VirtualSpace.com Analysis

Introduction to InfoSec Strategic Plan Development

The world is quickly evolving and transforming into digitization which has become a very important part of our lives. The average Australian spends over 5 hours online every day and has eight connectible internet devices (Forlani, 2019). Technology, machine learning and artificial intelligence are having a huge impact on all parts of personal and professional lives. As much as the benefits of accessing information and technology are enjoyed by the people, they have not been able to shield themselves against the threats of hacking and cyber-attacks leading to misuse of sensitive data (information leak), software thefts and other fraudulent activities. Australia is prone to thousands of cyber-attacks and digital security breaches. This challenge is faced by both small and large corporations.

In 2020, major companies in the country like Intel, Garmin, Avon Instacart; renowned educational institutes and Australian Universities and many more reported of bearing security breaches and cyber-attacks of critical nature (Webber Insurance Services, 2018). The significant issues identified are lack of awareness in Australian citizens and the inability of individuals and corporations or other institutions to take help of Governing Bodies (Cave, Uren and Kang, 2020). The Australian Cyber Security Centre (hereafter, ACSC) which was founded in 2014, in the wake of the prevailing cyber-attacks has been focusing on improving the state of cyber-security in Australia (ACSC, 2020). The following report seeks to discuss the role of an exclusive Information Security Department employed by VirtualSpace.com in an attempt to safeguard sensitive data from potential breaches. The report will talk about key strategic objectives and key initiatives proposed by the department towards the end.

Company Background (Reference Case Study)

VirtualSpace.com is an upcoming augmented-reality organization. The company sells and organises virtual tours to the celestial bodies such as Moon, Mars etc over the Internet. The company’s ambitious ten-year plan proposes pioneering virtual space with a strong customer base. However, recently even VirtualSpaceTours.com has been subjected to multiple cyber-security threats from both isolated and rival company hackers. The company’s current technological innovation has brought immense business growth and has been widely reckoned. However, it has also been the target of various rival brands and professional hackers, which is why the company has created an Information Security Office, to handle the critical issue that has the potential to hamper business growth. The following report entails various aspects covered by the Chief Information Security Officer that can be discussed and implemented by the top management.

Information Security Office

Mission statement

“The Information Security Office will work with the organization to secure system and network resources, and protect the confidentiality of the company, employees and customers.”

the Information Security Office will execute the mission in the following manner:

Identify potential risks that pose a possible threat to the information systems of the organization.
Develop a comprehensive system comprising of process, procedures and proper policies required to protect sensitive information.
Identify security requirements, formulate benchmarks and measure compliance that conforms to established laws, regulations, and standard accepted practices.
Mitigate potential risks to levels acceptable to the organization.
Consult with organization departments to discuss and probe security issues and provide exclusive solutions.
Collaborate with qualified personnel and technical staff to develop the organization security strategy and architecture.
Ensure implementation of prompt incident identification, response and recovery mechanism.
Ensure the provision of regular and proper training and communication to increase organization awareness and improve adaptability.

Governance

In addition to the existing organization structure, the department for Information Security will be blended as follows:

Roles and Responsibilities

Chief Information Security Officer (CISO)

Chief Information Security Officer (CISO) will be responsible for establishing and coordinating the organization information security strategy. The CISO will be responsible for the development, maintenance, and yearly review of the Information Security Plan and will coordinate with the following entities of the organization to do its job:

Head of Marketing
Head of Operations
Head of Administration
Head of Sales
Head of Production
Head of Finance
Head of Advertising
Head of Customer Service
Head of Human Resource
Head of IT Department
All management record-keepers
All managers and employees of various departments
Others directly/indirectly affected by security management

Information Security Executive Manager

The Information Security Executive Manager (hereafter ISM) reports to the CISO. The ISM will be responsible for assuring that the information security process across the organization is well-coordinated and overall risk is mitigated. The ISM will additionally be responsible for security planning, analysis, policies, standards and incident handling, as well as establishing and maintaining a framework to assure that information security strategies are aligned with organization objectives and consistent with applicable laws and regulations.

ISM’s responsibilities shall include but not limited to:

Management of confidential information that is critical for the organization.
Management of Information Security Data Centres, where a repository of an organization's information is maintained
Promoting and ensuring that relevant regulatory standards, practices and procedures conforming to Information Security are complied with.
Assessing the effectiveness of present safeguards and identifying measures to control the risks
Formulating an alternative plan of action to preserve the confidential and important organization in an unlikely circumstance caused by nature or due to humans.

Information Security Technical Council

The Information Security Technical Council (hereafter, ISTC) will be responsible for assessing, responding, and resolving information security issues that might arise in any areas of the organization. THE ISTC will coordinate with technical personnel of organization's IT Staff and Tech Support Department to ensure the above.

The role and responsibility of ISTC will include but not limited to:

Identifying potential security breach in the organization system
Notifying concerned departments that are affected by possible security breach or infringements
Providing necessary guidelines regarding security to respective departmental data heads
Notifying appropriate units of possible security infringements

The proposed member panel may comprise of

A member of the Board of Directors
Chief Executive Officer
Members from each organization department
Members from the Department of Information Security

Strategic Objective

The strategic objectives entail to control, transfer, absorb or by-pass information risk related to various stakeholders within the organization.

The Strategic Objectives will incorporate

Transforming into an organization where data security is integrated as seamlessly as possible with applications, data, processes and workflows into a unified environment.
A proactive approach in managing data security concerns
Devise comprehensive and inclusive process for development and implementation of information security management
Identifying and prompt resolution of security infringements
Effective time reduction in the resolution of issues arising in information security management.
Defining concrete yet flexible and adaptable data centres
Eliminating redundancy to better support achievement of objectives;
Collaborating with external personnel and resources if and when required to support internal staff.

Key Initiatives

Following Key Initiatives are proposed towards the management of Information Security Systems at VirtualSpaceTours.com:

In-depth analysis of organization awareness regarding cyber-security: The Information Security Department will take the initiative of assessing the preliminary awareness that the organization and various departments have regarding information security. This will help judge the understanding of the issue and relevant training programs can be formulated to help the organization gather proper knowledge about the need for data security and how they can help in preventing breaches.
Using multi-factor authentication to safeguard software and technology from rivals and competitors: The Information and Security Department will primarily work on deploying strong firewalls incorporating multi-factor authentications coupled with strong vigilance on a constant and regular basis to mitigate the risk of the breach through individual hackers and competitors.
Making Cyber-security understandable and user-friendly: According to research by Kinsey & Company, 2019, 86 per cent of the top management comes to know about the issues arising out of cyber-security at a very late stage. Most of the respondents of the survey also cited that they regard cyber-security as a technical issue and hear about it once a year in Annual General Meetings. The Information Security Department will take the initiative of making cyber-security issue a regular matter of discussion and will transform the name as "Digital Risk" to make it look and sound user-friendly.
Integrating resources with regulating Government bodies for better execution and control: Government of Australia by incorporating a formal body on to look after cyber-security, ACSC has been constantly urging organizations and people to collaborate with them for better insurance and strength for their sensitive data (Cave, Uren and Kang, 2020). The Information Security Department at VirtualSpaceTours.com will take the initiative of partnering with ACSC to get informed updates on latest security measures thereby attempting to mitigating the risks arising out of potential breaches and infringements.
Implementing Air Gap Backups to make the security systems more concrete: The concept of Air-Gap Backups states that if the data isolated and cannot be accessed, then it cannot be breached (Tropeano, 2018). The Information Security department will take the initiative of installing this technology in precise sensitive data spots that are more important for the company to make the system's firewalls strong and unbreachable.

Conclusion on InfoSec Strategic Plan Development

The prevalent threats of security breaches and cyber-attacks have made it an absolute necessity for any organization to opt for stronger data security measures. VirtualSpaceTours.com, the well-known augmented reality company in Australia has been no different in bearing the cyber breaches. The company’s decision to incorporate a formal Information Security Department has been made in the wake of the above circumstances. The Information Security System seeks to integrate organization resources with comprehensive tools and processes that will help the company secure its software and technology that contribute towards them gaining a competitive advantage over its rival companies. This is profoundly reflected in the Mission Statement of the department that is well-integrated with company goals. The report also discusses in detail the roles and responsibilities that each department under the Information Security Office will follow.

The strategic objectives aim at stabilizing the security systems of VirtualSpaceTours.com and emphasis strongly on the role of internal stakeholders in enhancing the value of cyber-security. The report also highlights the need for regular training and development for various departments to foster cybersecurity throughout the organization. The department of Information and Security also suggests key initiatives which talk on various aspects, with most important being changing the outlook towards cyber-security and proposed to make changes in the manner that makes the issue of cyber-security sound understandable and user-friendly. The role of Government bodies has also been focused upon. Collaborating with regulating government bodies such as ACSC can help the organization stay up-to-date with new possibilities that can further help improve the process and keep the security strong for VirtualSpaceTours.com and help the company achieve their strategic business goals of being the leader of the Augmented-reality segment and have a strong and loyal customer base of 10-million people in the next 10 years.

References for InfoSec Strategic Plan Development

ACSC (2020). Home Page | Cyber.gov.au. [online] Cyber.gov.au. Available at: https://www.cyber.gov.au/.

Cave, D., Uren, T. and Kang, J. (2020). What, who and why: explaining the cyberattacks against Australia. [online] The Strategist. Available at: https://www.aspistrategist.org.au/what-who-and-why-explaining-the-cyberattacks-against-australia/.

Department of Industry, Innovation and Science. (2018). What is the Government doing in cybersecurity? [online] Available at: https://www.industry.gov.au/data-and-publications/australias-tech-future/cyber-security/what-is-the-government-doing-in-cyber-security.

Evans, B. (2015). The Importance of Building an Information Security Strategic Plan. [online] Security Intelligence. Available at: https://securityintelligence.com/the-importance-of-building-an-information-security-strategic-plan/.

Forlani, C. (2019). Digital in 2019: Australia social media usage is growing. [online] We Are Social Australia. Available at: https://wearesocial.com/au/blog/2019/02/digital-in-2019-australia-social-media-usage-is-growing.

MC.Kinsey & Company (2019). Perspectives on transforming cybersecurity Digital McKinsey and Global Risk Practice. [online] MC.Kinsey & Company. Available at: https://www.mckinsey.com/~/media/McKinsey/McKinsey%20Solutions/Cyber%20Solutions/Perspectives%20on%20transforming%20cybersecurity/Transforming%20cybersecurity_March2019.ashx.

Meyer, B. (2019). Australia‘s cybersecurity landscape : the reasons to worry. [online] CyberNews. Available at: https://cybernews.com/security/australias-cybersecurity-landscape/ [Accessed 2020].

Tropeano, G. (2018). What is an Air Gap and Why Does It Matter? [online] Actifio. Available at: https://www.actifio.com/company/blog/post/what-is-an-air-gap-and-why-does-it-matter/ [Accessed 2020].

Webber Insurance Services (2018). List of Data Breaches and Cyber Attacks in Australia in 2018, 2019. [online] Webber Insurance Services. Available at: https://www.webberinsurance.com.au/data-breaches-list.

Woolley, S. (2020). Australia targeted in “sophisticated” state-based cyber attack. [online] 7NEWS.com.au. Available at: https://7news.com.au/politics/australian-government-targeted-in-cyber-breach--c-1111238 [Accessed 2020].

‌Remember, at the center of any academic work, lies clarity and evidence. Should you need further assistance, do look up to our Management Assignment Help