CO4512 Information Security Management and Risk Assessment Assignment Sample

• Subject Code : CO4512
• University : University of Central Lancashire My Assignment Services is not sponsored or endorsed by this college or university.
• Subject Name : IT Computer Science

Information Security Management - Answer 1

Section (A) - Three main components of the CIA triad are as follows 

Confidentiality: "Privacy is commonly can be preserved as a means of security," the following important is that how to protect the utmost important as well as sensitive data/information from the unauthorized student for the XYZ university.

Integrity: In this it mainly aims on how to protect data/information for the XYZ University from unauthorized students. So they will not make any changes or modify in the records.

Availability: In this, it referred has to provide information or data for every time to specify authorized student at every moment for they required.

Section (B)

1. Identification - Most of the first steps/foundation to gain authorized access to information. This is usually done with a user name as well as password or another employee of XYZ university I.D

2. Authentication is done by a system that confirms that the user is the student who claims to be the student. This is done through an encryption certificate method to establish an SSL connection as well as hardware device.

3. Permissions define what users (individuals or computers) are specifically authorized to access, modify, delete, as well as other appropriate permissions to the content of the information asset. Examples of permissions are the activation as well as use of access control lists as well as permission groups in a network environment.

4. Accountability happens when the control gives an assurance that all exercises performed can be ascribed to an assigned individual or to a mechanized procedure. For instance, a review log that tracks client movement in a data framework gives Accountability

Section (C) - Challenges in the formation of policy for the XYZ University are as follows 

1. Policy ought not to be illegal. Setting up such an approach just as tailing it is viewed as a criminal go about just as is rebuffed. They can't be executed or upheld in court.

2. Policy must be kept up in court. The rise of strategies that are not upheld by the courts isn't obligatory.

3. Policy must be kept up just as executed appropriately. On the off chance that help just as usage is available, the approach is an attractive outcome.

Section (D)

It is very important that the information security management systems are fully planned for implementation as well as maintenance. Planning helps you find the right software by properly evaluating your information security management system. The plan helps to establish a sense of purpose as well as ensures that an information security management system is implemented to achieve your XYZ University's business goals. Planning can also help you comply with standardized best practices. All of this leads to increased profits from information security management systems. Once the proper planning is done, the cost of maintenance is reduced with well-planned site assessment, on-site training as well as on line support.

Section (E)

A policy is an action plan that XYZ Universities use to send instructions from senior management of the XYZ University to each section. Unlike policies, standards are more detailed than policies, as well as describe the steps an XYZ University takes to comply with a policy. Practice, these demonstrate how to effectively comply with policies.

Information Security Management  - Answer 2 

Section (A) - Three benefits of project management in the field of information security are as follows –

1. With project management, projects are planned as well as controlled in effective manner so that project can be initiated as well as executed perfectly. Project management helps manager to set the scope, schedule as well as budget accurately from the start

2. Project management helps to allocate all the resources of the XYZ University in optimum manner for its efficient use. Project management helps to minimize the cost of project as well as provide the profit if done accurately as well as effectively.

3. Project management helps to identify risks involved in a project as well as try to find ways to mitigate those risks for completion of the project on time. Good project management helps in gaining competitive advantage as well as customer satisfaction because investors get profits from success of project as well as customers get the product or services on time.

Section (B) - Three key concerns regarding risk management

1. Identify risks - An enterprise-wide survey helps identify data that needs protection. This can also help you get early approval from key stakeholders.

2. Create awareness as well as training across the XYZ University - Understand your XYZ University's business requirements, including budget review, staff, as well as complexity of business processes. Frequent education of enterprise research, security seminars, as well as security best practices is a way to keep all employees in mind.

3. Establish open communication between all stakeholders - It's important to feel that all stakeholders can communicate directly with leadership. Open Communication increases the visibility as well as confidence of the entire XYZ University. To further enhance your engagement, consider creating a management committee as well as key team leads to review as well as evaluate current security risks.

Information Security Management  - Answer 4 

Section (A) - There are three components to a contingency plan

1. Incident Response Plan: - Focus only on full incident response. This is a detailed set of processes as well as procedures that predict as well as mitigate the impact of unexpected events that can potentially jeopardize information assets.

2. Disaster Recovery Plan: - Focusing on operational recovery. It covers disaster preparation as well as recovery. Incidents can be classified as a disaster if an XYZ University cannot suppress or control the impact of an incident as well as cannot recover quickly.

3. Business Continuity Plan: - Focus on backup plans to establish an alternative plan until the system is stable. A plan to continue critical business functions in the event of a disaster. Most BCPs run in parallel with DRPs when a disaster is large or long-term as well as requires complex recovery of security information assets.

Section (B) - Three objectives of the planning as well as risk assessment domain of the maintenance model are as follows -

1. The start of a memorial process for identifying, selecting, planning, as well as following-up activities for information security that strengthen the current information security program for formal projects.

2. Implement risk assessment, review all IT projects, identify, document, as well as incorporate risks introduced by the launch of the IT project into the project decisions in collaboration with the IT project team.

3. Establish a conventional data security program audit procedure to supplement just as help both the IT arranging process just as the key arranging process.

Remember, at the center of any academic work, lies clarity and evidence. Should you need further assistance, do look up to our Computer Science Assignment Help