Question? Call Us  +1 (817) 546-4770

CSI2102 Information Security

Academic Anxiety?

Get an original paper within hours and nail the task

156 experts online

Free Samples

CSI2102 Information Security

.cms-body-content table{width:100%!important;} #subhidecontent{ position: relative;
overflow-x: auto;
width: 100%;}

CSI2102 Information Security

0 Download10 Pages / 2,352 Words

Course Code: CSI2102
University: Edith Cowan University

MyAssignmentHelp.com is not sponsored or endorsed by this college or university

Country: Australia

Question:

Background:
A fictitious swimming association, WAS Swim (WASSA), the Peak body for the administration of swimmers in Western Australia representing more than 500 members and 5 associated clubs.
Task:
Since you provided WASSA with an information security recommendation in your previous assignment, the council has assigned to you, as the Information Security Manager, the task of researching and reporting on the protection of the information.
To do this you will need to create a classification scheme for the information currently held.
Using this classification, you can then report on the vulnerabilities and countermeasures that should be in place and develop an information security plan.
You should consider the types of information that needs protecting and risks associated with it, i.e., council members, association members, polices or any other media types etc.
Your assignment should contain:

A risk assessment scale to show risk levels
A risk matrix with the type of information and threat category
A classification scheme, relevant to the case scenario
A classification table that details the classification level and type of information to be classified

Answer:

Introduction
Information security is the significant practice of the prevention of the unauthorized or unauthenticated access, utilization, disruption, disclosure, inspection, modification, destruction or recording of any kind of information (Von Solms & Van Niekerk, 2013). This type of data or information might of any form that is of either physical or electronic. The most significant focus of the information security is to balance the subsequent protection of CIA or confidentiality, integrity and finally availability. Hence, a proper and effective policy is being implemented for hampering the total productivity of any particular organization. Risk management procedure plays the most vital role in this type of security and hence the assets, vulnerabilities, potential threats, sources of those threats, possible controls as well as the potential controls for the efficiency and effectiveness of risk management planning (Peltier, 2013).
The following report outlines a brief discussion on the case study of WASSA Swim Association. A proper description of the information security and the various risks related to the information of this organization as well as the potential impacts and solutions for those risks would be provided in this particular report. The risk matrix for each and every risk of WASSA would also be given here with a classification scheme.
Discussion
1. Information Security Plan of WASSA Swim Association
The information security plan of the WASSA Swim Association eventually describes about the safeguards for the protection of information, data and resources (Peltier, 2016). There are few reasons for these safeguards in WASSA Swim Association and these reasons are as follows:
i) The first and the foremost reason for the creation of such information security plan is the making of reasonable efforts for ensuring the confidentiality as well as security of the covered information and data.
 
ii) Another significant and important reason for this type of information security plan within WASSA Swim Association is the subsequent protection against any type of anticipated hazards or threats to the respective integrity and security to these information and data (Singh, 2013).
iii) The third important and noteworthy reason for the presence of an information security plan in WASSA Swim Association is the protect against all types of unauthorized access as well as utilization of the covered information, resources and data, which could result in the substantial inconvenience and harm to the customers (Xu et al., 2014).
The information security plan in this WASSA Swim Association would even provide for the mechanisms for several benefits, which are given below:
i) The first and the foremost benefit of this information security plan would be the proper identification and assessing of risks, which could threaten the covered information, data and resources.
 
ii) The second important benefit of the information security plan is that the several risks associated with information could be easily managed and controlled (Safa, Von Solms & Furnell, 2016).
iii) The proper implementation and reviewing of the plan for understanding the risks are also required here.
iv) This information security plan of WASSA Swim Association should even be adjusted for the reflection of changes in the technology, sensitivity of the confidential information, data and resources and hence the external as well as internal threats of information security are identified properly (Andress, 2014).
2. Risk Matrix of WASSA Swim Association
There are two types of risks associated with the information in WASSA Swim Association, which are internal risks and external risks (Tamjidyamcholo et al., 2013). These risks could be extremely vulnerable for the council members, association members, polices or any other media types of WASSA Swim Association. The risk matrix for WASSA Swim Association is given below:

Identified Risks

Internal/ External

Severity

Probability

Impact

1. Administrative Rights to all Members

Internal

Catastrophic (4)

High (4)

High (4)

2. Open Source CMS

External

Critical (3)

Medium (3)

Medium (3)

3. Mailchimp

External

Catastrophic (4)

High (4)

High (4)

4. Access to the Place

Internal

Critical (3)

Medium (3)

Medium (3)

5. Corruption of Data

Internal

Marginal (2)

Low (2)

Low (2)

6. Unauthorized Access of Data

Internal

Negligible (1)

Very Low (1)

Very Low (1)

7. Loss of Data Integrity

Internal

Critical (3)

High (3)

High (3)

8. Physical Loss of Data

External

Catastrophic (4)

High (4)

High (4)

9. Errors to System

External

Critical (3)

Medium (3)

Medium (3)

10. Improper Database System

External

Negligible (1)

Very Low (1)

Very Low (1)

Table 1: Risk Matrix of WASSA Swim Association
Here in the above risk matrix, 4 is the highest severity and 1 is the lowest severity.
The above mentioned ten distinct risks are extremely vulnerable and dangerous for this WASSA Swim Association and hence should be properly solved to maintain a balance for the security of the confidential data and information (Cardenas, Manadhata & Rajan, 2013).            
3. Classification Table of Information in WASSA Swim Association
The classification table of information for any organization, subsequently divides the information to four specific classes, which are confidential, regulated, internal and finally external (Layton, 2016). This type of classification helps the organization to deal with the various types of information and hence providing an utmost protection to every type of information.
The classification table of information for WASSA Swim Association is as follows:

Classes of Information

Description of Information

Examples of Such Information

1. Confidential

This type of information is only related to the WASSA Swim Association and hence is classified as confidential. The significant access of any type of unauthorized or unauthenticated parties could eventually cause this entity for incurring any type of organizational losses (Aljawarneh, Alawneh & Jaradat, 2017). The confidential classification solely involves the detailed information, which could affect the brand name of WASSA Swim Association and it should not be shared with public. Moreover, the important and sensitive information could even develop the insider information and thus can bring insider threats. Moreover, those information, which could be kept secret from the unauthorized parties is also termed as confidential.

The examples of such information majorly include documentation for the administrators and other members of board, non published accounting materials, budgets as well as strategy memoranda, transactional data, strategies about long term developments, sensitive WASSA Swim Association plans and many more.

2. Regulated

This is the second type of information type, which is governed by the regulatory restrictions (Sarwar & Khan, 2013). The respective regulated data could only be accessible go the authenticated and authorized personnel of WASSA Swim Association. An extreme care should be taken in this case before the information is used, stored and even transmitted. The authenticated disclosure of regulated information could adversely affect the organization, employees, clients, business partners and each and every other stakeholder, who is associated with this particular organization. It would even violate the regulatory compliance guidelines and the legal and financial liabilities are incurred eventually.

The examples of regulated information mainly include the policies and procedures, associated with the information that help to keep the confidential or sensitive data completely protected by the federal laws, specified regulations and laws. The PII or personally identifiable information of the WASSA Swim Association fall under this particular category (Khalil et al., 2013). Moreover, the notifications and other law regulations are also important in this case.

3. Internal Uses

The third type of information is the internal usage. This particular class of information eventually covers the WASSA Swim Association related confidential information, which does not fall under the sections of confidential, regulated and external uses (Popa et al., 2013). The subsequent access to this type of information is extremely restricted and hence should only be accessible for those, who require the information for performing their tasks. Most of the organization data and information are falling under the classification of internal utilization.

The internal letters, electronic mails, memos and reports of WASSA Swim Association fall under this classifications. Furthermore, the various internal policies, procedures and instructions as well as information associated with the daily activities of WASSA Swim Association should also be accessed by only the internal and authorized people. The non sensitive personal data and the intellectual properties are also parts of such information (Khan & Tuteja, 2015).

4. External Uses

The final type of information is the external use type. This is the most popular and widely utilized type that has no restriction on the subsequent access of data and information. The organizational information could only be classified as public or external use, when the information has the quality controlled or approved by the respective departments of WASSA Swim Association (Von Solms & Van Niekerk, 2013). Moreover, this type of information has the severity level of negligible as per risk matrix, since there would not be any issue for data loss.

The example of external or public information classification is those information that is posted on the Internet or is published in any other type of media. The files or folders of information that are already in use also fall under this category. Moreover the marketing campaign materials are also important and significant examples of such information type.

4. Solutions for the Risks Identified for WASSA Swim Association
The various risks identified in the risk matrix should be mitigated properly for the proper eradication of all types of risks and threats so that the information is absolutely secured in WASSA Swim Association (Peltier, 2013). The major solutions for the perfect removal of these risks within the organization are as follows:
i) Anti Virus Software: The first and the foremost basic methodology or strategy for the proper mitigation of any type of risk within the information systems of WASSA Swim Association is the proper implementation of anti virus software. It is the most basic type of computer program that is subsequently utilized for the perfect prevention, detection as well as removal of malware (Singh, 2013). Any type of virus attacks or malware attacks are properly removed with this software.
 
ii) Implementation of Firewalls: The second type of effective and efficient strategy or methodology that could easily mitigate all the identified risks and threats in WASSA Swim Association is the proper implementation of firewalls. It is the network security system, which monitors and controls the incoming as well as outgoing network traffic on the basis of previously determined security rules and regulations.
iii) Network Control and Access: The third effective and noteworthy strategy for the proper mitigation of each and every identified risk or threat for this organization of WASSA Swim Association is the network control as well as access (Safa, Von Solms & Furnell, 2016). There are various acts, which could negatively impact the entire operation of the peripherals, networks and computers for impeding the entire ability of the network access.
iv) Implementation of DNS and DHCP Servers: The DNS and DHCP servers are extremely effective for the proper mitigation of any type of risks within the network of WASSA Swim Association so that the data access by unauthorized access and data loss are strictly prohibited.
 
v) Restricting Physical Access of Data: The physical access of the data should be restricted eventually, so that there is no chance of data manipulation under any circumstances (Peltier, 2016).
Conclusion
Therefore, from the above discussion, it can be concluded that infosec or information security is the collection of several strategies that help to manage the several tools, policies and processes, required for the prevention, detection, documentation and finally countering the threats for the digitalized as well as non digitalized information. The major responsibilities of the information security majorly involve the proper establishment of the set of various business processes, which could eventually protect the information assets, irrespective of the fact that how the information is being processed and how it is kept in storage. The core objectives of the information security programs are confidentiality, integrity and availability or CIA of the information technology systems. All of these objectives subsequently ensure that the confidential information is getting disclosed to the authenticated parties and hence preventing the unauthorized modification of the data. Moreover, the data could even be accessed by the authorized parties whenever needed. A proper procedure of risk management should be conducted for continuously assessing the threats and vulnerabilities. The above report has properly outlined the details of the WASSA Swim Association for understanding the various risks and threats associated with this particular organization. A risk matrix is provided here for understanding the severity of the risks. Moreover, significant and noteworthy solutions are also provided here for mitigating each and every risks. A classification scheme for the information of WASSA is even given in this report.
References
Aljawarneh, S. A., Alawneh, A., & Jaradat, R. (2017). Cloud security engineering: Early stages of SDLC. Future Generation Computer Systems, 74, 385-392.
Andress, J. (2014). The basics of information security: understanding the fundamentals of InfoSec in theory and practice. Syngress.
Cardenas, A. A., Manadhata, P. K., & Rajan, S. P. (2013). Big data analytics for security. IEEE Security & Privacy, 11(6), 74-76.
Khalil, I. M., Khreishah, A., Bouktif, S., & Ahmad, A. (2013, April). Security concerns in cloud computing. In 2013 Tenth International conference on information technology: new generations (ITNG) (pp. 411-416). IEEE.
Khan, S. S., & Tuteja, R. R. (2015). Security in cloud computing using cryptographic algorithms. International Journal of Innovative Research in Computer and Communication Engineering, 3(1), 148-155.
Layton, T. P. (2016). Information Security: Design, implementation, measurement, and compliance. Auerbach Publications.
Peltier, T. R. (2013). Information security fundamentals. CRC Press.
Peltier, T. R. (2016). Information Security Policies, Procedures, and Standards: guidelines for effective information security management. Auerbach Publications.
Popa, D., Cremene, M., Borda, M., & Boudaoud, K. (2013, January). A security framework for mobile cloud applications. In Roedunet International Conference (RoEduNet), 2013 11th(pp. 1-4). IEEE.
Safa, N. S., Von Solms, R., & Furnell, S. (2016). Information security policy compliance model in organizations. Computers & Security, 56, 70-82.
Sarwar, A., & Khan, M. N. (2013). A review of trust aspects in cloud computing security. International Journal of Cloud Computing and Services Science, 2(2), 116.
Singh, G. (2013). A study of encryption algorithms (RSA, DES, 3DES and AES) for information security. International Journal of Computer Applications, 67(19).
Tamjidyamcholo, A., Baba, M. S. B., Tamjid, H., & Gholipour, R. (2013). Information security–Professional perceptions of knowledge-sharing intention under self-efficacy, trust, reciprocity, and shared-language. Computers & Education, 68, 223-232.
Von Solms, R., & Van Niekerk, J. (2013). From information security to cyber security. computers & security, 38, 97-102.
Xu, L., Jiang, C., Wang, J., Yuan, J., & Ren, Y. (2014). Information security in big data: privacy and data mining. IEEE Access, 2, 1149-1176.

Free Membership to World’s Largest Sample Bank

To View this & another 50000+ free samples. Please put
your valid email id.

E-mail

Yes, alert me for offers and important updates

Submit 

Download Sample Now

Earn back the money you have spent on the downloaded sample by uploading a unique assignment/study material/research material you have. After we assess the authenticity of the uploaded content, you will get 100% money back in your wallet within 7 days.

UploadUnique Document

DocumentUnder Evaluation

Get Moneyinto Your Wallet

Total 10 pages

PAY 6 USD TO DOWNLOAD

*The content must not be available online or in our existing Database to qualify as
unique.

Cite This Work
To export a reference to this article please select a referencing stye below:

APA
MLA
Harvard
OSCOLA
Vancouver

My Assignment Help. (2021). Information Security. Retrieved from https://myassignmenthelp.com/free-samples/csi2102-information-security/risk-management-planning.html.

“Information Security.” My Assignment Help, 2021, https://myassignmenthelp.com/free-samples/csi2102-information-security/risk-management-planning.html.

My Assignment Help (2021) Information Security [Online]. Available from: https://myassignmenthelp.com/free-samples/csi2102-information-security/risk-management-planning.html[Accessed 18 December 2021].

My Assignment Help. ‘Information Security’ (My Assignment Help, 2021) accessed 18 December 2021.

My Assignment Help. Information Security [Internet]. My Assignment Help. 2021 [cited 18 December 2021]. Available from: https://myassignmenthelp.com/free-samples/csi2102-information-security/risk-management-planning.html.

×
.close{position: absolute;right: 5px;z-index: 999;opacity: 1;color: #ff8b00;}

×

Thank you for your interest
The respective sample has been mail to your register email id

×

CONGRATS!
$20 Credited
successfully in your wallet.
* $5 to be used on order value more than $50. Valid for
only 1
month.

Account created successfully!
We have sent login details on your registered email.

User:

Password:

MyAssignmenthelp.com has been ranked as the #1 economics assignment help service in Aus. This is primarily as we have 5000+ prolific stalwarts on board who are hired only after rigorous screening and testing. We have recruited research scholars, retired professors, best industry consultants, and renowned expert writers. They strive relentlessly to provide well-researched, and plagiarism-free assignment helping students in Aus to impress their professors with ease.

Latest Management Samples

div#loaddata .card img {max-width: 100%;
}

MPM755 Building Success In Commerce
Download :
0 | Pages :
9

Course Code: MPM755
University: Deakin University

MyAssignmentHelp.com is not sponsored or endorsed by this college or university

Country: Australia

Answers:
Introduction
The process of developing a successful business entity requires a multidimensional analysis of several factors that relate to the internal and external environment in commerce. The areas covered in this current unit are essential in transforming the business perspective regarding the key commerce factors such as ethics, technology, culture, entrepreneurship, leadership, culture, and globalization (Nzelibe, 1996; Barza, 2…
Read
More

SNM660 Evidence Based Practice
Download :
0 | Pages :
8

Course Code: SNM660
University: The University Of Sheffield

MyAssignmentHelp.com is not sponsored or endorsed by this college or university

Country: United Kingdom

Answers:
Critical reflection on the objective, design, methodology and outcome of the research undertaken Assessment-I
Smoking and tobacco addiction is one of the few among the most basic general restorative issues, particularly to developed nations such as the UK. It has been represented that among all risk segments smoking is the fourth driving purpose behind infections and other several ailments like asthma, breathing and problems in the l…
Read
More
Tags:
Australia Maidstone Management Business management with marketing University of New South Wales Masters in Business Administration 

BSBHRM513 Manage Workforce Planning
Download :
0 | Pages :
20

Course Code: BSBHRM513
University: Tafe NSW

MyAssignmentHelp.com is not sponsored or endorsed by this college or university

Country: Australia

Answer:
Task 1
1.0 Data on staff turnover and demographics
That includes the staffing information of JKL industries for the fiscal year of 2014-15, it can be said that the company is having problems related to employee turnover. For the role of Senior Manager in Sydney, the organization needs 4 managers; however, one manager is exiting. It will make one empty position which might hurt the decision making process. On the other hand, In Brisba…
Read
More

MKT2031 Issues In Small Business And Entrepreneurship
Download :
0 | Pages :
5

Course Code: MKT2031
University: University Of Northampton

MyAssignmentHelp.com is not sponsored or endorsed by this college or university

Country: United Kingdom

Answer:
Entrepreneurial ventures
Entrepreneurship is the capacity and willingness to develop, manage, and put in order operations of any business venture with an intention to make profits despite the risks that may be involved in such venture. Small and large businesses have a vital role to play in the overall performance of the economy. It is, therefore, necessary to consider the difference between entrepreneurial ventures, individual, and c…
Read
More
Tags:
Turkey Istanbul Management University of Employee Masters in Business Administration 

MN506 System Management
Download :
0 | Pages :
7

Course Code: MN506
University: Melbourne Institute Of Technology

MyAssignmentHelp.com is not sponsored or endorsed by this college or university

Country: Australia

Answer:
Introduction
An operating system (OS) is defined as a system software that is installed in the systems for the management of the hardware along with the other software resources. Every computer system and mobile device requires an operating system for functioning and execution of operations. There is a great use of mobile devices such as tablets and Smartphones that has increased. One of the widely used and implemented operating syste…
Read
More
Tags:
Australia Cheltenham Computer Science Litigation and Dispute Management University of New South Wales Information Technology 

Next

Need an essay written specifically to meet your requirements?

Choose skilled experts on your subject and get an original paper within your deadline

156 experts online

Your time is important. Let us write you an essay from scratch

Tips and Tricks from our Blog

PROJ6016 Employer Based Project

Free Samples PROJ6016 Employer Based Project .cms-body-content table{width:100%!important;} #subhidecontent{ position: relative; overflow-x: auto; width: 100%;} PROJ6016 Employer

Read More »

PPMP20009 Marking Rubric

Free Samples PPMP20009 Marking Rubric .cms-body-content table{width:100%!important;} #subhidecontent{ position: relative; overflow-x: auto; width: 100%;} PPMP20009 Marking Rubric

Read More »