Delivery in day(s): 3
Information Security Management Assignment Help
The information security management assignment help regarding the future strategies for achieving success in the market and other important factors is the crucial part in every organisation. The analysis of the risk theories and thereby the protection of the information assets of the organisation should be the major considerable issue for every organisation. The issues related to the ethical considerations in the information security system should be identified. The vulnerabilities in the security system should be overcome and different methodologies for mitigating the threats to the information security system should be adopted.
This paper is going to discuss the importance of the crucial information of the organisation. The management of the information security is reflected through a famous organisation ‘Kiandra IT’. Kiandra IT is the top company in the area of electronic commerce. It is now become the world’s top leading retailer in offline business.These big organisations should never compromise with its crucial information because the success of the organisation depends on it. The crucial information of the organisation should be kept confidential, and the availability of the information should be made only to the authorized personnel.
Identification of the potential or real vulnerabilities specific for the organisation
Kiandra ITis the leading company in the world. This company is dealing in the electronic commerce. It is the greatest renowned firm in the offline business all over the world. It is going to step it’s feetin the sale of the DVDs, computer software, electronic video games, CDs, MP3 downloads, furniture, or the food and toys (Alfred, Menezes, Oorschot, Scott, & Vanstone, 2011). It has become the biggest book store on the entire earth.
The information of the Kiandra IT organisation is very crucial as it is providing offline and online services in the entire world. The information of the organisation is the important factor in the success of the organisation. The crucial information of Kiandra IT organisation should be kept confidential and hidden. The competitors of the organisation should not be allowed to know the basic information of the Kiandra ITorganisation; otherwise it may interrupt the steps of the success of the organisation. The identification of the potential or the real vulnerabilities to the secret information of the organisation is as follows:
- Third party disclosure by the employees–The third party disclosures of the crucial information of the Kiandra IT organisation isproved to be the major vulnerability to the organisation by making inappropriate disclosure of the secret and confidential information of the organisation to the outsiders (Bidjos, 2012). The employees should be trust worthy and the ethical values of them should be considered before hiring them.
- Threats from the hackers–The hackers may be the major threat to the crucial information of the Kiandra IT organisation as a poor web system can easily be hacked and the secret formula or information of the organisation can be leaked to the competitors.
- Mis-configuration in the security system of the organisation–The Kiandra IT organisation is based on the web services system and its security is the critical issue.The security system of the Kiandra IT organisation should be well configured (Bullesbach, 2010). The mis – configurations in the security system should be checked and correctly in proper time intervals.
- Unauthorized access to the computers which contain important information–The Kiandra IT organisation is the biggest organisation in the world. It has a number of competitors. Therefore, the unauthorized access to the computers which consists of the important information of the company should be controlled (Gutwirth, Poullet, & Hert, 2010).
- Lack of Password protection –The Kiandra IT organisation is spreaded on a wide level. All the security systems should be password protected so as to identify the major threats to the success of the Kiandra IT organisation.
Discussion about how different risk management theories would be applied to the protection of information assets in the organisation. In the recent times,the technological world is growing rapidly. The web based services are provided all over the world and it has made the life much easier (Harivans, Shweta, & Mishra, 2013). At the same time, the secret and confidential information of the organisations is exposed to risks and the threats and the vulnerabilities risks are getting higher day after day.
Various types of risks can be measured in the web system based services
- Risk of the continuity –The risk of continuity is related to the easy availability of the confidential information of the Kiandra IT organisation to its competitors and threat to the backup of the information.
- Risk of the compliance – Non-compliance of the laws regarding the protection of the data, privacy or the confidentiality of the information etc. is the major risks in the security of the information system.
- Risk of the brand image– The goodwill of the Kiandra IT organisation is very good in the recent business era (Natarajan, 2011). It should not be compromised with the bad information security system.
- Risk of the contents –The control on the assets containing important information should not be lost. The contents should be well managed and authorized.
Protection of the information assets in the organisation
- Identification of the frameworks - The framework of the Kiandra IT organisation is to be identifies at first. The Business source premier should be used for the purpose. The significant information assets should be identified and proper measures must be taken for their management.
- Regular review of the frameworks –The frameworks identified earlier should be reviewed on regular basis and proper alterations should be done accordingly (Rosenberg, 2010).
- Regular update of the information security measures –The measures for the protection of the information security system should be updated regularly as per the latest trends and introductions.
- Implementation of appropriate information security policies –Proper security policies should be implemented for the security of the information system of the Kiandra IT organisation.The cyber insurance and the email or the internet policies should be reviewed on regular time intervals.
Evaluation of the ethical issues applicable to the Information Security System in the organisation
- Economic issues–Bad incentives system and the bad designing of the information security system of the Kiandra IT organisation has a vital impact on the security of the crucial information of the organisation. The economic system of the organisation should be strong so as to implement the good security systems for the precaution of the information.
- Political issues– The political factors should be considered appropriately for the success of the organisation. The laws and the regulations of the government and the taxation laws should be followed for the avoidance of the future consequences (Stallings W. , 2009).
- Social issues– The social and the ethical issues applicable to the information security system in the Kiandra IT organisation are non-ethical behaviour of the people in the organisation.
- Environmental issues –The laws regarding the environment should be followed so as to motivate the employees of the Kiandra IT organisation to work more efficiently for achieving the objectives of the organisation and the easy targeting of the higher sales in the current economic world.
- Legal issues–The legal issues should be crucially considered. The authority of the governing bodies has laid certain rules regarding the security of the information system of the Kiandra IT organisation. The legal effects of the weak information system should be avoided by properly following the rules and regulations.
- Global positional issues– The Kiandra IT organisation has a big brand in the current marketing conditions.The brand image of the organisation should not be compromised with the bad information security system. The security of the information is very crucial.
- Employee relations issues–The relations among the employees should be strong and they should be well trained for the success of the organisation (Stallings W. , 2010). The employees should not disclose the confidential information of the organisation.
Significant breaches in the Information Security and the consequences for the organisation at the time and the measures to avoid those breaches. There are some examples showing significant breaches in the Information security system of the organisation such as Heartland payment systems in which 134 million credit cards are exposedthrough the SQL for the installation of the spyware. And the second example is the TJX Companies Inc. in which about 94 million credit cards are exposed to risk. And the third example is the Epsilon in which 108 retail stores used to contain the names and the e-mails of the number of the customers and are exposed to the risk of the security of the information system.
Significant breaches in the information security system
- Unethical employees – The employees of the Kiandra IT organisation are working on a large number in the success of the organisation.The ethical values of the employees should be checked and the employees should not disclose the authorized information of the organisation (Bullesbach, 2010). The organisation may face serious irregularities due to the unethical behaviour of the employees.
- Carelessness in the working system of the employees–The employees should be motivated to work with full dedication and trust on the management of the organisation. Proper training sessions should be conducted to impart the knowledge about the importance of the secrecy of the information and the determination of the factors relevant for the success of the organisation.
- Lack of controls on the unauthorized access of the system–The computer systems in which the crucial information of the business strategy of the organisation are contained should be well protected from the unauthorized access by the outsiders. Proper locks should be installed on the premises also.
- Virus infection–The information system of the organisation should be free from virus infection. The system should not be exposed to the threats from virus and other related items. The crucial information of the organisation may be interrupted by the harmful virus infections.
- Harm from the natural calamities–The information system of the organisation should be free from the danger of the natural calamities (Harivans, Shweta, & Mishra, 2013). Proper backup and data recovery systems should be maintained at the premises of the organisation and other backup stores.
Measures to avoid the breaches in the information security system
- Proper backups should be maintained–The information security system of the organisation should have the proper backup system. The crucial information may be harmed any time; hence the organisation should maintain regular backups of the information so as to protect itself from the irreparable loss.
- Timely review of the information security system and the backups–The information system of the organisation should be checked and reviewed on regular time intervals. The backups should also be checked from time to time.
- Maintenance of the adequate electricity system in the organisation–Mostly there is a bigloss of data in the weak electricity system in the organisation. The organisation should maintain generator or any other alternate system for the supply of the electricity for the proper working in the entity (Bullesbach, 2010).
- Proper recovery systems–In case of the loss of the important data, proper recovery systems should be implemented for the recovery of the data which is very crucial for the success of the organisation.
From the above report, it is concluded that the information security system is the significant part in determining the success or the failure of the organisation. The information of the web based organisations is highly exposed to the risk of security due to the presence of the number of competitors in the market. Nowadays there are a number of hackers in the market who can easily hack the information containing system of the organisation and cause an irreparable loss to the reputation of the organisation. The organisation may be put to destruction, if the crucial information is disclosed in the market. Thus the information security system of the organisation should be very strong
- Alfred, J., Menezes, C. P., Oorschot, v., Scott, A., & Vanstone, A. (2011). Handbook of Aplied Cryptography. Boca Raton: CRC Press, Inc.
- Bidjos, J. (2012). “Threats to Private and Public Key Protection”. Compcon Spring: Digest of Papers.
- Bullesbach, A. (2010). Concise european IT law.
- Gutwirth, S., Poullet, Y., & Hert, P. d. (2010). Data protection in a profiled world.
- Harivans, P. S., Shweta, V., & Mishra, S. (2013). Secure-International Data Encryption Algorithm. International Journal of Advanced Research in Electrical , 214-219.
- Natarajan, S. (2011). A Novel Approach for Data Security Enhancement Using Multi Level Encryption scheme. IJCSIT, 2, 469-473.
- Rosenberg, B. (2010). Handbook of Financial Cryptography and Security.
- Stallings, W. (2009). “Cryptography and Network Security”. London: Prentice Hall.
- Stallings, W. (2010). Cryptography and Network Security: Principles and Practice. Upper Saddle River: Prentice Hall.