BIT309 Security Management Oz Assignments

BIT309 Security Management Oz Assignments

BIT309 Security Management Oz Assignments

Introduction

Security is a major concern for every corporate or business, who runs their effort online or either offline. This assessment is also based on security management measurement of a software company SoftSolutions who is located in Australia. Within this report I have to perform all the proposed activity to fulfill the requirements of the software company while buy and integrate a business company TransACT. I have to create a report over managing the Information security of the organization.

Discuss the fit of your formal approach to security to the company’s values and the role it would play IT governance in general

The SoftSolutions is an IT company who deliver several successful small and big projects in last 3year with support of well proficient programmers. Now the owner of the company Tim and Catherine wish to buy a business TransACT which already have 20 employees strength. So it is more important accomplish a more formal approach to manage the security of the SoftSolutions company values and how it would play a significant role in IT governance. They actual have to implement a high secured system with enabling latest security and backup system. The organization has to follows the following formal approach for security values:

  • Boost performance
  • Select the Right Track
  • Easy Enough
  • Generic Standard
  • ISO 27005
  • COSO

First of all the organization SoftSolutions has to define the entire safeguard IT assets and providing for disaster recovery and the continuity of operations. It has to set a backup tool on server as well as on local host to save the entire valuable information of the company. It may be possible that an employee of the TransACT can damage the database or backup system of the SoftSolutions so it is required to use high level security panel and restrict the access of the employee on server or database admin panel. The Admin can only able to make access with proper biometric login system, and rest of the employee can only be permitted to certain part of the database. In this case the SoftSolutions has to use a tracking system to track the employee activities. It will leverage the organization security factors to the new height. An authentication and authorization process can also secure the system of the company. This is the most formal approach to security to the company’s values and its role which play significant IT governance in general.

(IT Solutions, Services & Consulting | Concerns, Challenges, Solutions | TRASYS International, 2017)

List the threats, vulnerabilities, and attacks that your formal plan would manage.

The formal plan against the Information system of the SoftSolutions can effectively manage all type of threats issues, vulnerabilities and attacks. The list of the threats that can be managed is as follows:

  • Physical damage likes pollution, water or either fire; the information system would be protecting from all these security threats.
  • Loss of power supply, failure of cooling system, or breaches in communication system could also be manage by help of the newly developed report.
  • Technical factors like equipment, software failure, and hardware failure and storage system threats can be managed by the proposed report.
  • Vulnerable activities of any employee from inside and outside the organization can also be tracked and can be manage. The system of the SoftSolutions including the software, hardware and network vulnerabilities can also be solved by this approach.
  • Attacks like data hacking, credential stealing, security breaches, database damaging all these can be managed by the proposed formal approach.

(En.wikipedia.org, 2017)

Implications of legal and statutory requirements and the benefits your formal approach would bring

Implication of legal and statutory requirements which is bringing by select formal approach is as follows:

1. Business structure

After apply the selected formal approach, now it is mandatory to keep all the registrations documents up to date. If any of the document requires renew, must have to update first to operate the business without any problem. If the company fails to do it, they have to face government punishment. The company is now migration other company within it, and then the SoftSolutions has to create a written contract document before starting financial commitments.

2. Leasing premises

Ensure with all leasing premises by reading them, before sign over it. There are minimized leasing documents but have to ensure about it completely. If they failed to do so, it may create big problems for this IT firm.

3. Intellectual Property

The formal approach minimizes your efforts to protect your intellectual property by using it in the trademark. It is required to update the IP protection time to time. If the company fail to do it; may have to face with losingtheir IP.

4. Employment

The newly proposed formal approach will help the organization in selecting the right person with specified job description and selection parameter. It will brings you a fruitful business opportunities and your client will always be happy with you.

(Waldron, 2017)

Security Policy, including a methodology and the reason for having a policy

The security policy for the concerned company comprises a set required objectives, rules and regulation of user and administration, requirement for the system which collectively ensures about the security and of computer systems and other valuable assets. I have also design and develop a security policy for the SoftSolutions IT organization, which is as follows:

  • The risk of transmission of the information through the internet have risks and so you have to make keep in mind that violating the security of the SoftSolutions, will be serious offense.
  • Your information or data that is transmitted through the network of the SoftSolutions after encrypting from your computer to the server of the concern.
  • The encryption of the data restricts others to view your information.
  • The SSL encryption methodology that is applied over the website of the company will also protect your entire session.
  • SoftSolutions also track the entire encryption technology and processes as per industry standards.
  • If you found any violation of your information then you can make your complain on info@softsolutions.com
  • Note- This policy will amend time to time. So to know about the latest security policy of the company, you have to go through our website time to time.

Since this is a software company which wants to integrate other business company, so that’s why it has to regulate the above mentioned security policy to run their business smoothly. It has to propose all the listed policy with their supporting system to publicly publish it, so as if any of the rules is being violated by any of the employee then the organization can take proper action to the respective employee or the other concern.

(Solentive, 2017)

Benefits of a Risk Management and detailed discussion on Contingency Planning

Benefits of risk Management

1. Assets protection:A solid risk management strategy i.e. designed by me can manage the entire framework of the software company and can protect the assets of the organization. The company will effectively can offer their services to the client with eliminating the security and privacy risks.

2. Reputation Management- Now after the integration of the new business company, SoftSolutions becomes more bigger and powerful software company. So reputation of this is also important. The risks should be managed by different authorities as per their role in organization. A better risk management strategy can help to analyze the gap issues and develop a road map to mitigate the reputational risks.

3. Risk in Supply Chain- Now the organization may face complexity in supplying their services but if a proper risk management framework will apply over it then the organization can constantly monitor their risk i.e. either internal or external.

4. IP protection- The software company will able to handle the IP risk. Means an advanced risk management strategy helps to protect the competitive advantages and business opportunities by protecting the intellectual property of the organization.

5. Competitor analysis- Regular competitor analysis will effectively notify the company about their competitors with their current market value and efforts.

Contingency planning

I have also prepared a contingency plan for the software company over the security system that can be used to handle the unexpected risks. The contingency plan for this software company is based on the Australian government. The company should have to follow the following contingency plan to overcome from the unexpected risks.

1. Technical risk

If the system may face unconditional technical risk like failure of software and hardware then it generate a short message directly to the technical head. The technical head will then responsible to manage the risk by asking to the expert.

2. Operational risk

If the organization faces an unconditional operational risk like fraudulent of any employee or stealing company information then these all act is only handle by the operation head of the organization in the local court of Australia.

3. Financial risk

If this software company faces any financial unconditional risk on time of ongoing project, financial losses in software failure and etc. can be handling by financial department or admin of the organization. It can also be handling by their shareholders.

4. Network risk

If any type of security breaches, data violation, and network penetration found then this all type of unconditional issues or risk is being resolve by the network manager of the SoftSolutions in Australian local court.

(Expertsystem.com, 2017)

Discuss the benefits derived from seeing Security Management as an ongoing process

Security management is a long term activities which requires ongoing processes from the day first. It helps to mitigate several types of issues before and after the implementation of approaches or methodologies. Since the information security management is an ongoing process which protects software company information from the highly sophistical problems and attacks. The security is designed and developed within the company and the vulnerabilities in third party so that the patching of software and services make happen.  The security measures are retaining to minimize the security breaches. The other benefits of security management within the organization are to train the respective employee of the organization in context of current project.

(Sheffield, 2017)

Conclusion

I have successfully create a report over the information security of the software company SoftSolutions that will definitely help the learner in understanding about all the IT governance of the organization, risk management plan, cost benefit analysis as well as legal and other beneficial requirements of the.  I have successfully completed the assignment with retaining all the requirements like risk management, cost benefit analysis, security management policy and lots of more effectively manage the information security of the company. This report will definitely help the learner to establish an effective managing strategy for entire organization after the integration of the TransACT business company.

References

1. IT Solutions, Services & Consulting | Concerns, Challenges, Solutions | TRASYS International. (2017). Taking a more formal approach to your risk management - IT Solutions, Services & Consulting | Concerns, Challenges, Solutions | TRASYS International. [online] Available at: http://www.trasysinternational.com/2016/02/02/taking-a-more-formal-approach-to-your-risk-management/ [Accessed 18 Oct. 2017].

2. En.wikipedia.org. (2017). Vulnerability (computing). [online] Available at: https://en.wikipedia.org/wiki/Vulnerability_(computing) [Accessed 18 Oct. 2017].

3. Waldron, J. (2017). The Rule of Law. [online] Plato.stanford.edu. Available at: https://plato.stanford.edu/entries/rule-of-law/ [Accessed 18 Oct. 2017].

4. Solentive. (2017). Solentive Privacy Policy. [online] Available at: https://www.solentive.com.au/privacy-policy [Accessed 18 Oct. 2017].

5. Expertsystem.com. (2017). Risk management framework for your business: The benefits. [online] Available at: http://www.expertsystem.com/strong-risk-management-framework/ [Accessed 18 Oct. 2017].

6. top_10_threats_to_small_businesses1. (2017). [ebook] Available at: http://www.vanmeterins.com/sites/default/files/top_10_threats_to_small_businesses1.pdf [Accessed 18 Oct. 2017].

7. top_10_threats_to_small_businesses1. (2017). [ebook] Available at: http://www.vanmeterins.com/sites/default/files/top_10_threats_to_small_businesses1.pdf [Accessed 18 Oct. 2017].

8. TatvaSoft Australia Pty Ltd. (2017). Privacy Statement | TatvaSoft. [online] Available at: https://www.tatvasoft.com.au/privacy-statement.php [Accessed 18 Oct. 2017].