BN311 IT Security Management Assignment Sample
Here’s the best sample of BN311 IT Security Management Assignment, written by the expert.
Section1. Contingency Planning
Contingency plan can be defined as an emergency plan that is undertook to ensure about the immediate follow-up steps that will be used by the employees as well as management on emergency basis. Contingency plan is used by the risk management of the business as a emergency exit plan. It is used for every kind of business risk like crises, work side accidents, any mis happening that impacts the business, data loss and so on.
According to case study, online ordering facility will be started for an independent men’s wear retail outlet. There is a need of contingency plan as a precaution for its worse outcomes. An appropriate contingency planning includes various important factors that can be helpful to safeguard the business from unbearable risk (Whitm and Mattord, 2011). Some steps that need to be taken as a contingency plan for this independent men’s wear retail outlet which wants to start online ordering facility.
These steps of contingency plan are following:
Step1. Identification of Key Risk
Identify the key risk is the first step of contingency plan that is essential for every business. Under this step, the retail outlet owner needs to identify the potential risk that can be occurred in probable areas as issues for the business. As per the case, the risks related to security, fraud, increased costs, regulations etc, can rise.
Step2. Prioritizing the Risk
After identifying the risk, outlet owner need to assess all the risks that have identified according to plan. Risk that has biggest chance to impact the business more should be listed out. In order to case study, there is a biggest probable risk of online security (Brooks, 2010). Under this step, the objectives of the contingency plan are decided to resume the business in future.
Step3. Developing a Contingency Plan
After taking second step of assessing the risk, outlet owner need to preparing a contingency plan as per the risk that can impact its business more (Bechor,et al., 2010). There are few points like timeline, communication, staff need etc, that should be considered while creating the contingency plan. In respect to case study, outlet owner should create contingency plan for overcome the issues related to online security.
Step4. Maintain the plan
Under fourth step, risk management need to ensure that its plan is fully updated through reviewing this contingency plan. Business owner should review the plan on monthly or quarterly basis.
Issues related to online business that would be consider in contingency plan:
- The main risk is security that can be interrupted through hacking, fraud, getting illegal excess etc.
- Other risk is loose the data due to online e-business.
- Another risk can be less profitable rather than expectations (Inukollu et al., 2014).
Section2. Security Tools
Security tools are essential for every organization in order to protect it from the hackers and frauds that can illegally access the company data and important information. Further, it is also helpful to protect company’s assets. That is why it can be defined as a main goal of protecting the computer networks. As per the case study, the online retail business of men’s wear will be started so there is a need of security tools and techniques to protect the business from the risks that can harm the business (Whitman and Mattord, 2012). In present time, there are various tools and techniques have introduced to protect the business internally as well as externally. These tools are as following:
Cloud-based cyber security: According to advanced technology, every business owner needs to protect his business because as the technology has advanced, the risk with technology also has increased. This security tool provides the cyber security by preventing the cyber attacks. Cloud-based cyber security system is offered on monthly basis affordable subscription. Due to this, organizations need not to network downtime for maintenance at the time of providing a quick arrangement protect them from viruses and hackers (Ghansela, 2013. It has a quality of simplicity that can help to eliminate the difficulties of protecting the each part of the infrastructure with the help of moving the point of mitigation to the other party.
Multi-Level Authentication: As the time has passed, the technology has been advanced time to time. The traditional security system of user name and passwords authentication has also been changed. Because of traditional security system, there are many chances to hack the business very easily. Apart from traditional system, modern security system uses digital certificates and public key based on identity that helps to ensure about the granted access to someone by the legitimate need. By using the multi-level authentication, the difficult challenge can be created for the hacker who is tried their hacking schemes for hacking the business data and its important information.
Remote Device Management: It is one of the most popular security tools. As mostly companies permit their employees to use mobile computing device, than it is quite necessary to create a strategy for providing appropriate network security for the business. People use mobile devices frequently without secured WI-FI networks. These things invite the hackers in order to access the business system and steal the important information or data. With multi-level authentication, it becomes essential to have mobile device management that is helpful to monitor and control the configuration of network (Ahmad, S. and Ehsan, 2013). In the advanced world of cyber crime, all the techniques like enforcement of the rules, a strong policy of mobile device as well as training are important. A best mobile device management can help the business through pushing the operating system and other software patches for all remote devices. Further, it has the ability to lock the device if the device is lost or stolen.
Section3
Australian Act
.There are various Australian acts that outline the security of information in this increasing theft environment. However, privacy regulation 2013 act plays an important role in terms to protect the confidential information of organization. This act includes the following:-
- Permitted disclosure of credit information to a credit reporting body
- Small business operates treated as organization
- Agencies treated as organization
Thus, this act of Australian aims is to protect the personal information of individuals.
Furthermore, personal information security is another way to protect any information generated by an entity or individual. For this, the information lifecycle is the best way to reduce the problem related to privacy (Caron et al., 2016). Personal information security lifecycle includes various points:-
- Consider whether it is necessary to collect or hold the personal information in order to carry out the activities.
- It needs to describe how personal information will be handled so that privacy can be implemented.
- Assessing the risk which is associated with the collection of personal information due to the new act, practice and changes in an existing project (Hattingh et al., 2015).
- Taking a necessary steps and place the strategies to protect the personal information from the unauthorised access.
Thus, this is the life cycle process which communicates that how to collect information without holding thefts and false activities. These process and acts of Australia will help in making privacy of information.
Section 4
Security Management Policy
Policy
SaskPower Management Policy is committed in order to maintain workplace security which is the most important in thing in all the organizations. Moreover, this policy is helpful in supporting the corporation. This policy helps the organization to handle securely the information of the employees (Dawes, 2010.
Policy Statement
This policy statement will take into consideration the appropriate precaution regarding security in order to prevent, secure as well as detect any type of security violations (Bulgurcu et al., 2010).
Purpose/objective
The policy purpose is to make a description of the management processes that helps in supporting the application of security policies as well as standards. It also includes other SaskPower requirements (Stallings, et al., 2012).
Scope
The scope of the policy as it is very useful in the organization in order to overcome the issue of security in the organization (Chou, 2013). It will also be helpful for the future companies whoever establish their company.
Standards
SaskPower security management policy complies OHSAS 18001 it is mainly for preventing confidential information by the hackers (Disterer, 2013).
Procedures
This policy is applied to all the employees, visitors as well as contractors. It does not include any kind of exception to the security of the employees as well as their data policy. There are various roles and responsibilities that are included in this management policy. It is to maintain the standards to support the practices like tracking as well as identification of system (Crossler et al., 2013). It also include risk management program. This policy is also taken into consideration to mitigate the risks related to the security. Thus joint security, privacy as well as legal review committee conduct assessments of the risks and confidentiality. In addition analysis of risks will be updated when there is implementation of new risk.
Guidelines
Thus in implementing this policy various issues can be faced by the retailer. It requires time in order to implement this policy. There will also be problem in identifying the mitigating risks.
References
Caron, X., Bosua, R., Maynard, S.B. and Ahmad, A., 2016. The Internet of Things (IoT) and its impact on individual privacy: An Australian perspective. Computer law & security review, 32(1), pp.4-15.
Hattingh, H.L., Knox, K., Fejzic, J., McConnell, D., Fowler, J.L., Mey, A., Kelly, F. and Wheeler, A.J., 2015. Privacy and confidentiality: perspectives of mental health consumers and carers in pharmacy settings. International Journal of Pharmacy Practice, 23(1), pp.52-60.
Whitman, M.E. and Mattord, H.J., 2011. Principles of information security. Cengage Learning.
Brooks, D.J., 2010. What is security: Definition through knowledge categorization. Security Journal, 23(3), pp.225-239.
Bechor, T., Neumann, S., Zviran, M. and Glezer, C., 2010. A contingency model for estimating success of strategic information systems planning. Information & Management, 47(1), pp.17-29.
Inukollu, V.N., Arsi, S. and Ravuri, S.R., 2014. Security issues associated with big data in cloud computing. International Journal of Network Security & Its Applications, 6(3), p.45.
Whitman, M.E. and Mattord, H.J., 2011. Principles of information security. Cengage Learning.
Ghansela, S., 2013. Network security: Attacks, tools and techniques. International Journal of Advanced Research in Computer Science and Software Engineering, 3(6).
Bulgurcu, B., Cavusoglu, H. and Benbasat, I. (2010) Information security policy compliance: an empirical study of rationality-based beliefs and information security awareness. MIS quarterly, 34(3), pp.523-548.
Stallings, W., Brown, L., Bauer, M.D. and Bhattacharjee, A.K. (2012) Computer security: principles and practice (pp. 978-0). USA: Pearson Education.
Chou, T.S., 2013. Security threats on cloud computing vulnerabilities. International Journal of Computer Science & Information Technology, 5(3), p.79.
Crossler, R.E., Johnston, A.C., Lowry, P.B., Hu, Q., Warkentin, M. and Baskerville, R., 2013. Future directions for behavioral information security research. computers & security, 32, pp.90-101.
Schneier, B., 2011. Secrets and lies: digital security in a networked world. John Wiley & Sons.
Disterer, G., 2013. ISO/IEC 27000, 27001 and 27002 for information security management. Journal of Information Security, 4(02), p.92.
Dawes, S.S., 2010. Stewardship and usefulness: Policy principles for information-based transparency. Government Information Quarterly, 27(4), pp.377-383.
Ahmad, S. and Ehsan, B., 2013. The cloud computing security secure user authentication technique (Multi Level Authentication). IJSER, 4(12), pp.2166-71.
________________________________________________________________________________
Know more about UniqueSubmission’s other writing services:
