LD7087 Information Governance and Cyber Security Assignment Sample 2023
Part B
Task 4: Policy
Introduction
Information governance represents a decision making and accountability framework that ensures disclosure, storage, creation and archiving of information. Through this framework, an organisation can develop legal requirements and maximise all operational efficiency to manage cyber-attacks. In recent days, cyber-attacks have increased in a drastic manner through which organisations can easily maintain third party operations and secure confidential information according to requirements. This study explored cyber security operations including security measurements and cyber-attacks within Air MSky. This study also highlighted the implementation plan and security vulnerabilities of ISMS within this company.
Purpose of information security policy
The purpose of information security policy helps in identifying procedures and rules that can manage information assets and resources. It can also develop the abilities of preserving availability, integrity and confidentiality of information systems that can manage the workforce according to specifications. Establishing general approaches and strategic changes in information security policy, Air MSky can manage the security measurement processes against cyber-attacks and develop their cargo and flight booking facilities. As inspired by Chen et al. (2018), through customer based and technology based services, employees of Air MSky can develop customer experiences with their service operations. Using information security policy, this company can develop their online booking system and provide safeguard to the privacy of their consumer data according to requirements.
Scope of information security policy
The scope of information security policy is to ensure protection of personal data through which stakeholders can develop their regulatory and legal framework without any issues. It can generate a proper plan that can develop their existing operational events without any challenges that can create flexible opportunities in managing information security within Air MSky.
Identifying roles and responsibilities of stakeholders of Air MSky
Stakeholders play an effective role in handling all operational tasks and develop information management processes according to requirements. Through the assistance of stakeholder management processes, employees of an organisation can analyse specified tasks and requirements to execute all possible tasks. In Air MSky, stakeholders include internal and external stakeholders who can understand their individual roles and perform tasks accordingly. Through the assistance of effective measurements, stakeholders can analyse the procedure of flight and cargo booking processes that can manage customer experiences and develop web-based operations. As influenced by Ross et al. (2019), through the expansion of different business operations, internal stakeholders can make their choices in executing effective management cycles within Air MSky to achieve their objectives and goals. Regulatory and legal frameworks of information security policy can maximise confidentiality and data privacy depending on imperative operations according to requirements. Protection and data confidentiality can also give the opportunity of controlling all tasks and specifications that can lead to developing the robust opportunities of Information Security policy.
Apart from these, external stakeholders can take accountability in ensuring protection of different types of personal datasets that can assist in analysing cyber security attacks. Robust information security policy helps in incorporating day-to-day operations through which imperative results and information governance can be developed without any issues. According to Valeriano and Maness (2018), through information assurance in Air MSky, corporate information assurance and information security assurance, employees can rearrange their personal data that can develop business ethics according to expectations. Internal and external stakeholders of Air MSky can also manage their contractual activities through which confidentiality and protection can be developed accordingly. Data handling and information government policy can also rearrange their task specifications processes according to requirements that can manage web based cargo and flight booking processes. Stakeholder management and cyber security processes can develop customer experiences and simplify all organisational operations according to requirements.
Analysing regulatory, legal and contractual obligations in handling information security policy
Regulatory obligations improve the quality and structure of customer management processes by controlling security measurement processes without any issues. Through the assistance of security measurement processes, customer data and different customer expectations can be developed without any issues. As proposed by Komianos (2018), using regulatory obligation, information security team members of Air MSky can incorporate strategic changes and develop information security according to requirements. It can allow in keeping all best practises to develop the position of controlling all tasks and requirements that can lead to success according to expectations. Through legal requirements, confidentiality in personal information of consumers can be developed according to requirements that can manage the security of customer data. Customer expectations and development areas can be developed that can create a flexible environment to maintain information security tasks.
Apart from these, stakeholders and security management team members can rearrange all contractual agreements and legal expectations to develop the information security policy according to requirements. As opined by Boban (2018), it would develop the position of handling all tasks that can lead to managing the security level and avoid complications in security measurement systems. Security management team can also develop the security commitments to improve customer expectations without any issues. It would allow Air MSky to incorporate strategic changes and develop operational results without any issues. In this way, quality innovation and performance structure can be developed that can create a flexible environment that can lead to success for this business without any issues.
Discussing Information Governance Policy framework with specific recommendations for controlling established Information Security Management System
Information Security Management System (ISMS) helps in managing security control to ensure sensibly protecting integrity, availability and confidentiality of assets from vulnerabilities and threats in a database. Through this system, an organisation can analyse threats and challenges related to information security processes that can guide employees to create a secured platform to manage all security related tasks. As proposed by Ionescu et al. (2018), through the assistance of information governance policy framework, employees can develop their existing security management processes and develop operational results without any issues. It can easily guide employees to make suitable decisions that can avoid complications in information security operations. In this way, quality innovation and strategic change management processes in databases can be developed according to requirements and specifications.
Information Governance Policy Framework
Figure 1: Information Governance Policy Framework
(Source: As inspired by Collier, 2018)
Integrated privacy policy
Integrated privacy policy helps in identifying privacy related operations that can control the balancing structure of performance management and structured requirements. This control step guides employees of Air MSky to manage the private information of consumers through which probability in informative results can be managed to perform business operations. According to Collier (2018), through this step, employees and stakeholders can recognise specific requirements including database security, performance structure and development processes in the database. It can help in synchronising integrated privacy operations without any challenges that can lead to success for this business without any issues. Through this policy, employees can easily secure customers’ private information according to requirements that can lead to success for their business.
Security procedures
Security procedures is one of the key aspects for Air MSky by securing all confidential and required information that can allow this business to perform effective tasks according to requirements. In Air MSky, stakeholders can take accountability in creating opportunities in developing their secured database operation to avoid complications in security management activities. As followed by Al-Badi et al. (2018), through the assistance of security management procedures, employees of Air MSky can make decisions to incorporate security changes according to requirements. It can develop the procedure of controlling security processes and develop strategic changes that can lead to success for this business without any issues.
Data retention procedures
Data retention procedure is one of the effective and required steps for handling database management operations that can create a flexible environment and avoid critical challenges. Through the assistance of data retention procedures, employees can create a flexible platform through which data managerial procedures can be executed according to requirements. As proposed by Abraham et al. (2019), it would be helpful in arranging the systematic approaches for database operations through which structured validation can be controlled according to specifications. It would guide security team members of Air MSky to rearrange their data segmentation processes regarding cargo and flight booking services. It would control the valid requirements through which professional and privacy management activities can be organised properly.
Data sharing
Data sharing provides a structured and systematic way of rearranging data processes and managing data communication activities according to requirements. Data sharing activities can guide employees to create development positions within Air MSky to manage database management according to requirements. As opined by Meyer (2018), it can allow in developing existing performance sequences through which the possibility of managing structured validation can be introduced according to specifications. Data sharing and data communication are interrelated to each other through which data delivery in a significant way can be organised successfully that can avoid complications in database management operations.
Intra group data transfer
Intra group data transfer helps in creating a possibility of controlling data managerial processes by synchronising all systematic processes according to requirements. Data transfer in a group can help in synchronising all data sources that can create flexible opportunities through which operational results can be organised properly. However, sometimes, due to data breach can hinder the group management processes including data management, data transfer and storage operations. It can directly affect the continuity of data sources through which sequential improvement and strategic operations can be handled without any issues. In this way, quality sources and confidentiality in data management can be maintained successfully according to requirements.
Reporting activities
Reporting activities develop the process of handling data reports within organisations through which structured framework and security operations can be maintained properly. Through the assistance of reporting activities, employees of Air MSky can synchronise the structure of executing all data sources and develop the position of database management. In the words of Chuang et al. (2020), it can control the validation processes and synchronise all systematic reporting activities without any issues. It can manage the procedure of analysing security threats without any issues that can manage security vulnerabilities according to expectations. It would avoid complexities and reduce all complicated issues depending on requirements that can lead to managing success rate without any issues.
Auditing and training operations
Auditing and training operations improve valid expectations for employees that can create a flexible environment for security features within organisations. Training is one of the crucial factors that can develop knowledge creation and structure development processes for employees. It can help in arranging a systematic process for them to reorganise all types of events according to expectations. Training and auditing operations can guide employees to synchronise all systematic approaches to execute their valid expected requirements for Air MSky. Through these operations, employees can easily develop their idea generation and knowledge creation processes without any issues.
Confidentiality management
Confidentiality management helps in securing all valid requirements for arranging security patterns of different task management processes. Through the assistance of confidentiality management, employees of Air MSky can easily modify their security systems to improve their booking processes. As influenced by Mulligan and Bamberger (2018), it can develop the position of controlling all requirements related to security management activities that can develop existing flight and cargo booking processes. It can avoid complications in security management processes that can create development ranges according to requirements and specifications. It would also reduce complications in security management processes through which sustainability and development in automatic booking processes can be developed without any challenges.
Identifying implementation plan for addressing security threats
The significance of the implementation plan helps in addressing emerging priorities and cyber security gaps to manage security threats. Through the implementation of the information security management system, security team members of Air MSky can take accountability in introducing different priorities and gaps that can improve security operations. According to Müller et al. (2018), using a specific implementation plan, security management team members can rearrange their task requirement processes that can create positional background of different task management processes. It would develop the opportunity in controlling security threats that can help in analysing specific areas of cyber-attacks. Thus, security members can provide detailed information about the security threats of their management to incorporate strategic changes and develop operational results depending on requirements. It would lead to success for this business and develop the position of handling all tasks and specifications of security threats by avoiding critical challenges within performance management of Air MSky. It can lead to success for this business in implementing ISMS and incorporating governance framework without any challenges.
Using a structured implementation plan, security team members of Air MSky have identified some challenges including data breaches, confidential data loss, and customer centric data violation. Due to these challenges, Air MSky would not perform their business operations and fail to incorporate strategic changes according to requirements. As inspired by Ismail et al. (2017), it would directly affect the condition of executing security management processes and hinder the security management processes. For this reason, the CEO of Air MSky has decided to incorporate an implementation plan to handle all types of security tasks according to requirements. It would be helpful in synchronising all systematic processes that can lead to create a secured environment through which possible results of security patterns can be maintained successfully. Through this position of implementation plan, security team members can reorganise all security patterns to manage all challenging requirements without any issues.
Monitoring mechanisms to mitigate security vulnerabilities according to requirements in Air MSky
Figure 2: Monitoring controls of Air MSky
(Source: As inspired by Burhan et al., 2018)
Detective control
Detective security control helps in measuring unauthorised activity that can improve security control functions through which activation processes can be organised successfully. According to Burhan et al. (2018), physical control can also be maintained with the help of this monitoring procedure to manage security vulnerabilities of Air MSky. Implementation of intrusion detection systems can rearrange the internal audit and develop the position of handling technical operations without any challenges.
Corrective control
Corrective security controls help in guiding employees of Air MSky to understand or identify unauthorised activity depending on physical assets. Technical corrective controls can also develop the procedure of handling specific vulnerabilities according to incident response with specific resources and requirements. As followed by Nicho (2018), CSC can also develop the position of creating an incident response plan to execute corrective controls depending on expectations. This monitoring process can improve detective and preventive security controls according to specifications and requirements.
Deterrent control
Deterrent control helps in managing standards and guidelines of all activities through which security and regulatory compliance can be organised properly. It can be helpful for Air MSky by synchronising all systematic processes according to specifications and improving the security execution processes without any challenges.
Conclusion
From the above study, it has been identified that the security management system plays an effective role in engaging new ideas and controlling all knowledge management processes for organisations. The CEO and employees of Air MSky have decided to modify their security settings to secure their data management processes and make decisions accordingly. It would develop the procedure of executing all tasks and expectations that can lead to success for this organisation. In this way, quality innovation and structured development in Air MSky regarding cargo and flight booking systems can be developed without any challenges.
Reference List
Abraham, R., Schneider, J. and Vom Brocke, J., (2019). Data governance: A conceptual framework, structured review, and research agenda. International Journal of Information Management, 49, pp.424-438.
Al-Badi, A., Tarhini, A. and Khan, A.I., (2018). Exploring big data governance frameworks. Procedia computer science, 141, pp.271-277.
Boban, M., (2018). Cyber security foundations for compliance within gdpr for business information systems. Economic and Social Development: Book of Proceedings, pp.541-553.
Burhan, M., Rehman, R.A., Khan, B. and Kim, B.S., (2018). IoT elements, layered architectures and security issues: A comprehensive survey. Sensors, 18(9), p.2796.
Chen, X., Wu, D., Chen, L. and Teng, J.K., (2018). Sanction severity and employees’ information security policy compliance: Investigating mediating, moderating, and control variables. Information & Management, 55(8), pp.1049-1060.
Chuang, F., Manley, E. and Petersen, A., (2020). The role of worldviews in the governance of sustainable mobility. Proceedings of the National Academy of Sciences, 117(8), pp.4034-4042.
Collier, J., (2018). Cyber security assemblages: a framework for understanding the dynamic and contested nature of security provision. Politics and Governance, 6(2), pp.13-21.
Ionescu, R.C., Ceaușu, I. and Ilie, C., (2018, January). Considerations on the implementation steps for an information security management system. In Proceedings of the International Conference on Business Excellence (Vol. 12, No. 1, pp. 476-485).
Ismail, M.H., Khater, M. and Zaki, M., (2017). Digital business transformation and strategy: What do we know so far. Cambridge Service Alliance, 10, pp.1-35.
Komianos, A., (2018). The autonomous shipping era. operational, regulatory, and quality challenges. TransNav: International Journal on Marine Navigation and Safety of Sea Transportation, 12(2).
Meyer, M.N., (2018). Practical tips for ethical data sharing. Advances in methods and practices in psychological science, 1(1), pp.131-144.
Müller, J.M., Kiel, D. and Voigt, K.I., (2018). What drives the implementation of Industry 4.0? The role of opportunities and challenges in the context of sustainability. Sustainability, 10(1), p.247.
Mulligan, D.K. and Bamberger, K.A., (2018). Saving governance-by-design. Calif. L. Rev., 106, p.697.
Nicho, M., (2018). A process model for implementing information systems security governance. Information & Computer Security.
Ross, R., Pillitteri, V., Graubart, R., Bodeau, D. and McQuaid, R., (2019). Developing cyber resilient systems: a systems security engineering approach (No. NIST Special Publication (SP) 800-160 Vol. 2 (Draft)). National Institute of Standards and Technology.
Valeriano, B. and Maness, R.C., (2018). International relations theory and cyber security. The Oxford Handbook of International Political Theory, p.259.
Know more about UniqueSubmission’s other writing services:
