Design validation of information security - MyAssignmenthelp.com

Question: 1. Identification of information assets of A4A. 2. Identification of InfoSec risks associated with the information assets. 3. Can these risks be different depending on the member institution where a member works? Answer: Answer 1: Information asset of an organisation is the organisations system information that stays managed and organized as a unit. The information asset of the considered organisation are discussed as follows: Financial information: The method by which the firm collects the donation from the public for its operations. The cost associated with its activities and projects (Peltier 2016). All the financial information such as financial reports and accounting data. Services: The services that the considered organisation offers is also included in the list of their informational data. The short-term or long-term assignments, marked assignments, emails and exams they get from their member institutions are also included. Research and development done for the organisation and its member institutions are also its information assets. Operations: The recruiting process as a member of the organisation. The test, the interviewing methods and the training material they provide to their new members are included in this category. Documentation and software used for the purposes mentioned above are also included in their information assets. EDM (Enterprises Data Management): EDM refers the efficacy of a firm to develop, upgrade, manage and disseminate information for all application, time requirement of entities, data delivery accuracy and the processes. The ultimate goal of the former is to avoid any issues or conflict developed as a result of mismanagement. The protocols and system of an EDM is an informational asset of the A4A. Members Information: The members of A4A and their details that have been kept by A4A is their informational asset. The details of the member staffs and their relation and dependency on the firm and vice versa is also an informational asset of the firm. Answer 2: Assessment of the information security threats of information assets is critical to design the security system for the assets. The threats that may be associated with the assets are discussed as follows. Administrative/Personal threats: These treats for the organisation may arise if any of the 10-member staff decided to go rogue. The members may use the organisations information for their personal use or malicious purposes (AlHogail 2015). The members are authorized to access the specific information (like emails, exams and marked assignments) which they can tamper with. Theft of the hardware or resources also is a possible information security threats. Network: Eavesdropping or wiretapping are some of the network-related security threats to the information. These situations can be developed while communications equipment or the lines are facing errors. Spying and spoofing also are network related information security threats to the organisation. Hardware: Failure of the necessary hardware at the headquarter and the branch office may put their information assets at risk. The considered situation can be great danger if the firm is still operational over the primitive methods. The failure will also have a negative impact on the firm economically. Software: Failure to the software that holds or processes the assignments, proposals, members information may also arise informational security threats. The considered systems will influence the operations of the firm and keep the operations on hold. Recovering the lost data or getting the software to work again is a complex task that may take a lot of effort and time. Environmental and physical security: Any destruction caused due to human-made or natural disaster also puts the information security at risk (Shameli-Sendi, Aghababaei-Barzegar and Cheriet 2016). Answer 3: The risk may not differ depending on the member institution. Though, it can be stated the chances of arousal of a particular risk may differ depending on the member institution. The reason for stating that is that the environmental/physical risks are associated with the climate of the country in which the member institution is established. In the considered case A4As Australian branch is more vulnerable to environmental threat than Singapore. Network related information threats depend upon the bandwidth (which differs in different countries). The following example can explain this threat; Singapore uses more bandwidth than Australia, hence the network related security threats can be optimised in Singapore much more comfortably than in Australia (NewsComAu, 2018). On the other hand, threats like personal threats are standard for all firms irrespective of their location or method of operation. The reason for stating the statement mentioned above is that personal threats refer to the threat proposed by the employees. Hence, it cannot be predicted. The same can be assumed for hardware and software threats. Henceforth it is recommended that the information security policy should be developed taking consideration of the different threats proposed to it. Though some part of the policy can be kept constant to tackle the threats that are common for different firms. References: AlHogail, A., 2015. Design and validation of information security culture framework.Computers in human behavior,49, pp.567-575. NewsComAu. (2018).Its not just you download speeds are low Down Under. [online] Available at: https://www.news.com.au/technology/online/nbn/australian-download-speeds-languish-in-50th-place-behind-new-zealand-thailand-and-kenya/news-story/8df36cfaaff9c36669566513b0dbc38a [Accessed 6 Jan. 2018]. Peltier, T.R., 2016.Information Security Policies, Procedures, and Standards: guidelines for effective information security management. CRC Press. Shameli-Sendi, A., Aghababaei-Barzegar, R. and Cheriet, M., 2016. Taxonomy of information security risk assessment (ISRA).Computers Security,57, pp.14-30.