Information Security Management Plan

Cyber security is about protecting your computer-based equipment and information from unintended or unauthorised access, change, theft or destruction HM Governement (2015), you can manage the risks by Planning, Implementing and Reviewing your Information Security Management System. The following are the key points of Information and Security Management Plan.
Risk Assessment and Analysis – The company should assess the security risks or damages that could be caused to the system, personal data, valuables or confidential information if there was a security breach. There are number of measures that can be used to prevent security breaches or limit the damage if they do occur. “There is no single product that can provide 100% protections to your business as indicated by ICO (2012) but the key approach is to have a layered approach by combining different tools and techniques. If one layer fails then others are there to prevent the threat”.

Don't use plagiarized sources. Get Your Custom Essay on
Information Security Management Plan
Just from $13/Page
Order Essay

Get Help With Your Essay
If you need assistance with writing your essay, our professional essay writing service is here to help!
Essay Writing Service

Organizations that do not perform a threat and risk analysis are leaving themselves open to situations that could disrupt, damage or destroy their ability to conduct business. It is the responsibility of staff and management to educate and train themselves in ‘Risk Analysis’ to prevent their business from threats. A report published by HM Government (2015) indicates that in 2014, 60 % of small businesses experienced a Cyber breach.
Security and Intrusion – Ensure that anti-virus and anti-malware software are installed on your server or PC’s and the network is regularly scanned to prevent or detect threats. The threats could be Human (Hackers, Theft, Accidental, DDOS (Distributed Denial of Service), untrained Staff and so on) or Non-Human (floods, Lightning strikes, Viruses, Fire, Electrical fault. Earthquakes etc). Use IDS (Intrusion Detection System). Ensure that Firewall and windows defender programmes are installed to prevent intrusion into the network. Also ensure that they are kept up-to-date.
Access Controls – Ensure that these access controls are adopted. There are two types of Access controls CISSP (2012) Logical & Physical. Logical access control method is done via access control lists (ACL’s), group policies, passwords and account restrictions. ACL provides detailed access control for objects (spread sheets, accounts or data). Group policies allow system administrator to configure user accounts (permissions, privileges etc). Passwords are “the most common logical access control sometimes referred to as a logical token” (Ciampa, 2009). Password protection should be used to protect PC’s, access to confidential data or sensitive information. Encryption is another means of ensuring that data can only be accessed by authorised users.
Password Control – Create a strong password and remember it Microsoft (n.d). A limit to the number of failed login attempts should be introduced. A regular password changes should be enforced. If a member of staff is absent for a long time or has left and the account is unused, the account should be disabled or deleted. Any unauthorised access to objects or resources should be reported to the management.
Physical access control is intended for using physical barriers to prevent unauthorised users from accessing computer or server room/ premises or building. This type of control include video surveillance with CCTV, Smart Card access with password for authentication, mantraps and biometrics and so on.
Employee awareness and training- All employees should be trained to recognise threats such as phishing,
emails and other malware. Also staff should be trained to identify unauthorised personal trying to access entry into restricted areas. Such incidence should be reported to the security manager.
Segmentation – Prevent or limit the severity of data breaches by separating and limiting access between your network components ICO(2012). For example, your web server should be separate from your main file server. This means that if your website was compromised the attacker would not have direct access to your central data store.
Device hardening- Ensure that unused software and services are removed from your devices ICO (2012). If you don’t use it, then it is much easier to remove it than try to keep it up-to-date. Make sure you have changed any default passwords used by software or hardware – these are well known by attackers.
Policies- A policy will enable you to make sure you address the risks in a consistent manner. Well written policies should integrate well with business processes. Check that the existing policies, procedures and protection items in place are adequate otherwise there is risk of vulnerabilities. A review of the existing and planned safeguards should be performed to determine if the previously known and discovered risks and threats have been mitigated.
Remote Access Control – If the company internal network is accessed over the Internet then the company should employ a secure Virtual Private Network (VPN) system accompanied by strong two-factor authentication, using either hardware or software tokens FCC(n.d).
Data Backup – The data must be backed up regularly, the backup media should be stored in a fire proof safe or on a remote site. Backup policy should be created to include the storage location, data restoration process and backup schedule. One person should be nominated for looking after the backup system.
Data Loss Recovery Plan- A plan for restoring the unexpected loss of data (either due to human or natural disaster) should be put into place. Data loss can expose business to significant litigation risk FCC (n.d) and hurt your business brand and customer confidence.
Cloud based Services- Cloud based services gives lot of benefits to organisations and according to Hutchings et al (2013) these services like any other network services are vulnerable to threats such as ‘Authentication issues, DoS, Network/ packet sniffing, Malware and so on. There are technologies like VPN, Encryption, Packet filtering and Firewall that can be used to secure data from such threats. It is believed that data is secure if encrypted before it is transferred to cloud storage. NDIS (Network Intrusion Detection System) such as SNORT has also been employed by the network managers for protecting data against external attacks. Similar provision is still needed to protect infrastructure when moved to cloud. Once data is stored on to cloud storage you have lost control over it. So an agreement has to be reached with the vendor at the time of hiring their services as to how the data will be protected from external vulnerabilities.
References
Rubens P (2013) 6 Emerging Security Threats, and How to Fight Them Available at: http://www.esecurityplanet.com/network-security/6-emerging-security-threats-and-how-to-fight-them.html (Accessed 26 Mar 2015)
ICO (2012) A Practical Guide to IT Security [Online] Available at: https://ico.org.uk/media/for-organisations/documents/1575/it_security_practical_guide.pdf (Accessed 25 Mar 2015)
Ciampa (2009) Access Control Models and Methods [Online] Available at: http://resources.infosecinstitute.com/access-control-models-and-methods/ (Accessed 25 Marr 2015)
Hutchings et al (2013) Cloud computing for small business: Criminal and security threats and prevention measures [Online] Available at:http://aic.gov.au/publications/current series/tandi/441-460/tandi456.html (Accessed 25 Marc 2015). 
CISSP (2012) Access Control Models and Methods [Online] Available at: http://resources.infosecinstitute.com/access-control-models-and-methods/ (Accessed 25 Mar 2015).
HM Government (2015) Small Business: What you need to know about cyber security [Online] Available at: https://www.gov.uk/government/uploads/system/uploads/attachment_data/file/412017/BIS-15-147-small-businesses-cyber-guide-March-2015.pdf (Accessed 23 Mar 2015) 
FCC (n.d) Cyber Security Planning Guide [Online] Available at: http://transition.fcc.gov/cyber/cyberplanner.pdf (Accessed 23 Mar 2015)
Microsoft (n.d) Safety and Security Centre [Online] Available at: http://www.microsoft.com/en-gb/security/online-privacy/passwords-create aspx.  (Accessed 24 Mar 2015)
 

What Will You Get?

We provide professional writing services to help you score straight A’s by submitting custom written assignments that mirror your guidelines.

Premium Quality

Get result-oriented writing and never worry about grades anymore. We follow the highest quality standards to make sure that you get perfect assignments.

Experienced Writers

Our writers have experience in dealing with papers of every educational level. You can surely rely on the expertise of our qualified professionals.

On-Time Delivery

Your deadline is our threshold for success and we take it very seriously. We make sure you receive your papers before your predefined time.

24/7 Customer Support

Someone from our customer support team is always here to respond to your questions. So, hit us up if you have got any ambiguity or concern.

Complete Confidentiality

Sit back and relax while we help you out with writing your papers. We have an ultimate policy for keeping your personal and order-related details a secret.

Authentic Sources

We assure you that your document will be thoroughly checked for plagiarism and grammatical errors as we use highly authentic and licit sources.

Moneyback Guarantee

Still reluctant about placing an order? Our 100% Moneyback Guarantee backs you up on rare occasions where you aren’t satisfied with the writing.

Order Tracking

You don’t have to wait for an update for hours; you can track the progress of your order any time you want. We share the status after each step.

image

Areas of Expertise

Although you can leverage our expertise for any writing task, we have a knack for creating flawless papers for the following document types.

Areas of Expertise

Although you can leverage our expertise for any writing task, we have a knack for creating flawless papers for the following document types.

image

Trusted Partner of 9650+ Students for Writing

From brainstorming your paper's outline to perfecting its grammar, we perform every step carefully to make your paper worthy of A grade.

Preferred Writer

Hire your preferred writer anytime. Simply specify if you want your preferred expert to write your paper and we’ll make that happen.

Grammar Check Report

Get an elaborate and authentic grammar check report with your work to have the grammar goodness sealed in your document.

One Page Summary

You can purchase this feature if you want our writers to sum up your paper in the form of a concise and well-articulated summary.

Plagiarism Report

You don’t have to worry about plagiarism anymore. Get a plagiarism report to certify the uniqueness of your work.

Free Features $66FREE

  • Most Qualified Writer $10FREE
  • Plagiarism Scan Report $10FREE
  • Unlimited Revisions $08FREE
  • Paper Formatting $05FREE
  • Cover Page $05FREE
  • Referencing & Bibliography $10FREE
  • Dedicated User Area $08FREE
  • 24/7 Order Tracking $05FREE
  • Periodic Email Alerts $05FREE
image

Our Services

Join us for the best experience while seeking writing assistance in your college life. A good grade is all you need to boost up your academic excellence and we are all about it.

  • On-time Delivery
  • 24/7 Order Tracking
  • Access to Authentic Sources
Academic Writing

We create perfect papers according to the guidelines.

Professional Editing

We seamlessly edit out errors from your papers.

Thorough Proofreading

We thoroughly read your final draft to identify errors.

image

Delegate Your Challenging Writing Tasks to Experienced Professionals

Work with ultimate peace of mind because we ensure that your academic work is our responsibility and your grades are a top concern for us!

Check Out Our Sample Work

Dedication. Quality. Commitment. Punctuality

Categories
All samples
Essay (any type)
Essay (any type)
The Value of a Nursing Degree
Undergrad. (yrs 3-4)
Nursing
2
View this sample

It May Not Be Much, but It’s Honest Work!

Here is what we have achieved so far. These numbers are evidence that we go the extra mile to make your college journey successful.

0+

Happy Clients

0+

Words Written This Week

0+

Ongoing Orders

0%

Customer Satisfaction Rate
image

Process as Fine as Brewed Coffee

We have the most intuitive and minimalistic process so that you can easily place an order. Just follow a few steps to unlock success.

See How We Helped 9000+ Students Achieve Success

image

We Analyze Your Problem and Offer Customized Writing

We understand your guidelines first before delivering any writing service. You can discuss your writing needs and we will have them evaluated by our dedicated team.

  • Clear elicitation of your requirements.
  • Customized writing as per your needs.

We Mirror Your Guidelines to Deliver Quality Services

We write your papers in a standardized way. We complete your work in such a way that it turns out to be a perfect description of your guidelines.

  • Proactive analysis of your writing.
  • Active communication to understand requirements.
image
image

We Handle Your Writing Tasks to Ensure Excellent Grades

We promise you excellent grades and academic excellence that you always longed for. Our writers stay in touch with you via email.

  • Thorough research and analysis for every order.
  • Deliverance of reliable writing service to improve your grades.
Place an Order Start Chat Now
image

Order your essay today and save 30% with the discount code Happy