Introduction to Cosmos
Discuss about the Information Security Management for Confidential Information.
The organization Cosmos is an online newspaper publishing company that is located in Sydney Australia. It is in charge of a global network of freelance reporters who reports different trending and important contents from across the world. This online platform can be accessed by the customers who are interested in reading the newspaper and current news online and from the every corner of the world. This revenue of the services provided mainly comes from the online advertisements containing live playback of the videos. Any business organization can engage with Cosmos for advertising their content as long as the advertisements comply with the media code and guidelines and regulations in Australia. This online newspaper platform is estimated to be accessed by 100000 people and it can increase with 500000 within next three years.
Therefore, it is expected that the engagement of staffs and employees with Cosmos will increase as well. The freelance reporters associated with Cosmos are provided with suitable telecommunication devices for live reporting even from the areas where the internet connectivity is unavailable or inaccessible. Therefore, the company has decided to update its information security policy associated with the information system of the company in order to prohibit any unauthorized usage of the resources of the company.
The policy aims at addressing the fair and responsible use of the data and information that are produced by the employees and freelance reporters of Cosmos (Blythe, Coventry and Little 2015). This information stored in the information system of the organization is only intended to be accessed by the registered individuals irrespective of their location. The issue specific security policy therefore limits the usage of the information stored only to the authorized users of Cosmos. Since the policy is confidential, it can only be accessed and followed by the registered members of Cosmos.
Authorized uses of the information indicates that only the registered members of Cosmos, including the freelance reporters will be allowed to store and access the information stored in the information system of the organization. The telecommunication devices will be provided to the freelance reporters only after a prior approval from the higher officials of Cosmos. The telecommunication devices can only be used for the company’s purpose and cannot be misused; if found guilty, the freelance reporters are subjected to a pre determined punishment (Ifinedo 2014). The information system stores all the confidential information and contents of the Cosmos and therefore a proper access control are enforced (Vance, Siponen and Pahnila 2012). The registered members and the freelance reporters will be registered to the system and will be given a valid user id and password. This user id and password can be used to access to the system.
Services provided
Furthermore, only the devices provided by the Cosmos to their freelance reporters can be used for recording and reporting any news. Use of any other systems by the freelancers who are provided with the telecommunication devices by the company is strictly prohibited to use any other devices. One the information that is recorded by the reporters are sent to the Cosmos office, it will be treated as the property of the organization and therefore any unauthorized use or telecast of the same is completely prohibited (Bridy 2012). The scheduling of the news that will be telecasted online is subjected to the decision of Cosmos. However, the trusted freelance reporters who are engaged with the company for more than 2 years are given the rights to direct telecast any breaking news or live event. That is however subjected to prior approval as well.
The data stored in the information system is considered to be highly confidential and therefore, any illegal and unauthorized usage of that data is completely prohibited. Furthermore, the newly appointed freelance reporters are not gives an access to the information system and they are needed to send the information collected to a higher official of the company under who he/ she is working (Cheng et al. 2013). Any type of replication of the data or their telecast by the reporters will be considered illegal and therefore legal actions will be taken against them.
Furthermore, the Cosmos aims at providing a secure and reliable services to its permanent staffs and the customers and therefore, any unauthorized access to the information of the company is completely prohibited and is subjected to legal action if any unauthorized person attempts to access those information.
It is mainly the responsibility of the technical manger of Cosmos to ensure that all the access point of the information system is well configured so that it can detect any unauthorized use or any attempt to data theft. This process includes, however not limited to ensuring proper authentication and encryption configuration of the system (Sommestad et al. 2014). However, it is also the responsibility of the freelance reporters as well to ensure that the telecommunication devices provided by Cosmos are properly configured to serve the purpose of the organization.
It is the responsibility of the technical manager to ensure that all the staffs and the reporters associated with the organization are given proper rights to access the information system that is the technical manager needs to ensure that all the staffs are registered with the system (Belleflamme and Peitz 2014). An unregistered member even if works for the organization will be prohibited by the system in accessing the information stored in the information system of the organization.
Information Security Policy
Any unauthorized usage of the confidential information of the organization will be reported to the technical manager (Al-Omari, El-Gayar and Deokar 2012). The members of the organization should furthermore ensure fair and responsible use of the resources of the organization.
With properly configured system, it will be easier to detect any information loss of the organization. Not only data theft, the violation of the policy will be applicable if the new freelance reporters directly telecast any news without consulting Cosmos.
Therefore, in an event of the inappropriate use of the data and information of Cosmos, the organization reserves the right to take necessary and appropriate actions (Safa, Von Solms and Furnell 2016). These might include termination of the member from the company or take some legal action against the member.
The guidelines of the issue specific security policy will be intimated to all the staffs and employees of Cosmos and violation of which for the first time will result in a warning mail that will be dropped in the official mail box of the member. Any further violation of the policy of the company will be subjected to legal actions against the member.
All the cases of violation of the policy will be reported to the manager of the company who will be responsible for verifying the occurrence of the infringement of information Policy of Cosmos.
The policy that is being proposed is subjected to a periodic review by the Cosmos in an annual basis and any changes to the policy will be done wherever it is appropriate to change. With the expansion of the company, it is expected that more issues need to be incorporated in the issue specific security policy of the company and therefore it is decided that the policy of the company will be updated on an annual basis (Pallante 2012). However, Cosmos holds the right to bring on changes or modification to the policy whenever the company is in need. The medication of the policy mainly includes addition of some additional clauses as the information system is expected to be modified as well in course of time.
The review of the proposed policy includes identification and analysis of the appropriateness of the policy and procedures mentioned in Issue Specific Security Policy (ISSP). It is therefore the responsibility of Cosmos to ensure that the policy is regularly reviewed and amended if necessary. In order to ensure that the review is done correctly, regular meeting will be held with the higher officials of Cosmos in order to ensure that the review is properly amended.
Usage of Information and Telecommunication Devices
Apart from the annual update, the company reserves the right to bring changes to the policy whenever it wishes to. The timeframe of annual update, review and medication of ISSP is therefore subjected to change. The regular review of the policy is essential in order to ensure that no issue is left out from the policy that needed attention.
Cosmos assumes no liability for the unauthorized act that violates the state, legal and federal legislations (Kolkowska and Dhillon 2013). However, if any such issues are identified, Cosmos reserves the rights to terminate its relationship with the member. The member who would be violating the law and the policy will not be provided with any legal protection from the organization.
The security policy that is being proposed for Cosmos will be intimated to all the members of the organization and they have to provide their acknowledgement for the same (Aurigemma and Panko 2012). Even after having a good knowledge about the policy, if any member violates the law, he/she will be severely punished. Therefore, the authorized or the unauthorized users, who will violate the policy will be responsible for its consequence as Cosmos hold no liability for the offense.
The policy that is being prepared defines and limits the use of organization’s resources and these resources cannot be circulated or replicated or used for personal use.
In preparation of the issue specific security policy, the following assumptions are made (Kajtazi and Bulgurcu 2013)-
- It is assumed that proper security protection is ensured by the organization in protection of the information resources of Cosmos. The information system is properly secured by cryptographic means.
- It is assumed that the existing members of the organization will abide by the policy that is proposed (Hu et al., 2012).
- It is assumed that the Cosmos abides by the local government compliances.
The issue specific security policy will define the fair and responsible use of the data, resources and information of the organization. Cosmos aims at providing a reliable service to its staffs and customers and hence this policy has been proposed. Since Cosmos mentions and limits the use of the information stored in the information system of the organization, the policy is very much justified. The contents of the policies are justified as well since ensures the fair and responsible use of the information assets of the organization. Furthermore all the existing and the future members of the organization will be informed about the policy and procedures of the ISSP and therefore enforcement of the policy is justified.
With the involvement of more customers with the service it is necessary to enforce a policy for proper protection of the information resources of the organization.
References
Al-Omari, A., El-Gayar, O. and Deokar, A., 2012, January. Security policy compliance: User acceptance perspective. In System Science (HICSS), 2012 45th Hawaii International Conference on (pp. 3317-3326). IEEE.
Aurigemma, S. and Panko, R., 2012, January. A composite framework for behavioral compliance with information security policies. In System Science (HICSS), 2012 45th Hawaii International Conference on (pp. 3248-3257). IEEE.
Belleflamme, P. and Peitz, M., 2014. Digital piracy (pp. 1-8). Springer New York.
Blythe, J.M., Coventry, L.M. and Little, L., 2015, July. Unpacking Security Policy Compliance: The Motivators and Barriers of Employees’ Security Behaviors. In SOUPS (pp. 103-122).
Bridy, A., 2012. Copyright policymaking as procedural democratic process: A discourse-theoretic perspective on acta, sopa, and pipa. Cardozo Arts & Ent. LJ, 30, p.153.
Cheng, L., Li, Y., Li, W., Holm, E. and Zhai, Q., 2013. Understanding the violation of IS security policy in organizations: An integrated model based on social control and deterrence theory. Computers & Security, 39, pp.447-459.
Hu, Q., Dinev, T., Hart, P. and Cooke, D., 2012. Managing employee compliance with information security policies: The critical role of top management and organizational culture. Decision Sciences, 43(4), pp.615-660.
Ifinedo, P., 2014. Information systems security policy compliance: An empirical study of the effects of socialisation, influence, and cognition. Information & Management, 51(1), pp.69-79.
Kajtazi, M. and Bulgurcu, B., 2013. Information security policy compliance: An empirical study on escalation of commitment.
Kolkowska, E. and Dhillon, G., 2013. Organizational power and information security rule compliance. Computers & Security, 33, pp.3-11.
Pallante, M.A., 2012. The Next Great Copyright Act. Colum. JL & Arts, 36, p.315.
Safa, N.S., Von Solms, R. and Furnell, S., 2016. Information security policy compliance model in organizations. computers & security, 56, pp.70-82.
Sommestad, T., Hallberg, J., Lundholm, K. and Bengtsson, J., 2014. Variables influencing information security policy compliance: a systematic review of quantitative studies. Information Management & Computer Security, 22(1), pp.42-75.
Vance, A., Siponen, M. and Pahnila, S., 2012. Motivating IS security compliance: insights from habit and protection motivation theory. Information & Management, 49(3-4), pp.190-198.