CIS5205 Information Security Management System

CIS5205 Information Security Management System

CIS5205 Information Security Management System

1. Threats to Information Security

Based on the recent forms of information security, there could be some form of threats such as:

1.1 Human Error and Mistake

Some of the common form of human errors that lead to threats within information security are:

1. Clicking on Unsafe Attachment or URL – There are various kinds of techniques that are used by hackers. Once these forms of suspicious links are clicked they would lead to the user getting involved in various kinds of fraud based activities (Caputo et al., 2014).

2. Neglecting of good password protection protocol – The improper use of high form of protocol based on password protection could lead to attackers getting the access to secured websites.

3. Sending of email to wrong address – Small kinds of typing errors could lead to the vulnerability of sensitive information.

1.2 Malicious Human Activity

The different kinds of malicious human activities that could lead to security threats within the organisation are:

1. Malware – IT is the abbreviation for malicious software, which could compromise the security functions within the computer, steal the data and could cause harm to the host computing systems (Jouini, Rabai & Aissa, 2014).

2. Adware – It is a kind of malware that would automatically deliver advertisements. These are mainly sponsored by advertisers and they mainly serve as a form of tool for the collection of revenues.

3. Ransomware – It is a kind of malware that would captivate the targeted computing system and would demand a ransom amount for getting back the access to the system (Scaife et al., 2016).

1.3 Natural Events and Disasters

The three forms of natural disasters that could lead to threats to information security are:

1. Fire could lead to serious forms of damage to the computing systems. The smoke from the fire could lead to the damage of                   CPU fan and could lead to overheating of devices.

2. Lightning strikes could lead to damage of electrical charge. This could lead to sudden voltage rise and could lead to sudden                    voltage rise. The routers and modems could also get damaged with the effect from those lightning strikes.

3. Earthquakes, hurricanes and floods could also be the prime form of leading factor, which could be the major causes of                           damage to the computing systems.

2. Respond of Organizations to the Security Incidents

2.1 Disaster-recovery backup sites

The three major form of backup systems based on recovering from the disasters are:

1. Data Center Disaster Management Plan – This kind of plan would help in taking care of physical assets of the IT infrastructure. This would include power systems, office premises and other form of storage facilities (Chae et al., 2014).

2. Cloud Disaster Management Plan – The cloud based plan of data recovery would help in the storing of data in the cloud platform. The businesses and corporations would design a plan for the purpose of hosting their data on the cloud based environment. These corporations should work in unison in order to the cloud provider for ensuring that the data would be downloaded in a quicker manner.

3. Network-based Disaster Management Plan – This form of data recovery plan would be based on network infrastructure based on the business corporation. It would be extremely essential for the organisation to fully understand the functionalities of the network infrastructure.

2.2 Incident Response Plans

The three forms of major kind of factors based on incident response plans are:

1. As the incident response plans are primarily responsible for minimizing the business risks, hence they should be focused on recovering from the disasters. They should have an accurate call list of communication. This list should have designated form of backups for each individual.

2. Retest of the Disaster Recovery Plan is a much important task that should be done at regular intervals. Exercising of the test of recovery plan would be helpful for an effective and efficient management of the system (Luttgens, Pepe & Mandia, 2014).

3. There should be a 24-hour supply of resources at the site of recovery. With a proper kind of disaster recovery plan, there should be a proper form of responses from the recovery plan services. The organisation should also be aware of the stores of supply of resources and the nearest hardware.

3. Major Ethical Issues

3.1 Major Ethical Issues faced by an IT organisation

The most common types of ethical issues that are faced by organisation are:

1. Use of Social Media – The wide form of use of social media tools for the business is an important tool for the growth of the business. Misuse of the social media platforms would lead to immense form of problems based on social issues.

2. Diversity Issues – The present and potential employees of any organisation would deserve for getting respect for the work that have been provided by them. There should be an ethical form of response based on training of the employees that might occur with various issues related to the job sector. With a diverse form of people within an organisation, there could be various kind of issues related to every individual.

3. Decision-Making Issues – Various kinds of ethical issues are faced within an organization that varies from the collection of data and facts, evaluation of alternative kinds of actions and making of vital decisions. There could be some form of issues based on the making of decisions within the organization (Crane & Matten, 2016).

3.2 Real-world Case and Action

In 2018, Facebook faced an ethical concern based on the breach of data within the organisation. They had claimed that the illegal form of data sharing with the help of their platform by a researcher of Cambridge University was possible with the downloaded application provided by the researcher. This has raised an ethical issue leading to security and privacy concerns based on the organisation (Nunan & Di Domenico, 2013).

Based on the ethical issues faced by the organisation, it could be suggested that Facebook should properly review their security policies. They should hire security developers who would be responsible for designing the security designs of the organisation. They should use high form of encryption standards-based for measuring the security of the organisation (Crossler et al., 2013).


1. Caputo, D. D., Pfleeger, S. L., Freeman, J. D., & Johnson, M. E. (2014). Going spear phishing: Exploring embedded training and awareness. IEEE Security & Privacy12(1), 28-38.
Chae, J., Thom, D., Jang, Y., Kim, S., Ertl, T., & Ebert, D. S. (2014). Public behaviour response analysis in disaster events utilizing visual analytics of microblog data. Computers & Graphics38, 51-60.
Crane, A., & Matten, D. (2016). Business ethics: Managing corporate citizenship and sustainability in the age of globalization. Oxford University Press.
Crossler, R. E., Johnston, A. C., Lowry, P. B., Hu, Q., Warkentin, M., & Baskerville, R. (2013). Future directions for consumer behavioural information security research. computers & security32, 90-101.
Jouini, M., Rabai, L. B. A., & Aissa, A. B. (2014). Classification of security threats in information systems. Procedia Computer Science32, 489-496.
Luttgens, J. T., Pepe, M., & Mandia, K. (2014). Incident response & computer forensics. McGraw-Hill Education Group.
Nunan, D., & Di Domenico, M. (2013). Market research and the ethics of big data. International Journal of Market Research55(4), 505-520.
Scaife, N., Carter, H., Traynor, P., & Butler, K. R. (2016, June). Cryptolock (and drop it): stopping ransomware attacks on user data. In Distributed Computing Systems (ICDCS), 2016 IEEE 36th International Conference on (pp. 303-312). IEEE