LD7087 Information Governance and Cyber Security Assignment Sample 2023
Part B:
Introduction
Information Governance is associated with the process of decision-making plans and accountability of data creation, usage, and destination for maintaining the security of data and information of any organization. It is an effective and valuable strategy that helps to maintain and control the business standard and policies of a company. One of the main functions of this operation is to protect the information and its related system Cyber Security could be easily achieved by the adaptation of these strategies properly by the company in their business process. In the following study, a major idea about the role of Information Governance in Cyber Security attached with the company Air MSky has been properly explained. Effective and potential policies made for enhancing the information security in the company have been clearly explained in this style. This would help to analyze the importance of adopting the Information Governance for securing the data of company Air MSky. Hence, by adopting the strategies that were next of the company would find the way you provide the information assurance to their cruisers and clients and build security assurance methods and procedures.
Policies of information security
Information security consists of policies and rules to ensure all the users within a network system for providing data safety and security. It makes limitations during its network distribution to create a safe and protected network environment. Based on some effective purpose these policies are built to provide data and information protection. In the following study, major and effective purposes of policies based on this information security have been listed as follows.
Purposes of policies
- The establishment of an approach to enhance information security is built by these policies (Shabou, 2019).
- Protection of brand image about the company is achieved by making Policies of information security.
- Personal information of the customer always remains to be focused by such policies.
- Limitation of access of the network system to prevent the attack of the hackers and cybercriminals.
Scope of policies
The policies have been developed with the purpose of providing data security in the airlines’ ticket booking system. It further finds scope in terms of securing the privacy of the consumer data. The following are the scopes of the policies. There is also a provision for access control that develops scope for the policies to allow access of the data to specific persons in the company. It controls the levels of security in the company and ensures the security of data for both employees and consumers. The system contains several financial and other personal data of the consumers that needs to be secured from external attacks on the system.
- The policies include a two phase authentication that allows users to secure their data. It also ensures that no one can access their data without any proper verification from their side. The privacy act also supports the two-face authentication and it is proven to be effective in practical field (gov.uk. 2018)
- These policies also find its scope in the company in terms of maintaining the confidentiality of the employee data.
- It also finds scope in securing the communications of the company both in the context of internal and external purposes.
- The policies also make scope for the employees to work remotely and maintain security in the process.
- In additions to that, these policies and its scope in the company also ensure the trust of the consumers on the company and strengthen the consumer-base of the company.
Determination and allocation of roles of the given scenario
Information Governance plays an important role in providing the rules and guidelines to protect the network system of a company. It allows proper attention to providing a safe and secure environment by preventing hackers and cybercriminals. Due to certain IT-related issues and challenges, certain roles and responsibilities are allocated to ensure the legal and contractual obligation at business performance. In the following study, some effective and potential roles of responsible authorities have been explained that are related to the company Air MSky.
Ensuring the legal and regulatory obligations
UK government always pays attention to providing data safety and its pricey for their people. For this reason, they are always ready to make and modify the leads for offering data safeguard for their citizens (Yigitcanlar et al. 2018). A data protection act, 1988 and 1998 has been proposed in their Parliament to protect the data and information. It has been modified into a Data Protection Act 2018 whose main objective is pricing the safeguards of every citizen during a transfer of data from one region and party to another. Proper monitoring is given by the government authority to secure the personal information of users across the country (legislation.gov.uk. 2018). By adopting these given laws and regulations, a company could achieve the following benefits related to their data that have been explained below.
- Data quality could be improved due to the adoption of these laws (Brown and Toze, 2017).
- Privacy and its confidentiality during the exchange of data could be performed by enhancing these laws.
- Secondary use of data and information for research, audit, or public events could be performed based on the rules and regulations made by the government.
The owner of the company Air MSky should build a proper strategy and plans to follow these data protection acts of their country (Sherer et al. 2018). Appropriate employees should be hired who have keen and vast knowledge about these laws so that they could properly enhance their business performance. This would be essential for a company to make appropriate plans to assign the role of particular employees who could apply those rules and regulations. Due to the selection of the right and suitable candidate the company would be able to resolve all the security risks and threats that have been created during their online booking system.
Accounting of Contractual obligations
Another major role that must be performed by an organization to maintain the relationship between the owner and their employees is called Contractual obligations. In this process, both employers and employees are invited for maintaining the legal responsibilities based on the contactar agreement (Ali and Awad, A2018). According to the predefined roles and responsibilities both should be performed their work to achieve the desired tasks. Both of them are assigned to perform their job role based on the agreement paper. Hence, both owner and employees of the company Air MSky should follow and maintain the agreement paper and should be ready to follow their contract tasks. It would be better for creating a collaborative and coordinating working culture at the company Air MSky. A better approach is taken towards the privacy of customers. Data would be developed due to the performance of the mentioned roller and the function of both owner and employees of the company.
The framework of Information Governance Policy
Information Governance framework refers to the framework that makes an overview of all the influences that are acted upon by the organizations (Plachkinova and Maurer, 2018). Through the analysis of these diagrams, information and data of all the records could be created and analyzed. The major portions in this diagram that are inbred are called risks, regulations, compliances, and business needs. This is highly effective for providing a detailed overview of the access and security of data and their management study parts of this framework have been listed below.
Information principles
The term Information principles is associated with the managing and monitoring of all the data and information that are stored and exchanged within the system of any company. These data could be reused for any research or analyzed based on the laws and legislations of a country. All the resources should be accurate and updated according to the time (Ahmad et al. 2018). Also, according to the principles, undesired information could be deleted that alter the delivery of better business outcomes. Integrity among the customers and service providers could be enhanced due to adopting strict Information principles in any company. Based on these Information principles, the owner of the company Air MSky could easily manage and monitor the exchange of customers’ data that has been exchanged during the online booking system.
Figure 1: Information Governance framework
Source: (searchcompliance.techtarget.com, 2021)
Audit and review
Another major part of this above marinated framework is called an Audit and review. In this process, continuous monitoring of the data and their access is done.
For this purpose, regulations of the compliance and performance of infrastructure and systems are checked to manage any issues or risks during the exchange or storage of data. This part of the Information Governance framework would help the mahjong and data analyst of the company Air MSky to make proper audits and review the financial transaction related to their ticket booking system
Record management
This part of the framework of Information Governance is associated with the management of records about the data in the entire life cycle. It helps to identify and secure the most suitable data and construct and destroy them according to the situation. On different levels, the information is recorded and could be used based on the situation and requirements (Brown and Toze, 2017). Also tracking and retrieval of data are performed easily by adopting this process in the Information Governance. With the help of this data management strategy, the data analysts of this company would save and monitor the record of their customers and clients for any further review.
Knowledge management
Knowledge management is also a vital part of the framework of Information Governance. In this part, knowledge about the company’s resources and financial stability is designed. This map an idea about the position of the company and helps owners of the company to improve their business process. By undertaking this part of the framework the owner of the Air MSky could map the knowledge of their current assets and resources to build a powerful and potential Cyber Security in their online booking system.
Email management
Last but not the least; Email management performs a great and valuable role in designing the Information Governance framework. In this part of the framework, a large volume of information and data received during the electronic mails are managed. For this purpose, several effective tools and techniques are utilized to manage and control a large number of emails and texts (Plachkinova and Maurer, 2018). Employers of the organization Air MSky should apply and implement all the latest tools and methods for this email management to manage the huge numbers of emails common from the customer’s side.
Establishment of Information Security Management System
The term Information Security Management System refers to the management system that helps to manage and provide security services to an information system. It helps organizations to show the right technique and methods for maintaining the security service of data and information. It is based on several steps that lead to it being properly implemented by the data analysts and manager of a company. In the following study, some essential steps that should be taken by the company Air MSky have been explained as follows.
| Step 1: Securing of executive support |
| In this step ideas about the available resources and financial condition of the company are made to manage the security services (Fonseca-Herrera et al. 2021). The owner of the company Air MSky should get information about the budget and resources to build a strong support team in their company to mitigate all the security risks and threats. |
| Step 2: Identifying the scope |
| Another major control of the Information Security Management System that must be insured by the manager of the company is the identification of the system’s scope. It would be beneficial to highlight all the essential requirements that are needed to build the Cyber Security system in the company Air MSky. |
Figure 2: Information Security Management System
(Created by the Learner)
| Step 3: Analyzing risks |
| Analysis of risks and threats is one of the most important steps in the Information Security Management System (Sherer et al. 2018). In these steps examination of the risks is done related to the parts of the system like hardware, server, and cloud servers in the information system. Hence, data analysts of the company Air MSky should properly follow these steps to know the risks within the login and payment cards. |
| Step 4: Making of proper policies |
| Managers of the company Air MSky should make proper plans and policies related to Information Security to analyze and overcome all the security risks and threats. |
| Step 5: Arranging of training programs |
| Another major and effective step of the Information Security Management System that should be filled by the Air MSky is the arranging of training programs related to CyberSecurity. This would help the company to improve the knowledge among their employees regarding security risks and threats. |
| Step 6: Building competencies |
| Managers of the company Air MSky should identify the potential and talent of the employee and build competencies according to their knowledge and skills. This would help the company to reference the talent of candidates and motivate them to perform better. |
| Step 7: Maintenance of the system |
| In an Information Security Management System, lots of issues related to the system during the operation of information exchange are generated (Ključnikov et al. 2019). For this purpose managers of the company should always monitor and maintain their system to perform the quality level of Cyber Security. |
| Step 8: Audit of certificate |
| The company must issue the ISO/IEC 27001 certificate to provide a certified company‘s requirements and standards according to the laws of the UK. This would build a legal and truthful image among the customers related to data security. |
Table 1: Process to implement Information Security Management System
(Source: Ključnikov et al. 2019)
Implementation of plans to mitigate security vulnerabilities
The discussed plans and policies relate to Information Security must be properly implied by the owner of the firm Air MSky. These following aspects are necessary for developing a suitable system of ticket booking which will be free from security vulnerabilities.
- They must adopt and follow the Data Protection Act 2018 of the UK, for providing assistance to their customers for their data safety and security (gov.uk. 2018).
- Their business operation should be operated to mitigate all the obligations generated within their system. Proper execution of these policies would help the company to mitigate all the legal and regulatory obligations (Ahmad et al. 2018).
- There are eight policies steps related to this Management system that has been explained that should be implied by the owners of this firm.
The necessities of implementing of the eight steps can be explained in terms of the applicability of the organization in the AirMSky system.
| Recommendation 1 | Securing of executive support is an important aspect for vulnerabilities issue. It can be implemented in the present context for providing the employees a secure environment and it also rule out the possibilities of unauthorized entry in the system |
| Recommendation 2 | The following implementation is to identify the scope of the system in the company. It is always better to examine the software or hardware system before implementing in the field work. It is highly recommended in case of AirMSky if the systems are required to be free of vulnerabilities. |
| Recommendation 3 | Analyzing risks is also necessary as the risks of vulnerabilities are changing with time and here lies the need for upgrading the system. This is absolutely important for the AirMSky system as it deals in real-time with the consumers |
| Recommendation 4 | Maintenance of the system is an important policy as it ensures a regular security examination of the system in AirMSky. It is also certified by the legislations on privacy act to focus on maintenance and upgrading the systems to stay safe from the newly developed malware and protecting the user data (legislation.gov.uk. 2018). |
Table 2: Recommendations to implement Information Security Management System
(Created by the Learner)
Conclusion
It has been concluded that all the essential points about the Information Governance and Cyber Security on Air MSky have to be implied in AirMSky Company for the betterment of the security issues. The discussions developed in the report have provided an outcome of the issues of AirMSky airlines. Several solutions have been developed and there is also provision for precautionary measure. The data acquired from the European Airlines and its analysis has helped to reach to the conclusion that the AirMSky airlines must improve their system by implementing the policies of information security. The discussion also helped to reach the conclusion that the system must abide by the privacy act and it helps the companies to find better scope for not subjecting to vulnerabilities.
Reference list
Journals
Ahmad, I., Kumar, T., Liyanage, M., Okwuibe, J., Ylianttila, M. and Gurtov, A., 2018. Overview of 5G security challenges and solutions. IEEE Communications Standards Magazine, 2(1), pp.36-43.
Al-Badi, A., Tarhini, A. and Khan, A.I., 2018. Exploring big data governance frameworks. Procedia computer science, 141, pp.271-277.
Ali, B. and Awad, A.I., 2018. Cyber and physical security vulnerability assessment for IoT-based smart homes. sensors, 18(3), p.817.
Brown, D.C. and Toze, S., 2017. Information governance in digitized public administration. Canadian public administration, 60(4), pp.581-604.
Fonseca-Herrera, O.A., Rojas, A.E. and Florez, H., 2021. A model of an information security management system based on NTC-ISO/IEC 27001 standard. IAENG Int. J. Comput. Sci, 48(2), pp.213-222.
Ključnikov, A., Mura, L. and Sklenár, D., 2019. Information security management in SMEs: factors of success. Entrepreneurship and Sustainability Issues, 6(4), p.2081.
Plachkinova, M. and Maurer, C., 2018. Security breach at target. Journal of Information Systems Education, 29(1), pp.11-20.
Shabou, B.M., 2019. An Information Governance Policy Is Required for My Institution, What to Do?: Practical Method and Tool Enabling Efficient Management for Corporate Information Assets. In Diverse applications and transferability of maturity models (pp. 61-91). IGI Global.
Sherer, J.A., Singer, A. and Barnes, B., 2018. Picking up the Slack: Legal and Information Governance Considerations for New (er) Technologies. Rich. JL & Tech., 25, p.1.
Yigitcanlar, T., Kamruzzaman, M., Buys, L., Ioppolo, G., Sabatini-Marques, J., da Costa, E.M. and Yun, J.J., 2018. Understanding ‘smart cities’: Intertwining development drivers with desired outcomes in a multidimensional framework. Cities, 81, pp.145-160.
Websites
searchcompliance.techtarget.com, 2021, about information-governance, Available at:
https://searchcompliance.techtarget.com/definition/information-governance [access on 20th December, 2021]
legislation.gov.uk. 2018. Data Protection Act 2018. Available at: https://www.legislation.gov.uk/ukpga/2018/12/contents/enacted [access on 20th December, 2021]
Know more about UniqueSubmission’s other writing services:
