Question
Task Description : You will analyse the scenario given on page 3, and write a report that discusses how you apply the principles of information security risk management as well as information security certification and accreditation to the organisation in the given scenario. You should ensure that you support your discussion with references and justify the content of your discussion.
Answer
Executive Summary
This information security risk management assignment presents a summary of the need for internet and information security for an Australia based institute that provides nursing training to students. The need for the institute to safeguard their intellectual property has been discussed in the initial sections of the information security risk management assignment. Further, a detailed analysis of the measures that NTN needs to take in order to protect their data and information have been discussed.
The final sections of the information security risk management assignment discusses the importance of these measures for the institute and the long term changes that they can experience in the working of their organization and their market performance after getting the safety certification that they seek to get.
Introduction
NTN is an institute that provides training and education to students who wish to develop a career in the medical areas. Apart from this, the institute also employees the students into various door to door medical care providing services that they call mobile hospitals along with the video lectures that they deliver into their branch institutes through live streaming from Sydney to their branches in Darwin and Cairns. Due to this dependence on the connectivity services, there is a need for the institute to implement internet security measures into their system (Peltier, 2016).
The organization has decided to take up Information Security Risk Management and Information Security Certification and Accreditation methods in order to evaluate the potential risks to the intellectual property of the organization and for the protection of the same. This information security risk management assignment aims to analyze the various aspects of these systems and the way in which employing these measures can benefit the operations and services that NTN provides to their patients and students.
Discussion
As stated by Soomro, Shah and Ahmed (2016), in the present times, technology plays a very important role in our everyday lives. There are personal as well as industrial uses to internet and all other associated technical advancements that has completely revolutionized the lives of people of all age groups living anywhere across the globe.
Internet Usage for NTN: Internet is the life line for operations in a number of industries. For institutes like NTN, internet based technological advancements play the role of the central nervous system of the institute. The institute has around five locations connected with the headquarters. Out of which the main branch of the institute located in Sydney is connected with two other branches of the institute that are located in Darwin and Cairns. Apart from this, the institute has associated with two major nursing homes where they recruit their students to perform field work. These students are also connected with and guided by the Sydney headquarters of the institution through internet (Cavusoglu et al. 2015).
Apart from this, a number of mobile vans that take students associated with the institute to the homes of a number of patients who cannot come to hospitals for conducting regular check ups on them. These vans store and transfer data to the main head office of the institute located at Sydney as well.
Need for Internet Security in NTN: According to Tu and Yuan (2014), internet has made the life of many people easier and many industries have also adopted it for making sure that a smooth, advanced and continuous work flow is managed. Internet has revolutionized the hospital and nursing industry by allowing a number of patients and doctors to stay in touch all through the day even remotely. This has made the best medical service accessible to the patients located at far off places.
However, it has also been seen that hospital and medical industry is the one that is affected by data breaches all across the globe more than what one can expect. With one out of every seven data breaches that happened in the past year in the world, the need for providing security to the internet based operations of medical institutes and hospital has been felt.
It has been seen that data breaches in the hospital and medical industry are attempted because of the valuable information that is stored in these databases. The hackers are often looking for data like passwords, phone numbers, addresses, payment information and other very sensitive data. Apart from this, education sector is also a primary target of the hackers because of the valuable research and other information that is usually stored in the databases of educational institutes (Siponen, Mahmood and Pahnila, 2014).
Security Threats to NTN: Due to the increasing threats and reports of data breach in the hospital and education industry, NTN can be classified as an institute that is highly vulnerable. With the increasing dependency of NTN on internet, the need for security of the data has risen remarkably. As the institute is expanding their business with the help of more and more technologies that make use of internet for establishing communication and sharing data, the concern for security has become primary in the present scenario.
The threats to the databases of the institute are because of two major types of information that can be found with them.
Information Security Risk Management: According to Fakhri, Fahimah and Ibrahim (2015), Information Security Risk Management is a process that is designed to analyze and manage the risks to information security for companies that use internet and similar connectivity services to provide services to their customers. the end objective of risk management systems is not to eliminate all risks for the specific industry of company, but to make risks tolerable and bearable for them.
There are three main stakeholders in case of the information security risk management process:
Execution of Information Security Risk Management: There are six major steps that are involved in the process of Information Security Risk Management that NTN needs to follow in order to ensure successful application of the process for them.
1. Identification: Identification od the potential risks and methods to mitigate them is the first step that needs to be accomplished for starting the risk management process. It includes identifying the following major areas:
2. Assessment: This step analyzes the potential risks to the data that is the property of an institution by applying a common formula on the information that has been gathered in the identification process. The basic formula for assessing the risk factor that is used is: Risk = (threat x vulnerability (exploit likelihood x exploit impact) x asset value ) - security controls
3. Treatment: On the basis of the risk analysis and the findings from the process, the organization looks for strategies and methods to deal with this sensitive information and its protection. There are a few areas that organizations take into account while choosing treatment options (Ab Rahman and Choo, 2015).
4. Communicating the risks: It is note that after the risks to an organization have been identified and strategies for reducing the effect of the risk has been identified and applied, it id also very important to establish a network within the organization and inform all internal employees of the company about the measures that have been taken. This should be done in order to ensure that internal risk is minimized (Layton, 2016).
5. Repeating management checks: Risk management is not a one time process. With the constantly evolving technologies, the risk factors and areas are also growing at a continuous rate. Hence, after the application of risk management strategy once, the owners and managers of the organization are responsible to keep in touch with the technicians in order to identify all the latest risks and find methods to manage them.
Information Security Certification and Accreditation: As stated by Baskerville, Spagnoletti and Kim (2014), this is a certified process that organizations go through in order to manage the certification and accreditation of the security systems that they are using. Certification and Accreditation is the formal process that a company takes up in order to establish, include or start a process in their organizational and operational routine. The Certification and Accreditation process can be taken up by an organization keeping in mind either the standards of the process set by the state that they are operating on. An alternative to this is the international Certification and Accreditation process that an organization can use in order to make their processes and operations more secure and less prone to risks.
Execution of Information Security Certification and Accreditation process: In a common usage, there are four steps to Certification and Accreditation process that each organization has to take in order to implement the process within their system.
Impact of Implementing Certification and Accreditation and Risk Management Practices for NTN: When it comes to internet security, the vulnerability of health care institutions has been found out recently. By employing the internet security measures like certification and accreditation along with management of threats, NTN can assure better services to their clients. The clients of the health care institute will be able to conduct their transactions and share the personal and medical data with the medical professionals of the company on a more frequent basis due to the security of the system that they will be using (Ahmad, Maynard and Shanks, 2015).
This will also ensure that the services that are provided to the customers of the organization are improved, updated and secure. This will lead to an increase in the satisfaction levels of the customers and hence, will reflect positively on the market value of the institution.
The accreditation criteria that NTN is going to be subjected to after the process is complete will also set certain quality checks and standards for them and will also make sure that these standards are met continuously by the services that are provided by NTN to their patients. It will also ensure an increase in the number of students in the institution that will rely on the security system and will not be afraid to experiment and engage in development of new processes and technologies that can be developed in future for the greater good of mankind and to provide better health care facilities to people in the convenience of their homes (Sommestad et al. 2014).
Conclusion
The report has taken into consideration the two internet security measures that NTN aims to use in their organizational operations and for their data management and security of the intellectual knowledge that they possess. The institute aims to employ Information Security Risk Management and Information Security Certification and Accreditation systems into their processes to make sure that the databases of the organization are safe and secure.
These processes are conducted by various authorities with the aim of analyzing the potential threats to an organization and suggesting measures to deal with them. The Information Security Risk Management system deals with the data that is of more value to the company and suggests measures for its protection. The Information Security Certification and Accreditation system is a government recognized system that provides safety and security solutions for the company and also insures them against unknown risks.
Both these measures can be employed by NTN in order to safeguard their intellectual assets and to protect the sensitive information they possess. This can further help the institution to win the confidence of their students as well as patients and an increased customer satisfaction will be ideal driving force for the market value of the company. Information security risk management assignment are being prepared by our IT management assignment help experts from top universities which let us to provide you a reliable help with assignment online service.
References
Ab Rahman, N.H. and Choo, K.K.R., 2015. A survey of information security incident handling in the cloud. Computers & Security, 49, pp.45-69.
Ahmad, A. and Maynard, S., 2014. Teaching information security management: reflections and experiences. Information Management & Computer Security, 22(5), pp.513-536.
Ahmad, A., Maynard, S.B. and Park, S., 2014. Information security strategies: towards an organizational multi-strategy perspective. Journal of Intelligent Manufacturing, 25(2), pp.357-370.
Ahmad, A., Maynard, S.B. and Shanks, G., 2015. A case analysis of information systems and security incident responses. International Journal of Information Management, 35(6), pp.717-723.
Baskerville, R., Spagnoletti, P. and Kim, J., 2014. Incident-centered information security: Managing a strategic balance between prevention and response. Information & management, 51(1), pp.138-151.
Cavusoglu, H., Cavusoglu, H., Son, J.Y. and Benbasat, I., 2015. Institutional pressures in security management: Direct and indirect influences on organizational investment in information security control resources. Information & Management, 52(4), pp.385-400.
Fakhri, B., Fahimah, N. and Ibrahim, J., 2015. Information security aligned to enterprise management. Middle East Journal of Business, 10(1), pp.62-66.
Laudon, K.C. and Laudon, J.P., 2015. Management information systems (Vol. 8). Prentice Hall.
Layton, T.P., 2016. Information Security: Design, implementation, measurement, and compliance. Auerbach Publications.
Lim, J.S., Maynard, S.B., Ahmad, A. and Chang, S., 2015. Information security culture: Towards an instrument for assessing security management practices. International Journal of Cyber Warfare and Terrorism (IJCWT), 5(2), pp.31-52.
Narain Singh, A., Gupta, M.P. and Ojha, A., 2014. Identifying factors of “organizational information security management”. Journal of Enterprise Information Management, 27(5), pp.644-667.
Peltier, T.R., 2016. Information Security Policies, Procedures, and Standards: guidelines for effective information security management. Auerbach Publications.
Safa, N.S. and Von Solms, R., 2016. An information security knowledge sharing model in organizations. Computers in Human Behavior, 57, pp.442-451.
Safa, N.S., Sookhak, M., Von Solms, R., Furnell, S., Ghani, N.A. and Herawan, T., 2015. Information security conscious care behaviour formation in organizations. Computers & Security, 53, pp.65-78.
Silva, M.M., de Gusmão, A.P.H., Poleto, T., e Silva, L.C. and Costa, A.P.C.S., 2014. A multidimensional approach to information security risk management using FMEA and fuzzy theory. International Journal of Information Management, 34(6), pp.733-740.
Siponen, M., Mahmood, M.A. and Pahnila, S., 2014. Employees’ adherence to information security policies: An exploratory field study. Information & management, 51(2), pp.217-224.
Siponen, M., Mahmood, M.A. and Pahnila, S., 2014. Employees’ adherence to information security policies: An exploratory field study. Information & management, 51(2), pp.217-224.
Soomro, Z.A., Shah, M.H. and Ahmed, J., 2016. Information security management needs more holistic approach: A literature review. International Journal of Information Management, 36(2), pp.215-225.
Tøndel, I.A., Line, M.B. and Jaatun, M.G., 2014. Information security incident management: Current practice as reported in the literature. Computers & Security, 45, pp.42-57.
Tu, Z. and Yuan, Y., 2014. Critical success factors analysis on effective information security management: A literature review.
Zammani, M. and Razali, R., 2016. An empirical study of information security management success factors. International Journal on Advanced Science, Engineering and Information Technology, 6(6), pp.904-913.
+61-3-9005-6676