The assumptions in developing the ISSP are listed below-
1) The existing information system is properly secured and no data breach through the system is possible by any means. This includes the protection of the data of the information system database by proper cryptographic method and can only be accessed with the help of a valid username and password. Even the admin of the system should register into the system to access, update, delete or modify the data (Ifinedo 2014).
2) The second assumption is that the system abides by the compliances of the local government and does not practice any illegal activities itself and the organization A4A is a registered NGO.
3) The third assumption is that, the members of the organization will abide by the copyright policy set and the organization will dictate their policy to every member. The existing members of the organization have full right to know about the copyright policy and its terms and condition. The existing members will be notified by the new copyright policy via an official email (Sommestad et al. 2014).
This policy addresses the fair and responsible use of the data and the information produced by the members of A4A (Höne and Eloff 2002). This includes but is not limited to the assignments, learning lessons, class notes and exams. It is only intended for the authorized users of A4A, and should be handled and stored by the information system of A4A irrespective of the location where the member of A4A is working. Authorized users include anyone who has been recruited by the A4A and is granted approval to access and information system of A4A. This includes the private universities and colleges as well as the members of A4A. The authorized users of the information system of A4A are expected to understand and comply with the document of information security policy. A4A was established last year and until now, they have not enforced any copyright policies on its resources. A4A at present has a team of 10 staff members who are allocated in different projects. Therefore, it becomes difficult to track if any of the members are misusing or circulating the resources of A4A. This policy is thus enforced to ensure the responsible use of the organizations property and prevention of circulation of any data even by the author (Safa, Von Solms and Furnell 2016).
Only the members of A4A are permitted to access the information system of A4A. The information system should be accessed only after properly imputing the user id and password. The information should be accessed only for business operations, which is in this case providing services to the registered universities and colleges. The user id and password are safely secured. The user id should be unique so that no duplication is possible. The authorized users only have the power to access the data or upload data into the system (Al-Omari, El-Gayar and Deokar 2012). The authorized user have no permission to use or access the data outside the organization as all the information should be handled and stored by the information system of A4A and will remain its property irrespective of the location in which the members work. Once uploaded in the information system of A4A, the data or the information will be termed as the property of organization and by no means it should be replicated or circulated. The authorized users are allowed to access the information system but are not allowed to circulate it. The registration procedure of the members is properly secured by cryptographic methods and no duplication of data is possible (Pensak et al. 2001).
The people who are not members of A4A are prohibited to use the information system. The members who are working at the institution are not allowed to replicate or circulate the information and data of the organization without the organization’s permission. Any replication of the data if found will be considered as the breach of the copyright policy and legal actions will be taken against the members if found guilty. The authorities reserve the right to detain and blacklist the member. The registered universities and colleges in Australia and Southeast Asia can only access the information (Wang et al. 2010). The information can be used by these colleges and universities for their own purpose and should not be replicated and circulated in any manner. The copyright law prohibits the circulation of A4A materials beyond the group of registered colleges and universities (Whitman, Townsend and Aalberts 2001). If this law is violated, A4A reserves the right to take legal actions against those colleges and universities. The type of actions to be taken against the violator of the policy will be decided by A4A.
It is the responsibility of the manger of A4A to ensure that the access of the information system has only been given to the authorized members of the organization. This can be ensured by allowing entry to the system only to the registered members after proper authentication by inputting the user id and password. It is the responsibility of the A4A to define the authentication and registration requirements as well as development and definition of necessary compliance standards (Laudon et al. 2012). A4A reserves the right to audit all data associated with the information system. A4A is responsible for handling the information and storing it in a secure manner. The information must be stored in the database of the information system properly in order to ensure compliance with various regulations and to guard the future of the organization. A4A reserves all rights to limit the information use (Peppard and Ward 2016). It reserves the right to monitor, access and review then information stored in the system and the members who are accessing the information. It is the responsibility of A4A to keep the passwords and the accounts secure in order to prevent any unauthorized access. Furthermore, it is the responsibility of A4A to ensure that the any information security issues and incident is properly taken care of. Moreover, it is also the responsibility of the members to ensure that they have the appropriate credentials and are authorized to use the services (Coronel and Morris 2016). Moreover, the members should take extreme caution while operating the information system of the organization.
In the event of inappropriate use of the information system of A4A and its relevant data, A4A reserves the right to take whatever actions deemed appropriate for the specific situation including, but not limited to the termination of the member, blacklist him or her or take legal actions against the member. Guidelines for action, which includes a warning for the first time violators, are warned by dropping a formal email for further occurrences. All violations of this policy should be reported to the manager of A4A who will in turn report the violation to the information security department for further actions (Belleflamme and Peitz 2014). The information security department or the personnel will be responsible for verifying the occurrence of the infringement of the copyright policy before taking any actions. The warning given to the members should be formal and specific according to the policy. The warning would be an ultimatum to the members, further infringement or violation of the copyright policy will be considered as a serious offence, and necessary actions will be taken against the member. The violation of the policy should no way be justified or can be justified and the violator would be entitled to strict actions taken against him/her (Bridy 2012).
The policy will be periodically reviewed by the A4A information security on an annual basis or as necessitated by the changes in the terms and policy of A4A, and would be modified when appropriate. The policy is expected to be upgraded time to time. The modification of the policy includes inclusion of additional clauses as the system changes or evaluates over the course of time. The review of policy includes analysis of the appropriateness of the existing policies and services (Peltier 2004). It is the responsibility of A4A to ensure that the policies and procedures are reviewed and amended. The review policy is to be ensured by setting agendas for reviewing the policies and procedures in regular meetings. Any new policy or procedure can be added to the copyright policy and the existing policies can be updated time to time. The organization reserves the right to update their policies whenever they wish to. The review of the policy will be according to the guidelines set by the organization. The review of the policy will be performed in a systematic way and will mainly deal with updating or modifying the security policy of the information security system. The policies and procedures are decided to be amended annually. This timeframe is subjected to change if there is a need for reviewing the policy within one year of its enforcement.
A4A assumes no liability for unauthorized acts that violate local, state or federal legislations. In the event of such an act occurring, A4A will immediately terminate its relationship with the violator and blacklist the violator. Furthermore, the A4A will not provide any legal protection and assistance to the violator. All the members will be notified about the security and the copyright policy and even after having a clear idea of the policy, any member violates the law, the member will be appropriately punished. The organization reserves the right to punish the member by terminating his/ her membership and/or taking legal actions against the member. The members or outsider who will infringe the copyright policy will solely be responsible for the consequences. The organization holds no liability for the intruder and will be forced to take legal action on occasion of illegal or unauthorized use of the organization’s resources (Pallante 2012). The copyright policy clearly defines and limits the use of the organization’s resources and should be by no means used, circulated, or replicated for personal use or benefits. If a member is found guilty, the organization reserves the right to take suitable actions against the violator of policy and terms. The new members to be recruited henceforth must agree to the terms and conditions of the copyright policy before joining the organization. Therefore, there remains no scope for violating the rules and policies stated in the copyright policy and thus, the NGO holds no liability for unauthorized use of the organization’s resources or infringement of the policy (Baskerville and Siponen 2002).
The copyright policy clearly defines that the information provided by the members after recruitment will not be a property of the member but will be a property of the organization. The copyright policy is developed stating all limitations of use of resources outside the organization’s information security system. The members are asked to go through the copyright policies and its terms and conditions thoroughly. Therefore, the violation of the policy by no means will be tolerated. The policy is justified as the as the members are working for the organization and the organization is providing the accommodation, meals, medical and travel expenses to the members. Therefore, it is the liability of the members to abide by the copyright and the information security policy of the organization. Furthermore, the organization has the right to enforce a copyright policy as it is a registered NGO and the resources of the NGO should not be subjected to misuse. Therefore, it can be said that the policy is justified to enforce in order to prevent any sort of misuse or illegal circulation of the A4A resources. A$A was established last year and therefore, it is mandatory to enforce a copyright policy in order to prevent the unauthorized access of data. This set of information security policy is subjected to up gradation and review from time to time in order to add or update certain clauses mentioned in the copyright policy.
References
Al-Omari, A., El-Gayar, O. and Deokar, A., 2012, January. Security policy compliance: User acceptance perspective. In System Science (HICSS), 2012 45th Hawaii International Conference on (pp. 3317-3326). IEEE.
Baskerville, R. and Siponen, M., 2002. An information security meta-policy for emergent organizations. Logistics Information Management, 15(5/6), pp.337-346.
Belleflamme, P. and Peitz, M., 2014. Digital piracy (pp. 1-8). Springer New York.
Bridy, A., 2012. Copyright policymaking as procedural democratic process: A discourse-theoretic perspective on acta, sopa, and pipa. Cardozo Arts & Ent. LJ, 30, p.153.
Coronel, C. and Morris, S., 2016. Database systems: design, implementation, & management. Cengage Learning.
Höne, K. and Eloff, J.H.P., 2002. Information security policy—what do international information security standards say?. Computers & Security, 21(5), pp.402-409.
Ifinedo, P., 2014. Information systems security policy compliance: An empirical study of the effects of socialisation, influence, and cognition. Information & Management, 51(1), pp.69-79.
Laudon, K.C., Laudon, J.P., Brabston, M.E., Chaney, M., Hawkins, L. and Gaskin, S., 2012. Management Information Systems: Managing the Digital Firm, Seventh Canadian Edition (7th. Pearson.
Pallante, M.A., 2012. The Next Great Copyright Act. Colum. JL & Arts, 36, p.315.
Peltier, T.R., 2004. Information security policies and procedures: a practitioner’s reference. CRC Press.
Pensak, D.A., Cristy, J.J. and Singles, S.J., Authentica, Inc., 2001. Information security architecture for encrypting documents for remote access while maintaining access control. U.S. Patent 6,289,450.
Peppard, J. and Ward, J., 2016. The strategic management of information systems: Building a digital strategy. John Wiley & Sons.
Safa, N.S., Von Solms, R. and Furnell, S., 2016. Information security policy compliance model in organizations. computers & security, 56, pp.70-82.
Sommestad, T., Hallberg, J., Lundholm, K. and Bengtsson, J., 2014. Variables influencing information security policy compliance: a systematic review of quantitative studies. Information Management & Computer Security, 22(1), pp.42-75.
Wang, C., Wang, Q., Ren, K. and Lou, W., 2010, March. Privacy-preserving public auditing for data storage security in cloud computing. In Infocom, 2010 proceedings ieee (pp. 1-9). Ieee.
Whitman, M.E., Townsend, A.M. and Aalberts, R.J., 2001. Information systems security and the need for policy. In Information security management: Global challenges in the new millennium (pp. 9-18). IGI Global.
Essay Writing Service Features
Our Experience
No matter how complex your assignment is, we can find the right professional for your specific task. Contact Essay is an essay writing company that hires only the smartest minds to help you with your projects. Our expertise allows us to provide students with high-quality academic writing, editing & proofreading services.
Free Features
Free revision policy
$10Free bibliography & reference
$8Free title page
$8Free formatting
$8How Our Essay Writing Service Works
First, you will need to complete an order form. It's not difficult but, in case there is anything you find not to be clear, you may always call us so that we can guide you through it. On the order form, you will need to include some basic information concerning your order: subject, topic, number of pages, etc. We also encourage our clients to upload any relevant information or sources that will help.
Complete the order form
Once we have all the information and instructions that we need, we select the most suitable writer for your assignment. While everything seems to be clear, the writer, who has complete knowledge of the subject, may need clarification from you. It is at that point that you would receive a call or email from us.
Writer’s assignment
As soon as the writer has finished, it will be delivered both to the website and to your email address so that you will not miss it. If your deadline is close at hand, we will place a call to you to make sure that you receive the paper on time.
Completing the order and download