Security Policy Development for Appliance Online
As a part of this report, a piece of thorough account of information in regard with the various impact of Appliances Online in Information Services would be discussed. Besides, the Appraisals would also be provided concerning the management of the information system. An analysis of the strategic uses of this chosen industry would be presented, as well. The legal and ethical aspects of useful services like customer and excellent services areas would be evaluated. Analysis of the impact of information system in the context of management regarding would be implemented as per the strategy of global perspectives.
Security policy usually means the security of systems in an organization to protect its data and to increase confidentiality (Wennersten, Sun & Li 2015). Security policies address generally the constraints on the organization’s members. Information security policy has been considered as a policy set for the development of an organization (Wennersten, Sun & Li 2015). The set of policies has been issued by the specified organization for ensuring the factor the users of information technology within the organization’s domain are related to the security system of the organization. It also addresses that the network system complies with the regulations and guidelines of the organization’s security system (Wennersten, Sun & Li 2015).
The following assignment is based on Information security policies and its impacts on the maintenance of the confidential data in the organization named Appliance online. The study aims to focus on the development of information security policies. How to control potential risk factors to minimize the vulnerabilities in the Appliance online organization’s security system would also be highlighted in the study. Technological changes and its positive impacts on the organizational security system would be addressed along with a business continuation plan in the following study.
2. Information security policies
Computer networks have been developed day by day, and now it allows people to share confidential data through the network. Organizations have been able to share important information with several stakeholders and their employees within a second through the developed network system. However, it is necessary for organizations to protect their relevant information from being hacked by some intruders. Information security policies play a crucial role in securing the organizational data and confidential information within the organization. It is essential to keep secure all the reliable information about the organization and its employees for minimizing the risk factors due to the lack of a proper security system. Information security policies used to secure the organization from every corner. It secures all hardware and software devices data, human resource management, control its access, physical parameters in its scope factors. The information security policy can enable some protections that would detect the access of any unauthorized accession in the organizational website of Appliance online. The security system determines the boundaries of the organizational data to prevent the risk factors for improving the service of the organization. The data of Appliance online would be controlled by the security system and the control of the data distribution would be as per the guidelines of the system. Any unauthorized access shouldn’t be entered after implementation of a strong security system in Appliance online as it would be detected through an information security policy (Wang, Zhu & Zhang, 2016).
2.1 How to develop information security policies
Information security policies play a crucial role in securing the organizational data and confidential information within the organization. It is essential to keep secure all the reliable information about the organization and its employees for minimizing the risk factors due to the lack of a proper security system. Some security policies should be implemented in the organization Appliance online for minimizing the risk factors in the organization.
Figure 1: Information Security Policy
Understanding the requirements of the business: The first step of developing the security process of an organization is to understand the required factors of the organization. It would help to meet all the criteria of the proposed business. Appliance online can think about initiating the monitoring process within the organization for identifying the lack of factors that are responsible for the degradation of the business and improve it with technological support. It would be ensured that the security policy is meeting the legal requirements also.
Finalize scope: After determining the business requirements, the organization would identify its scope factors for developing the inner strength of the organization. The boundaries of the organizational data would be detected, and an outline of the work would be created in terms of maximizing the scope factors of Appliance online. Scope processes would be included to identify the scope factors of developing the business in the global market along with the competition.
Identifying the policies and procedures: The existing policies and procedures of the organization should be identified by the security policies for developing the quality of the business. The lacking factors would also be detected through this identification process, and required security tools would be implemented in Appliance online company for having a better result. New security policies would meet all the criteria of the business in terms of achieving a remarkable position in the global market.
Identifying potential gaps in the existing policies and procedures: After identifying the existing policies and procedures, the company Appliance online would be able to detect the lacking factors. The factors that were responsible for potential gaps in the security system. After that, the organization Appliance online could take action against the gaps and implement some new policies for developing the quality of the business.
Identify new policies and procedures: Identification of the gaps in the existing policies and procedures would make the company Appliance online able to understand the required security policies in the organization. An organization needs to implement new policies in terms of making the organization profitable in the competitive market. Appliance online can think about identifying new policies and procedures that would meet the required criteria of the organization’s security purposes.
Develop top-level policies and procedures: New policies and procedures would be identified by the organization Appliance online for developing the organizational security system to protect the harm. Top-level policies would be implemented in the organization for improving the existing security policies that had a lack of maintenance. The newly implemented procedures would meet the legal requirements of the organization Appliance online (Goodman, Straub & Baskerville, 2016).
Develop domain-specific policies and procedures: Specific policies would be identified through the implementation of the domain. The procedures would be developed for improving the security system of the Appliance online (Safa& Von Solms, 2016).
2.2 How to control potential threats and vulnerabilities
Figure 2: Control potential threats and vulnerabilities
(Source:Safa& Von Solms, 2016, pp-75)
The first step of controlling potential threats and vulnerabilities in an organization is to identify the risks factors that can harm the security policies of the organization. On the other hand, vulnerabilities indicate to the imperfection of the security system within the organization. Loss or harm could result for the vulnerabilities in the security system. Threat factors are the computing systems that contain the potential risk factors for the loss of the organization (Flowerday&Tuyikeze, 2016). The company Appliance online can think about monitoring the organizational activities to identify the harmful risk factors. Some strategies can be followed to minimize the potential threat factors within the organization:
Identifying the risk factors: Identification of the potential threat factors would help Appliance online to minimize the negative impacts of the risk factors. Monitoring process would help the organization to detect the lacking factors in the security system. It would help to prevent an intruder from accessing the confidential website of the organization for reducing the potential vulnerabilities (Yazdanmehr& Wang, 2016).
Security policies would meet the legal requirements: The organization Appliance online needs to hold several personal information of the employees and the consumers. Documentation of the security policy would be required to mitigate the chances of liabilities that can be caused due to a lack of meeting the security policies with the legal requirements (Safa et al., 2016). The potential risk factors could be reduced by having a legal and robust security system (Goodman, Straub & Baskerville, 2016).
Security of security systems: The authorization of technology tools must secure the security systems of the organization. Excessive security systems can prevent the smooth running of the business of Appliance online. Protocol layers of the security systems can be hacked by some unauthorized intruders sometimes, and the secured data could be revealed. Security level must be controlled by the organizational authority to minimize the vulnerabilities in the security system (Yazdanmehr& Wang, 2016).
Training of the employees: The employees of the company Appliance online should be provided with proper training and guidance. Through appropriate training, they would be eligible for handling any tough situation with professionalism. In case of emergency, the employees would be eligible to protect the secured data from being hacked with efficiency. Security policies would be understood by the employees briefly for reducing the potential threat factors in the organization (Peltier, 2016).
Update the required tools: A healthy security system needs a regular update of the technological tools for developing the security department of the organization (Moody, Siponen&Pahnila, 2018). Appliance online company would require to detect the faults of the existing tools and update them as per the requirements. The devices would be secured with authentication for confirming the security of the organization. Vulnerability in a security system means the lack of proper technological support in the security system. Updating the required tools would fulfil the criteria of the security purpose of Appliance online (Moody, Siponen&Pahnila, 2018).
2.3 Plan for business continuity with technological change
Business continuity plan includes the process of creating a technical system that would protect the secured data and reduce the potential threat factors to the organization named Appliance online (Peltier, 2016). The method determines the protection and security of the online functions and activities of an organization. Technology has been improved day by day, and it had a practical positive impact on the business continuation process. IBM cloud data recovery process can be implemented by the management authority of the Appliance online (Hsu, Shih, Hung & Lowry, 2015).
Control of the business: IBM can control the bare metal access that allows the management authority to maintain the DR tooling and its activities in the security process. Cloud scalability of IMB helps the security authority to develop the quality of the business and continue the business of Appliance online (Hsu, Shih, Hung & Lowry, 2015).
Disaster recovery: IBM system helps an organization to recover its previous manual data and information for security purposes. The data could be improved with a low cost in case of an emergency. DR tool in the cloud data recovery process plays a crucial role in determining the estimated budget in the security process. The business would be continued without having an obstruction (Yazdanmehr& Wang, 2016).
Cloud-based backup: Appliance online company can adopt the cloud-based backup system for developing the security system of the business. It would help the company to continue the business planning along with cloud migration (Peltier, 2016).
Multiple solutions: Virtualized workloads would be managed through the implementation of IBM and cloud-based backup. It would have a positive impact on the continuation of the business. IBM would provide the automatic backup facility to the company along with the recovery guarantee (Moody, Siponen&Pahnila, 2018).
Information security policy: Information security policy would secure the confidential data of Appliance online in terms of continuing the business. Required updates of the existing versions of the security systems would be done by the information security policies of the organization (Safa, Von Solms&Furnell, 2016).
3. Information systems for Ethical and Legal Compliance Framework
Ethical and Legal variables provide a significant role in making adjustments in the midst of business processes within the organisation-appliance Online. These specific elements are to be considered with resource planning priorities and appropriate management in order to overcome the unfavourable circumstances that generally arise suddenly. Proper consideration of ethical and legal issues gets adequate solutions in this specific subject of debating. Within the mentioned sub and distended evaluation get given for the identified points listed concerning the two different kinds of the account needed to comprehend the circumstances that may arise. It is optimistic that, developing policy for the risk mitigation of the chosen organisation – Appliance Online.
Figure 3: Ethics and Compliance Program and Risk Exposure Framework
(Source: Self Creation)
Concerning the above framework, it can be said that the structure is efficient to outline the components of the Appliances Online. The dynamic plan for risk mitigation would be applied toward every compliances of the risk domain. According to this above framework, some basic rules can be used in accord with the risk assessment. The constant of regularity environment increase the vulnerable factors of the chosen organisation. It is specifically for the other organisations those operating in accord with the global scale. The complexity of the above framework has considered as penalties.the risk landscape for the non-compliances information systems for compliance has implemented with this ethical framework. This framework, along with the other penalties for the non-compliance, entirely makes it essential for the Appliance Online.
On the contrary, this framework would include proper ethics and compliance risk exposure. This comprehensive framework would evaluate and prioritise the identified risk. According to the complete information, the Appliance Online would improve its effective mitigating strategies in order to reduce a similar information system regarding ethics failure. It is optimistic that, across the marketplace, this organisation would compete over its competitors in the industry.
After a period of a vast regulation, different kinds of organisations have seen to face the rapid growth regarding the recent laws. The standards and rules are considered for increasing complexity. As a result, an enormous effect on the way of conducting their daily legal ethics and includes the non-similar changes in the chosen organisation along with their governance structures. The other factors, such as software systems and communication flow, would implement its corporate culture and organisational authority (Anderson, Christ, Dekker &Sedatole, 2015).
Figure 5: Framework of Information Systems for Legal Compliances
Considering the above framework, it can be said that, shortly, concerning the legal compliances would affect the information systems (IS). IS discipline is regarded as one of the reasons behind the legal agreements become relatively low. The different deregulation efforts are found as another reason behind the inviolable factors of the legal compliances. The framework states that the information system of chosen organisation Appliance Online consisted of the principles of code of Practice for Information Security Management. Concerning the reasons, it can be stated that the Appliance Online is still struggling with the holistic regulated implement of legal compliances. The facts carry the numerous reasons behind the truth, including the less sense of urgency, missed insights and the indistinct work responsibilities. These facts have considered as relevant for the management of IS legal compliance of the chosen organisation. However, this framework intends to reveal the overview of the knowledge of the legal compliances.
According to the policy of the future risk mitigation of the chosen organisation, this framework would evaluate the respective contributions and the regulatory compliances from the perspective of Information Research System (ISR). It is optimistic that this legal compliances framework would identify the areas that have already gained the disciplines and attention. Not only that, but the neglected would also be defined as well. In a sense, the scope of future research of the 'Appliances Online' would point out. The strategy concerning the information systems for compliance ethical and legal would recapitulate the current state of the study (Lehnert, Craft, Singh & Park, 2016). Moreover, the aforementioned FFramework would recommend the areas that require developing for further solution.
It can be concluded that the Information security policy had been considered as a policy set for the development of an organization. The set of plans had been issued by the specified organization for ensuring the factor the users of information technology within the organization’s domain were related to the security system of the organization. However, some security policies had been implemented in the organization Appliance online for minimizing the risk factors in the organization. Vulnerabilities indicated to the imperfection of the security system within the organization. Loss or harm was being created for the vulnerabilities in the security system. It had been analyzed that the first step of controlling potential threats and vulnerabilities in an organization was to identify the risks factors. The factors that could harm the security policies of the organization. Technological changes in the business plan had helped the study to analyze the factor that security system of Appliance online needed technological support. The ethical and legal framework had been addressed in the study for understanding the compliance of the information system, along with some recommendations.
Analysing the Ethical and legal Framework, it can be said that the specific solutions are needed in the areas of some ethical issues. These problems are linked to the application of an information system within the chosen organisation. The recommendations are as follows:
The implemented legal issues of Information Systems within the business process of Appliances Online require some particular solutions that are as follows:
The inefficiency of the consumer-based those handles the digital platform of the Appliances Online has considered as another major issue. The solution regarding this issue consisted of implementing the interactive process as well as secures methods. The provided suggestion would enhance the interface of the Graphical Users around the digital implicated business procedures. It is hopeful that this particular recommendation would ensure a way of understanding the methods quickly. It is worth mentioning the fact that these methods contain the service provision and the service seeking of the users.
Badwan, J. J., Al Shobaki, M. J., Naser, S. S. A., &Amuna, Y. M. A.(2017). Adopting technology for customer relationship management in higher educational institutions. International Journal of Engineering and Information Systems (IJEAIS), 1(1), 20-28. https://hal.archives-ouvertes.fr/hal-01500365
Wennersten, R., Sun, Q., & Li, H. (2015). The future potential for Carbon Capture and Storage in climate change mitigation–an overview from perspectives of technology, economy and risk. Journal of Cleaner Production, 103, 724-736.
Safa, N. S., Von Solms, R., &Furnell, S. (2016). Information security policy compliance model in organizations. computers& security, 56, 70-82.
Moody, G. D., Siponen, M., &Pahnila, S. (2018). Toward a unified model of information security policy compliance. MIS Quarterly, 42(1).
Peltier, T. R. (2016). Information Security Policies, Procedures, and Standards: guidelines for effective information security management. Auerbach Publications.
Hsu, J. S. C., Shih, S. P., Hung, Y. W., & Lowry, P. B. (2015). The role of extra-role behaviors and social controls in information security policy effectiveness. Information Systems Research, 26(2), 282-300.
Yazdanmehr, A., & Wang, J. (2016). Employees' information security policy compliance: A norm activation perspective. Decision Support Systems, 92, 36-46.
Goodman, S., Straub, D. W., & Baskerville, R. (2016). Information security: policy, processes, and practices. Routledge.
Flowerday, S. V., &Tuyikeze, T. (2016). Information security policy development and implementation: The what, how and who. computers& security, 61, 169-183.
Safa, N. S., & Von Solms, R. (2016). An information security knowledge sharing model in organizations. Computers in Human Behavior, 57, 442-451.
Safa, N. S., Sookhak, M., Von Solms, R., Furnell, S., Ghani, N. A., &Herawan, T. (2015). Information security conscious care behaviour formation in organizations. Computers & Security, 53, 65-78.
Wang, M., Zhu, L., & Zhang, Z. (2016). Risk-aware intermediate dataset backup strategy in cloud-based data intensive workflows. Future Generation Computer Systems, 55, 524-533.
Darwazeh, N. S., Al-Qassas, R. S., &AlDosari, F. (2015). A secure cloud computing model based on data classification. Procedia Computer Science, 52, 1153-1158.
Anderson, S. W., Christ, M. H., Dekker, H. C., &Sedatole, K. L. (2015). Do extant management control frameworks fit the alliance setting? A descriptive analysis. Industrial Marketing Management, 46, 36-53. https://doi.org/10.1016/j.indmarman.2015.01.004
Safa, N. S., Von Solms, R., &Furnell, S. (2016). Information security policy compliance model in organisations. computers& security, 56, 70-82. https://doi.org/10.1016/j.cose.2015.10.006
Lehnert, K., Craft, J., Singh, N., & Park, Y. H. (2016). The human experience of ethics: A review of a decade of qualitative ethical decision‐making research. Business ethics: A European Review, 25(4), 498-537. https://doi.org/10.1111/beer.12129