Tuesday, May 5, 2020
Information Security Management Communication Policy
Question: You are required to analyse the scenario on page 3 and develop the following ISSP for the organisation described in the scenario: Wireless Communication Policy The ISSP should include: 1. Statement of Purpose 2. Authorised Uses 3. Prohibited Uses 4. Systems Management 5. Violations of Policy 6. Policy Review and Modification 7. Limitations of Liability You also need to include a section containing the justification of the contents of your policy as well as any assumptions that you have made. Answer: Assumptions From the given case study of farmer for Farmers (3F) it is assumed that the organization is going to implement new wireless communication policy in their information system. They have need to increase the security policy and manage the information system in a secure manner. The security policies should be implemented in an organized manner such that there is no loss in the connectivity and it increases the mobility for managing the network and the information system. The assumptions are made that the organization have a database for the information and it stores the number of farms it serves, the average size of the farms, the input that the farm takes and the out of the farm and the are they cover. It also contains the information about its staffs that are assigned for the area and assigned for the particular region. Process the order placed by the farmers and delivers the item to them. Tracking the delivery vehicle and provide feedback to the client regarding the delivery of the it ems etc. It is also assumed that the information system have some flaws in them are there is a requirement to identify them and mitigate as soon as possible. The organization need to resolve all the security issues related to their information system, there organizational data and algorithms are needed to be verified for expanding their service in New South Wales. The organization need to identify the authorised and the prohibited users of the system ad their effect on their information system. 1. Statement of Purpose Farmer for farmers wants to implement security policy to reduce their liabilities in the illegal activities that occurs from their network or outside. Proper authentication must be provided to the users and develop their information system to defend against any attacks. The main purpose of this document is to give some guidelines for installation of wireless communication policies in their information system. The wireless communication security policy protects the assets of the organization. The security practice and the measures taken for the mitigation of the 2. Authorised users The authorised users of the information system of farmer for farmers are the development team, the emergency response team, and the executives who are responsible for handling the system. The farmers and the other suppliers are also the authorised users of the system. The users must be authorised such that their activity can be tracked by the development team and the response team to meet their requirement. Inner dangers are from people that have true blue get to, for example, workers, ranchers, and suppliers. Insiders can be to a great degree hard to distinguish or to ensure against in light of the fact that the authorised users can access the framework, recognize the inner component of the information system, and it is probable that they know the flaws in the system and interrupt the inner frameworks. They can abuse the organization's IT assets and performs the port outputs on exterior frameworks and start assaults from inside the organization. The approved clients can get to, procedure, spread SPAM, SCAM, unapproved data (pay, mystery exchange) and/or noxious code and actualize unauthorised changes to the data residing o the information system and steal important documents of the organization for individual profit. The approved can likewise visit illicit download destinations and introduce unlawful programming into their PC (copyright encroachment). Passwords can act as a shield to s afeguard against unauthorised data access to the IT framework. Thus at this point when representatives share their secret key or leave their PC unprotected; it becomes easy for the unauthorised users to perform noxious activities on their system. 3. Prohibited Users The unauthorised or the prohibited users are the personnel who are not involved in the business process of the Farmer for farmer organization. They may be the competitors of the organization, hackers or intruders who can target the information system of the organization. There are several risks associated with the unauthorised access such as the data stored in the information system can be misused for the organization would face huge loss in their business. The External or the prohibited users intrudes into the system and steal the password or runs an application that can crack the password. There are many application and attack procedure like brute force attack, hybrid attacks and dictionary attack that can cause the information system in danger. Te weakness of the system is identified by the external user and they use the spoofing technique for this and attempts to gain access of the information system. If the intruder gets success they can obstruct the computer service and place malicious codes which can overload the resources of the computer and filling the storage space of the hard drive or resetting the subnet mask and accept request from the entire network. The overloading of the system can also cause denial of service to the administrator and the system would be down for its users. The hackers can also install secret software to track the activity of the system and get the trade secrets remotely and keeping of backdoors to easily get back in the system for future attacks. 4. Systems Management The information security system of Farmer for farmer organization is newly developed and they need to analyse the system before expanding its business. The company need to create an information security policy and need to confirm that their information system is secured and defend any types of external attacks. The management of the system is done by the system manager and he has the sole responsibility to resolve the security issues of the system. The IT managers of 3F manage the information system by identifying the risks associated with the system. The manager evaluates controls and resolves the risks for the proper management of the system. For the management of the information the preliminary step that the manager can take is to implement user name and password for every individual and this would help to keep the confidentiality of the user (Ward and Peppard, 2016). This process also helps to remove unauthorized access of the prohibited users. The Information Security network should not be used for any personal use of the employees because it may cause violation of the legislation in any nation (Rivera, Qamar and Mwandemere, 2016). The use of the organization network for illegal activity may occur if all the permission is granted to its employees and the organization might face prosecution for any alleged or wrong activity. Wireless technology might be utilized for both inward and remote system access, with secret key validation. New strategies are best outlined as an expansion to existing arrangements, to lessen copied exertion and clashing tenets (Tsuji, Hoogenboom and Thornton, 2013). While making a WLAN security strategy, reusing important parts of the wired system and framework security arrangements can assist the framework administrator with achieving reliable assurance. WLANs may posture extraordinary security chances and require some diverse measures, yet don't unnecessarily revaluating the wheel (Atzberger, 2013). The 3F network should authorise the device connected with the network such as the DHCP servers, NAT routers, DNS servers, Network Gateways, etc. Violations of Policy It is generally concurred that a lot of data frameworks (IS) security occurrences happen in the working environment since representatives undermine the existing Information System Security Policy (ISSP) (Fitzsimmons and Fitzsimmons, 2013). Keeping in mind the end goal to comprehend the components that compel representatives from abnormality and infringement of the authoritative ISSP, the previous working has customarily seen this problem through the viewpoint of formal prevention instruments; we proposed that we could better clarify representatives' ISSP infringement practices that are considered for both of the formal and casual control elements and also through considering existing discouragement hypothesis (Zhang and Kovacs, 2012). We in this manner built up a hypothetical model taking into account both discouragement and social bond hypotheses established in a social control point of view to better comprehend worker conduct in this setting. The model is accepted utilizing study i nformation of all the stakeholders of the organization. The experimental results highlight that both formal and casual controls significantly affect representatives' ISSP infringement aims (Kepchar, 2014). To be particular, representatives' social holding is found to impact and affect the farmers expectation to abuse ISSP. Social weights applied by subjective standards and collaborator practices likewise fundamentally impact representatives' ISSP infringement aims. In examining the formal endorses, the apparent seriousness of authorizations was observed to be noteworthy while, saw conviction of those approvals was definitely not (Tsuji, Hoogenboom and Thornton, 2013). We talk about the key ramifications of our discoveries for chiefs and analysts and the suggestions for expert practice. Information System security administration in associations is a troublesome assignment, particularly keeping away from the risk from insiders from inside the association. Workers' illicit and freak acts speak to a key danger to associations (Ward and Peppard, 2016). Data frameworks in a hierarchical setting are best communicated as a mix of innovation, individuals, and man-assertion. Among those three variables, individuals assume a key part during the time spent Information System security administration with the associations of both practice and research points of view, as individuals could be the weakest entity in Information System security. 6. Policy review and Modification The policy of the farmer for farmer information system is analysed and a lot of resources like the land for providing the fertilizers and the supplier sources are also analysed (Stirling, 2014). The content of the information system are also analysed for receiving and the transfer of the information. The 3f organization has the policy to satisfy and meet all the requirement of the customer and provide new features to customer such that they can improve the degree of usefulness of their information system (Landon, 2014). The new policy regarding the expansion of the business of 3F should be a modification of the existing policy and containing the previous policy and only add some rules. The new policy regarding the security of the organization should be approved by the stake holders of the organization (Fitzsimmons and Fitzsimmons, 2013). The copy of the new policy should be sent for approval and the official should note the affected stakeholders due to the change in the policy. The wellsprings of farming data positioned most oftentimes in the upper level, nearby gatherings and government expansion. Agriculturist preparing universities and composed visits were specified slightest as often as possible. Government farming expansion staff was specified as critical data sources considerably to seventy five percent of respondents, neighbors and relatives were recorded as amongst the most vital sources (Ifinedo, 2012). Non-Governmental Organizations and places of worship were critical wellsprings of data in a few divisions. Radio was specified as a critical medium of farming data. More investigation is done on the 3F organization and it is observed that the farmers perceived the data that has different characteristics. The farmer welcomes the auspiciousness, unwavering quality of data and precision. 7. Limitations and Liability The current research has various impediments that ought to be tended to in future examination. In the first place, as information is gathered from a solitary source and at a solitary purpose of time, there might be limitations. Nonetheless, evaluation of representative behavioral goals and recognitions by means of self report is liable to be more exact than appraisal through others reports, since workers ought to be more mindful than others of their own expectations and observations (Zhang and Kovacs, 2012). Also, the Harman's single variable test recommends that 3F does not give off an impression of being a genuine danger to the study. In any case, with regards to the quality of this study, a future study can gather information through a longitudinal configuration (Fountas et al., 2015). Specià ¯Ã ¬Ã cally, the needy variable could be gathered in the à ¯Ã ¬Ã rst wave and the free information in the second. The second constraint states the utilization of expectation as the reliant variable, which brings up the issue of whether aim in-manages genuine conduct. Regardless of the backing in the writing for utilizing goal as an indicator of real conduct, there is no certification that people would carry on as they have demonstrated (Schroeder, 2012). Future examination ought to reevaluate the information system in a connection where real conduct can be measured to add extra validity to the model. Third, the estimation of arrangement infringement in this study is restricted to the specific theoretical situations picked. In spite of the fact that the situations cover an extensive variety of security issues, they do exclude each kind of representative infringement practices (Kshetri, 2014). Future exploration ought to test the logical force of our model on a bigger number of infringement practices. At last, the majority of the respondents are youthful, junior staff with less experience. There could be social contrasts among locales with individuals of distinction eras (Kepchar, 2014). The conclusions inside this paper just speak to a depiction of the representatives in a given district and especially for the youthful era that could make further speculations outside this setting risky. Justification Organizations are progressively reliant on PC/system innovation for enhancing the effectiveness and profitability of their business so as to survive and flourish in today's aggressive world. Similar thing has happened in case of Farmer for farmer organization. It is a business need and in some cases is a legitimate prerequisite to secure their exclusive data against the dangers of unapproved exposure, adjustment, and devastation, PC extortion, and administration interruption (Kshetri, 2014). Organizations may endure money related and profitability misfortunes, and in addition loss of notoriety because of broad inside and/or outer security dangers (Salkintzis et al., 2012). A legitimately actualized coherent access control accommodates the protecting of benefits against dangers, guarantees business coherence, minimizes potential harms, and amplifies rate of return. Solid intelligent access control incorporates sound security approaches, plainly characterized security models, very much planned framework design, legitimate execution of security systems, for example, passwords, encryption, and access control records, and firewalls (Whitman and Mattord, 2012). Access to data ought to be represented by the need-to-know rule. Just with the legitimately composed and executed sensible access control the organizations have the capacity to understand the advantages and capability of personal computer. This will give their business the edge over their rivals to abstain from being attacked by the intruders and hackers. At this stage, the surprising components of the framework are its fracture and the presence of solid limits that seem to disengage the subsystems and the gatherings of ranchers. The data framework investigation demonstrates that more intelligent data sources are required (Alguliyev and Beardsley, 2012). This may animate ordinary poor ranchers to change over to the present day methodologies of cultivating. These progressions could have been animated by more dynamic specialists working with chose nearby pioneers on the off chance that they had created and enhanced associations with open (particularly expansion and examination) and private data sources, composed regular exercises with them, utilized more broad communications data sources, got data from every one of these sources and exchanged data to the makers (Ifinedo, 2012). References Alguliyev, R.M. and Beardsley, S.C., 2012. Problems of Information Technology and the Problems of the Information Society journals.The Global Information Technology Report 2012. Atzberger, C., 2013. Advances in remote sensing of agriculture: Context description, existing operational monitoring systems and major information needs.Remote Sensing,5(2), pp.949-981. Fitzsimmons, J. and Fitzsimmons, M., 2013.Service management: Operations, strategy, information technology. McGraw-Hill Higher Education. Fountas, S., Sorensen, C.G., Tsiropoulos, Z., Cavalaris, C., Liakos, V. and Gemtos, T., 2015. Farm machinery management information system.Computers and Electronics in Agriculture,110, pp.131-138. Ifinedo, P., 2012. Understanding information systems security policy compliance: An integration of the theory of planned behavior and the protection motivation theory.Computers Security,31(1), pp.83-95. Kadtke, J. and Wells, I.I., 2014.Policy Challenges of Accelerating Technological Change: Security Policy and Strategy Implications of Parallel Scientific Revolutions. NATIONAL DEFENSE UNIV FORT MCNAIR DC CENTER FOR TECHNOLOGY AND NATIONAL SECURITY POLICY. Kepchar, K.J., 2014, July. 6.3. 1 Shifting Decision Perspectives for the System Engineerà ¢Ã¢â ¬Ã Integrating System Security Into the Mix. InINCOSE International Symposium(Vol. 24, No. 1, pp. 512-523). Kshetri, N., 2014.Global entrepreneurship: environment and strategy. Routledge. Landon, J.R., 2014.Booker tropical soil manual: a handbook for soil survey and agricultural land evaluation in the tropics and subtropics. Routledge. Rivera, W.M., Qamar, M.K. and Mwandemere, H.K., 2016. Enhancing coordination among akis/rd actors: an analytical and comparative review of country studies on agricultural knowledge and information systems for rural development (akis/rd). Salkintzis, A.K. and Droste, S.T., Motorola-Mobility, Inc., 2012.Wireless communication device, wireless communication system, and method of routing data in a wireless communication system. U.S. Patent Application 13/010,641. Schroeder, H., 2012. Transforming Agriculture for Sustainability: The Art and Science. InSustainable Agriculture Reviews(pp. 31-42). Springer Netherlands. Stirling, G.R., 2014.Biological control of plant-parasitic nematodes: soil ecosystem management in sustainable agriculture. CABI. Tsuji, G.Y., Hoogenboom, G. and Thornton, P.K. eds., 2013.Understanding options for agricultural production(Vol. 7). Springer Science Business Media. Ward, J. and Peppard, J., 2016.The Strategic Management of Information Systems: Building a Digital Strategy. John Wiley Sons. Whitman, M.E. and Mattord, H.J., 2012.Roadmap to Information Security: For IT and Infosec Managers. Cengage Learning. Whitman, M.E., Mattord, H.J., Mackey, D. and Green, A., 2012.Guide to Network Security. Cengage Learning. Zhang, C. and Kovacs, J.M., 2012. The application of small unmanned aerial systems for precision agriculture: a review.Precision agriculture,13(6), pp.693-712.
Subscribe to:
Post Comments (Atom)
No comments:
Post a Comment
Note: Only a member of this blog may post a comment.