LD7087 Information Governance and Cyber Security Assignment Sample 2023
Introduction
Cyber security is one of the essential factors in recent times in business that can help to secure customer data as well as organisational confidential information effectively. For organisational growth or business expansion, it is required to have a proper security system to maintain data which helps to reduce any kind of data misconduct. In Air MSky, the issues related to data security have been found which provides an impact on their business. The purpose of this study is to analyse information security issues in Air MSky related to their customer data breaches which needed to be reduced for expanding this business on a multinational level. Issues of Air MSky needed to be reduced with analysis of their business threats that help them to expand their business in the European countries according to their plan.
Task 1
Latest cyber security threats
| Threats | Impact | Effectiveness | Type | Mitigation strategy | Time taken |
| Customer data misconduct | Customers have faced the issue of their login id, booking details, and payment card information being stolen. | The issues of customer data stolen provide a risk to get customer trust for this organisation which affect the business earning. | Qualitative information | For improving the protection of customer information, it is required to improve security systems with the help of AI-based technology by preventing data stole effectively. | 3 weeks |
| Confidential data loss | This data loss hampers the working process systematically within an organisation. It also provides less motivation for employees to continue their work with efficiency. | This threat provides loss in business to hold the customer base. For this threat customer data of Air MSky is stopping which needed to be reduced for effective business improvements. | Qualitative data | For mitigating these issues, it is required to adopt some technology innovation within the business working process which can maintain the work with monitoring the working systems. With the technology adoptions, it can be possible to monitor and control every work which helps to reduce the issues of confidential data loss in Air MSky. | 2 weeks |
| Data breaches | For data breaches or stolen or cyber-attack issues, it can be observed that customers are facing monetary issues sometimes. The hackers get payment-related information also which provides financial loss to the consumers. | The data breaches provide a negative effect on business which contains a loss in business. | Quantitative information | The security system is needed to make it strong and that can help customers to improve their data protection. In the time of payment or saving payment details, the security system is needed to update more with data encryption and decryption strategy which help to reduce this kind of risk. | 3 weeks |
Table 1: Threats in Air MSky Company
(Source: Created by author)
Requirements of Information Governance
Information governance helps to understand values that dataset has for the particular business users. It mainly provides help to ensure the IT system and structure by its strategic framework to understand the working method effectively. As discussed by Brown and Toze (2017), information governance helps to protect the data that can help to improve an organisational performance effectively. The basic principle of using this information governance includes being used fairly, lawfully and transparently. Air MSky is needed to improve their organisational security and protection to reduce any issues of data misconduct which can be possible with the implementation of information governance within this business significantly. As discussed by Janah and Mayesti (2020), in information governance, whoever wants to access certain information can receive it whenever they maintain the security protocol which provides help to reduce the cyber-attack issues or any internal issues which result in data breaches.
Information governance helps for underlying data properly managed, stored and securing that data effectively. The regulatory requirements can be correctly observed with information governance where necessary that can help Air MSky to provide control over the security system to maintain the security of customers as well as confidential data. As discussed by Mosweu (2020), the risk management of an organisation is in place that can help to minimise any challenges that might arise from incorrect use. From this information governance implementation in Air MSky, it can be possible to improve the security system of an organisation which can provide help to improve the business growth.
For instance, British Airways faced issues of internal data stolen along with their consumer data leakages which hamper their businesses. It resulted in the ICO office (Information Commissioner’s office)being fined £20m by British Airways for an information breach that impacted more than 400,000 customers. By implementing the information governance in Air MSky, it can be possible to reduce this kind of challenge which provides a major impact on their business. As discussed by Shabou (2019), cyber security methods also help to improve business expansion which also affects organisations growth positively.
Figure 1: Informal governance
(Source: As inspired by Janah and Mayesti, 2020)
Role of Information Security auditors
An information security auditor helps to ensure the organisation’s effectiveness and safety of computer systems or security components. Security auditor is concerned with computer systems that can be out of date or could be at risk of hacking. As discussed by Pardini et al. (2017), an auditor is an authorised person who verifies and reviews financial accuracy records and ensures the companies comply with ethical, legal and social norms. For maintaining security, auditors need to monitor systems frequently which help them to improve social compatibility with organisations. As discussed by Srinivas et al. (2019), auditing also ensures the legal and ethical factors in the time of security auditing which can help Air MSky to improve its business sustainability effectively. The auditor promotes business ethics by applying or adopting all the ethical requirements or needs of concepts embodied in key words including integrity, confidentiality or competence and independence or objectivity. In this aspect, the business of Air MSky can be improved by implementing information security auditors within their businesses. As discussed by Oyelami and Kassim (2020), information security audits also focused on the legal factors which help to maintain legal policies related to the security system to develop organisations’ security systems more.
Figure 2: Information security audits
(Source: As inspired by Oyelami and Kassim, 2020)
Task 2
Justification of the approach
| Frameworks | Advantages | Disadvantages |
| ISMS Framework | ● ISMS framework can provide security over all types of information
● It helps to develop company work culture ● Reduces the security-related costs ● Enhancing defence against cyber-attacks |
● Technology changes provide impact on this system as with the improvement of technology, it is required to improve with a technology update
● This system can slow down the working procedure, as this system requires the password each time whenever a user wants to enter in their working site. ● It may be extremely complicated which provides issues to understand the working system by the user properly. |
| Information Governance Framework | ● It allows organisations to improve cost savings which provide help to implementation of this process easier for the small businesses
● It also reduces redundancies ● Provides better experience to the customers with new products or services uses in business ● The information governance framework helps to convert strategic goals in IT projects. |
● This information governance has too much electronic data that provides issues to maintaining the information correctly
● Speed of information accumulation is increasing each year and associated problems continue to grow. ● It also has limitations in regulatory compliance requirements. |
| ISO 27001 Framework | ● The enhanced competitive edge of an organisations
● Reduction of losses for any security incidents. ● Improvement of the internal organisation. ● Reduction in fines for contractual non-conformity. ● It helps to increase the security and reliability of systems as well as information which also helps to improve business or customer confidence. |
● The ISO 27001 framework is based on the management standard, not the security standard.
● It provides issues to manage organisation security effectively. |
Table 2: Frameworks to improve the organisation’s security system
(Source: Created by author)
In the Air MSky business, it is required to improve the security system of this organisation. They can implement these frameworks to improve their business in the international market. The ISMS Framework helps this business to secure their data to improve their security system that provides strong protections. Information Governance Framework in Air MSky can help to develop better experiences with ensuring the organisation’s security system. With this framework, organisations can improve the business security system that can assist them to offer telephonic flights and cargo booking services effectively to expand this business more. The ISO 27001 Framework helps to manage the security system with proper management standards which provide a positive impact on the business of Air MSky.
Rationale for scope
Air MSky is involving the selected frameworks in their business to improve business security and sustainability to expand their business in the European countries. As inspired by Ullah et al. (2019), the organisation is facing some challenges regarding this framework’s implementation that is reducing their progress scope which needs to be mitigated. In this aspect, the main issues can be found for lack of experiences of the employees, don’t having the proper structure to implement this framework, complicity of these frameworks to implement. In Air MSky, there is a lack of experience of their employees to work with a security system which provides an impact on their mind in the time of working which needs to be changed with appropriate development programs for these employees. As discussed by Gunduz and Das (2020), the other issues concentrate on the complicity of these frameworks to be implemented and used within a business. It is required to have IT experts in the business who know this security system implementation that can help to improve overall work procedure effectively. As discussed by Coventry and Branley (2018), for using the ISO 27001 framework, it is required to maintain some standards which provide issues to Air MSky, as their working structure is not proper that needed to be ensured to avail the opportunity or scope in this business.
ISMS is based on an understanding of the organisation
ISMS helps to improve an organisation’s security or protection of information with the proper technology. In Air MSky, the challenges related to data breaches can be observed which need to be changed. As discussed by Tweneboah-Koduah et al. (2017), by using these techniques this organisation can develop their services which are based on cargo booking services or telephonic flight booking services to improve this business more. It also helps to reduce the risk of cyber-attacks that help to grow this business more with more business expansion.
Task 3
Justification of importance of information governance
Information governance helps to improve business security by ensuring the working process of workers effectively which help to improve the business sustainability. Information governance is a structure that provides the holistic overview of influences that inform how a business manages and creates its enterprise-wide data assets including legislation, compliance, risk, regulation, and business needs. Through the implementation of this information governance in business, the Air MSky company can improve their business security system which helps to get customer trust efficiency. As discussed by Tagarev (2019), in this organisation, threats can be observed based on their customer data leakages which are required to be mitigated to continue the business process. In this aspect, this information governance helps this business which provides an impact on the business sales. Information governance provides the framework to ensure personal information is dealt with efficiently, legally, securely, and effectively to deliver the best possible care.
By adopting this method, organisations can improve their customer security system which helps to increase the customer base effectively within Air MSky. This Air MSky organisation is offering telephonic booking services as well as cargo booking facility which also can be secured with this framework in business. Information governance procedure is also cost-effective which helps this business to improve their business sector at a lower cost. This procedure also helps to improve the working quality of Air MSky which provides an impact on their business development in a strategic way. It also helps to improve the controlling of performance capacity and performance structure within an organisation which provides an impact on business. As discussed by Christensen and Petersen (2017), in this aspect, they require taking this information governance which provides security improvements and the business technology develops effectively. It heals to analyse the importance of information governance in a business to reduce data-related issues in organisations.
Risk assessment
| Risks | Information assets | Impact | Likelihood | Type | Vulnerabilities |
| Customer Data misconduct provides the risks in Air MSky business security system | For information governance framework that helps in rearranging all the tasks within organisation and information to avoid risk or threats from external sources. | High | High | Qualitative | In information security management vulnerability is one of the important things which can create flexible opportunities for the employees within an organisation. |
| Data breaches or leakages for employees inefficiency that provides major risk to the Air MSky business | The management incorporates strategic improvement and can help Air MSky business to improve organisation structure to data management and security according to requirement. | Medium | Medium | Qualitative | It is required to improve the security system more which affects business positively with vulnerability. |
| Organisation’s internal data loss | In this aspect, it is required to incorporate a strategic framework that helps Air MSky to improve its services with security towards customers. | High | Medium | Quantitative | Specific vulnerabilities including installing a security system based framework, and securing sensitive data, information security management can help Air MSky to improve quality in performance structure. |
Table 3: Risk assessment for Air MSky
(Source: Created by author)
The risk factors in business provide issues to develop the work plan and make a particular work according to the planning. For efficient business development, it is required to have a proper system to manage security in the business. In Air MSky, the risk factor can be observed related to their customer and organisation data breaches which needed to be stopped for continuing this business development. As discussed by Ristolainen (2017), all of these risks can provide barriers to working in an organisation with the same productivity which provides lower quality output. For these challenges, customers cannot get proper services due to a lack of security management which provides a barrier to development processes that needs to be reduced. As discussed by Eugen and Petruţ (2018), the working quality needs to be improved which provides help to improve the business princess effectively with managing the security of the business. In these conditions, Air MSky needed to take some technological pr framework to help for reducing their business issues and improve the cyber security system in their organisations.
Conclusion
This study provides knowledge about security system improvement in an organisation with the help of security updates and information governance framework adoption in business. Air MSky which is needed to improve their security system more as they planned to extend their business in the European countries. In flights and cargo booking retail services, various issues of hacking can be observed which need to be changed for increasing business sustainability and customer trust towards the organisation. Information governance mainly provides security to an organisation that Air MSky can implement in their business to improve business security and to protect customer information. From this technology improves, it can be possible for Air MSky that they can improve the business quality without facing any barriers related to less security.
Reference list
Brown, D.C. and Toze, S., (2017). Information governance in digitized public administration. Canadian public administration, 60(4), pp.581-604.
Christensen, K.K. and Petersen, K.L., (2017). Public–private partnerships on cyber security: a practice of loyalty. International Affairs, 93(6), pp.1435-1452.
Coventry, L. and Branley, D., (2018). Cybersecurity in healthcare: a narrative review of trends, threats and ways forward. Maturitas, 113, pp.48-52.
Eugen, P. and Petruţ, D., (2018). Exploring the new era of cybersecurity governance. Ovidius University Annals, Economic Sciences Series, 18(1), pp.358-363.
Gunduz, M.Z. and Das, R., (2020). Cyber-security on smart grid: Threats and potential solutions. Computer networks, 169, p.107094.
Janah, N. and Mayesti, N., (2020). Maturity Model Matrix of Information Governance in the Republic of Indonesia Public Television Broadcasting Institution. A Technical Note. Australasian Accounting, Business and Finance Journal, 14(1), pp.97-104.
Mosweu, T., (2020), July. An Exploration of Citizen Engagement Through Social Networking Sites in Botswana: Information Governance Issues. In 7th European Conference on Social Media ECSM 2020 (p. 170).
Oyelami, J.O. and Kassim, A.M., (2020). Cyber security defence policies: A proposed guidelines for organisations cyber security practices. International Journal of Advanced Computer Science and Applications, 11(8).
Pardini, D.J., Heinisch, A.M.C. and Parreiras, F.S., (2017). Cyber security governance and management for smart grids in Brazilian energy utilities. JISTEM-Journal of Information Systems and Technology Management, 14, pp.385-400.
Ristolainen, M., (2017). Should ‘runet 2020’be taken seriously? contradictory views about cyber security between russia and the west. Journal of information warfare, 16(4), pp.113-131.
Shabou, B.M., (2019). An Information Governance Policy Is Required for My Institution, What to Do?: Practical Method and Tool Enabling Efficient Management for Corporate Information Assets. In Diverse applications and transferability of maturity models (pp. 61-91). IGI Global.
Srinivas, J., Das, A.K. and Kumar, N., (2019). Government regulations in cyber security: Framework, standards and recommendations. Future Generation Computer Systems, 92, pp.178-188.
Tagarev, T., (2019). DIGILIENCE–A Platform for Digital Transformation, Cyber Security and Resilience. & Security, 43(1), pp.7-10.
Tweneboah-Koduah, S., Skouby, K.E. and Tadayoni, R., (2017). Cyber security threats to IoT applications and service domains. Wireless Personal Communications, 95(1), pp.169-185.
Ullah, F., Naeem, H., Jabbar, S., Khalid, S., Latif, M.A., Al-Turjman, F. and Mostarda, L., (2019). Cyber security threats detection in internet of things using deep learning approach. IEEE Access, 7, pp.124379-124389.
Know more about UniqueSubmission’s other writing services:
