Security Management and Governance for YMSC - myassignmenthelp

Question: Discuss about theSecurity Management and Governance for YMSC. Answer: This report will take into account the limelight of security management and governance in the context of Young Minds Secondary College (YMSC). The basic outline and essentials governing the respective working of the school will be discussed. The future plans and prospectus will be analyzed in detail. The realistic advantages for the enrolment of the ward in this school are emphasized while making a comparative study of other rivalry competitors. The internal mechanism which is fundamental to the functioning of school is revealed. As information security is the most crucial area which is of due importance in this era of the highly competitive environment. YMSC needs to be acquainted with the most updated technology which facilities the ease of working of the organization. In the event of non-occurrence of above, it could result in adverse circumstances that are supposed to hover the survival of the school. Therefore, it is of utmost important concern to appraise the security needs so that it could prove beneficial both to the staff and students. The upcoming approach prerequisites the built to be precise and defined manner which is a way more structured. The enhanced use of information security is recognized in recommendation section in detail. Also, the problem which is expected to arise on the opening of the second campus is considered. On the account of aforesaid scenarios, a risk management plan is prepared and suggestions are grounded on cost volume profit analysis. The formal approach to security is screened in context of its fit with the schools value attached. The reason for the need and implementation of the suggested methodology is outlined. Also, the relative intimidations, exposures, and attacks which the recommended plan is recognized to bear are calculated in detail. The impact towards legal and statutory necessities which the new entrant plan is supposed to bring out is considered. Later on, the benefits forecasted and steps taken to achieve the same are built upon. Alongside, the importance of contingency is also justified in all dimensions. At last, the benefits to be derived from the required change are carefully scrutinized. Introduction to security management Security management is a set of defined policies and procedure which systematically manages and protect the sensitive data of the organization. The purpose of bringing about this system into practice is to minimize the degree of risk associated and to ensure the continuity of the business by proactively restraining the consequences of a security breach. It takes into account employee behavior and respective processes attached on the grounds of data and technology. Furthermore, the organization which has the certification of ISMS proves that model for implementing, reviewing, operating, preserving and improving the security information has been followed within the organization (European Union agency for network and information security, 2018). It also increases the productivity of the people working in the organization along with corporate image committed. YMSC has required to timely update the changes governing the mechanism in the organization so that it can remain competitive in the particular segment. The data and information of the school shall be protected as it is a vital resource and at this stage, the primer of ISO 27001 documentation comes in. With the advent of this certification, it builds up a recognized credible and trusted partnership among suppliers and customers (Peltier, 2016). The boundaries of control are improved and complied with several legislations. It also promotes the event of contingency planning. The management shows more commitment to the work assigned. Also with the application of high-end security, it diminishes the danger of loss of information, hence cost of gaps. Need of Security management for YMSC With the advent of this certification, it builds up a recognized credible and trusted partnership among suppliers and customers. The boundaries of control are improved and complied with several legislations. It also promotes the event of contingency planning. The management shows more commitment to the work assigned. Also with the application of high-end security, it diminishes the danger of loss of information, hence cost of gaps (Kim, 2014). It will also help in coordination of both physical and electronic security efforts in a cost-effective manner. Howsoever, it requires continuous improvement along with on-going maintenance. Compliance with corporate government essentials is also met. Linkage of a formal approach to security along with governance in general The formal approach to be suggested in order to yield best of results for YMSC would be the implementation of IS0 27001- complaint ISMS system. It is famous for its extraordinary benefits attached within to combat volume of cyber threats. The aforesaid, fit within the organization of every size and nature. The standards are backed up by the expertise of solid methodological cybersecurity (Rebollo, 2015). It provides a wide range of self-help tools, software, books, and training courses. Eventually, cut down the efforts and time required. Apparently, it provides the platform where execution of project can take place as per individual need and capabilities. The project plan is subjected to at least 40 hours of designed advice with the help of online consultancy services. In terms of general governance, it is expected to bring transparency and maximum of productivity as compliance will be met. The work practices will more adhere towards business goals. Development of a Security Policy, methodology and the reason for having such policy The policy which is essential to be imposed in YMSC is Information security policy. This is required in order to ensure the protection of information resources from intended or accidental access. While the nurturing and preserving is kept open so that requirements of academic culture are attained. It should be binding on the faculty, students, staff and various other parties. The methodology comprises of the creation of heightened awareness regarding the usefulness of security in information technology. The individuals are empowered to act best in their respective interests. Each department will endorse openings for individuals to study about the respective role in the creation of secure environment (Ifinedo, 2014). Moreover, it refers to overall information resources of the college in different manners like individually united, controlled or networked. The dimensions of all network devices are included in it which forms part of college premises. It also permeates several aspects of learning, teaching, outreach and business facilities. The reason for having such policy is it is essential in conserving the ability of the college to perform its mission and undertake the responsibilities. In the event of failure to do so, it could result in legal, financial and ethical complications (Howorth, 2014). List of threats, vulnerabilities, and attacks that formal plan would manage It will upkeep and maintain the unending activities and functions of the college as mostly all functions are controlled electronically. It will protect the quantum of college assets which includes exploration and instructional data system, rational property in addition to a certain amount of physical assets. There will be safeguarding of the private and personal information of the individuals which will be entrusted to the aforementioned stewardship (Cerrudo, 2015). All the financial records and transactions will remain in safe custody as they are of critical nature. It will protect the status and reliability attached to the institution for so long. Consequently, it also restricts the usage of college arrangements for the fulfillment of malevolent acts (IRCLASS, 2018). There is a proper set of compliance with state and centralized laws of governing authorities. It will bring transparency in working and ensure more productivity by implication of high degree of control. Implications of legal and statutory requirements and the benefits derived In order to gain the compliance and certification of ISO 27001, firstly a gap examination of the organization in the context of the definite clauses and standards need to be carried out. This will bring out the room for augmentation and set areas where control needs to be implemented. However, the additional assistance needs to be undertaken by the way of regulation and advice in order to qualify the certification. Some of the mandatory requirements might derive in the form of IT-related safety requirements, labor, and intellectual property laws, copyright and protection law etc. (KRYPSYS, 2018). The benefits this approach is expected to result in are it ensures the management of business risk in a cost-effective manner. It is bound to follow the valuable information to the interested parties. Also, it would yield significant competitive advantage over others in the same sector. Procedure to gain certification ISO 27001 Request for documentation from the client The proposal from IRQS India Offer acceptance from client along with order confirmation by IRQS India Pre-assessment (optional) Certification scrutiny - (Stage 1 + Stage 2) Granting of the certificate on successful achievement of the certification audit Surveillance audits at a defined period Recertification of audit after 3 years (GarzS, 2013). Risk management plan It is prepared to reduce the degree of probability in the exploitation of the vulnerability. It will also help in recognizing the serious information assets and their impact on continuity of operations. It is recommended to design MEHARI (method for harmonized analysis of risk) which was suggested by club de la Securite de information francais (CLUSIF). It was specially designed to line up the risk management approach of ISO 27001 (Disterer, 2013). MEHARI focuses on three diversified types of essentials- the necessity of services, the need of data and evidence to complete the provision and the prerequisite for legal or regulatory compliance. It also differentiates among contextual and intrinsic susceptibilities which describe the feebleness of control. With the mapping of instigated security services along with valued effectiveness in relative context to the impact of CIA, the assessment of risk situation is possible in realistic terms (Calder, 2016). Furthermore, it also provides Excel founded audit surveys in order to define risk administration domains, business processes, classification of data, situations, and vulnerabilities. The relationship between the condition and its impact can be studied from the questionnaire answers. Therefore, how to counteract the specific threats can be planned out. Benefits of Risk Management Plan It can protect the employees from any accident or hazardous event. Moreover, it can also result in reduced employees turnover. Also, it will hypothetically reduce insurance premium (TechTarget, 2018). Considerably, it will protect the business against unforeseeable along with maintenance of organizations reputation. Firstly, the allocation of the budget is the foremost concern. Thereafter, C level executives need to be educated and conversant regarding the importance attached to security training. The organizations assets should be protected on priority note. The program must be tailored as per diverse audience needs. At last, the proper amount of control needs to be executed for successful running. In addition to this, a contingency plan shall also be outlined so that it can act as a backup plan in worst circumstances and hence, minimize the chances of loss and panic attacks. Security Management as an on-going process Its not at all enough to just install tools and continue performance of tasks designed to fill up the holes in the system. Continuous follow up is required to evaluate and effective judge the benefits so derived. It also helps in knowing whether the technology is used in right ways by the needed people. Also, it should be highly flexible in nature so that changes could be made as and when needed. The process should be kept going so that benefits derived are also uninterrupted. Meanwhile, it will also facilitate the management control in an improved and cost-effective manner (Goldratt and Cox, 2016). The response generated from the potential customers is also positive along with a reduction in the occurrence of threat. Envision of other hardware, software and information/data management procedures The consideration of various operating system such Microsoft Windows, BSD, and Linux can be taken into account. Additionally, the service software like database services, web services along with some self-made software is expected to yield a lot more benefits. The accompanying applications of runtime environments like Perl, JRE could be implemented (Brandis, Dzombeta and Haufe, 2014). The configuration files can be dealt with critical assets as they are of highest relevance on information security, hence more protection is needed. The login credentials and user accounts require a safer layer of protection as data are processed within the service. Outcomes on the opening of the second campus In the context of YMSC, several problems are expected to arise on the opening of the second campus. Firstly, the cost of hiring new staff and other basic expenditure will rise. Secondly, it will block the capital and profit earned till the date. Thirdly, the information security system of the new campus will also be lacking confidentiality, unless and until a new risk management plan is developed (Young minds, 2018). Hence, the funds which will be blocked on the opening of a second campus can be utilized on budget allocation and installation of an extreme security system in the prior campus. Recommendations and conclusion YMSC recognizes its compulsion to ensure the appropriate level of security for the information system in the respective dominion of control and ownership. Furthermore, the awareness among the members of the college community is also must. The implementation of risk management plan in realistic term and on grounds settled is obligatory to ensure success. The respective HEI shall lay down the way in order to practice the knowledge acquired. Timely feedback should be received from different group forming interest so that modifications could be made as per requirements. For different approaches, cost volume profit analysis should be undertaken in order to have a comparative assessment and select the most profitable one with the minimum amount of cost. The cost to be incurred shall be studied in the context of the desired amount of profit earned in return. The amount of operational risk associated with the appropriated cost structure is forecasted. It will classify the level of operating activity needed in order to avoid loss and achieve beleaguered profits. As a result, the organizational performance and future operation are also possibly monitored. References Brandis, K., Dzombeta, S. and Haufe, K. (2014) Towards a framework for governance architecture management in cloud environments: A semantic perspective.Future Generation Computer Systems, 32, pp.274-281. Calder, A. (2016)Nine Steps to Success: An ISO27001: 2013 Implementation Overview. Chicago: IT Governance Ltd. Cerrudo, C. (2015) An emerging us (and world) threat: Cities-wide open to cyber-attacks. Boston: Securing Smart Cities. Disterer, G. (2013) ISO/IEC 27000, 27001 and 27002 for information security management.Journal of Information Security,4(02), p.92. European Union agency for network and information security (2018) Risk Management Information Security Management Systems [Online] Available at https://www.enisa.europa.eu/topics/threat-risk-management/risk-management/current-risk/risk-management-inventory/rm-isms [Accessed on 15th April 2018]. GarzS, J., et al. (2013) A maturity model for the Spanish software industry based on ISO standards.Computer Standards Interfaces,35(6), pp.616-628. Goldratt, E.M., and Cox, J. (2016) The goal: a process of ongoing improvement. London: Routledge. Howorth, J. (2014)Security and defense policy in the European Union. Europe: Palgrave Macmillan. Ifinedo, P. (2014) Information systems security policy compliance: An empirical study of the effects of socialization, influence, and cognition.Information Management,51(1), pp.69-79. IRCLASS (2018) Information Security Management System [Online] Available at https://www.irqs.co.in/information-security-management-system.html [Accessed on 15th April 2018]. Kim, E. (2014) Recommendations for information security awareness training for college students.Information Management Computer Security,22(1), pp.115-126. KRYPSYS (2018) The Krypsys approach to ISO 27001 compliance [Online] Available at https://www.krypsys.com/iso27001/iso-27001-important-organisations/ [Accessed on 15th April 2018]. Peltier, T.R. (2016) Information Security Policies, Procedures, and Standards: guidelines for effective information security management. London: CRC Press. Rebollo, O., et al. (2015) Empirical evaluation of a cloud computing information security governance framework.Information and Software Technology,58, pp.44-57. TechTarget (2018) Information security risk management: Understanding the components [Online] Available at https://searchsecurity.techtarget.com/tip/Information-security-risk-management-Understanding-the-components [Accessed on 15th April 2018]. Young minds (2018) Problems at school [Online] Available at https://youngminds.org.uk/find-help/feelings-and-symptoms/problems-at-school/ [Accessed on 15th April 2018].