Since, maximum students are involved in
this Australian university, the respective laptops and mobile phones of the staff and students
are needed to be kept safe and secured (Siponen, Mahmood and Pahnila 2014). This is one of
the most basic recommendations for University of Melbourne to ensure information security.
Numerous vulnerabilities and threats required to be evaluated as well as analysed efficiently.
vi) Regular Backups: Periodical backups are also important for this particular
university to ensure that even if data is being lost, it could be retrieved from the backups and
thus university would be safe from the existing threats and vulnerabilities (Hsu et al. 2015).
Data storage also becomes easier with these backups.
STRATEGIC INFORMATION SECURITY
ii) Involving Strong Firewalls: The second important as well as significant suggestio
to the University of Melbourne for ensuring InfoSec in their organization is involvement of
stronger firewalls (Zhang et al. 2016). These firewalls act as walls for the information and
they get subsequent protection from any kind of attacks or vulnerabilities.
iii) Installation of Antivirus Protection: The University of Melbourne should install
an antivirus protection so that the basic issues of viruses and malicious software within the
respective systems are eventually resolved without type of complexity or issue. The antivirus
provides a shield to the information or data, hence ensuring high efficiency in the business.
iv) Up Gradation of Programs: The programs or software are needed to be upgraded
regularly so that software failure or errors are reduced to a high level, hence reducing issues
of phishing or stolen data from the university (McCormac et al. 2017). This type of program
up gradation even provides proper efficiency and effectiveness regarding information security
and also enhancement of opportunity for easier data management.
v) Securing Laptops and Mobile Phones: Since, maximum students are involved in
this Australian university, the respective laptops and mobile phones of the staff and students
are needed to be kept safe and secured (Siponen, Mahmood and Pahnila 2014). This is one of
the most basic recommendations for University of Melbourne to ensure information security.
Numerous vulnerabilities and threats required to be evaluated as well as analysed efficiently.
vi) Regular Backups: Periodical backups are also important for this particular
university to ensure that even if data is being lost, it could be retrieved from the backups and
thus university would be safe from the existing threats and vulnerabilities (Hsu et al. 2015).
Data storage also becomes easier with these backups.
11
STRATEGIC INFORMATION SECURITY
vii) Diligent Monitoring of Systems: System monitoring is yet another distinctive
recommendation for information security in the university. The organizational systems would
be safe from any type of threat and risk, hence maintaining CIA triad in the business.
viii) Involvement of Information Security Law: There are few types of laws, such as
constitutional law, statutory law, regulatory law, case law, civil law, criminal law, private law
and public law, which are needed to be implemented within the government agencies
(Nazareth and Choi 2015). The most significant laws for information security include Federal
Privacy Act, Electronic Communications Privacy Act, Security and Freedom through
Encryption Act, Family Educational Rights and Privacy Act for maintaining InfoSec
effectively.
ix) Proper Planning: Planning plays one of the most effective roles in maintaining
information security within the University of Melbourne. Resources would be saved and
resource wastage would also be reduced. Moreover, an effective planning does not include
excess of time consumption. The mission statement, vision statement and values of this
university will be updated accordingly. Inclusion of governance programs such as ITGI,
ISO/IEC 27014 and NACD are also effective for this university (Ab Rahman and Choo
2015).
x) Implementation of Proper Policies: The programs and policies are needed to be
upgraded according to the new laws implemented in the university, so that hackers get an
idea of the extremities that would be faced by them after involving cyber-attacks (Siponen,
Mahmood and Pahnila 2014).
3. Conclusion
Therefore, conclusion could be drawn that InfoSec helps in successful maintenance of
credibility as well as earning of the trust of clients. The objectives of InfoSec make sure that
STRATEGIC INFORMATION SECURITY
vii) Diligent Monitoring of Systems: System monitoring is yet another distinctive
recommendation for information security in the university. The organizational systems would
be safe from any type of threat and risk, hence maintaining CIA triad in the business.
viii) Involvement of Information Security Law: There are few types of laws, such as
constitutional law, statutory law, regulatory law, case law, civil law, criminal law, private law
and public law, which are needed to be implemented within the government agencies
(Nazareth and Choi 2015). The most significant laws for information security include Federal
Privacy Act, Electronic Communications Privacy Act, Security and Freedom through
Encryption Act, Family Educational Rights and Privacy Act for maintaining InfoSec
effectively.
ix) Proper Planning: Planning plays one of the most effective roles in maintaining
information security within the University of Melbourne. Resources would be saved and
resource wastage would also be reduced. Moreover, an effective planning does not include
excess of time consumption. The mission statement, vision statement and values of this
university will be updated accordingly. Inclusion of governance programs such as ITGI,
ISO/IEC 27014 and NACD are also effective for this university (Ab Rahman and Choo
2015).
x) Implementation of Proper Policies: The programs and policies are needed to be
upgraded according to the new laws implemented in the university, so that hackers get an
idea of the extremities that would be faced by them after involving cyber-attacks (Siponen,
Mahmood and Pahnila 2014).
3. Conclusion
Therefore, conclusion could be drawn that InfoSec helps in successful maintenance of
credibility as well as earning of the trust of clients. The objectives of InfoSec make sure that
⊘ This is a preview!⊘
Do you want full access?
Subscribe today to unlock all pages.
Trusted by 1+ million students worldwide
1 out of 17
Related Documents
Your All-in-One AI-Powered Toolkit for Academic Success.
+13062052269
info@desklib.com
Available 24*7 on WhatsApp / Email
![[object Object]](/_next/static/media/star-bottom.7253800d.svg)
Unlock your academic potential
Copyright © 2020–2025 A2Z Services. All Rights Reserved. Developed and managed by ZUCOL.