Order Now
Uncategorized

Information Security Planning For WAS Swim Association

14 min read
Posted on 
April 18th, 2025
Home Uncategorized Information Security Planning For WAS Swim Association

Information Security Plan of WAS Swim Association

Information security could be designed for the protection of the three factors of confidentiality, integrity as well as availability of the information or data of computer systems from all those with all types of malicious intentions (Crossler et al., 2013). These three factors of CIA are together referred to as the triplet of the information security. This triad of CIA has evolved for including the possession, authenticity, utility, confidentiality, availability and integrity. The risk management is properly handled with the help of information security. Anything that could bring the negative impact within the organizational information system is termed as a risk. The confidential information should not be changed or altered under any circumstances. The message could be either modified while transmitting it someone or could be intercepted even before it is reaching to the intended recipient (Von Solms & Van Niekerk, 2013). There are various methodologies that are quite helpful in proper control and mitigation of all types of risks and threats.

Save Time On Research and Writing
Hire a Pro to Write You a 100% Plagiarism-Free Paper.
Get My Paper

This report will be providing a brief description on the WAS Swim Association of Western Australia. The various details regarding this particular organization and the several threats of the information system of WAS Swim Association would be given here. Moreover, a risk matrix showing all the risks and their probable solutions would be provided in the report.

Information security planning for WAS Swim Association is extremely vital and significant for them to safeguard the data, resources and information (Peltier, 2013). This type of plan is extremely important for the protection of these above mentioned resources. Some of the major reasons for the safeguards to these resources of WAS Swim Association are given below:

  1. The most important and significant reason to create an information security plan in WAS Swim Association is to properly protect the information from all types of anticipated risks or threats for maintaining the security and integrity of data (Siponen, Mahmood, & Pahnila, 2014).
  2. The confidentiality of the sensitive information or data is also ensured with the proper implementation of this type of information security plan and also by making the major changes within it.
  3. The next subsequent reason to create the information security plan for WAS Swim Association would be that a protection shield would be made by ensuring that all the policies and procedures are followed here (Yang, Shieh & Tzeng, 2013). Hence, the data, resources and information are utilized properly.

This information security plan within the WAS Swim Association could eventually provide the mechanism to gain various advantages that are listed below:

  1. The most significant advantages of the information security plan is that there is a perfect identification of several risks and threats that are threatening for these resources and data (Peltier, 2016).
  2. Another benefit of this type of planning would be that the various threats associated with the data can be easily and promptly controlled.
  3. A perfect deployment as well as review of this plan help in understanding these risks and threats.
  4. WAS Swim Association can adjust the various reflection of changes within the technology and thus all types of internal and external threats to the data security are properly identified (Singh, 2013).

Two kinds of risks and threats are associated with information and data of WAS Swim Association. These are external risks and internal risks. The risks are extremely dangerous and vulnerable to the association members, council members, policies as well as other media in WAS Swim Association (Xu et al., 2014). Hence, the risk assessment for all the risks in WAS Swim Association are as follows:

Save Time On Research and Writing
Hire a Pro to Write You a 100% Plagiarism-Free Paper.
Get My Paper

Identified Risks

Internal/ External

Severity

Probability

Impact

1. Easily Identifiable Security Vulnerabilities

External

Catastrophic (4)

High (4)

High (4)

2. No risk Assessments from the Third Party Providers

Internal

Critical (3)

Medium (3)

Medium (3)

3. Technical Integration

Internal

Marginal (2)

Low (2)

Low (2)

4. Inadequate System Administrators

Internal

Critical (3)

Medium (3)

Medium (3)

5. Improper Database System

Internal

Marginal (2)

Low (2)

Low (2)

6. Data Corruption

Internal

Catastrophic (4)

High (4)

High (4)

7. System Errors

Internal

Negligible (1)

Very Low (1)

Very Low (1)

8. Physical Loss of Data

Internal

Critical (3)

Medium (3)

Medium (3)

9. Network Security Issues

External

Catastrophic (4)

High (4)

High (4)

10. Malware Attacks

External

Marginal (2)

Low (2)

Low (2)

Table 1: Risk Assessment Table of WAS Swim Association

The above risk assessment table has clearly depicted all the risks of this organization with the levels of severity. Here, 4 is depicted as the highest severity and is termed as catastrophic and 1 is depicted as the lowest severity and is termed as negligible (Safa, Von Solms & Furnell, 2016). The probabilities as well as the respective impacts of these identified risks are also provided here. All of these risks should be removed and eradicated on an immediate purpose for maintaining the balance between the organization as well as the confidential and sensitive data or information.

A classification table for the confidential information is responsible for dividing the various information or data to four specified classes, namely confidential, regulated, internal uses as well as external uses (Andress, 2014). The classification table of information is helpful for the organization in dealing with the several kinds of information. Hence, the utmost protection of all types of information is possible with it. Examples are also provided within this table.

Risk Assessment for WAS Swim Association

The respective classification table for the information of the WASSA is given below:

Class of Information in WASSA

Explanation of the Class

Example of these Information

1. Confidential

The confidential class of sensitive information is related to WASSA and thus it is termed as confidential. This specific access to all types of unauthenticated or unauthorized parties can subsequently cause the entity to incur all types of company losses (Parsons et al., 2014). This particular classification of confidential is responsible for involving all the details of information that can solely affect the respective brand names of the WAS Swim Association. This information is not shared with the external users. Furthermore, the sensitive and important information can also develop all types of insider threats within the organization (Soomro, Shah & Ahmed, 2016). Moreover, these information that can be kept secret from the various unauthenticated parties is even called the confidential.

The various illustrations of these information mainly involve the documentations of administrators and even all other board members, budgets and strategy memoranda, non-published accounting material, the transactional information and the various strategies regarding the long term development and many others.

2. Regulated

The second kind of information that is eventually governed by each and every regulatory restriction is regulated type. This regulated data can only be accessed by the authorized or authenticated members of WAS Swim Association. The utmost care is taken for the case even before this information could be utilized, stored and also transmitted. There is an authenticated disclosure of the regulated information that can affect the clients and employees of WAS Swim Association. This can also violate guidelines for regulatory compliance (Baskerville, Spagnoletti & Kim, 2014).

The most significant examples of these regulated information major involve the procedures and policies that are associated with information, which is helpful in keeping the sensitive data for protecting with federal laws and regulations (Shropshire, Warkentin & Sharma, 2015). PII data of WAS Swim Association are also examples of such information. Regulated information is quite important.

3. Internal Uses

Internal use category deals with those data that are used by only the internal members of WAS Swim Association. This type of information is not being accessed by any of the external sources and hence is accessed by only the internal users of the organization that too with proper permission.

The examples of this information are electronic mail, reports, internal letters and memos for WAS Swim Association (Ab Rahman & Choo, 2015). Moreover, the instructions and processes of these information are also accessed by the internal users.

4. External Uses

The external use category deals with those data that are used by the external users. There is no restriction for data access at any cost and the data loss is no possible (Dotcenko, Vladyko & Letenko, 2014). The external users could only use those data that are already available in public.

The best examples of the external use information are media posted data or marketing details of WAS Swim Association.

 

There are several important and significant risks that are being identified within the respective risk matrix of WAS Swim Association. This risk matrix is required to understand the severity of all risks. A proper removal of these risks are required for WAS Swim Association so that their confidential information is safe and secured (Flores, Antonsen & Ekstedt, 2014). There are four type of risks identified in the risk matrix, which are catastrophic, critical, marginal and negligible and the impacts of these risks are high, medium, low and very low. However, these risks could be removed by undertaking some of the most significant and important solutions, which are given below:

  1. Implementation of Antivirus Software: The first and the most significant and important solution for the proper removal of all types of identified risks and threats that are associated with the information system of WAS Swim Association is to implement the software of antivirus (Layton, 2016). The antivirus software is one of the most basic and primitive kind of computer program, which could be easily used to properly and perfectly prevent, detect and finally eradicate the malicious software and malware. All types of malware attacks and virus attacks could be perfectly and easily eradicated with the help of this particular software. Moreover, the other computer threats and risks are also removed with the help of this particular software (Kolkowska & Dhillon, 2013). Phishing, online identity threats and risks are easily stopped or removed with the antivirus software.
  2. Deployment of Firewalls: Another important and significant solution that would be extremely efficient as well as effective for the appropriate removal of all types of identified risks and threats associated with the specific information system of the WASSA is to deploy the software of firewalls (AlHogail, 2015). This firewall, as the name suggests, acts like a specific wall for any type of threat and risk. This is the significant system of network security that helps in the proper monitoring as well as controlling the incoming and outgoing network traffics over the subsequent basis of all pre determined security regulations, policies and rules. The firewall eventually establishes the barrier within the trusted internal networks and the untrusted external networks like the Internet connection. There could be two types of these firewalls, which are either host based firewall and the network firewall. This network firewall could sieve the traffic within networks (Peltier, 2013). On the other hand, the host-based firewall runs on the specific host computers and then controls the traffic of the machines.
  3. Network Controls as well as Network Access: Another important and significant solution for any type of issues or problems that are associated with the network of the organization of WAS Swim Association is the significant network control and the network access. This is a major step for reducing any type of information related threat or risk (Von Solms & Van Niekerk, 2013). The information or the confidential and sensitive data often gets hacked and damaged by the hackers or attackers. Several activities are present that can negatively affect or impact the complete and important operations of peripherals, computers as well as networks to impede the capability of this network access.
  4. Deployment of DHCP and DNS Servers: The servers of the dynamic host configuration protocol or the DHCP as well as the domain name system or the DNS should be eventually deployed in the respective network of WAS Swim Association for perfectly mitigating all the risks and threats effectively and efficiently (Siponen, Mahmood & Pahnila, 2014). The main benefit of this deployment of DHCP and DNS server is that the access of data and the loss or damage of data is strictly prohibited by all types of unauthorized access or hackers. Hence, the confidentiality and integrity of the data is secured.
  5. Restriction of the Physical Accessing of Data: Another important and noteworthy solution for the information security of the organization of WAS Swim Association is keeping a restriction on the physical accessing of any type of confidential data or information (Peltier, 2016). WAS Swim Association should ensure the fact only the authorized users are accessing the data and hence there is absolutely no chance for the data manipulation and data loss.

Conclusion

Therefore, from this discussion, a proper conclusion could be drawn that the information security or simply infosec can be stated as the significant set of various strategies, which would be helpful for the management of various tools, technologies, procedures and policies that are needed to prevent, detect, document and counter the risks for both non digital and digital information. The most important responsibilities of this information security would be an establishment of a collection of several business procedures that would be substantially required for the protection of information assets and not on the processing procedure and the process of keeping the information within storage. The major goals of these programs of IS are CIA for the respective systems of information technology. These goals eventually ensure the fact that sensitive information or data are getting disclosed in front of only authenticated parties and thus there is a prevention of unauthorized modifications of those data. Furthermore, these data can also be accessed and retrieved by all authorized parties anytime. The process of the risk management is required for this purpose to assess these vulnerabilities and threats continuously. The above provided report has clearly demonstrated the various details regarding WAS Swim Association to subsequently understand these threats and risks that are associated with this organization. The report has provided a risk matrix to know about the severity of risks as well as a classification information scheme for WAS Swim Association.

References

Ab Rahman, N. H., & Choo, K. K. R. (2015). A survey of information security incident handling in the cloud. Computers & Security, 49, 45-69.

AlHogail, A. (2015). Design and validation of information security culture framework. Computers in Human Behavior, 49, 567-575.

Andress, J. (2014). The basics of information security: understanding the fundamentals of InfoSec in theory and practice. Syngress.

Baskerville, R., Spagnoletti, P., & Kim, J. (2014). Incident-centered information security: Managing a strategic balance between prevention and response. Information & management, 51(1), 138-151.

Crossler, R. E., Johnston, A. C., Lowry, P. B., Hu, Q., Warkentin, M., & Baskerville, R. (2013). Future directions for behavioral information security research. computers & security, 32, 90-101.

Dotcenko, S., Vladyko, A., & Letenko, I. (2014, February). A fuzzy logic-based information security management for software-defined networks. In Advanced Communication Technology (ICACT), 2014 16th International Conference on(pp. 167-171). IEEE.

Flores, W. R., Antonsen, E., & Ekstedt, M. (2014). Information security knowledge sharing in organizations: Investigating the effect of behavioral information security governance and national culture. Computers & Security, 43, 90-110.

Kolkowska, E., & Dhillon, G. (2013). Organizational power and information security rule compliance. Computers & Security, 33, 3-11.

Layton, T. P. (2016). Information Security: Design, implementation, measurement, and compliance. Auerbach Publications.

Parsons, K., McCormac, A., Butavicius, M., Pattinson, M., & Jerram, C. (2014). Determining employee awareness using the human aspects of information security questionnaire (HAIS-Q). Computers & Security, 42, 165-176.

Peltier, T. R. (2013). Information security fundamentals. CRC Press.

Peltier, T. R. (2016). Information Security Policies, Procedures, and Standards: guidelines for effective information security management. Auerbach Publications.

Safa, N. S., Von Solms, R., & Furnell, S. (2016). Information security policy compliance model in organizations. Computers & Security, 56, 70-82.

Shropshire, J., Warkentin, M., & Sharma, S. (2015). Personality, attitudes, and intentions: Predicting initial adoption of information security behavior. Computers & Security, 49, 177-191.

Singh, G. (2013). A study of encryption algorithms (RSA, DES, 3DES and AES) for information security. International Journal of Computer Applications, 67(19).

Siponen, M., Mahmood, M. A., & Pahnila, S. (2014). Employees’ adherence to information security policies: An exploratory field study. Information & management, 51(2), 217-224.

Soomro, Z. A., Shah, M. H., & Ahmed, J. (2016). Information security management needs more holistic approach: A literature review. International Journal of Information Management, 36(2), 215-225.

Von Solms, R., & Van Niekerk, J. (2013). From information security to cyber security. computers & security, 38, 97-102.

Xu, L., Jiang, C., Wang, J., Yuan, J., & Ren, Y. (2014). Information security in big data: privacy and data mining. IEEE Access, 2, 1149-1176.

Yang, Y. P. O., Shieh, H. M., & Tzeng, G. H. (2013). A VIKOR technique based on DEMATEL and ANP for information security risk control assessment. Information Sciences, 232, 482-500.

Order an Essay Now & Get These Features For Free:

Turnitin Report

Formatting

Title Page

Citation

Outline

Place an Order
Calculate the price
Pages (275 words)
$0.00
Course Scholars
Company
Legal
How Our Service is Used:
Course Scholars essays are NOT intended to be forwarded as finalized work as it is only strictly meant to be used for research and study purposes. Course Scholars does not endorse or condone any type of plagiarism.
Subscribe
No Spam
© 2025 Course Scholars. All rights reserved.
Course Scholars will be listed as ‘Course Scholars’ on your bank statement.

Order your essay today and save 15% with the discount code GINGER

Order Now