LD7087 Information Governance and Cyber Security Assignment Sample
Executive summary
Advancement of technology has engaged several updated concepts and logic in the modern day’s professional sectors. Up-gradation of technology has evolved the concept of web platform with increased accessibilities along with reliability. However, security concerns have been observed as the prime implication of recent internet platform because of engagement of unethical hackers. From this context, information governance framework has been highlighted under the theoretical illustration of this study. Incorporating the case study of Air Msky, this study has presented evaluation of information governance with the scenario. Moreover, eight purposeful policies have been stated with applicable strategies. Additionally, security risks concerning information governance have also been highlighted in the context of the study.
Introduction
The advancement of technology has presented numerous updated concepts and logic for operational sectors of modern days. Along with this concern, each business module is planning to develop its business operations and strategies depending on the digital platform. Moreover, beneficial aspects, several negative aspects have also been observed concerning modern-day technology. The engagement of unethical hackers has been observed as the prime factor concerning security aspects of digital data as electronic data have no such human interaction in security except strategic management, implementation and representation according to roles and responsibilities. From this context, this study has been derived to discuss, evaluate and recommend information governance policies concerning Air MSky airline of the UK.
Purposes and scopes
Information governance refers to the concept of handling, managing, securing data with better accessibility and reliability through an embedded framework. According to Merkus et al. (2019), information governance includes appropriate management of digital data concerning higher security with appropriate accessibilities as per roles and responsibilities of associated members. Discussing the proposed information management of Air MSky, it can be observed that illustration of information governance is a primary necessity before implementing its business module on a digital platform.
As per the discussion of Mukherjee (2019), it has been viewed that information governance framework analysis is an important and integral factor in modern days as most of the professional business modules have been incorporated in cloud architecture. Engagement of cloud systems has introduced centralized and distributed, both control along with uninterrupted connectivity in the advanced digital operations. Therefore, the security of information has been observed as the prime aspect while discussing the information governance framework. Influenced by Muhammad et al (2021), legal and social concerns of information regarding accessibility and security have also been engaged under the theoretical context of the information governance framework. Through this discussion, the prime purpose of the study can be derived concerning Air MSky airline.
As per the case study, it has been viewed that the airline company has been delivering permissible services around the domestic cities of the UK. The company has planned to enhance its business with the help of advanced technology to join in the flow of globalization. Evaluating the mentioned aspects, analysis of information governance framework has been objectified as the prime goal for delivering adequate and desired services to its consumers along with appropriate security of their confidential information abiding the UK’s regulatory considerations.
Discussing the objectives or rather to say purpose of the proposed governance framework has included the following considerations to account for strategic mapping of information as per requirements.
- As airline web server’s deal with consumers’ confidential data such as personal information, banking details which are used for payment purposes and so on, and Providing superior security has been identified as the initial concern of the governance framework.
- As the airline company is operating its business in the UK, abiding by all the regulatory considerations regarding data protection and accessibilities has also been included in the governance framework.
- Additionally, the roles and responsibilities of associated individuals concerning the knowledge of information governance have been aimed to derive under the governance framework.
- Delivering promising services to its consumers after maintaining all the considerations has been aimed as an important purpose of the governance framework of Air MSky.
In the discussion of scopes of this framework, the following measures have been undertaken under the context of this study concerning the governance framework.
| Scopes | Considerations |
| The framework will deliver appropriate management of all physical and digital data as per security concerns. | Data has been categorized as per the following considerations.
● Confidential data: All the consumers’ data have been included in this list along with payment details. ● Restricted data: All the internal information of the company has been considered in this list which can engage severe implications in an exposure.
● Unrestricted data: Company information such as general company details, services have been considered in this list |
| The framework will include all the staff of Air MSky along with the entire hierarchy in the considerations. Influenced by Smallwood (2019), all the associated third parties, partners will be engaged under the framework planning. | ● All the staff along with the entire hierarchy have been considered to be responsible for roles regarding the governance architecture.
● Third parties, joint ventures and other associated partners have been considered to be knowledgeable about data protection and cyber security concepts. ● Consumers have also been included as the accountability tester of the governance framework as genuine service is the prime aspect of any business module. |
Table 1: Illustration of scopes
(Source: Self-Created)
Evaluation of information governance policy framework
Discussing the information governance framework, it has been viewed that Air MSky has to be sensitive in case of maintaining all the mentioned considerations for deriving its own information governance system. According to Abraham et al. (2019), it is important to differentiate the roles and responsibilities of each associated member under the operational and governance module as per their position. Additionally, the authors have also stated that not only existing positions but the differentiation can engage new positions with necessary responsibilities in terms of the fruitfulness of a governance framework. From this context, it has been aimed to evaluate the roles and responsibilities of all associated staff along with the entire hierarchy in an adequate design of an information governance system for Air MSky.
Concerning the framework, it has been viewed that there are a few components that have to be engaged in the considerations namely, information governance, business information management and database management. The following table has been illustrated in terms of stating the responsibilities of managerial components under the governance framework.
| Components | Roles and responsibilities |
| Business information management | Business information management is responsible for undertaking all the information concerning operational information regarding business management. In the operational management, flights and cargo management, aligning data with consumers’ requests and booking, payment structures retrieval have been considered as prime responsibilities of the concerned components. |
| Database management | Database department has been considered for the organizations of collected data along with modification, insertion and deletion of information as per consumer-generated or internal queries with appropriate monitoring in the central database system. Additionally, this component has also been considered for giving responsibilities of maintaining all the database operations ethically as per data protection and security regulations. |
| Information governance | This component has been considered the most vital segment in the governance framework. As per the previous findings, it can be stated that this particular segment has been proposed to control the information of Air MSky abiding by all rules and regulations of the UK government internally and externally. |
Table 2: Differentiation of roles and responsibilities
(Source: Self-created)
Analysis of roles and responsibilities of different components of Air MSky has presented a roadmap for designing a governance framework. Not only a framework but a strategic implementation under the organizational context has also been found through analyzing the individual roles (Al-Ruithe et al. 2019). In simple terms, it has been observed that the company has planned to develop its information security architecture in three independent stages where data is channelized sequentially. The sequence of data channelization has been planned to represent a strategic flow of information from collection to processing and storing.
In the discussion of information flow concerning its legal aspects, it can be viewed that appropriate governance of information can be achieved through effective monitoring. For this particular reason, the information governance component has been allocated in the illustration. This component has been mainly engaged to review the legal aspects of business operations regarding data management of Air MSky. According to Mikalef et al. (2020), the regulatory body is responsible for maintaining all the acts along with ethical considerations in the governance framework. In this case, information governance has been considered to play that role under the organization.
Business information management has been given responsibility for managing business operations concerning information processing. In simple terms, this component is responsible for managing business operations abiding by ethical considerations. In the business operation of Air MSky, it has been found that consumers’ booking details, payment details, channelization of flights and cargo as per customer’s requirements and other associated management of official documentation are the prime roles under operational management. This component has been stated to control the flow of information which will gain from business operations in the front end of the business modules. Here, the front end refers to the direct dealings with consumers digitally, communication with regulatory bodies and management of flights and cargo information. Besides that, dealings with third parties, associated partners have also been included in the roles of business information management for maintaining ethical aspects of data security and privacy.
Database management module has been generated for managing data in an appropriate organization in terms of avoiding implications while retrieving information as per requirements. As per the illustration of Alhassan et al. (2018), the significance of database management can be viewed in the context of appropriate governance of information in professional sectors. As per the authors’ illustration, it can be observed that proper organization of data in a database according to strategic planning is beneficial for managing higher complexities in large databases. Discussion on Air MSky‘s database can present the incremental complexities with higher vulnerabilities without strategic implementation. From the context of the discussion, it can be stated that this module has been proposed to channelize the entity-relationship among datasets’ parameters following all the ethical values which should be maintained to run a business in the UK field.
Figure 1: Information governance framework
(Source: Self-Created)
Discussion on Information governance policy concerning Air MSky’s scenario
Information governance policies are none but the strategic framework of monitoring information under an organizational module following all the ethical regulations along with business considerations. In the case of Air MSky, it has been found that the company has planned to develop its own web-based structure for serving not only in cities of the UK but outside the nation. Having a UK origin, the company is bound to maintain all the UK rules and regulations concerning data protection and management. Specifically, when an organization operates public data, the responsibilities regarding data security have increased under the organizational context According to Al-Badi et al. (2018), data governance refers to the concept of tracking each incoming and outgoing thread of information in the organizational connectivity. In simple terms, the authors have represented monitoring of data at every hop of information access. Evaluating the whole content, the following measures have been made under the designing information governance framework.
| Sl No. | Policy | Associated entities/ Implementation strategies |
| 1. | Auto sign-in has been blocked in the booking database of consumers. Consumers have to pass an authorization stage in each session. | A security team has been planned to engage along with the web development team. |
| 2. | Each data inserted by the consumer end should be verified by database experts before storing on the centralized database for filtering unethical scripts attached with consumer details (Smallwood, 2018). | An intermediate channel between the initial storage of user-end input and the “governance department” has been planned to be established in terms of verification and approval strategies. |
| 3. | Any information collected by business operational entities should be monitored by the “governance department” in terms of comparing authenticity with ethical considerations as per the UK business fields. | Each data from the operational module should be verified with additional security scripts in terms of mitigating risks of creating vulnerable points in the central database. |
| 4. | All the incoming paths of data should visit the governance department for verification at least once before storing them in the database (assets.publishing.service.gov.uk, 2021). | All the internal database connectivity has been planned to secure by giving specific user privileges through terminals. |
| 5. | The centralized database should not have any direct connection with the operational department of Air MSky. Additionally, the bypassing routes are also blocked from reaching the database by the governance department. A mirrored volume should be utilized for accessing necessary information in business operations in terms of detaching the actual one in terms of accessibility. | Physical storage of system servers has been planned to differentiate through mirrored volume and RAID 1 configuration. This technology will be beneficial for backup and restore purposes in terms of avoiding data loss. |
| `6. | The Governance department is the only decision-maker in the outgoing channel of the organization’s information. That particular entity is responsible not only for stating unrestricted data but also for recognizing restricted and confidential data concerning business operations. | A monitoring channel for data transmission has been planned to be designed in terms of channelizing review and approval control in the existing system. |
| 7. | Each authorized ID of employees up to the entire hierarchy should use only their authorized devices for accessing company IDs and storage. Without an authorized device, appropriate login credentials are not adequate to access company information or any portals. Individuals should consult only the governance department in terms of registering any other device in case of any implication. | Each authorized device has been planned to monitor through additional scripts in the governance department’s server which retrieve periodic information from the access control list in terms of ensuring ethical access from registered devices. |
| 8. | Every individual except the chief governance head is restricted to use any removable devices in those authorized devices in terms of blocking outgoing threads of information. | Each external port of registered systems has been blocked by governance ID in terms of restricting removable devices in company systems. |
Table 3: Information governance policies of Air MSky
(Source: Self-Created)
Discussion on security monitoring security aspects
Discussion on security aspects of Air MSky‘s web platform has engaged several severe issues concerning the recent situation of modern-day internet platforms. An increased number of unethical hackers have emphasized the risk factor regarding data privacy and security. From this aspect, the following illustration has been stated to represent the most possible risks regarding governance planning along with possible solutions.
| Risk | Occurrence | Mitigation strategies |
| Risk of being affected by “Cross-site scripting” or XSS | XSS is an unethical technique of bypassing malicious scripts for redirecting user end connections through unauthorized portals (developer.mozilla.org, 2021). A user can access that portal unknowingly while booking or paying for business operations. | Users will be requested to use updated browsers and HTTPS connections at the user registration agreement. All the incoming connections should be rechecked by the company’s security setup before redirecting to user database access. |
| Risk of being affected by any injection tool such as SQL injection | SQL injection is an unethical technique of manipulating databases from unauthorized users (developer.mozilla.org, 2021). Inappropriate accessibility of database management can create several vulnerable points in databases which are the catchy portal of hackers. | It has been planned to execute penetration testing several times before globalizing the business module on the web platform. |
Table 4: Security Risk assessment and mitigation planning
(Source: Self-created)
Conclusion
Most of the professional operations are aimed to be executed on digital medium for higher accessibility, reliability and accountability of this platform in the generation of invention and innovation. From this concept, the proposed study has been derived and developed for designing the information governance of Air MSky. In the illustration, it has been found that the security aspect of information governance is the prime factor along with the appropriate organization of data in data server. Evaluating the recommendations regarding governance policies along with risk assessment, it can be stated that most of the vulnerable points have been addressed and aimed to channelize an adequate web setup with proposed policies.
References
Books:
Smallwood, R.F., 2018. Information governance for healthcare professionals: a practical approach. Florida: CRC Press.
Smallwood, R.F., 2019. Information governance: Concepts, strategies and best practices. John New Jersey: Wiley & Sons.
Journals:
Abraham, R., Schneider, J. and Vom Brocke, J., 2019. Data governance: A conceptual framework, structured review, and research agenda. International Journal of Information Management, 49, pp.424-438.
Al-Badi, A., Tarhini, A. and Khan, A.I., 2018. Exploring big data governance frameworks. Procedia computer science, 141, pp.271-277.
Alhassan, I., Sammon, D. and Daly, M., 2018. Data governance activities: A comparison between scientific and practice-oriented literature. Journal of Enterprise Information Management.
Al-Ruithe, M., Benkhelifa, E. and Hameed, K., 2019. A systematic literature review of data governance and cloud data governance. Personal and Ubiquitous Computing, 23(5), pp.839-859.
Merkus, J., Helms, R. and Kusters, R.J., 2019, May. Data Governance and Information Governance: Set of Definitions in Relation to Data and Information as Part of DIKW. In ICEIS (2) (pp. 143-154).
Mikalef, P., Boura, M., Lekakos, G. and Krogstie, J., 2020. The role of information governance in big data analytics driven innovation. Information & Management, 57(7), p.103361.
Muhammad, J.S., Isa, A.M., Shamsuddin, A.Z.H. and Miah, S.J., 2021. Constituent of information governance framework for a successful implementation in Nigerian Universities. Education and Information Technologies, 26(5), pp.6447-6460.
Mukherjee, S., 2019. Information Governance for the Implementation of Cloud Computing. Available at SSRN 3405102.
Websites:
assets.publishing.service.gov.uk, 2021. Information: To share or not to share?
developer.mozilla.org, 2021. Cross Site Scripting. Available at: https://developer.mozilla.org/en-US/docs/Glossary/Cross-site_scripting [Accessed on 17th October, 2021]
developer.mozilla.org, 2021. SQL Injection. Available at: https://developer.mozilla.org/en-US/docs/Glossary/SQL_Injection [Accessed on 16th October, 2021]
The Information Governance Review. Available at: https://assets.publishing.service.gov.uk/government/uploads/system/uploads/attachment_data/file/192572/2900774_InfoGovernance_accv2.pdf [Accessed on 18th October, 2021]
Know more about UniqueSubmission’s other writing services:
