LD7087 Information Governance and Cyber Security Assignment Sample 2023

Introduction

Information security system is one of the essential factors of the individual business organizations. Numerous confidential information of the business are keep safe from the third party. Cybersecurity systems of the organizations are effectively protect numerous confidential data of the organization. Data security related issues are maintain by the security system and that helps to reduce data misconduct. The issues of information security has clearly describes by the data breaches and it sometimes eliminates by the accurate information security system. Sometimes several confidential data can be lost by the third party and employees are not able to monitoring such kind of data. As result potential data are stolen but cybersecurity can able to protect potential data from the vulnerabilities.

Task 1

Current cyber security threats to information assets

Threats Impact Effectiveness Type Mitigation strategy Time taken
Data loss Data loss are hamper the overall process of the organization. The business can easily hold for the specific factors and individual employees are demotivated in the specific situation Potential qualitative data Some innovative solution are required to mitigate the specific threats and it can be reduce numerous data related issues. 2 Weeks
Personal data breaches Cyber attack of the hackers can easily includes data breaches and individual business organizations are facing some issues. Payment related information can be stolen by the hackers and customers are get demotivated from the septic situation. Data breaches are puts a negative effect on the induvial business organization. Potential quantitative data Complete plan of data protect can easily eliminates specific difficulties and potential information are keep safe from the hackers. 2 weeks
Misconduct of potential data Numerous potential data can be stolen and peoples are facing numerous issues by the data misconduct The trust of the customers can be reduces in the specific situation and get demotivated from the organization. Potential qualitative data Data protection plan can easily protected several confidential data of the customers.  

Table 1: Threats in AirMSky Company

(Source: Samtani et al. 2017)

Get Assignment Help from Industry Expert Writers (1)

Information security threats can be many, such as theft of intellectual property, theft of information, theft of identity, software attacks, and information extortion. According to Srinivas et al. (2019), the biggest cyber security theft trends are phishing, malware, and data breaches, which occur when the sensitive information of the users is stolen from a system without authorization. This report forecasts the cyber security theft in recent times and the necessity of information governance to solve the significant issue from the airline sector. Air MSky is a private airline organisation, which is developed by a local businessman of Manchester. The headquarter of Air MSky is in London and the mission of this organisation is to provide its consumers safe and effective service with appropriate technological advancement. The case study provides information that the company aims to expand its operation from the UK to other European countries by developing a web-based flight and cargo booking system.

 

In 2018 British airway confronted a significant problem of cyber attacks and theft of customer details, payment cards, and booking information (Lallie et al. 2021). Hence, Air MSky ensures to protect the personal information of customers and stakeholders, and maintain confidentiality against cyber security attacks. There are different new cyber security threats for the airline industry, which affect the assets of information. Phishing is one of the hacking schemes, and it tricks users to download harmful messages and those messages usually look like regular emails. A recent study shows it is one of the trendy security threats and several organisations are reported to have one user who has connected with a phishing site. Data breaches are also a crucial security threat, which stole sensitive information from system owners without any kind of authorization (Samtani et al. 2017). In this process, the hacker stole the confidential information of the users, from credit card numbers to home addresses, email addresses, passwords, and usernames.

Requirements of information governance to improve cyber security

Information governance is required to solve the cyber theft risk and handle all the information of the airline industry. As influenced by Aldawood and Skinner (2019), ‘information governance’ is crucial to improve the confidentiality of the information and control cyber security or data theft of the airline industry. Security governance includes effective characteristics which reduce the fear of data theft in the organisation and protect all the confidential information of customers. The main purpose of information governance in the organisation is to turn information into business data by developing procedures, policies to stop cyber crime. Proper development of the data governance helps to improve the accessibility of the people and what kinds of people are visiting the websites of the organisation. Information security is the protection of systems that control, procedure, policies, and software and hardware of an organisation (Ali and Awad, 2018). Besides that, appropriate information governance helps to establish an institutional structure and solve the lack of organisation planning for the industry. However, it helps to improve the cyber security of all the information of customers who are traveling from one place to another by plane.

 

It also allows the industry to assess security risks, the magnitude of harm to the institution, which influences the management process of all the confidential information of customers. In addition, information governance helps to identify the risk which the company may have in the future while developing the policies. As stated by Lim and Taeihagh (2018), information governance plays a crucial role in the regular operations of the airlines’ industry and evolves policies, accountability, and procedures, which influence the life cycle of consumers and different other information of stakeholders. The main purpose of information governance is to maintain the privacy and confidentiality of the personal information of the stakeholders and customers.

Role of information security auditor and its effectiveness

Get Assignment Help from Industry Expert Writers (1)

Information security auditors of organisations help to identify the vulnerability and flaws within the airline industry to manage the internal system of an organisation and resolve any kinds of issues properly. The security auditors of a business provide credibility to its compliance audits by following the best practice (Vitunskaite et al. 2019). Besides that, they focus on the overall practices of the organisation and the way they understand the requirements of the business to improve cyber security. Information security auditors ensure the company, that it is safe from criminal or terrorist cyber attacks or not. They usually test the database and ensure that the organisation complies with the latest practice or standards. Providing a high security system helps to sort the endless reports by the auditors and helps to identify obvious issues and develop proper concern of those issues.

Proper auditing of the auditors helps to improve the security system of the organization and manage the overall business growth of the airline industry. In contrast, their work is to interpret the results of the information and provide a detailed report outlining whether all the work processes are running effectively or not. This information helps organizations to change the required things to improve the integrity system. As stated by Steinbart et al. (2018)The security auditors also test the policies and understand if there is any risk associated with the policies not. It is essential for the auditors to keep the focus on digital database records and protect them from the firewalls and different other security measures. Moreover, proper analysis of the information governance policies helps to solve the cyber theft issues and provide safety to the confidential information of the airline industry.

Task 2

Critical evaluation and justification of information governance frameworks

Frameworks Advantages Disadvantages
Information governance
  • It can easily improves the seamless experience of the customers
  • Information Technology of the organizations are get improved by the specific framework
  • The implementation business strategy can be enhancing by the information governance framework.
  • Storage management system is the biggest problems of the information governance framework
  • Efficient access are required to controls specific framework
  • It is the electronic data and several employees are facing some issues to handle it.
ISO framework
  • It can easily reduces organizational cost for maintaining potential data.
  • Specific framework can easily improves the internal sources of the organization
  • ISO Framework can easily develops a reliable security system to protect several personal data from the hackers.
  • To maintain specific framework too much knowledge are required
  • The cost of the framework is too high so small business organizations are unable to maintain it
  • Specific framework is extremely complicated to handling.
Information of Security Management Framework    

Table 2: Frameworks to improve the organization’s security system

(Source: Self created)

The risk assessment factors are easily eliminates the numerous difficulties of AirMsky and accurate cybersecurity information systems can protect essential data from the hackers. ISO 27001 and ISO 27002 are the collections of security guidelines that help to maintain, implement and improve the information security process of the organisation (Chathurangi and Jayakody, 2018). It is the information security standard and application of this certification in the business that helps to improve the business growth of the enterprise and manage its information security. Besides that, it manages the information technology, code practice, and security techniques for the company. The application of this certification helps the airline industry to improve the business condition and develop a good business reputation in the market. Besides that, it allows the company to know if it is having any kinds of cyber issues or not. The guidelines of ISO 27001 and ISO 27002 help to identify the risk of the company which it may have and control the risk for the organization. However, the process is effective for the business and improves the security of all information and data of the company in a perfect manner. Besides that, there are some downsides of this process as it requires time and resources. The company needs to proceed with this framework if they find the true potential of this framework. This framework has the ability to win a new business and manage the overall success of the enterprise. ISO 27001 and ISO 27002 certification has the potential to solve the risk and continuously monitor the working process of the organisation.

Rationale for scope

Adoption of this framework in the airline industry allows it to identify its risks, assess the implication, and control the damage of the organisation. Any kind of security risk of the company can be detected appropriately by developing this security framework within the industry. Besides that, it develops the security of the systems, enhances reliability, and helps to improve the confidence of business partners and customers of the company (Stoica and Candoi-Savu, 2020). Hence, the application of this framework will be effective for this company to control the information theft of consumers or stakeholders and develop proper security of all the confidential information of the organisation. It will develop the protection level of different information, personal details of costumes, the company’s crucial data, and important information of the stakeholders of the company. ISO 27001 and ISO 27002 guidelines will help the aviation industry to design a proper security structure for their information and help to imply the best practice for the organization in an effective way. According to Diamantopoulou et al. (2019), it will be an effective practice for the company to protect its information from cyber theft and identify any kind of malware which is happening in the systems of the company. Appropriate collection of security guidelines by ISO 27001 and ISO 27002 helps to improve, maintain and implement the security management process of the company appropriately. The organisation can go for these guidelines to comply with numerous regulations and laws to protect all the organisational information and improve the business condition of the enterprise in the aviation industry.

Task 3

Importance of information governance based on organizational context

‘Information Governance’ (IG) is necessary to identify the value of data for the particular organisation. It helps organizations to provide accurate strategies to enhance the security of information and control the data theft issues of the airline company. As influenced by Safa et al. (2018), IG not only helps the organisation to identify the valueless information for the company but also focuses on the management of information and its security for customers and stakeholders. Different organisations focus on business agility to manage the security of the organisation and improve organizational data security. IG has a much broader scope which allows the organisation to manage its internal policies and optimize information management of the enterprise (Park et al. 2017). Besides that, it allows the enterprise to reduce operational costs, deploying the machine learning process of the company.

IG goes beyond systematic and it allows companies to support the organisational objectives, standards, and policies. ‘Information Governance’ is considered a legal requirement for the company as it helps to manage all the sensitive information of the organization and its customers. Besides that, it helps the company to control all its information from data theft and solve the issues such as cyber theft and theft of the personal information of the company. As stated by Pereira et al. (2018), IG strategies are much required for the organisation to maintain its information security, without IG the organisation will be unable to identify its risks and manage the security of all the information. Proper implementation of the robust information governance policies provides the airline company to improve its business without developing any business risk. This business scale helps the organisation to solve the challenges which the organisation may face while maintaining its security.

The Emergence of new data privacy locations is crucial for the company to solve the data theft issue from the organisation and keep all the personal information of the customers and stakeholders’ data secure. Different organizations use a wide range of cloud services in the company in order to control the data theft issues within the enterprise and develop organizational security. Development of the ‘information governance’ in the organisation provides different benefits to the company and improves its cyber security. IG helps to strengthen links throughout the company and understand the transformation program of the company in a proper manner (Steinbart et al. 2018). IG strategy helps to identify the threat of the organisation and also mitigate the risks for improving the business condition of the airlines. Proper application of the policies and guidelines helps organizations to manage the security system of the information and identify any kinds of malfunctions of the organisational database.

Risk assessment

Risk Probability Impact Priority Mitigation strategy Responsible person
Technological risk 3 3 9 Numerous business sources and efficient organizational skills are required to mitigate the specific risk. Technological risk of the organization not able to meet overall expectation of AirMsky. Technology management
Internal data loss 3 4 12 Data protection plan of cybersecurity can be reduce the basic vulnerabilities of the organizations.  
Financial risk 4 3 12 Financial factors are the potential factors of the individual business organization and data protection plan can easily protected the personal data from the third party. As result payment related data are keep safe by the specific factors. Accounts executive
Political risk 2 5 10 Sometimes political factors of the organizations are improved by the efficient decision making process and this can be eliminates some organizational risk. Political risk analyst
Market risk 5 3 15 Recognize the current  market  position is essential to identify the market risk of the business. Identifying the market risk is essential to eliminates future threats of the market. Marketing manager
Operational risk 2 3 6 Operational risk of the business organization are eliminates by the efficient planning and it can easily eliminates organizational difficulties by the accurate way. Operational manager

Table 1: Risk assessment

(Source: Tonelli et al. 2017)

Information assets are one of the most significant assets of the organisation, which have different data, resources, and organisational information. Different organizations can keep their information assets in several ways. In recent times organisations are keeping all the information in the form of digital documents and each of the assets are kept with proper security or care by the company. According to Tonelli et al. (2017), cyber theft is one of the major issues for the organizations that keep their information by developing digital documentation. Data corruption, malware, and malicious software design are part of cybercrime. In order to develop the web booking and online transaction of Air MSky could be one of the issues for the company in near future. Hence, the company needs to focus on the data theft issue and maintain the security of all the organisational information as well as their stakeholder’s information.

Identification of threats and risks associated with information asset

In order to solve the data theft issue organizations need to focus on the proper identification of all the risks. Air MSky needs to identify and remediate IT security gaps for solving the data theft problem from the enterprise. Data branches are also a risk for the company, where sensitive information from a system is stolen from the owner (Webster and Leleux, 2018). It is important for the company to prevent data breaches to secure organizational information assets and improve the success of the company. There are different kinds of security risks which the company needs to focus on and solve for future success. The cyber risks are malware and viruses, theft of regular or sensitive information, subsequent data loss, and a company’s website failure. It is essential to improve the information governance framework for the company in order to solve the issue and reduce cybercrime from the airline industry in an effective way.

Risk assessment method

The airline company focuses on using qualitative methods to assess the risks and improve the cyber security process of the organisation. Uses of the qualitative method help to provide specific information regarding data theft issues, and the improvement of security for the information. It also helps to analyse the way different cyber crime is affecting the overall business condition of an enterprise and the way cybercriminals stole sensitive and confidential information of customers and organisations (Pangestu and Setyorini, 2020). The method also helps to incorporate the experience of other airline companies regarding data theft issues and the way a new organization can develop information governance to mitigate the data theft problem. The information is also usable for other researchers as well to find the current cyber crime issues of the airline industry. It also helps to identify the IG framework which is effective for Air MSky to improve its cyber security and maintain the confidentiality of customers and stakeholders’ information appropriately.

Conclusion

Based on the above discussion it can be concluded that accurate framework of the information governance has adopt a systematic process which can easily protect numerous potential data from the third party. AirMsky need to improve their data protection plan to eliminate basic difficulties of the data. Data protection plan sometimes improves the business sustainability and most of the business organizations are protected personal data from the third part by using accurate information governance system. Technological improvement are required to protect potential data from the third party. Sometimes online booking are facing some issues and hackers are trying to stole numerous potential data of the customers but information governance system can enhancing basic opportunity and customers are get motivated for the specific factors. The efficient planning and business of AirMsky has developed by the advance process of cybersecurity.

Reference list

Journals

Aldawood, H. and Skinner, G., 2019. Reviewing cyber security social engineering training and awareness programs—Pitfalls and ongoing issues. Future Internet11(3), p.73.

Ali, B. and Awad, A.I., 2018. Cyber and physical security vulnerability assessment for IoT-based smart homes. sensors18(3), p.817.

Chathurangi, K.D. and Jayakody, J.A., 2018. “iRisk”-A Software Based Solution to Effectively Manage Information Security Risks in Organizations Using ISO 27001 Approach. In 24th ANNUAL TECHNICAL CONFERENCE OF IET SRI LANKA NETWORK (p. 13).

Diamantopoulou, V., Tsohou, A. and Karyda, M., 2019, September. From ISO/IEC 27002: 2013 Information Security Controls to Personal Data Protection Controls: Guidelines for GDPR Compliance. In CyberICPS/SECPRE/SPOSE/ADIoT@ ESORICS (pp. 238-257).

Lallie, H.S., Shepherd, L.A., Nurse, J.R., Erola, A., Epiphaniou, G., Maple, C. and Bellekens, X., 2021. Cyber security in the age of covid-19: A timeline and analysis of cyber-crime and cyber-attacks during the pandemic. Computers & Security105, p.102248.

Lim, H.S.M. and Taeihagh, A., 2018. Autonomous vehicles for smart and sustainable cities: An in-depth exploration of privacy and cybersecurity implications. Energies11(5), p.1062.

Ménard, C., 2018. Organization and governance in the agrifood sector: How can we capture their variety?. Agribusiness34(1), pp.142-160.

Meriah, I. and Rabai, L.B.A., 2019. Comparative study of ontologies based iso 27000 series security standards. Procedia Computer Science160, pp.85-92.

Pangestu, G.A. and Setyorini, R., 2020, July. Value Chain Analysis At Bank Sampah Bersinar In Bandung Regency As A Competitive Advantage Strategy. In Proceeding of International Conference on Management, Education and Social Science (Vol. 1, No. 1, pp. 8-21).

Park, Y., El Sawy, O.A. and Fiss, P., 2017. The role of business intelligence and communication technologies in organizational agility: a configurational approach. Journal of the association for information systems18(9), p.1.

Pereira, G.V., Parycek, P., Falco, E. and Kleinhans, R., 2018. Smart governance in the context of smart cities: A literature review. Information Polity23(2), pp.143-162.

Safa, N.S., Maple, C., Watson, T. and Von Solms, R., 2018. Motivation and opportunity based model to reduce information security insider threats in organisations. Journal of information security and applications40, pp.247-257.

Samtani, S., Chinn, R., Chen, H. and Nunamaker Jr, J.F., 2017. Exploring emerging hacker assets and key hackers for proactive cyber threat intelligence. Journal of Management Information Systems34(4), pp.1023-1053.

Srinivas, J., Das, A.K. and Kumar, N., 2019. Government regulations in cyber security: Framework, standards and recommendations. Future Generation Computer Systems92, pp.178-188.

Steinbart, P.J., Raschke, R.L., Gal, G. and Dilla, W.N., 2018. The influence of a good relationship between the internal audit and information security functions on information security outcomes. Accounting, Organizations and Society71, pp.15-29.

Stoica, L.A. and Candoi-Savu, R.A., 2020. Math approach of implementing ISO 27001. In Proceedings of the International Conference on Business Excellence (Vol. 14, No. 1, pp. 521-530).

Tonelli, A.O., de Souza Bermejo, P.H., Dos Santos, P.A., Zuppo, L. and Zambalde, A.L., 2017. It governance in the public sector: a conceptual model. Information Systems Frontiers19(3), pp.593-610.

Vitunskaite, M., He, Y., Brandstetter, T. and Janicke, H., 2019. Smart cities and cyber security: Are we there yet? A comparative study on the role of standards, third party risk management and security ownership. Computers & Security83, pp.313-331.

Webster, C.W.R. and Leleux, C., 2018. Smart governance: Opportunities for technologically-mediated citizen co-production. Information Polity23(1), pp.95-110.

Know more about UniqueSubmission’s other writing services:

Assignment Writing Help

Essay Writing Help

Dissertation Writing Help

Case Studies Writing Help

MYOB Perdisco Assignment Help

Presentation Assignment Help

Proofreading & Editing Help

Leave a Comment