Csi2102 Information Security | Risk Assessment Answers
Background:
A fictitious swimming association, WAS Swim (WASSA), the Peak body for the administration of swimmers in Western Australia representing more than 500 members and 5 associated clubs.
Task:
Since you provided WASSA with an information security recommendation in your previous assignment, the council has assigned to you, as the Information Security Manager, the task of researching and reporting on the protection of the information.
To do this you will need to create a classification scheme for the information currently held.
Using this classification, you can then report on the vulnerabilities and countermeasures that should be in place and develop an information security plan.
You should consider the types of information that needs protecting and risks associated with it, i.e., council members, association members, polices or any other media types etc.
Your assignment should contain:
- A risk assessment scale to show risk levels
- A risk matrix with the type of information and threat category
- A classification scheme, relevant to the case scenario
- A classification table that details the classification level and type of information to be classified
Answer:
Introduction
Information security is the significant practice of the prevention of the unauthorized or unauthenticated access, utilization, disruption, disclosure, inspection, modification, destruction or recording of any kind of information (Von Solms & Van Niekerk, 2013). This type of data or information might of any form that is of either physical or electronic. The most significant focus of the information security is to balance the subsequent protection of CIA or confidentiality, integrity and finally availability. Hence, a proper and effective policy is being implemented for hampering the total productivity of any particular organization. Risk management procedure plays the most vital role in this type of security and hence the assets, vulnerabilities, potential threats, sources of those threats, possible controls as well as the potential controls for the efficiency and effectiveness of risk management planning (Peltier, 2013).
The following report outlines a brief discussion on the case study of WASSA Swim Association. A proper description of the information security and the various risks related to the information of this organization as well as the potential impacts and solutions for those risks would be provided in this particular report. The risk matrix for each and every risk of WASSA would also be given here with a classification scheme.
Discussion
1. Information Security Plan of WASSA Swim Association
The information security plan of the WASSA Swim Association eventually describes about the safeguards for the protection of information, data and resources (Peltier, 2016). There are few reasons for these safeguards in WASSA Swim Association and these reasons are as follows:
iii) The third important and noteworthy reason for the presence of an information security plan in WASSA Swim Association is the protect against all types of unauthorized access as well as utilization of the covered information, resources and data, which could result in the substantial inconvenience and harm to the customers (Xu et al., 2014).
The information security plan in this WASSA Swim Association would even provide for the mechanisms for several benefits, which are given below:
iii) The proper implementation and reviewing of the plan for understanding the risks are also required here.
2. Risk Matrix of WASSA Swim Association
There are two types of risks associated with the information in WASSA Swim Association, which are internal risks and external risks (Tamjidyamcholo et al., 2013). These risks could be extremely vulnerable for the council members, association members, polices or any other media types of WASSA Swim Association. The risk matrix for WASSA Swim Association is given below:
|
Identified Risks |
Internal/ External |
Severity |
Probability |
Impact |
|
1. Administrative Rights to all Members |
Internal |
Catastrophic (4) |
High (4) |
High (4) |
|
2. Open Source CMS |
External |
Critical (3) |
Medium (3) |
Medium (3) |
|
3. Mailchimp |
External |
Catastrophic (4) |
High (4) |
High (4) |
|
4. Access to the Place |
Internal |
Critical (3) |
Medium (3) |
Medium (3) |
|
5. Corruption of Data |
Internal |
Marginal (2) |
Low (2) |
Low (2) |
|
6. Unauthorized Access of Data |
Internal |
Negligible (1) |
Very Low (1) |
Very Low (1) |
|
7. Loss of Data Integrity |
Internal |
Critical (3) |
High (3) |
High (3) |
|
8. Physical Loss of Data |
External |
Catastrophic (4) |
High (4) |
High (4) |
|
9. Errors to System |
External |
Critical (3) |
Medium (3) |
Medium (3) |
|
10. Improper Database System |
External |
Negligible (1) |
Very Low (1) |
Very Low (1) |
Table 1: Risk Matrix of WASSA Swim Association
Here in the above risk matrix, 4 is the highest severity and 1 is the lowest severity.
The above mentioned ten distinct risks are extremely vulnerable and dangerous for this WASSA Swim Association and hence should be properly solved to maintain a balance for the security of the confidential data and information (Cardenas, Manadhata & Rajan, 2013).
3. Classification Table of Information in WASSA Swim Association
The classification table of information for any organization, subsequently divides the information to four specific classes, which are confidential, regulated, internal and finally external (Layton, 2016). This type of classification helps the organization to deal with the various types of information and hence providing an utmost protection to every type of information.
The classification table of information for WASSA Swim Association is as follows:
|
Classes of Information |
Description of Information |
Examples of Such Information |
|
1. Confidential |
This type of information is only related to the WASSA Swim Association and hence is classified as confidential. The significant access of any type of unauthorized or unauthenticated parties could eventually cause this entity for incurring any type of organizational losses (Aljawarneh, Alawneh & Jaradat, 2017). The confidential classification solely involves the detailed information, which could affect the brand name of WASSA Swim Association and it should not be shared with public. Moreover, the important and sensitive information could even develop the insider information and thus can bring insider threats. Moreover, those information, which could be kept secret from the unauthorized parties is also termed as confidential. |
The examples of such information majorly include documentation for the administrators and other members of board, non published accounting materials, budgets as well as strategy memoranda, transactional data, strategies about long term developments, sensitive WASSA Swim Association plans and many more. |
|
2. Regulated |
This is the second type of information type, which is governed by the regulatory restrictions (Sarwar & Khan, 2013). The respective regulated data could only be accessible go the authenticated and authorized personnel of WASSA Swim Association. An extreme care should be taken in this case before the information is used, stored and even transmitted. The authenticated disclosure of regulated information could adversely affect the organization, employees, clients, business partners and each and every other stakeholder, who is associated with this particular organization. It would even violate the regulatory compliance guidelines and the legal and financial liabilities are incurred eventually. |
The examples of regulated information mainly include the policies and procedures, associated with the information that help to keep the confidential or sensitive data completely protected by the federal laws, specified regulations and laws. The PII or personally identifiable information of the WASSA Swim Association fall under this particular category (Khalil et al., 2013). Moreover, the notifications and other law regulations are also important in this case. |
|
3. Internal Uses |
The third type of information is the internal usage. This particular class of information eventually covers the WASSA Swim Association related confidential information, which does not fall under the sections of confidential, regulated and external uses (Popa et al., 2013). The subsequent access to this type of information is extremely restricted and hence should only be accessible for those, who require the information for performing their tasks. Most of the organization data and information are falling under the classification of internal utilization. |
The internal letters, electronic mails, memos and reports of WASSA Swim Association fall under this classifications. Furthermore, the various internal policies, procedures and instructions as well as information associated with the daily activities of WASSA Swim Association should also be accessed by only the internal and authorized people. The non sensitive personal data and the intellectual properties are also parts of such information (Khan & Tuteja, 2015). |
|
4. External Uses |
The final type of information is the external use type. This is the most popular and widely utilized type that has no restriction on the subsequent access of data and information. The organizational information could only be classified as public or external use, when the information has the quality controlled or approved by the respective departments of WASSA Swim Association (Von Solms & Van Niekerk, 2013). Moreover, this type of information has the severity level of negligible as per risk matrix, since there would not be any issue for data loss. |
The example of external or public information classification is those information that is posted on the Internet or is published in any other type of media. The files or folders of information that are already in use also fall under this category. Moreover the marketing campaign materials are also important and significant examples of such information type. |
4. Solutions for the Risks Identified for WASSA Swim Association
The various risks identified in the risk matrix should be mitigated properly for the proper eradication of all types of risks and threats so that the information is absolutely secured in WASSA Swim Association (Peltier, 2013). The major solutions for the perfect removal of these risks within the organization are as follows:
iii) Network Control and Access: The third effective and noteworthy strategy for the proper mitigation of each and every identified risk or threat for this organization of WASSA Swim Association is the network control as well as access (Safa, Von Solms & Furnell, 2016). There are various acts, which could negatively impact the entire operation of the peripherals, networks and computers for impeding the entire ability of the network access.
Conclusion
Therefore, from the above discussion, it can be concluded that infosec or information security is the collection of several strategies that help to manage the several tools, policies and processes, required for the prevention, detection, documentation and finally countering the threats for the digitalized as well as non digitalized information. The major responsibilities of the information security majorly involve the proper establishment of the set of various business processes, which could eventually protect the information assets, irrespective of the fact that how the information is being processed and how it is kept in storage. The core objectives of the information security programs are confidentiality, integrity and availability or CIA of the information technology systems. All of these objectives subsequently ensure that the confidential information is getting disclosed to the authenticated parties and hence preventing the unauthorized modification of the data. Moreover, the data could even be accessed by the authorized parties whenever needed. A proper procedure of risk management should be conducted for continuously assessing the threats and vulnerabilities. The above report has properly outlined the details of the WASSA Swim Association for understanding the various risks and threats associated with this particular organization. A risk matrix is provided here for understanding the severity of the risks. Moreover, significant and noteworthy solutions are also provided here for mitigating each and every risks. A classification scheme for the information of WASSA is even given in this report.
References
Aljawarneh, S. A., Alawneh, A., & Jaradat, R. (2017). Cloud security engineering: Early stages of SDLC. Future Generation Computer Systems, 74, 385-392.
Andress, J. (2014). The basics of information security: understanding the fundamentals of InfoSec in theory and practice. Syngress.
Cardenas, A. A., Manadhata, P. K., & Rajan, S. P. (2013). Big data analytics for security. IEEE Security & Privacy, 11(6), 74-76.
Khalil, I. M., Khreishah, A., Bouktif, S., & Ahmad, A. (2013, April). Security concerns in cloud computing. In 2013 Tenth International conference on information technology: new generations (ITNG) (pp. 411-416). IEEE.
Khan, S. S., & Tuteja, R. R. (2015). Security in cloud computing using cryptographic algorithms. International Journal of Innovative Research in Computer and Communication Engineering, 3(1), 148-155.
Layton, T. P. (2016). Information Security: Design, implementation, measurement, and compliance. Auerbach Publications.
Peltier, T. R. (2013). Information security fundamentals. CRC Press.
Peltier, T. R. (2016). Information Security Policies, Procedures, and Standards: guidelines for effective information security management. Auerbach Publications.
Popa, D., Cremene, M., Borda, M., & Boudaoud, K. (2013, January). A security framework for mobile cloud applications. In Roedunet International Conference (RoEduNet), 2013 11th(pp. 1-4). IEEE.
Safa, N. S., Von Solms, R., & Furnell, S. (2016). Information security policy compliance model in organizations. Computers & Security, 56, 70-82.
Sarwar, A., & Khan, M. N. (2013). A review of trust aspects in cloud computing security. International Journal of Cloud Computing and Services Science, 2(2), 116.
Singh, G. (2013). A study of encryption algorithms (RSA, DES, 3DES and AES) for information security. International Journal of Computer Applications, 67(19).
Tamjidyamcholo, A., Baba, M. S. B., Tamjid, H., & Gholipour, R. (2013). Information security–Professional perceptions of knowledge-sharing intention under self-efficacy, trust, reciprocity, and shared-language. Computers & Education, 68, 223-232.
Von Solms, R., & Van Niekerk, J. (2013). From information security to cyber security. computers & security, 38, 97-102.
Xu, L., Jiang, C., Wang, J., Yuan, J., & Ren, Y. (2014). Information security in big data: privacy and data mining. IEEE Access, 2, 1149-1176.Buy Csi2102 Information Security | Risk Assessment Answers Online
Talk to our expert to get the help with Csi2102 Information Security | Risk Assessment Answers to complete your assessment on time and boost your grades now
The main aim/motive of the management assignment help services is to get connect with a greater number of students, and effectively help, and support them in getting completing their assignments the students also get find this a wonderful opportunity where they could effectively learn more about their topics, as the experts also have the best team members with them in which all the members effectively support each other to get complete their diploma assignments. They complete the assessments of the students in an appropriate manner and deliver them back to the students before the due date of the assignment so that the students could timely submit this, and can score higher marks. The experts of the assignment help services at urgenthomework.com are so much skilled, capable, talented, and experienced in their field of programming homework help writing assignments, so, for this, they can effectively write the best economics assignment help services.
