Discuss about the Process Innovation for Implementing Converged Security.
The present report analyses the security aspect of information in “Premier Ambulance Services Sdn Bhd”, which is mainly oriented towards the practice of preventing unauthorised access, usage, modification, or disclosure of information. According to a report by Gullander et al. (2014), these aspects are critical in cases, when the concerned action related to information breach results into the risk to the organisation which in turn is linked with reduced functionality, harm the market reputation and damage the competitiveness. The company considered for discussion works in the healthcare sector and the business association is mediated between customers (patient community), healthcare settings, and transport/automotive related stakeholders.
Identify and describe the organisation’s physical, human, and electronic information holdings that may be at risk.
The fundamental aspect in this regard is linked with human resources in which strategic management department, staffing structure, policies and guidelines, as well as employee relation structures and agreements are crucial. The information holding in this regard include the following elements (Davenport, 2013):
Strategy and management division – This part of the organisation is responsible for the delivery of personnel-related information, in which the key responsibility area for which the information is vital, includes recruitment, promotion, pay or incentive details, disciplinary actions, special leave, and absenteeism of their employees.
Staffing structure – The information aspect in this consideration include the details of policy and guidance materials for the ambulatory staff, such as attendance management, the conduct of actions and procedures, diversity management and organisational culture, leaving, pay and benefits of employees as per the national and corporate guidelines, and performance criteria.
The policies, procedures, and guidelines related to human resources – The information content in this section mainly holds the conditions of service. For example, the application recruitment laws like civil services, equal pay scale, gender non-discrimination, driving license, and adjuvant technical qualifications such as pharmacy, nursing, and social worker. Similarly, for the performance management aspect, the day-to-day functionality, challenges, negotiation, and delegation are included. Other than this, it also includes information such as pension policies, provident funds, and grievance.
Employee relations and agreements – The management and trade union within this scope are committed towards the conduct of their industrial and employee relations businesses. The bargaining purpose related information which is holding risk include (i) the public and commercial services; (ii) prospect for future of employees; and (ii) first division association (FDA).
Likewise, another important aspect includes information related to physical resources such as ambulatory vehicles and property assets, property holdings, estate development plans, maintenance arrangement of vehicles. Notably, the associated stakeholders, vendor for temporary vehicles, and contract drivers are of high importance, for which the information security is essential (Mubarak Alharbi, Zyngier & Hodkinson, 2013).
Lastly, electronic resources include record management policy which also includes record retention schedule. The information mainly includes audit reports, annual reports, and other details of the accounting. In addition to this, it also includes the consideration of file and folder system at the workplace such that employee should utilise the resources only for the organisational purpose, no personal work must be executed using the firm’ information, and all the information sharing must be executed among authorised or concerned professionals only (Mubarak Alharbi, Zyngier & Hodkinson, 2013). The mentioned provision of information and association is requisite for computer professional and not for the drivers or field-workers.
Identify and describe the actual and potential physical, human, and electronic threats to the organisation’s information holdings.
The major threats to the above-mentioned organisation aspect are all linked towards rational usage of data, preserving information for biased usage, and sharing among the authorised professionals only for concerned activities. Importantly, it is also ascertained with the information holdings that they will be used only for the organisational purpose, especially during work execution. Hence, any form of use that can cause harm to the firm is considered to be a breach.
The components crucial in this regard include following aspects (Narasimhan & Aundhe, 2014):
For the assess-related threat, the counter-measures include strong authentication and protection of authentication cookies using SSL (secure sockets layer). For exploiting and penetration related threat to information, using data hashing and signing are adequate methods. This also includes secure communication links with the product to offer message integrity. Other than this, the use of strong encryption is also effective to avoid any unauthorised editing or modification of information (Abawajy, 2014). Note that the mentioned security aspect is critical for the recording, documentation, and online processing of information by the company associates and customers.
Other than this, the privilege related threats can be managed with counter-measures such as using ‘hint question’ and verifying the answers from users; using the date of birth or other date-related information for authorization. The same system is also applicable to customers, as they can manage their information, through online means.
In advanced systems, the use of retinal scans, fingerprints, and facial recognition are effective, but is not applicable for this company, due to existing infrastructures and resources. Note that these mentioned countermeasures are effective in conjunction with physical and human-related information (Aleem, Wakefield & Button, 2013). The computer resources are requisite to be managed with SQL, SSL, and key or one-time-password linked with phone numbers or e-mail account is effective. Additionally, in certain sections of the company, paper-based record system is also maintained. The counter-measures to such informational security is possible to manage with the help of authorised entry to record storage room, strict instructions to concerned professional, and restricting the movement of original documents within the storage room only (only photocopies are allowed for sharing).
Develop a comprehensive information security education and awareness programme for use by management, staff members and contractors).
The information security education program will include following elements (Peltier, 2016; Safa, Von Solms & Furnell, 2016):
Note that for the management team, the program guidelines include arrangement of facilities for learning, training, and execution of task. Likewise, the evaluation and monitoring terms are also included for management’ responsibility, such that sustainability can be achieved (Safa, Von Solms & Furnell, 2016).
References:
Abawajy, J. (2014). User preference of cyber security awareness delivery methods. Behaviour & Information Technology, 33(3), 237-248.
Aleem, A., Wakefield, A., & Button, M. (2013). Addressing the weakest link: Implementing converged security. Security Journal, 26(3), 236-248.
Davenport, T. H. (2013). Process innovation: reengineering work through information technology. Harvard Business Press.
Gullander, P., Fast-Berglund, Å., Harlin, U., Mattsson, S., Groth, C., Åkerman, M., & Stahre, J. (2014). Meetings–The innovative glue between the organisation system and information system. In The sixth Swedish Production Symposium. [Assessed from https://publications.lib.chalmers.se/records/fulltext/202978/local_202978.pdf Dated 25 mar 2017].
Mubarak Alharbi, I., Zyngier, S., & Hodkinson, C. (2013). Privacy by design and customers’ perceived privacy and security concerns in the success of e-commerce. Journal of Enterprise Information Management, 26(6), 702-718.
Narasimhan, R., & Aundhe, M. D. (2014). Explanation of Public Private Partnership (PPP) Outcomes in E-Government–A Social Capital Perspective. In System Sciences (HICSS), 2014 47th Hawaii International Conference on (pp. 2189-2199). IEEE.
Peltier, T. R. (2016). Information Security Policies, Procedures, and Standards: guidelines for effective information security management. CRC Press.
Safa, N. S., Von Solms, R., & Furnell, S. (2016). Information security policy compliance model in organizations. computers & security, 56, 70-82.
Essay Writing Service Features
Our Experience
No matter how complex your assignment is, we can find the right professional for your specific task. Contact Essay is an essay writing company that hires only the smartest minds to help you with your projects. Our expertise allows us to provide students with high-quality academic writing, editing & proofreading services.
Free Features
Free revision policy
$10Free bibliography & reference
$8Free title page
$8Free formatting
$8How Our Essay Writing Service Works
First, you will need to complete an order form. It's not difficult but, in case there is anything you find not to be clear, you may always call us so that we can guide you through it. On the order form, you will need to include some basic information concerning your order: subject, topic, number of pages, etc. We also encourage our clients to upload any relevant information or sources that will help.
Complete the order form
Once we have all the information and instructions that we need, we select the most suitable writer for your assignment. While everything seems to be clear, the writer, who has complete knowledge of the subject, may need clarification from you. It is at that point that you would receive a call or email from us.
Writer’s assignment
As soon as the writer has finished, it will be delivered both to the website and to your email address so that you will not miss it. If your deadline is close at hand, we will place a call to you to make sure that you receive the paper on time.
Completing the order and download