Wednesday, December 11, 2019
Information Security Management Making - Myassignmenthelp.Com
Question: Discuss About The Information Security Management Making? Answer: Inteoducation There are some assumptions are made before making the ISSP of the A4A Company. It is assumed that the company has a huge customer and client base in different parts of the company. The company is a government certified NGO that is working for the educational purpose in the market. This NGO has a huge funding from the public donation and is at a good position regarding the financial status in the market. The company provide proper salary to employee of the company that helps in maintaining the employee engagement in the company. Therefore, these assumptions helped in preparing the ISSP of the A4A Company. Statement of Policy The policy addresses the security to the information of the Academics for Academics (A4A) organization. This Non-Governmental Organization has introduced its IT domain in the market last year. The policy helps in security of data and information of the clients of the organization in the market (Acharya 2014). This NGO helps in educating the students by helping in theory research paper and developing curriculum criteria. The policy includes authorization to the users registered in the A4A organization portal. The authorized are defined as the person having legal permission to control the internet network and services provided by the A4A organization in the market. These authorized users include the employee and other contingent workers in the organization. The stakeholders are also included in this authorized list for using the A4A portal and internet services (Liang 2016). The policy explains the rules and regulations implemented by the authorized users for the benefit of the organiz ation and access the services of the NGO in the market. The WLAN installed in the company network is protected with safety protocols that help in securing the data and information transferred over the network of the company. The database of an organization is controlled and protected with the help of security protocols installed in the network. The policy statement includes the implementation of cyber rules and regulations regarding the legal use of the network of the A4A services in the premises. Authorized Users The stakeholders including the employee and clients of company use the services of the company. Among them, only the registered users access the portal and network of the A4A Company. The third party imprudent is not allowed in the portal of the A4A Company (Ryan 2013). The laptops and desktops are allowed to be used in the network available on WLAN services of the organization. The WLAN is connected to the wired network to ensure the security of the data and information over the network. This helps in securing the use of the portal of the company. The authorized user of the company have the user login credentials including User Id and passwords that help in providing a secure path for the users to use their profile. The authorized users create their profile in the portal of the company and can share their queries regarding the requirement (Berger 2014). The clients over 10 years of age are allowed to access the portal and network of the company. The proper management of the IT secur ity is done in the network of the A4A Company. The authorized users are permitted to enter into the firewall of the enterprise and able to access the services provided by the A4A Company (Ifinedo 2014). There are 10 employees in the company and are authorized to use the portal of the company. Prohibited Users . These third party unauthentic users are not allowed to access the portal of the company (Sommestad et al. 2014). The users who do not have the login credentials do not have the access to the network of the company. The IT security protocols do not allow these type of users to access the website of the company and ask for their services. The students and other clients have to log in to their respective accounts for the access. Therefore, other than the authorized users, all are unauthorized to use the portal of the company. The rest of the users are considered unauthorized and prohibited from accessing the website (Safa, Von Solms and Furnell 2016). The hotspot of the company has been properly protected with the password such that server is secured form the hackers and unauthorized users. System management The Network Administrator maintains the management of the whole system of the Internet in the company. All the control access points are managed by the network administrator to ensure a proper security to the network (Wall, Palvia and Lowry 2013). The system management includes the encryption of the data and information transferred over the network that helps in enhancing the security of the network. There are various security protocols maintained by the network administrator for assuring the security and firewalls of the server of the company. The system manager helps in maintaining the end-to-end user policy to rectify the problems on the server and ensure flexibility in the portal of the company (Yazdanmehr and Wang 2016). The network administrator that claims about the functionality of the company has properly maintained the security policy of the company. The clients of the company have to pass through the firewall of the server to request the portal for a service. This ensures a full security to the server of the company from the intruders. The network administrator is responsible for defining the encryption and authentication of the requirements of the client and authenticates users of the company (Borena and Blanger 2013). The wireless media of the network is properly encapsulated the security key for ensuring security to the data and information. Various WLAN security programs are installed in the firewalls of the server of the company. The network interface card is maintained by the network administrator to assure proper configuration of the wireless network in the server (Hsu et al. 2015). The copyright of the server and network of the company is reserved under legal consideration. Violations of policy In a case of inappropriate use of the legal terms of the company by the authorized users, there is a provision of punishment as per the act. The company reserves the right of terminating any employee found guilty of violating the legal terms and condition of the company as per the rules (Cram, Proudfoot and D'Arcy 2017). The company can also suspend any employee based on an illegal act of the employee or any stakeholders of the company. There is a provision of giving the warning for the first time violators in the company and a formal notice to personal file of the violator. All the reports of violation of terms and conditions are acknowledged to the respective report manager of the department (Crossler et al. 2013). Ten employees in the company are implementing the rules and regulation of the company for the development of the company in the market. The Internet Security department looks after the violation in the rules and regulations of the company over the Internet. Various guide lines are issued to the authorized users of the company for maintaining the legal criteria of the company in the market (Bansal and Shin 2016). The Cyber security department of the company monitors the activities over the network server ensuring the security of the data and information over the network. The use of the internet for the personal use is prohibited in the company and is taken as the violation of terms and conditions if occurred. The network administrator can manage the violation ratio of the company by integrating strong security protocols in the network of the company (Peltier 2016). This helps in minimising the data breach in the network of the company and providing a better security to the data and information of the company. The transfer of financial resources between client and company is managed by the network administrator that helps in maintaining the security of the company by ensuring various methods of security protocols (Soomro, Shah and Ahmed 2016). The vio lation of the laws and rules of company causes legal punishment to the violator. Policy review and modification The Internet Security department of the A4A Company reviews the policies prepared by the company for the security of the information over the internet. The changes in the technologies used in the company are reviewed that helps in finding the gaps and loopholes in the internet security of the company in the market. The reviewing of the policies provide an enhanced quality of the security protocols for the protecting the data and information including the research papers and study materials of the student. The causes of the data breaches are analysed in the step that helps in maintaining a proper security in the IT systems of the company (Borena and Blanger 2013). The network administrator of the company does this review of the policies. The gaps and loopholes in the network security are fulfilled by the network administrator of the company. The Internet Security department looks after the violation in the rules and regulations of the company over the Internet. Various guidelines are issued to the authorized users of the company for maintaining the legal criteria of the company in the market. Limitations of Liability The A4A Company assumes that there is no liability for violation of those policies in the company. These policies are based on the legal procedures of federal legislation of the IT security. This helps in maintaining a proper secure agenda of the data and information discussed in the earlier parts of the document. The company is liable to terminate the relationship with the clients violating this legislation and policies. The violators are punished under the legal act of the company. The A4A Company have to manage the legal procedures of the company to ensure the security of the data and information of the users and clients in the market (Cram, Proudfoot and D'Arcy 2017). The employee is liable to manage the legal consideration of the company that helps in maintaining the relationships with the customers by providing proper services to the customers. The limitations of the company are based on the security of the data and information as the company have made the ISSSP for the first t ime. These liabilities are depended on the security issues of the company in the market (Safa, Von Solms and Furnell 2016). The company has a right to disallow the engagement of a client with the company due to illegal behaviour of the client with the company. These acts are prevailing in the company for limiting the activities of illegal activities in the company. Justification The use of the Issue Specific Security Policy (ISSP) is done for the managing the Internet Security in the company. The A4A Company is implementing this technique in their atmosphere for the keeping a track of these activities in the company. The ISSP has helped in maintaining the proper database of the Internet activities in the company. The customer database has helped in accessing the customers information and IP address for providing services of the company. Therefore, the use of the ISSP in the company is properly justified. The contained information about the Internet services provided by the company in the market help the customer and client in getting educated. The company has able to maintain the legal authorities in the company that helps in providing security to the data and information transferred online. The proper use of the security protocols in the company helps in securing the data packets transferred over the internet. Therefore, the use of the ISSP in the company h elps in providing an optimal solution to the cyber attacks occurring on the internet by the hackers. The loss of data and information has gone less and the security of the portal has increased. The use of the firewalls and antivirus has helped in obstructing the foreign malware and viruses from entering into the network of the company. References Acharya, A., 2014.Constructing a security community in Southeast Asia: ASEAN and the problem of regional order. Routledge. Bansal, G. and Shin, S.I., 2016. Interaction Effect of Gender and Neutralization Techniques on Information Security Policy Compliance: An Ethical Perspective. Berger, T.U., 2014. Norms, Identity, and National Security.Security Studies: A Reader. Borena, B. and Blanger, F., 2013. Religiosity and Information Security Policy Compliance. InThe Nineteenth Americas Marketing on Information Systems (AMCIS 2013). Cram, W.A., Proudfoot, J. and D'Arcy, J., 2017, January. Seeing the forest and the trees: A meta-analysis of information security policy compliance literature. InProceedings of the 50th Hawaii International Conference on System Sciences. Crossler, R.E., Johnston, A.C., Lowry, P.B., Hu, Q., Warkentin, M. and Baskerville, R., 2013. Future directions for behavioural information security research. computers security,32, pp.90-101. Hsu, J.S.C., Shih, S.P., Hung, Y.W. and Lowry, P.B., 2015. The role of extra-role behaviors and social controls in information security policy effectiveness.Information Systems Research,26(2), pp.282-300. Ifinedo, P., 2014. Information systems security policy compliance: An empirical study of the effects of socialisation, influence, and cognition.Information Management,51(1), pp.69-79. Liang, C.S. ed., 2016.Europe for the Europeans: The foreign and security policy of the populist radical right. Routledge. Peltier, T.R., 2016.Information Security Policies, Procedures, and Standards: guidelines for effective information security management. CRC Press. Ryan, M.D., 2013. Cloud computing security: The scientific challenge, and a survey of solutions.Journal of Systems and Software,86(9), pp.2263-2268. Safa, N.S., Von Solms, R. and Furnell, S., 2016. Information security policy compliance model in organizations.computers security,56, pp.70-82. Sommestad, T., Hallberg, J., Lundholm, K. and Bengtsson, J., 2014. Variables influencing information security policy compliance: a systematic review of quantitative studies.Information Management Computer Security,22(1), pp.42-75. Soomro, Z.A., Shah, M.H. and Ahmed, J., 2016. Information security management needs more holistic approach: A literature review.International Journal of Information Management,36(2), pp.215-225. Wall, J.D., Palvia, P. and Lowry, P.B., 2013. Control-related motivations and information security policy compliance: The role of autonomy and efficacy.Journal of Information Privacy and Security,9(4), pp.52-79. Yazdanmehr, A. and Wang, J., 2016. Employees' information security policy compliance: A norm activation perspective.Decision Support Systems,92, pp.36-46.