Information security is the significant practice of the prevention of the unauthorized or unauthenticated access, utilization, disruption, disclosure, inspection, modification, destruction or recording of any kind of information (Von Solms & Van Niekerk, 2013). This type of data or information might of any form that is of either physical or electronic. The most significant focus of the information security is to balance the subsequent protection of CIA or confidentiality, integrity and finally availability. Hence, a proper and effective policy is being implemented for hampering the total productivity of any particular organization. Risk management procedure plays the most vital role in this type of security and hence the assets, vulnerabilities, potential threats, sources of those threats, possible controls as well as the potential controls for the efficiency and effectiveness of risk management planning (Peltier, 2013).
The following report outlines a brief discussion on the case study of WASSA Swim Association. A proper description of the information security and the various risks related to the information of this organization as well as the potential impacts and solutions for those risks would be provided in this particular report. The risk matrix for each and every risk of WASSA would also be given here with a classification scheme.
1. Information Security Plan of WASSA Swim Association
The information security plan of the WASSA Swim Association eventually describes about the safeguards for the protection of information, data and resources (Peltier, 2016). There are few reasons for these safeguards in WASSA Swim Association and these reasons are as follows:
i) The first and the foremost reason for the creation of such information security plan is the making of reasonable efforts for ensuring the confidentiality as well as security of the covered information and data.
ii) Another significant and important reason for this type of information security plan within WASSA Swim Association is the subsequent protection against any type of anticipated hazards or threats to the respective integrity and security to these information and data (Singh, 2013).
iii) The third important and noteworthy reason for the presence of an information security plan in WASSA Swim Association is the protect against all types of unauthorized access as well as utilization of the covered information, resources and data, which could result in the substantial inconvenience and harm to the customers (Xu et al., 2014).
The information security plan in this WASSA Swim Association would even provide for the mechanisms for several benefits, which are given below:
i) The first and the foremost benefit of this information security plan would be the proper identification and assessing of risks, which could threaten the covered information, data and resources.
ii) The second important benefit of the information security plan is that the several risks associated with information could be easily managed and controlled (Safa, Von Solms & Furnell, 2016).
iii) The proper implementation and reviewing of the plan for understanding the risks are also required here.
iv) This information security plan of WASSA Swim Association should even be adjusted for the reflection of changes in the technology, sensitivity of the confidential information, data and resources and hence the external as well as internal threats of information security are identified properly (Andress, 2014).
There are two types of risks associated with the information in WASSA Swim Association, which are internal risks and external risks (Tamjidyamcholo et al., 2013). These risks could be extremely vulnerable for the council members, association members, polices or any other media types of WASSA Swim Association. The risk matrix for WASSA Swim Association is given below:
|
Identified Risks |
Internal/ External |
Severity |
Probability |
Impact |
|
1. Administrative Rights to all Members |
Internal |
Catastrophic (4) |
High (4) |
High (4) |
|
2. Open Source CMS |
External |
Critical (3) |
Medium (3) |
Medium (3) |
|
3. Mailchimp |
External |
Catastrophic (4) |
High (4) |
High (4) |
|
4. Access to the Place |
Internal |
Critical (3) |
Medium (3) |
Medium (3) |
|
5. Corruption of Data |
Internal |
Marginal (2) |
Low (2) |
Low (2) |
|
6. Unauthorized Access of Data |
Internal |
Negligible (1) |
Very Low (1) |
Very Low (1) |
|
7. Loss of Data Integrity |
Internal |
Critical (3) |
High (3) |
High (3) |
|
8. Physical Loss of Data |
External |
Catastrophic (4) |
High (4) |
High (4) |
|
9. Errors to System |
External |
Critical (3) |
Medium (3) |
Medium (3) |
|
10. Improper Database System |
External |
Negligible (1) |
Very Low (1) |
Very Low (1) |
Table 1: Risk Matrix of WASSA Swim Association
Here in the above risk matrix, 4 is the highest severity and 1 is the lowest severity.
The above mentioned ten distinct risks are extremely vulnerable and dangerous for this WASSA Swim Association and hence should be properly solved to maintain a balance for the security of the confidential data and information (Cardenas, Manadhata & Rajan, 2013).
The classification table of information for any organization, subsequently divides the information to four specific classes, which are confidential, regulated, internal and finally external (Layton, 2016). This type of classification helps the organization to deal with the various types of information and hence providing an utmost protection to every type of information.
The classification table of information for WASSA Swim Association is as follows:
|
Classes of Information |
Description of Information |
Examples of Such Information |
|
1. Confidential |
This type of information is only related to the WASSA Swim Association and hence is classified as confidential. The significant access of any type of unauthorized or unauthenticated parties could eventually cause this entity for incurring any type of organizational losses (Aljawarneh, Alawneh & Jaradat, 2017). The confidential classification solely involves the detailed information, which could affect the brand name of WASSA Swim Association and it should not be shared with public. Moreover, the important and sensitive information could even develop the insider information and thus can bring insider threats. Moreover, those information, which could be kept secret from the unauthorized parties is also termed as confidential. |
The examples of such information majorly include documentation for the administrators and other members of board, non published accounting materials, budgets as well as strategy memoranda, transactional data, strategies about long term developments, sensitive WASSA Swim Association plans and many more. |
|
2. Regulated |
This is the second type of information type, which is governed by the regulatory restrictions (Sarwar & Khan, 2013). The respective regulated data could only be accessible go the authenticated and authorized personnel of WASSA Swim Association. An extreme care should be taken in this case before the information is used, stored and even transmitted. The authenticated disclosure of regulated information could adversely affect the organization, employees, clients, business partners and each and every other stakeholder, who is associated with this particular organization. It would even violate the regulatory compliance guidelines and the legal and financial liabilities are incurred eventually. |
The examples of regulated information mainly include the policies and procedures, associated with the information that help to keep the confidential or sensitive data completely protected by the federal laws, specified regulations and laws. The PII or personally identifiable information of the WASSA Swim Association fall under this particular category (Khalil et al., 2013). Moreover, the notifications and other law regulations are also important in this case. |
|
3. Internal Uses |
The third type of information is the internal usage. This particular class of information eventually covers the WASSA Swim Association related confidential information, which does not fall under the sections of confidential, regulated and external uses (Popa et al., 2013). The subsequent access to this type of information is extremely restricted and hence should only be accessible for those, who require the information for performing their tasks. Most of the organization data and information are falling under the classification of internal utilization. |
The internal letters, electronic mails, memos and reports of WASSA Swim Association fall under this classifications. Furthermore, the various internal policies, procedures and instructions as well as information associated with the daily activities of WASSA Swim Association should also be accessed by only the internal and authorized people. The non sensitive personal data and the intellectual properties are also parts of such information (Khan & Tuteja, 2015). |
|
4. External Uses |
The final type of information is the external use type. This is the most popular and widely utilized type that has no restriction on the subsequent access of data and information. The organizational information could only be classified as public or external use, when the information has the quality controlled or approved by the respective departments of WASSA Swim Association (Von Solms & Van Niekerk, 2013). Moreover, this type of information has the severity level of negligible as per risk matrix, since there would not be any issue for data loss. |
The example of external or public information classification is those information that is posted on the Internet or is published in any other type of media. The files or folders of information that are already in use also fall under this category. Moreover the marketing campaign materials are also important and significant examples of such information type. |
The various risks identified in the risk matrix should be mitigated properly for the proper eradication of all types of risks and threats so that the information is absolutely secured in WASSA Swim Association (Peltier, 2013). The major solutions for the perfect removal of these risks within the organization are as follows:
i) Anti Virus Software: The first and the foremost basic methodology or strategy for the proper mitigation of any type of risk within the information systems of WASSA Swim Association is the proper implementation of anti virus software. It is the most basic type of computer program that is subsequently utilized for the perfect prevention, detection as well as removal of malware (Singh, 2013). Any type of virus attacks or malware attacks are properly removed with this software.
ii) Implementation of Firewalls: The second type of effective and efficient strategy or methodology that could easily mitigate all the identified risks and threats in WASSA Swim Association is the proper implementation of firewalls. It is the network security system, which monitors and controls the incoming as well as outgoing network traffic on the basis of previously determined security rules and regulations.
iii) Network Control and Access: The third effective and noteworthy strategy for the proper mitigation of each and every identified risk or threat for this organization of WASSA Swim Association is the network control as well as access (Safa, Von Solms & Furnell, 2016). There are various acts, which could negatively impact the entire operation of the peripherals, networks and computers for impeding the entire ability of the network access.
iv) Implementation of DNS and DHCP Servers: The DNS and DHCP servers are extremely effective for the proper mitigation of any type of risks within the network of WASSA Swim Association so that the data access by unauthorized access and data loss are strictly prohibited.
v) Restricting Physical Access of Data: The physical access of the data should be restricted eventually, so that there is no chance of data manipulation under any circumstances (Peltier, 2016).
Conclusion
Therefore, from the above discussion, it can be concluded that infosec or information security is the collection of several strategies that help to manage the several tools, policies and processes, required for the prevention, detection, documentation and finally countering the threats for the digitalized as well as non digitalized information. The major responsibilities of the information security majorly involve the proper establishment of the set of various business processes, which could eventually protect the information assets, irrespective of the fact that how the information is being processed and how it is kept in storage. The core objectives of the information security programs are confidentiality, integrity and availability or CIA of the information technology systems. All of these objectives subsequently ensure that the confidential information is getting disclosed to the authenticated parties and hence preventing the unauthorized modification of the data. Moreover, the data could even be accessed by the authorized parties whenever needed. A proper procedure of risk management should be conducted for continuously assessing the threats and vulnerabilities. The above report has properly outlined the details of the WASSA Swim Association for understanding the various risks and threats associated with this particular organization. A risk matrix is provided here for understanding the severity of the risks. Moreover, significant and noteworthy solutions are also provided here for mitigating each and every risks. A classification scheme for the information of WASSA is even given in this report.
References
Aljawarneh, S. A., Alawneh, A., & Jaradat, R. (2017). Cloud security engineering: Early stages of SDLC. Future Generation Computer Systems, 74, 385-392.
Andress, J. (2014). The basics of information security: understanding the fundamentals of InfoSec in theory and practice. Syngress.
Cardenas, A. A., Manadhata, P. K., & Rajan, S. P. (2013). Big data analytics for security. IEEE Security & Privacy, 11(6), 74-76.
Khalil, I. M., Khreishah, A., Bouktif, S., & Ahmad, A. (2013, April). Security concerns in cloud computing. In 2013 Tenth International conference on information technology: new generations (ITNG) (pp. 411-416). IEEE.
Khan, S. S., & Tuteja, R. R. (2015). Security in cloud computing using cryptographic algorithms. International Journal of Innovative Research in Computer and Communication Engineering, 3(1), 148-155.
Layton, T. P. (2016). Information Security: Design, implementation, measurement, and compliance. Auerbach Publications.
Peltier, T. R. (2013). Information security fundamentals. CRC Press.
Peltier, T. R. (2016). Information Security Policies, Procedures, and Standards: guidelines for effective information security management. Auerbach Publications.
Popa, D., Cremene, M., Borda, M., & Boudaoud, K. (2013, January). A security framework for mobile cloud applications. In Roedunet International Conference (RoEduNet), 2013 11th(pp. 1-4). IEEE.
Safa, N. S., Von Solms, R., & Furnell, S. (2016). Information security policy compliance model in organizations. Computers & Security, 56, 70-82.
Sarwar, A., & Khan, M. N. (2013). A review of trust aspects in cloud computing security. International Journal of Cloud Computing and Services Science, 2(2), 116.
Singh, G. (2013). A study of encryption algorithms (RSA, DES, 3DES and AES) for information security. International Journal of Computer Applications, 67(19).
Tamjidyamcholo, A., Baba, M. S. B., Tamjid, H., & Gholipour, R. (2013). Information security–Professional perceptions of knowledge-sharing intention under self-efficacy, trust, reciprocity, and shared-language. Computers & Education, 68, 223-232.
Von Solms, R., & Van Niekerk, J. (2013). From information security to cyber security. computers & security, 38, 97-102.
Xu, L., Jiang, C., Wang, J., Yuan, J., & Ren, Y. (2014). Information security in big data: privacy and data mining. IEEE Access, 2, 1149-1176.
Essay Writing Service Features
Our Experience
No matter how complex your assignment is, we can find the right professional for your specific task. Contact Essay is an essay writing company that hires only the smartest minds to help you with your projects. Our expertise allows us to provide students with high-quality academic writing, editing & proofreading services.
Free Features
Free revision policy
$10Free bibliography & reference
$8Free title page
$8Free formatting
$8How Our Essay Writing Service Works
First, you will need to complete an order form. It's not difficult but, in case there is anything you find not to be clear, you may always call us so that we can guide you through it. On the order form, you will need to include some basic information concerning your order: subject, topic, number of pages, etc. We also encourage our clients to upload any relevant information or sources that will help.
Complete the order form
Once we have all the information and instructions that we need, we select the most suitable writer for your assignment. While everything seems to be clear, the writer, who has complete knowledge of the subject, may need clarification from you. It is at that point that you would receive a call or email from us.
Writer’s assignment
As soon as the writer has finished, it will be delivered both to the website and to your email address so that you will not miss it. If your deadline is close at hand, we will place a call to you to make sure that you receive the paper on time.
Completing the order and download