Information Security Management Information and Communication Technol

Question: Discuss about the Information Security Management for Information and Communication Technology. Answer: Introduction Information Technology (IT) is the application of computers which is used to store, manipulate, transmit and retrieve data and information in the context of an organizational enterprise. Its main subset is Information and Communication Technology (ICT) (Lloyd 2014). As it is a very vast process, it includes huge security appliances relating to a business enterprise. The term information security management is a set of policies that is concerned with the management of information security management related tasks. It generally decides and controls organizational needs to adopt and ensure information management risks. ISO27001 is a specification of information security management system; that includes all legal, technical and physical controls involved in an organizational risk management processes (Kellermann and Jones 2013). There are various risk management policies, organizational behaviors, security governance policy, personnel security and training security awareness involved in an organizational management. There are different types of information technology multinational industries; which face a huge and severe loss in maintaining and manipulating the risks associated with the information technology system and applications. This report is very helpful and useful for every organizational management because the researcher has provided the necessary guidelines for every type of industries. Various intellectual assumptions and consequences are also get highlighted with reference to the risk associated with information technology and system of an organizational management. In this report, the researcher has reflected and highlighted the concept of information security management with respect to the given scenario provided below. The researcher has also estimated and manifested the baseline of National Institute of Standard and Technology (NIST) relevant to the establishment of nursing school in the region of Australia. The researcher has explained the case study scenario in the first stanza; whereas the discussion for managing the information security risks of the organisation with clear assumptions and consequences has been clearly depicted in the next few stanzas. Discussions Overall Scenario of the report This report highlights the concept of Information Security Management to establish a nursing school in the country Australia. The main campus is located in Sydney and the satellite campus is located in the capital cities of South East Asian countries (Crossler et al., 2013). The organization has made three agreements with a private hospital; that they provide an internship training of students of the nursing school (Venkatesh, Thong and Xu 2012). The main aim of the company is to establish the virtual classes with the satellite campus. The management of the company is planning to sort out the wider community by providing them the services of homecare service and telemedicine. The company is expecting 100 students from each location. The company is also working out to manipulate a mobile team of health personnel. The nursing school must know the students locations and staffs when they are performing their duty and services. By analyzing the above scenario, the researcher will manipula te the guidelines for managing the information security of the organization. As per the given scenario, the researcher has manipulated the necessary guidelines which generally include the government IT policy, ISO generation policy, guidelines for conducting business activities and guidelines for conducting for establishing a school campus with virtual amenities (Luftman et al. 2012). The researcher has maintained explained the overall guidelines with respect to an organizational management provided below: Necessary guidelines for managing the information security risks of the organisation The term information security risks is an event that led the organization in compromise and cooperation of company assets which generally includes unauthorized damage, loss and profit for political and personal interests or entities. The researcher has provided some necessary guidelines for managing and manipulating the information security risks of an organizational management (Willcocks 2013). Government IT security policy and guidelines The government has varieties of security policies issued by the IT security baseline which generally includes Baseline IT security policy: This type of document sets the baseline standards for bureau of government departments (Venkatesh, Thong and Xu 2012). It states the importance of paramount. IT security guidelines: This document mainly introduces the base concept of IT security and provides necessary guidelines for security and risk management. Internet gateway and security guidelines: This type of document mainly acts as a supplementary documentation to guidelines of IT security management (Lee, Thomas and Baskerville 2015). Figure 1: Framework of IT security policy and guidelines (Source: De Haes et al. 2013, pp-320) Some additional ISO best practices and standards comprises of: ISO 27001: It initially specifies the requirements for adopting, implementing, maintaining and manipulating the information system of security management with the context of an organizational management (Mithas et al. 2012). ISO27002: This type of document has the code of practice for control of information security. ISO 15408 (Common Criteria): It generally aligns and combines the evaluation criteria with an illuminator effort among various national standards organizations (Venkatesh, Thong and Xu 2012). Some additional guidelines for conducting business activities A guide to personal privacy and customer information:This impulsion guideline has been published by Productivity Council on data privacy system a control management. Payment card and data standard security:Several standards have been developed by a number of peoples to enhance and make advance manipulation in terms of payment and security management scheme according to priority of data security (Chae, Koh and Prybutok 2014). Guidelines of IT Security Policy There are several information security policies which generally include purpose, aim and commitments, compliance, relevant policies and etc. It totally depends upon the organizational management that what guidelines must be suitable for managing the information security risks (Robey, Anderson and Raymond 2013). On the basis of above scenario, the researcher has suggested the necessary guidelines that must be suitable for establishing the school with the facilities of virtual amenities. Privacy and Confidentiality: The organizations and all its members are bound to protect the private and personal information of its clients and customers. For legal purpose the electronic communications are totally different from that of paper documents. The concept of electronics documents is likely to seen in the maintain ace of the computer system (Venkatesh, Thong and Xu 2012). The organization does not control and monitor the content of several web pages communications. The organizations must reserve the legal rights to manipulate the records of computer of individual users. The organizations has to perform various types of work portfolio management which includes protection of integrity of computer resources; to protect the organizations form liability, to investigate the unusual activity, the organizations must be ensure while disclosing the public data and information to the government authorities. In other circumstances, the organizations must be usually compelled with the context of mitigation amenities (Watson and Tinsley 2013). The administrative of nursing department must notify the users of computer to ensure confidentiality and privacy in personal communications. There are varieties of risks associated with the concept of information technology that was mentioned above by the researcher with descriptions of how to handle tough situations and its related assumptions and consequences with respect to an organizational management. With the modern increase in advance technology, the security system becomes totally weak in every organizational management. There is a need of emergence to develop a tight security baseline system to articulate with several variations intellectual system technology. Last but not the least, this report highlights the concept of Information Security Management to establish a nursing school in the country Australia. The main campus is located in Sydney and the satellite campus is located in the capital cities of South East Asian countries as mentioned above. Access: The organization must not allow the outsiders to an access the privacy and confidentiality records of an organizational management. Only the authorized individuals are allowed with tight security policy to get and access the organizational management records (Borghoff and Pareschi 2013). The technological assets are to be housed appropriately to secure and protect physical locations. The technology assets generally include the personal computers and servers that control sniffing devices and modem components. Strict and confidential password helps the organizational management to restrict use of unauthorized users (Marchewka 2014). The management from each department has to ensure the administrative system access procedures which generally include provisions for administrative access managerial process. Figure 2: IT guidelines system administration (Source: Lee, Thomas and Baskerville 2015, pp-15) Accountability: In an organizational management, the users must take care in protecting its username and password from careless misplacement. The individual passwords must never be loaned to third party. The organizational staffs are mainly responsible for retrieving the audit logs and analyzing private security violations (Venkatesh, Thong and Xu 2012). The organizations must hire the operational staff; that is sorely responsible for access and security control mechanism and must be held accountable for every type of security breaches. All controlled privileges system must maintain and control the logs of audit to track the information usage to an appropriate level of system administration. The logs of audit must apply to all organizational networks (Narain Singh, Gupta and Ojha 2014). The organizational management must ensure logging of network traffic access flow in a standard practice. Authentication: The term authentication generally implies the encryption of data and information from point to point communications that must be adopted and implemented for all organizational management systems (Davenport 2013). Its main work is to receive and send the information of sensitive data between the two intellectual parties. The decision regarding data encryption must only be made by the professional system of an organization management to avoid illegal and unauthorized access. Maintain ace of networks and information technology system: Most school organizations are expected to implement a proper guideline for system access and building equipments (Venkatesh, Thong and Xu 2012). It is the responsible of the contractor to provide intellectual oversights with an appropriate policy system in an organizational management. Reporting of violations: The manager and the owner of the related department must make necessary report for violating the security operation. These guidelines will provide the necessary guidelines for maintain and manipulating the information technology service management. Managing the risks of an information management: There are several guidelines that has been developed by the National Institute of Standard and Technology (NIST) agencies to adopt and carry efficient information based on organizational management risks (Kellermann and Jones 2013). The National Institute of Standard and Technology (NIST) has developed the framework of risk management process to assist organizations to maintain integrity. The management of information generally comprises of company mission, objectives and goals that is depicted by National Institute of Standard and Technology (NIST) guideline. Apart from this, there are several guidelines issued by National Institute of Standard and Technology (NIST) which generally include: Guidelines for conduction of risk assessments: This is the major guidelines that were mainly developed by the Interagency working group and Joint Task Force department with the context of an organizational management (Venkatesh, Thong and Xu 2012). It discusses the concept of risk management process and how risk management has become an integral part of an organizational enterprise. The appendixes relating to this guideline mainly comprises of sources of threats, threats events, predisposing conditions and testing of vulnerabilities to manipulate the secured guidelines associated with the business activities (Lloyd 2014). To manage the information security assessment plan in an organizational management it is very important to know the following points which generally include: How the organization context maintains framework in terms of risk based decision. How an organizations access risk in an orientation process (Mithas et al. 2012). How an organization monitors a controls risks in overtime valuation. The risk assessment in an organization provides internal decision makers to determine and harmonies the risk associated with the organization likelihood (Venkatesh, Thong and Xu 2012). The risk assessment can be conducted on the basis of three tier hierarchies which include: Organization level: Addressing risks by adopting and implementing the implications of governance structures that are consistent with the company aim and objectives duly defined by regulations, policies, federal laws and business functions (Willcocks 2013). Business/Process level: It generally includes developing and designing the mission of business process that assists the functions of business discussed in Tier 1. System/Information level: The organizational management must use and evaluate the security related risks that are related with the business activities /governance, business mission processes and maintain ace of disposal (Watson and Tinsley 2013). Assumptions Based on the above scenario, the researcher have reflected and highlighted various assumptions that can occur in managing the information system and applications in establishing a nursing school. The researcher has considered on the basis of three different scenarios which generally comprises of: System configuration and Firewall: Many institutions with vast distribution of files and workstations are set on large servers and make them available to all authorized users. Te famous protocol named Network File Protocol (NFP) provides the capability of determining certain exportable file system (Venkatesh, Thong and Xu 2012). Each exported system of file is localized in nature where it is totally identifiable according to the needs of an organizational management. It includes various intellectual assumptions which generally include that the implementation of firewall has configured appropriately or not. This comprises of coordination of NFS among the system managers that runs the firewall operations (Li et al. 2012). Apart from these the user must understand that the NFS is blocking the internal messages that have no protection assessment. These major assumptions generally involve trust among several vendors. Sub process of spawning: There are varieties of information technology risks and threats associated with the concept of an organizational management (Venkatesh, Thong and Xu 2012). The sub process of spawning involves the risk that are associated with the baseline of information technology system that is duly expanding and making intellectual integration of an organizational operation process. Different organizational management manages different risk management framework; therefore the maximization of work portfolio management in terms of supply chain may lead the organization to face certain in directional assumptions and consequences (Bernus, Mertins and Schmidt 2013). Organizational strategic planning: The term strategic planning is a team assistance used to approach the identification of various assumptions. In small organizations, the concept of round robin is very useful and helpful to identify the plan of a strategic theme of an organizational management (Luftman et al. 2012). The identification of risks generally involves the technological risk which can occur anytime in an organizational atmosphere. Additionally, the researcher has analyzed illogical assumptions related to the Information Technology (IT) risks which are as follows: unauthorized access of company websites, software content risk, risk due to excessive ISP performance and transmission of intercepting data and information (Venkatesh, Thong and Xu 2012). Conclusion This entire report concludes with the broad concept of managing the risk associated with the information technology and services in an organizational management. The researcher has provided several assumptions and guideline in context of an organization; which in turn is very helpful and useful for every business enterprise and activities. Every multinational organization suffered from managing the information technology services which results an organization to face a severe deficiency and loss. The provided guidelines generally includes necessary guidelines for managing the information security risks of the organisation, government IT security policy and guidelines, additional ISO best practices and standards, guidelines for conducting business activities, pprivacy and confidentiality, access, accountability, authentication, maintain ace of networks and information technology system, reporting of violations, managing the risks of an information management and guidelines for conduct ion of risk assessments with respect to an organizational management. The report has discussed the guidelines for managing the information security risks of the organisation. This report is very helpful and useful for every organizational management because the researcher has provided the necessary guidelines for every type of industries. The main aim of the organizational management is to maintain and manipulate the concept of virtual initiatives of the relative technology. There are several information security policies which generally include purpose, aim and commitments, compliance, relevant policies and etc. The evolution of an information technology has reached a turning point after the massive development of the internet technology. The term information security management is a set of policies that is concerned with the management of information security management related tasks. The researcher has also discussed the core concept strategy of ISO27001; which is a specification of information security management system; that includes all legal, technical and physical controls involved in an organizational risk management processes. The concept of information technology has developed rapidly by increase of underlying technology services. References Bernus, P., Mertins, K. and Schmidt, G.J. eds., 2013. Handbook on architectures of information systems. Springer Science Business Media. Borghoff, U.M. and Pareschi, R. eds., 2013. Information technology for knowledge management. Springer Science Business Media. Chae, H.C., Koh, C.E. and Prybutok, V.R., 2014. Information Technology Capability and Firm Performance: Contradictory Findings and Their Possible Causes. Mis Quarterly, 38(1), pp.305-326. Crossler, R.E., Johnston, A.C., Lowry, P.B., Hu, Q., Warkentin, M. and Baskerville, R., 2013. Future directions for behavioral information security research. computers security, 32, pp.90-101. Davenport, T.H., 2013. Process innovation: reengineering work through information technology. Harvard Business Press. De Haes, S., Van Grembergen, W. and Debreceny, R.S., 2013. COBIT 5 and enterprise governance of information technology: Building blocks and research opportunities. Journal of Information Systems, 27(1), pp.307-324. Disterer, G., 2013. ISO/IEC 27000, 27001 and 27002 for information security management. Hu, Q., Dinev, T., Hart, P. and Cooke, D., 2012. Managing employee compliance with information security policies: the critical role of top management and organizational culture*. Decision Sciences, 43(4), pp.615-660. Kellermann, A.L. and Jones, S.S., 2013. What it will take to achieve the as-yet-unfulfilled promises of health information technology. Health Affairs, 32(1), pp.63-68. Lee, A.S., Thomas, M. and Baskerville, R.L., 2015. Going back to basics in design science: from the information technology artifact to the information systems artifact. Information Systems Journal, 25(1), pp.5-21. Li, C., Peters, G.F., Richardson, V.J. and Watson, M.W., 2012. The consequences of information technology control weaknesses on management information systems: The case of Sarbanes-Oxley internal control reports. Mis Quarterly, 36(1), pp.179-203. Lloyd, I., 2014. Information technology law. Oxford University Press, USA. Luftman, J., Zadeh, H.S., Derksen, B., Santana, M., Rigoni, E.H. and Huang, Z.D., 2012. Key information technology and management issues 20112012: an international study. Journal of Information Technology, 27(3), pp.198-212. Marchewka, J.T., 2014. Information technology project management. John Wiley Sons. Mithas, S., Tafti, A.R., Bardhan, I. and Goh, J.M., 2012. Information technology and firm profitability: mechanisms and empirical evidence. Mis Quarterly, 36(1), pp.205-224. Narain Singh, A., Gupta, M.P. and Ojha, A., 2014. Identifying factors of organizational information security management. Journal of Enterprise Information Management, 27(5), pp.644-667. Peltier, T.R., 2013. Information security fundamentals. CRC Press. Robey, D., Anderson, C. and Raymond, B., 2013. Information technology, materiality, and organizational change: A professional odyssey. Journal of the Association for Information Systems, 14(7), p.379. Venkatesh, V., Thong, J.Y. and Xu, X., 2012. Consumer acceptance and use of information technology: extending the unified theory of acceptance and use of technology. MIS quarterly, 36(1), pp.157-178. Watson, D. and Tinsley, D. eds., 2013. Integrating information technology into education. Springer. Willcocks, L., 2013. Information management: the evaluation of information systems investments. Springer. Wynn, E.H., Whitley, E., MYERS, M. and DeGross, J. eds., 2013. Global and Organizational Discourse about Information Technology: IFIP TC8/WG8. 2 Working Conference on Global and Organizational Discourse about Information Technology December 1214, 2002, Barcelona, Spain (Vol. 110). Springer.