C10395 : Information System : Assessment Answers

In the new position, you have realised that the company does not have any effective information security control in place. Therefore, you start to develop an information security strategic plan for the company and have drafted the strategic plan structure as follows:

• Introduction
• Mission statement
• Governance
• Strategic objectives
• Key initiatives

Introduction:

Virtual Space Tours is an Australia-based company. It operates in the area of Virtual space tourism. The Company is into the business of organizing virtual tours to Moon, Mars and other planets of the solar system with the help of internet. It plans to implement a cloud space tourism infrastructure for accommodating 10 million customers per annum. With the newly developed proprietary virtual reality technology, the company has become the best in its area with almost 1 million customers. With the growth in the business, the risk of data threats and data hacking by the cyber criminals are increasing as well. Since the business is targeted by a number business rivals, the risks of data loss increases as well (Hashizume et al. 2013). Currently the organization does not possess any proper information security that gives rise to the risk of information loss, data security and the privacy issues of the organization. Thus, the organization needs to ensure that an effective information security is in place so that the data security risks associated with the organization can be eliminated (Modi et al. 2013). The report aims in development of an information security strategic plan so that it is easier to implement the same in VirtualSpaceTours. The report will be discussing the mission statement, the governance policies, strategic objectives and the key initiatives.

2. Mission Statement

In order to ensure appropriate data protection and protection of company’s critical business an information security office has been created. The organization aims in protection of the data related to company’s business strategies, tours and the information about the technology that the company have been using over the years. Furthermore, the company is needed to protect its computing resources as well. The aim of the information strategic plan that is to be developed is to ensure accurate data protection and protection of the information resources of the organization. Protection of the information security of the organization is necessary not only to maintain the confidentiality of the data of the customers, but also to ensure security of the business strategies of the organization (Cheminod, Durante and Valenzano 2013).. The risk of data loss is mainly from the business rivals or from the amateurs who want to be famous. For that, the idea of secrete business strategy of VirtualSpaceTours is needed to be known, thus giving rise to the data security risks. With an aim of improving the security of the data stored in the information security office, an information security officer has been hired who will look after that security of the information stored. The business strategy that is followed by the VirtualSpaceTours is highly confidential and therefore, accurate protection of the same in needed to be ensured (Fernandes et al. 2014). For that, certain data protection policies or rules are needed to be enforced which will ensure appropriate data protection.

The aim of the information security office that is developed by VirtualSpaceTours is to ensure that all types of data associated with the organization, will be secured. The information security office will be ensuring that the there is no unauthorised access to the data that is stored in the organization. The data includes customers’ data, business strategies and the computing resources of the organization. The information security office will ensure that no confidential data that is stored within the premises of the organization will go out of the organization thus ensuring that the hackers or any unauthorised users are not able to access it. For that accurate privacy protection and use of a secure network in needed to be ensured. The information security office further aims in ensuring that the strategic plan that is being developed is followed by each and every staffs of the organization so that the data security can be ensured..

3. Governance 

For ensuring that accurate security and the data confidentiality will be maintained, the security officers are needed to follow a planned approach. The responsibility of the security officers is to ensure accurate implementation of the information strategic that is identified for the organization. The main responsibility of the chief information security officer is to ensure that all the data that is being stored are properly encrypted so that any unauthorised use or access to that data can be prevented (Cheminod, Durante and Valenzano 2013). The CISO or chief information security officer is a senior level executive who will be in charge of development and implementation of the information security program. The information security program associated with the protection of data in VirtualSpaceTours will incorporate procedure and policies that are designed for protection of the computing resources, digital assets from both internal and external threats to which the organization is exposed to. Protection against the internal threats in the organization is necessary as well. This is because the internal threats in the organization might result in loss of confidential data.

An information security manager is responsible for protection of computers, assets and the information of an organization against network and malware attack (Kshetri 2013). The role and responsibility of information security manager in VirtualSpaceTours is to ensure that the loss of the data can be prevented with enforcement of accurate control in order to protect the organization against the malware attacks. With an accurate supervision of the data control policy and the process of data control that is enforced in the organization, it is possible to ensure accurate protection of the data in VirtualSpaceTours. Another responsibility of the Information Security manager is to ensure that the confidentiality, integrity and the availability of the data that is being stored in maintained and properly supervised.

The information security technical council will be responsible for ensuring that the information security policy and the rules that have been enforced in VirtualSpaceTours is appropriate for protection of the data within the organization (Inukollu, Arsi and Ravuri 2014). The main issue associated with VirtualSpaceTours is the threat of loss of business data and the business strategies that is implemented in the organisation. It is the responsibility of the Security Council to ensure that the strategies that the organization chose to implement for ensuring data protection will be actually helpful for the organization (Cheminod, Durante and Valenzano 2013). The Information Security Technical Council will be responsible for approving the appropriateness of the information security strategies that has been identified for the organization.

4. Strategic Objectives

In order to ensure that security of the data of VirtualSpaceTours is maintained, it is essential to identify the strategic objectives of the organization that will help in ensuring accurate data control (Cheminod, Durante and Valenzano 2013). The purpose of an information security plan is to develop an information security program that will maintain the confidentiality, integrity and availability of the information that is stored in the system (Singhal et al. 2013). The key strategic objectives of the organization VirtualSpaceTours are represented in the following paragraphs-

1. The primary objective of the organization is to ensure accurate data protection. For that the organization has planned to encrypt the data of the customers so that it remains inaccessible to the unauthorised individuals (Peltier 2013).
2. Since the organization plans to implement a cloud solution, data protection in the cloud is essential (Peltier 2016). Furthermore, the security of the network where the data is being stored is needed to be ensured as well so that any unauthorised access to the data can be prevented (Tsohou, Karyda and Kokolakis 2015). Thus it is an important information security strategic objective of the organization.
3. The next objective of the organization is to ensure that any unauthorised data access is prevented for protection of data from any internal and the external threats (Safa, Von Solms and Furnell 2016). Only the trusted and the authorised individual can be able to access the data so that that the risk of access of the data by any intruder is eliminated.
4. Another strategic objective of the organization is to develop an information security strategy that will provide an organization road map for information protection within an organization (Johnson 2014). The information security strategy is aligned and associated with the business goals so that the infrastructural data protection can be ensured. It is the responsibility of the information Security Technical Council to approve the information security strategy of the organization.
5. The security strategy that is prepared is needed to be documented so that the major security concerns associated with the organization can be eliminated (Rittinghouse and Ransome 2016). With accurate documentation of the information security strategy, it would be easier for the staffs of the organization to follow the information security plan that is being developed.
6. Another strategic objective of VirtualSpaceTours is to ensure that any cyber incident and attacks are promptly reported so that easier data protection can be enforced (Rao and Selvamani 2015). For that the organization needs to develop and cultivate national cyber security capabilities in order to mitigate the risks associated with malware attacks in VirtualSpaceTours.

Apart from that, the organization will be implementing an information security program consisting of the comprehensive set of information security policies and procedures in order to ensure that the digital assets, computing resources and the business strategies of the organization are securely stored in the information security office of the organization.

5. Key Initiatives 

For ensuring the strategic objectives of the organization are fulfilled, the organization needs to take certain key initiative that will accelerate the process of enforcing data security and control. The key initiatives that the organization should take to meet the specified objectives related to the security needs of the organization are represented in the following paragraphs.

The first and foremost key initiative that the organization should take is to establish a legal and regulatory framework of enabling a safe and a vibrant cyber space (Rewagad and Pawar 2013). It is necessary for VirtualSpaceTours to foster a culture of cyber security for promoting sage and vibrant use of cyber space.

The second key initiative that the organization should take is to ensure that all the staffs of the organization are educated about the information security needs and the strategies that has been developed to ensure that the information within the organization is secured. The staffs should be able to develop and cultivate the national cyber security capabilities that will ensure accurate data protection.

Another major initiative that is needed to be taken by the organization is to design an information security policy that will ensure accurate data protection (Cheminod, Durante and Valenzano 2013).. With accurate data protection, the company will be able to manage the data theft by the hackers or the unauthorised insiders.

The organization should assign the authority of data access, change, delete or modification only to the trusted individuals. The storage facility should be pass work protected so that only the trusted individuals have an access to it.

Another key initiative that is needed to be taken by the organization includes encryption of all the viral and the confidential information of the organization so that it remains inaccessible to the unauthorised persons (Marwaha and Bedi 2013). The encrypted information can be decrypted only by the individuals who have an access to the decryption key. This will prevent any unauthorised data access and will help the information security office of VirtualSpaceTours to ensure accurate data security.

6. Conclusion: 

The report discusses the different aspects of information strategic plan that will help in ensuring information security in VirtualSpaceTours. The report discusses the need for enforcing a viable information security plan that will help in easier management of the data, digital assets and the computing resources of the organization. The data associated with VirtualSpaceTours should be protected as the hackers might try to get an access to the business strategies with an aim of becoming famous. For that, it is essential to ensure that an appropriate information security plan is developed and implemented by the information security office of VirtualSpaceTours. The report discusses the strategic objectives and the key initiatives that the organization should take to ensure accurate data protection.

References: 

Cheminod, M., Durante, L. and Valenzano, A., 2013. Review of security issues in industrial networks. IEEE Transactions on Industrial Informatics, 9(1), pp.277-293.

Fernandes, D.A., Soares, L.F., Gomes, J.V., Freire, M.M. and Inácio, P.R., 2014. Security issues in cloud environments: a survey. International Journal of Information Security, 13(2), pp.113-170.

Hashizume, K., Rosado, D.G., Fernández-Medina, E. and Fernandez, E.B., 2013. An analysis of security issues for cloud computing. Journal of internet services and applications, 4(1), p.5.

Inukollu, V.N., Arsi, S. and Ravuri, S.R., 2014. Security issues associated with big data in cloud computing. International Journal of Network Security & Its Applications, 6(3), p.45.

Johnson, R., 2014. Security policies and implementation issues. Jones & Bartlett Publishers.

Kshetri, N., 2013. Privacy and security issues in cloud computing: The role of institutions and institutional evolution. Telecommunications Policy, 37(4-5), pp.372-386.

Marwaha, M. and Bedi, R., 2013. Applying encryption algorithm for data security and privacy in cloud computing. International Journal of Computer Science Issues (IJCSI), 10(1), p.367.

Modi, C., Patel, D., Borisaniya, B., Patel, A. and Rajarajan, M., 2013. A survey on security issues and solutions at different layers of Cloud computing. The journal of supercomputing, 63(2), pp.561-592.

Peltier, T.R., 2013. Information security fundamentals. CRC Press.

Peltier, T.R., 2016. Information Security Policies, Procedures, and Standards: guidelines for effective information security management. Auerbach Publications.

Rao, R.V. and Selvamani, K., 2015. Data security challenges and its solutions in cloud computing. Procedia Computer Science, 48, pp.204-209.

Rewagad, P. and Pawar, Y., 2013, April. Use of digital signature with diffie hellman key exchange and AES encryption algorithm to enhance data security in cloud computing. In Communication Systems and Network Technologies (CSNT), 2013 International Conference on (pp. 437-439). IEEE.

Rittinghouse, J.W. and Ransome, J.F., 2016. Cloud computing: implementation, management, and security. CRC press.

Safa, N.S., Von Solms, R. and Furnell, S., 2016. Information security policy compliance model in organizations. Computers & Security, 56, pp.70-82.

Singhal, M., Chandrasekhar, S., Ge, T., Sandhu, R., Krishnan, R., Ahn, G.J. and Bertino, E., 2013. Collaboration in multicloud computing environments: Framework and security issues. Computer, 46(2), pp.76-84.

Tsohou, A., Karyda, M. and Kokolakis, S., 2015. Analyzing the role of cognitive and cultural biases in the internalization of information security policies: recommendations for information security awareness programs. Computers & security, 52, pp.128-141.