Development of Information Security Management System

Development of Information Security Management System

Development of Information Security Management System

Introduction

The new technological era provides an advantageous system for increasing business enhancement.  Using of an Information security system is the widening structure for developing the security management within an organization. The main purpose of the assignment is developing infrastructure by taking the initiatives of ISO for maintaining the confidentiality within organizational activities.  Using of ISMS provides the global reputation within the business enhancement of the rising industry by using the strategic technology for enhancing the chance of independent auditing and increasing productivity within business circumstances.

Part 1

Analysis of the information security Domain

Using the strategy of Information Technology the security system can be developed within a business organization.  As technological enhance reduces the excess pressure of the business it would be useful to maintain the security system within the information system development. “Security of the Internet of Things: perspectives and challenges” this article discusses the rapid enhancement of technology by analyzing the security problems with appropriate measurement. Using of perception layer, transport layer and application layer the cognitive security can be gained for resolving risks of the business organization (Jing et al. 2014, p.2485).

“Optimization of expert methods used to analyze information security risks in modern wireless networks” - This article discusses the optimization methods by reducing the security risks within a business organization. Implementation of the risk analysis can be maintained by using the wireless connection (Ermakov et al. 2014, p. 1240). It helps to develop the business sustainability by creating magnitude of the risk forecast.  Using the dynamic methods of business development by using the wireless connection network can improve the viability of accessing the products and services into a business organization.

Risks

As ISMS is using the crucial technology of the business development it must have some risks of the business by influencing the business area, strategy and productivity with creating of appropriate awareness of business marketing. While storing the everyday’s credentials within an organizational cloud it has a risk of hacking the personal cloud and mixing of the private cloud into the entire global cloud. It destroys the confidentiality by breaking the cyber security system.

“Information security to cyber security” article discusses the fundamental security risks of a huge business organization.

1. Cloud bursting is the security risks for hackling the personal data of the business organization. It can be a huge security risk for the Information system development within a developing organization.

2. Financial fraudulent activities can be considered as the security risk of the business enhancement, share market retailing within an organization. The fraudulent activities can reduce the prosperity of the business (Von Solms et al. 2013, p. 90).

3. Maintaining the user’s assets and employee’s personal resources can be hijacked or stolen by creating of the fraudulent activities, vulnerabilities of the security within structured business development.  

1. “On the features of Security and privacy of Internet of Things” examines the basic security measurement structure for developing the Internet security system within an organization for developing the business culture towards rapid enhancement. Hijacking the official credential within the developing organization can be considered as the long term security risks (Crossler et al. 2013, p.90). It is critical to remove because of having the vulnerabilities within the structure of business development.

2. In the article of “Analysis of Cloud computing Security Problems” the brief descriptions of the security risks are given. As ISMS uses the technology if Information and Communication strategies it must have to face some risks of hijacking of personal IP, Domain hacking, spamming of emails. It can reduce the protection of products auditing and publishing within the environment (Da Xu et al. 2014, p. 2233).

Control

1. The article named as “Privacy designing strategies” can help to develop the appropriate measurement of security system by increasing the technological awareness within the rising organization within the privacy and well developed infrastructure for reducing risks (Baek et al. 2015, p.  299).

2. “Cloud Computing strategy” states the brief description of controlling the data into the private storage.  Potential strategy of cloud computing programming maintains the security system for developing the cryptographic policy. It helps to develop multiple elasticity of increasing cloud based security system (Almorsy et al. 2016 p, 84).

3. “Secure Reduplications with Efficient and Reliable Convergent Key Management” discusses about the sustainable control by creating of the duplicate database system by creating cryptographic solutions.

4. Risk management can be idealized by creating of sustainable IDC reporting within an organization by developing the information security system by creating possible environment.

5. Maintaining the security management policy of the business establishment needs to be ensuring by authenticating private cloud within end to end authentication of the customers (Yang et al. 2013, p. 490).

6. Hierarchical development by using Convergent system by establishing the key features can be developed by reducing the developing structure of the Information security management system for further auditing, analyzing the security management for ensuring customer’s sustainability.    

7. Maintaining the Privacy and data protection act of organization can be used for controlling the security and privacy for the further business enhancement with technical auditing development.

8. ISO27K Standards provides some controlling process for managing the information security within the organization.

Behavior

It is most essential to observe the organizational behaviors for developing the security system of the organizational structure for business enhancement. Organizational behavior needs to be developed for maintaining the sustainability of the business within the information security system. “Big data Analytics security” also helps to develop the structural system for developing the infrastructure of the business by using big data analytical approach (Sicari et al. 2015, p.149). Hierarchical development by the analysis of the advanced technique helps to increase the potentiality of the organizational career towards sustainability by emphasizing the features. Organizational behavior needs to be developed for using the developing technology within an organization.

The article named as “Internet of Things in Industries: A Survey” uses the strategy for developing the powerful security system by using IT related emerging technology. It can help to develop the productivity, innovative platforms towards development by creating unique radio frequency identification for improving business potentiality (Zhu et al. 2015, p. 130).

“Privacy designing strategies” says that the development of creating the equal platform can create a survey for improving the team works by using well developed technology (Roman et al. 2013, p.2266). It helps to maintain the ideal communication in between workers and the customers for business auditing and improving customization within a rising business platform.

Standardization

As ISMS is the rising technology of the business enhancement, the organizational people needs to adopt the technology by maintaining appropriate standardization it needs to use the Big Data for exploring the technological enhancement.  The article “Security of the Internet of Things: perspectives and challenges” provides the brief description and overview of the business by maintaining the standardize culture for further development (Hoepman, 2014, p. 446).

The platform of the business within an organization needs to be developed within the ideal circumstances. As standardization policy is the most effective policy for increasing the customization, flexible working, and long term planning it can help to develop the business circumstances by using of the technology and system.

An Authenticated Trust and Reputation Calculation and Management System for Cloud and Sensor Networks Integration” states that using of the innovative structured Information security System provides the globalization and enhances the reputation policy with ideal integration of networking (Cardenas et al. 2013, p.74).  It helps to maintain the globalized standard architecture for increasing the uniqueness of the further business development. In this way using of the structured sensor networking, authenticated management system establish the standard development of rising business by increasing the authenticity of the productive development, business culture.

“Cyber-Physical Security Test beds: Architecture, Application, and Evaluation for Smart Grid” states that new trend of cyber security management by developing the systematic representation can help to establish the digital awareness by creating of cyber security into the smart security (He et al. 2013, p. 1587). The standardized policy helps to maintain the sustainable architecture for evaluating the ideal positioning. Appropriate standardization improves the business by creating new innovative planning, organizational structure for business development. It helps to increase the globalized reputation by standardized platform of the business.  

“Guidelines for the assessment of information security controls.” provides some process of minor changes by creating of technical; composition. It helps to maintain ideal standardization within an organization by maintaining the appropriate guidelines for resolving various risks of the business.  

Using of “Developing Vehicular Data Cloud Services in the IoT Environment” helps to provide the ideal guidelines by creating the survey and assessment test within IoT by creating the financial reporting statements true. Standardization policy of using ISMS into a developing organization provides the awareness campaigning within the specific environment of business development towards sustainability.

Technology

Technological development is mandatory field for ensuring the business authenticity and the further enhancement of creating the ISMS system within the organization. It helps to maintain the flexible and Understandable business by making plans, implementation, business profit, product development as well as customization of the products and auditing.

“Big-Data Applications in the Government Sector” article states the current innovative technology of cloud computing, cloud bursting for increasing the potentiality of the business enhancement for maintaining the authentic standardization and preservation of the analytical data for further processing within the organization.

Big data development technology can help to produce current developing infrastructure by increasing current methods by removing the cyber attacking.

Using the technology of Real Time Digital efficiency makes the process of business development easy by increasing productivity.

“Future directions for behavioral information security research” provides the technology of cloud computing, big data, IOT emerging technology for increasing the business transaction, productivity, product’s quality, auditing system. The article describes about the future invention of the emerging technology within the specific research work.  Cryptographic technology can help to maintain the data protection by maintaining confidential domain within the business sectors.

Using of the ICT technology and the developing ITSM process can help to develop the sustainable security management by using the technology. It provides a flexible work culture within the rising organization for increasing globalized reputation of the business.

“Heuristics for Evaluating IT Security Management Tools” states the specified culture and technology for increasing the social awareness of the business campaigning. Heuristics Security management technology improves the authenticity of the long term business goal by removing the security standards.  The security management tools are also help to establish the business sustainability by reducing the excessive workloads, destructive hacking process within the organization simultaneously.

Using of the technology of Artificial intelligence, Relational DBMS in cloudburst can help to take the everyday’s backup by reducing the excessive workloads. It prevents the loss of data within the organization. It maintains the sustainable development and ideal infrastructure of creating new hierarchy for reducing the risks. That’s why it can be seen that the information system security uses the strategic awareness program by using the automation strategy which can help to reduce excessive workloads by using Artificial Intelligence (AI) technique.  

“A secure cloud computing based framework for big data information management of smart grid” states the brief description by creating ideal frameworks of cloud computing by using the innovative technology. It helps to maintain the customer’s reliability by increasing information management security system.  

International Standard of ISMS uses the data centric protocol for accessing resources into the organization. Big data information security technology binds the responsibilities of technology within a sorted sector.

It can help to define the decision making by engaging security management for increasing the authentic. Holistic approach can assure the financial security services within the business sectors by making the process of business enhancement simple. It provides the confidentiality of the information system by increasing availability of the database management in an innovative way within the technical standard group beyond ISO awareness campaign.

As the Information security management is essential to be developed within a developing business organization it needs to maintain data protection act, security awareness campaigning and qualitative and quantitative survey within the business development. Good security practices of information system needs to maintain by resolving risks, threats of the employee's engagement for increasing good product’s quality, customization, and quality assurance within the business organization.

2. Information security Management system has sponsors for supporting the innovative strategy of the business enhancement within an organization.

The technology, implementation planning needs to be secured with the help of the sponsors.

“Discovering supporters of information security System” uses the strategy of independent certifications under the sponsored security system of ISO standards. Review of thorough academic research enhances the specific aspects of the business by creating of innovative ideas.

A. Academic sponsorship

The rising organization can take the help of the academic sponsors for increasing the fundamental balance of the entire mechanism of business.

As the academic researchers have brief and practical idea of using the ISMS in practical application they can be considered as appropriate sponsors and supporters of establishing ISMS system within the  particular business organization. Academic sponsors can help to provide brief overview and ideal explanation of the business enhancement by maintaining the functional activities, potential business demands and productivity of the knowledgeable concepts for quality management and provides the authentication of the productivity.  

Academic sponsorship provides exact definition and activities of the motion development components of Information security system within the organization. Academic sponsorship uses the strategy of formulating the business structure into a hierarchical order by increasing the probability of future awareness and increment of the concern by under the ISO security system within the individual domain.

Academic sponsorship of establishing new and well developed ISMS system can increase the customization and target marketing by creating ideal technique of auditing. It uses the structural formula by enabling new technique for establishing the advantages to the users by maintaining the stability. That’s why it can be said that the ideal academic sponsorship of ISMS system can provides some extra features from their random research works by establishing the career of the business by resolving risks towards sustainability. Academic Sponsors and supporters of Information management security System provides some features and components within the rising organization which can increase the flexible working by reducing various fraudulent activities. Moreover, the pure researchers research about the trending topic of ISMS system for establishing the business career into the global business market by creating awareness campaign.

B. Industrial sponsorship

Industrial sponsorship is also an important feature by establishing sustainable business development activities by creating new business from the emerging technology. As the rising organization wants to develop the business structure by involving the customers, it is essential to maintain the industrial sponsorship for increasing business authenticity. “ISMS Manual” states that using the strategy of continuous improvement with the external and internal expertise’s it needs to maintain the business functional activities for organizing the new business enhancement. Industrial sponsorship provides the brief description and provides some advantages of gaining the popularity of the products and services by engaging customers. Industrial sponsorship can help to estimate ideal capital budgeting while starting of new products launch via using the Information Security system.

Industrial sponsorship of ISMS system not only supports for increasing the common people's concern for establishing new business structure by creating the fundamental components of Information security system. It provides the financial stability by involving employees with appropriate concerns. Industrial sponsorship uses the structural enhancement by developing the features, financial statements and increasing the potentialities within the business development.

It is important to develop the features of the business by maintaining the security standard within the industrial supports and sponsorship. Industrial sponsorship is most important for establishing the features of the continuous improvement of products and services by maintaining the quality assurance within the organization (Crossler et al. 2013, p.101). It helps to maintain the corporate responsibilities under the supervision of the business by assuring the standardized strategy of enabling the social responsibilities by reducing risks within an organization. Industrial supports can help to provide ideal architecture by exploring emerging technology. Ideal distribution of the Government sponsorship reduces the risks by creating of the awareness campaign for developing business infrastructure.    

C. Standard Sponsorship

“Information Security Management System ISO 27001” states that the most important sponsorship is IEEE standardization for maintaining the authentication of the usage of the system. ISO security system under the IEEE standardization maintains the globalized sustainability by creating project authorization process within IEEE security standards.  

Standardized sponsorship maintains the security systems by proposing sensor system. IEEE-SA domain can help to introduce the ideal and effective solutions of the definite risks within the individual system. Using the strategy of specifying entities can help to coordinate the associate committee   beyond the particular standardization for enhancing the technical expertise’s within the business under the ideal corporate responsibility. IEEE Board of Governor creates a development team for maintaining the specific roles and responsibilities within the Governmental sectors by increasing the business enhancement for the fundamental aspects (Chen et al. 2013, p. 40)

An IEEE Board of Governors Team reduces the hardness and rigid structure for increasing the flexible working atmosphere within the organization. Using the easy strategy of project development teamwork within the ISMS protocol; system can help to reduce various security risks of the information by creating the well established and reliable infrastructure for attracting customers.

Accoding to Cardenas et al. (2013), society of IEEE development team creates the sustainable development within the IEEE society and the developing infrastructure with the help of the IEEE standardized Corporate Advisory Group. It creates innovative technology for further development by creating AI expertises within the recently developed business organization within the satisfactory range of idealization.

D. Military

The research work of establishing the ISMS system within the rising organization needs to have the ideal research works for increasing the success and potentialities within the business. It is necessary to use the sponsorship strategy for developing the supportive team within the business development. It reduces some risks of the business by effective transition with the civilians and members (Baek et al. 2015, p.235). Using the ISMS develops the inbound services for associating the sponsorship of the resources. Developing the ISMS structure needs to have the Military awareness campaign for the Governmental assurance within the entire system.   Military sponsorship is the one of the important awareness campaigning for increasing the fundamental statistics beyond the Government of the Country (Almorsy et al. 2016, p. 89). It helps to reduce the transaction, foreign acquisition and various types of risks related to business campaign and awareness within the Standard Information Security System.  “Military INSTALLATIONS” states that cultivation of innovative approach for increasing the productivity development within the organization. It helps to develop the uniformity of creating ideal decision making with appropriate idealizations.

In this way various types of sponsorship develops the business enhancement by individual development by establishing the innovative culture by reducing risks.  

Conclusion

The entire assignment deals with the business enhancement estimating new features and components for establishing new model of Information security services within the organization. Reducing the separate risks of ISMS system can provide the standardized performances by establishing the business performances and growth within the newly developed business culture. Maintaining the equality of the business development by using the Strategic information system need to have the ideal technology and effective sponsorship for increasing the awareness campaigning. Creating of the developer team for taking ideal concern of the business development needs to have ideal security services and innovative strategy of using ISMS for reducing the risks. The strategic program increases the fundamental business towards sustainability by creating of the ideal strategy of implementation.    

Part 2:

In order to developing the information security management system in an external system I found many things to learn about the organization as well as developing the system. It provided me both real world learning experience as well as small scale real world frustration regarding the internal structure of the company.  

A) The weekly group tasks are aided by the week team leadership. Information security management system has been used for planning and the involved supervisory functions in an organization. This leads to the meaningful development effectiveness and the practically feasibility related to the organization as well as systematic security process safeguards the process. While working as the part of the companies I have understand that somewhere week team leadership hindered on my work. This system involved of some of the legal requirements as well as relevant code and regulations to follow. Regardless of the systems internal security management system the basic principles are needed to be considered to develop in an organization what I personally realized. Some of the management principles presented while developing the system are trivial. I personally found that the simple things which are put into system incorrectly and sometimes it gets omitted by the high level managers like CEOS and general managers.

The ability to take responsibility , discipline, patience all characters are considered as a matter of course, though they are not put into actions and practices in this organization from the managers end. I personally felt that these characteristics needs to be implemented in the realistically and practically in the project management. The associated team members and the directors are communicated their opinions clearly in order to achieve the internal security system goal. Particularly in case of less spectacular measures improved the level of security. The process optimization, motivation of the staff and the training given to them and the drawing of the documents comprehensively improved the level of security in case of practical world. As a cost driver I assumed that large scale projects, expensive measures and the technology investment in an organization is wrongly portrayed due to the cost. I also concluded that management principles are needed to be observed and trained carefully in order to overcome from the failure of the internal security management system.

B) There is a difficulty in getting the group agreement about the weekly deliverables of specific tasks of the management. The company is at most responsible for the proper functioning of the organization and its objectives. This helps in securing the information of the organization from both the inside and outside end. I personally felt that the laws associated with the organisation information security are quite ineffective to implement. There is a communication gap existed between the management level and from the individual managers end. The commitment to the deliverables and the company’s requirement has not been clearly demonstrated by the managers. The responsibilities of individual regarding the staff members are not discussed and implemented the plan. In this case I personally felt that, this may lead to the insecurity of the staff related to the problems.

According to me the information security need to be integrated all the involved process and the projects, where as this stood as the main reason of difficulty for achieving the weekly deliverables. The security requirements are only considered while procuring the IT rather than procuring in business design process as well as training staff members are also needed to be done. In this case I would like to recommend that the management level needs to be initiate actively, supervise and needs to manage the security process. Information security strategy as well as objectives of it needs to be agreed upon in order to achieve the company's goal of information security. In order to achieve the deliverables of specific week the tasks related to the business operations and its risks need to be investigated in a detailed manner. I felt that the organizations information security conditions need to be created in order to get secure. The resources need to be made available for the operations related IT operations.

I concluded that as an evident of management characteristics in getting group agreement was setting of unrealistic and ambitious goals. This is an evident for the frequent failure of the system.         

C) Shared responsibility is a very important element to have in the management of every company to conduct hassle free management and control. The responsibility of one person creates mental stress and dissatisfaction and to reduce this stress responsibility of one employee needs to be shared in between different people of the company. Self-control is a major factor which influences the behavior of an individual in neuroscience, social science, criminology and literatures regarding information security. In decision making process self control often beneficial but before taking a decision in information security, proper interaction with relevant person who can get affected from the decision, are important to increase the effectiveness of such decision. Self control plays a pivotal role in the behavior of human being in terms of making economic and social decision. In information security service, the perspective from neuroscience is able to contribute significantly to the understanding of the behavior of human and their decision making.

Technologies of brain imaging like electroencephalography (EEG) and functional magnetic resonance imaging (FMRI) helps to measure the neural activity of a human brain in choosing one particular decision from different similar kind of decisions. The scientist and fascinated philosophers use to record history related with the concept regarding self-control in the process of decision making of a human being because the capability of self-control is very essential for the wellbeing and success of human race.  Self-control is needed to be applied very carefully in information security system to restrict violation and mismanagement. This has provided direct evidence by conducting survey to collect data from employees and contrasting the self-control effect, deterrence and moral belief on the performance of employees and their intention toward violating the policies of information security in an organizational setting. Self-control mechanism is the most important factor for understanding the policies made to comply with information security.

Reference List

Journals

1. Almorsy, M., Grundy, J. and Müller, I., 2016. An analysis of the cloud computing security problem. arXiv preprint arXiv:1609.01107.

2. Baek, J., Vu, Q.H., Liu, J.K., Huang, X. and Xiang, Y., 2015. A secure cloud computing based framework for big data information management of smart grid. IEEE transactions on cloud computing3(2), pp.233-244.

3. Cardenas, A.A., Manadhata, P.K. and Rajan, S.P., 2013. Big data analytics for security. IEEE Security & Privacy11(6), pp.74-76.

4. Chen, Z., Han, F., Cao, J., Jiang, X. and Chen, S., 2013. Cloud computing-based forensic analysis for collaborative network security management system. Tsinghua science and technology18(1), pp.40-50.

5. Crossler, R.E., Johnston, A.C., Lowry, P.B., Hu, Q., Warkentin, M. and Baskerville, R., 2013. Future directions for behavioral information security research. computers & security32, pp.90-101.

6. Da Xu, L., He, W. and Li, S., 2014. Internet of things in industries: A survey. IEEE Transactions on industrial informatics10(4), pp.2233-2243.

7. Delen, D. and Demirkan, H., 2013. Data, information and analytics as services.

8. Ermakov, S.A., Zavorykin, A.S., Kolenbet, N.S., Ostapenko, A.G. and Kalashnikov, A.O., 2014. Optimization of expert methods used to analyze information security risk in modern wireless networks. Life Sciences Journal23, p.1239.

9. Hahn, A., Ashok, A., Sridhar, S. and Govindarasu, M., 2013. Cyber-physical security testbeds: Architecture, application, and evaluation for smart grid. IEEE Transactions on Smart Grid4(2), pp.847-855.

10. He, W., Yan, G. and Da Xu, L., 2014. Developing vehicular data cloud services in the IoT environment. IEEE Transactions on Industrial Informatics10(2), pp.1587-1595.

11. Hoepman, J.H., 2014, June. Privacy design strategies. In IFIP International Information Security Conference (pp. 446-459). Springer, Berlin, Heidelberg.

12. Jaferian, P., Hawkey, K., Sotirakopoulos, A., Velez-Rojas, M. and Beznosov, K., 2014. Heuristics for evaluating IT security management tools. Human–Computer Interaction29(4), pp.311-350.

13. Jing, Q., Vasilakos, A.V., Wan, J., Lu, J. and Qiu, D., 2014. Security of the internet of things: Perspectives and challenges. Wireless Networks20(8), pp.2481-2501.

14. Kim, G.H., Trimi, S. and Chung, J.H., 2014. Big-data applications in the government sector. Communications of the ACM57(3), pp.78-85.

15. Li, J., Chen, X., Li, M., Li, J., Lee, P.P. and Lou, W., 2014. Secure deduplication with efficient and reliable convergent key management. IEEE transactions on parallel and distributed systems25(6), pp.1615-1625.

16. Roman, R., Zhou, J. and Lopez, J., 2013. On the features and challenges of security and privacy in distributed internet of things. Computer Networks57(10), pp.2266-2279.

17. Sicari, S., Rizzardi, A., Grieco, L.A. and Coen-Porisini, A., 2015. Security, privacy and trust in Internet of Things: The road ahead. Computer Networks76, pp.146-164.

18. Von Solms, R. and Van Niekerk, J., 2013. From information security to cyber security. computers & security38, pp.97-102.

19. Yang, Y.P.O., Shieh, H.M. and Tzeng, G.H., 2013. A VIKOR technique based on DEMATEL and ANP for information security risk control assessment. Information Sciences232, pp.482-500.

20. Zhu, C., Nicanfar, H., Leung, V.C. and Yang, L.T., 2015. An authenticated trust and reputation calculation and management system for cloud and sensor networks integration. IEEE Transactions on Information Forensics and Security10(1), pp.118-131.

Books

1. Peppard, J. and Ward, J., 2016. The strategic management of information systems: Building a digital strategy. John Wiley & Sons.

2. Rittinghouse, J.W. and Ransome, J.F., 2016. Cloud computing: implementation, management, and security. CRC press.