LD7087 Information Governance and Cyber Security Assignment Sample 2024
Introduction
Air MSKy is a privatized airline settled by Manchester’s local businessman with the target of safe offer, technology driven, efficient, and consumer concentrated favors to its consumers. In addition, this privatized airline supports their customers with cargo booking and telephonic flight services. But nowadays, the privatized airline Air MSKy recognizes the importance of information governance and cyber security to secure the personal information of its stakeholders and control integrity, confidentiality and availability opposed to the cyber-attacks.
Additionally, the Air MSKy airline wants to acquire the policy of data security to stick with regulatory and legal compliance. This assignment will discuss the adoption and develop a policy of information governance as well the crucial understanding of current cybersecurity purposes and illustrate the needs of security scope in information governance. Additionally, the approach, identification, framework and implementation of information governance also will be discussed.
Security purpose and Security scope
Aviation industry is a huge industry where many critical factors are involved regarding security and safety measures. Almost every person is involved with this industry as transportation is a fundamental process in human life. The IoT based technology is offering various opportunities for every sector to improve the work process with advanced technology.
Every sector in this era is using advanced IoT based technology to improve workflow and maintain the work in an effective way. Aviation industry also requires numerous records for security purposes and tracking flights with advanced technology. Therefore it is obvious to introduce IoT based technology in the aviation industry.
From monitoring every flight to recording customers’ activity for different periods, the aviation industry can benefit from IoT based technology. While there are enormous opportunities present in this technology, risks are also involved in terms of security and safety measures. Organizations like Air MSKy have to collect various information about their customers on a daily basis.
This information contains customers’ identity, bank details and their traveling records etc. This information is very sensitive and requires sufficient security that can protect all valuable information. While adopting the advanced technology, companies have to adopt appropriate security measures that can provide opportunities to protect data from stealing.
Identification and allocation
In the company Air MSKy there is a senior data executive with total responsibility for data security. The senior executive provides assurance and accountability to the ueg that the policies of information governance including the security of data and all the security policies of information are assembled with it. As well there is a management team which responds to the information protection breaches.
After that unlocks the dpo to execute their requirements which is statutory and this supported with the essential resources, time and as well as support. Additionally, the dpo is connected as required in all problems which are associated with personal information protection.
Moreover, there is a data protection officer who guides the association compliance with information protection. The data protection officer provides recommendations and advice to the security team in t\relation to information protection risks. As well, the data protection officer monitoring and enabling compliance with information securing legislation.
Moreover, the officer also reviewed and reported the company Air MSKy’s data protection compliance periodically. Additionally, the data protection officer role does not capture decisions connected to the personal data processing. As well, in the company Air MSKy there are information asset owners who control the personal information protection risks as well as securing the local processes which are consistent, are evolved, reviewed and implemented.
The owners checking and reporting on conformance as required. Moreover, the company Air MSKy has a privacy coordinator also whose role is superintendent for the protection of data conformance in the local area and be the unit of contact for the central team. In addition, the company Air MSKy has an information asset stewards and an information asset administrator.
The role of the information asset stewards is to make sure that the daily operation of the security system is acquiescence with the requirements of information governance. As well, the information asset administrator role is too simple but the role is important for the company Air MSKy. All particulars and associations who process data on behalf of the company have a responsibility to act in accordance with the policies of information governance, including protection of data and policies which are related to information security and the procedures.
Framework
The “information governance framework” engulfs all members that build, stock, share and throw out the information. The framework establishes the process for sharing data with privatized airline company Air MSKy’s stakeholders and suppliers. In addition, the framework is a significant component in the airline Air MSKy and has a huge impact on its effectiveness and efficiency.
In addition, the information governance framework COBIT which stands for the control objective for data and associated technology, has been evolved as a primary applicable system. As well, the control objective for data and associated technology adopted standards for strong cyber security to protect the system from cyber-attacks and control practices (Niewiadomski, 2017).
Moreover, the standards include a list of crucial factors for success which supports concise and best practices which are non-technical for every information process, as well as the elements of performance measurement and developed models to lead in standard and effective decision making for an effective improvement.
Secondly, the COSO stands for the committee which sponsoring the association describes the inner control of the company Air MSKy as a process, pretentious by an association’s board of management and directors. As well, the other various personnel are structured to support assurance which is reasonable concerning the accomplishment of the company’s objectives in classifications.
Additionally, if the operation process is more effective and efficient then the outcomes are also effective. As well, the trustworthiness by the employee of reporting which is related to the financial status compliance with regulations and laws which are easily applicable. Thirdly, the ISO 17799 is a pendant for data security. The ISO 17799 includes an exhaustive bunch of best practices and controls in the cyber security system.
As well, the standard is deliberate to be in the service of a particular reference point for specifying a scope of controls required for most conditions where the data systems are applied in the aviation industry and commerce. Fourthly the ITIL which stands for the “information technology infrastructure library” is an all over world factor in the assistance management.
The data technology infrastructure supports a consistent, comprehensive volume of the practices which are best drawn from the experience of many information expertise collected across all over the world. This is an important process of cyber security in airline company Air MSKy. In addition, the framework Val IT is a governance framework which consists of a bunch of assisting principals and a number of method configurations to the rules and regulations which are further described as a bunch of major management practices.
As well, the framework mentioned the costs, assumptions, outcomes and the risks which are associated with a portfolio of information security which is balanced and unlocks the business investment (Boeke, 2018). In addition, the cyber security “ISO 27001” and “ISO 27002” frameworks contemplate the standard cyber security program which is international and internally and around third parties (Valeriano, and Maness, 2018) .
As well, with a certification of ISO the company Air MSKy can illustrate to the consumers, board, their stakeholders and partners that they are doing proper things to control cyber security threats. As well, the SOC2 which stands for the service organization control version second is a cybersecurity framework which is based on trust.
This framework will help to identify that the partners and vendors are securely managing the information of the client. As well, the second version of service organization control identifies more than sixty compliance needs and enlarges the process of auditing for the systems which are third party and manage them. Moreover, just because of the exhaustiveness the second version of service organization control is one of the hardest frameworks to implement.
In addition, the NERC-CIP framework was introduced to alleviate the cyber threats and attacks that arise on crucial infrastructure and fatten the risks of third parties (Pollard and Clark 2019). As well, this type of framework needs an impacted association to specify and alleviate the risks related to the cyber system in the association’s supply chain. As well, the framework specifies a radius of controls such as crucial assets, system categorized, personnel training, planning and response incident, backup plans for crucial assets of cyber and the assessments which are related to vulnerability.
Governance framework
| Framework | Summary |
| COBIT | Stands for the control objective for data and associated technology. The control objective for data and associated technology adopted standards for strong cyber security to protect the system from cyber-attacks and control practices. |
| ISO 17799 | Pendant for data security. It deliberate to be in the service of a particular reference point for specifying a scope of controls required for most conditions where the data systems are applied in the aviation industry. |
| COSO | The committee which sponsors the association. As well, the inner control of the company Air MSKy as a process, pretentious by an association’s board of management and directors or local businessman. |
| ITIL | Information technology infrastructure library. It is a consistent, comprehensive volume of the practices which are best drawn from the experience of many information expertise collected across all over the world. |
| Val IT | It consists of a bunch of assisting principals and a number of method configurations to the rules and regulations. As well, it also discuss the costs, assumptions, outcomes and the risks which are associated with a portfolio of information security |
| ISO 27001 and ISO 27002 | This can illustrate to the consumers, board, their stakeholders and partners that they are doing proper things to control cyber security threats. |
| SOC2 | It is the service organization’s control second version. It helps to identify that the partners and vendors are securely managing the information of the client. |
| NERC-CIP | It alleviates the cyber threats and attacks that arise on crucial infrastructure. As well, this kind of framework needs an impacted association to specify and alleviate the risks related to the cyber system in the association’s supply chain. |
Table 1: Eight Cyber Security Policy Framework
(Source: Self-created in MS-WORD)
Implementation plan to address threats
The information leaders are intended for keeping associations or companies’ digital and data assets secure and safe (Collier 2018). How the cyber security threats are controlled will have an effect on each section from reputation to operation, and no company wants to be in a position like that where no implementation plans about security threats are in place. The company Air MSKy has an implementation plan for better tackling and addressing cyber security threats. So the basic implementation plans are:
Assess the recent state of the cybersecurity environment
This part is significant to assess the previous strategies of security and the company’s effectiveness and the appropriate causes why they were losing their grip. Once the company has reviewed the normal cyber security strategies, this is the time to assess the present situation of the environment of security.
There are some basic questions such as are the company’s protocols already in the proper place? How aware are the cyber security of the company’s colleagues and staff? (Lykou et al. 2018) In addition, use a risk register, charts, timelines, or various documents which can help the company to set a target, monitor the progress and keep proper records to provide the evolution towards.
Monitor the networks
The management which is related to the network and proper monitoring network, helps observing failing or slow elements that might threaten the security system. So, therefore there must be a network monitoring system which must be capable of gathering, processing and current data with appropriate information being calculated on the present situation and presentation on the devices attached.
As well, if a system detects a possible breach it can send a message alert based on the activity type it has specified. As well, there must be a confirmation key: perimeter reactions can be infamous for transforming duplicate positives. Moreover, the cyber security system can monitor traffic and ascertain malicious activity.
Set security controls and measure
Once the company finds out all the vulnerabilities and risks which can affect the Air MSKy’s security infrastructure, this time is to search for the best plan to contain them (Renaud and Von Solms et al., 2019). Detection, response and prevention are the most powerful words which should have an important position in the implementation plan. In addition, a secure end to end system of security at each level of the company Air MSKy and within individual departments. As well, build an information map which can help the company where the security files are and how it’s deposited.
Build a dynamic security atmosphere
This section is one of the significant parts of the implementation plan for security threats. In addition, the security systems start with each individual employee of the company Air MSKy- most information breaches and the threats of cyber security are the possible outcomes of human error or neglect. As well, arrange training for all the staff who are working with the company Air MSKy, arranges fresh sessions as well, produce resources and infographics and with reminders and updates send a confirmation message.
There are various options obtainable for checking the nous of security of the company’s staff, too, such as duplicate cracking messages that will supply the wide awake if opened (Lallie and Shepherd et al., 2021). Moreover, highlight the fact that the system of security is each person’s authority and that inattentiveness can have destructive significance, not only the economic atmosphere but also the business reputation of the organization.
Monitoring mechanism to address threats
Different kinds of threats are involved in the case of the IoT based aviation industry. These are malicious actions, third party failures, system failures, human errors, and environmental attacks. In these circumstances, malicious action is the most critical factor of discussion as these attacks are the most crucial and different kinds of attacks are involved in such cases.
Malicious actions can be various types such as Denial of service attacks, misuse of authorization and authority, breaching the physical access controls as well as administrative controls, phishing attacks etc. Hence the aviation industry is required to provide observations for protecting the data from malware attack. These threats can be monitored by network security management and checking devices that are connected with different IT commas. Engineers can suspect by observing data behaviors and identifying unusual threat mechanisms.
Conclusion
In this assignment it has been discussed the cyber security’s identification, its framework, the security systems purposes and scope. As well, it also discussed the appropriate implementation plan for addressing the cyber security threats and the appropriate monitoring system for addressing the cyber security threats.
In this topic it has been discussed that the aviation industry or individual company Air MSKy requires numerous records for security purposes and tracking flights with advanced technology. In this topic eight of the frameworks that are needed in the aviation industry are briefly discussed. It also discussed various kinds of cyber security threats in the aviation industry and how to overcome these situations with the appropriate mechanism.
Reference list
Journals
Benias, N. and Markopoulos, A.P., 2017, September. A review on the readiness level and cyber-security challenges in Industry 4.0. In 2017 South Eastern European Design Automation, Computer Engineering, Computer Networks and Social Media Conference (SEEDA-CECNSM) (pp. 1-5). IEEE.
Boeke, S., 2018. National cyber crisis management: Different European approaches. Governance, 31(3), pp.449-464.
Christensen, K.K. and Petersen, K.L., 2017. Public–private partnerships on cyber security: a practice of loyalty. International Affairs, 93(6), pp.1435-1452.
Collier, J., 2018. Cyber security assemblages: a framework for understanding the dynamic and contested nature of security provision. Politics and Governance, 6(2), pp.13-21.
Lallie, H.S., Shepherd, L.A., Nurse, J.R., Erola, A., Epiphaniou, G., Maple, C. and Bellekens, X., 2021. Cyber security in the age of covid-19: A timeline and analysis of cyber-crime and cyber-attacks during the pandemic. Computers & Security, 105, p.102248.
Lykou, G., Anagnostopoulou, A. and Gritzalis, D., 2018, June. Implementing cyber-security measures in airports to improve cyber-resilience. In 2018 Global Internet of Things Summit (GIoTS) (pp. 1-6). IEEE.
Lykou, G., Anagnostopoulou, A. and Gritzalis, D., 2019. Smart airport cybersecurity: Threat mitigation and cyber resilience controls. Sensors, 19(1), p.19.
Lykou, G., Anagnostopoulou, A. and Gritzalis, D., 2019. Smart airport cybersecurity: Threat mitigation and cyber resilience controls. Sensors, 19(1), p.19.
Lykou, G., Iakovakis, G. and Gritzalis, D., 2019. Aviation cybersecurity and cyber-resilience: assessing risk in air traffic management. In Critical Infrastructure Security and Resilience (pp. 245-260). Springer, Cham.
Niewiadomski, P., 2017. Global production networks in the passenger aviation industry. Geoforum, 87, pp.1-14.
Pollard, T. and Clark, J., 2019, January. Connected aircraft: Cyber-safety risks, insider threat, and management approaches. In Proceedings of the 52nd Hawaii International Conference on System Sciences.
Renaud, K., Von Solms, B. and Von Solms, R., 2019. How does intellectual capital align with cyber security?. Journal of Intellectual Capital.
Valeriano, B. and Maness, R.C., 2018. International relations theory and cyber security. The Oxford Handbook of International Political Theory, p.259.
Know more about UniqueSubmission’s other writing services:
