Order Now
Uncategorized

Eference Model Of Information Assurance & Security: Importance And Implementation

11 min read
Posted on 
April 22nd, 2025
Home Uncategorized Eference Model Of Information Assurance & Security: Importance And Implementation

Discussion

Discuss about the Eference Model Of Information Assurance & Security.

Save Time On Research and Writing
Hire a Pro to Write You a 100% Plagiarism-Free Paper.
Get My Paper

Information security management is the specific set of procedures or policies for the systematic management of the organizational confidential and sensitive data or information (Crossler et al. 2013). The most significant goal or objective of this information security management is to reduce the overall risk or threat and to ensure the business continuity by means of proactive limitation of the impact of any security breach. The information security management eventually addresses the several processes and data or technology. This could be targeted towards a specific type of data or information and could be also implemented within the comprehensive way for becoming the major part of the company (Peltier 2013). The proper risk management plan, internal audits and many more are the core parts of the information security management. It is considered as the most important for all organizations.

The following report outlines a brief discussion on the entire concept of information security management as well as security management and governance for the Young Minds Secondary College. It is a private Australian secondary school, which is operating for various years for the development of innovative programs for their students. This report will be explaining all the significant details regarding importance and implementation of security management within the organization of Young Minds Secondary College.

The operating principles or philosophies, which guide the internal conduct as well as the relation with every customer, shareholder or partners, are termed as the company or corporate values of any specific organization (Von Solms and Van Niekerk 2013). There are various company values of any organization and all of these are summarized within the mission statement. The major corporate values of the Young Minds Secondary College are given below:

  1. i) Reliability
  2. ii) Loyalty

iii) Commitment

Save Time On Research and Writing
Hire a Pro to Write You a 100% Plagiarism-Free Paper.
Get My Paper
  1. iv) Efficiency
  2. v) Honesty
  3. vi) Integrity.

All the above mentioned company values are extremely important for this particular college to maintain their organizational goals and objectives. All these company values could be maintained with the help of a risk management plan (Siponen, Mahmood and Pahnila 2014). This specific plan would subsequently maintain these company values and it is a fit for this approach as the impact of opportunities are solely increased with this.

Risk management plan and cost benefit analysis have importance in governance as well. It would be helpful in governing the organization properly and effectively. The control will be enhanced and the entire process of governing the college would be done by reducing the impact of negative risks in the college.

Securing Company Values

The security policy should be developed properly for Young Minds Secondary College. The rules or guidelines for the expected behaviour by various users or systems are set by this policy (Yang, Shieh and Tzeng 2013). The security personnel are managed properly here. The significant methodology for developing a security policy within this college is the implementation of information security system.

Young Minds Secondary College or YMSC is vulnerable to various risks or vulnerabilities and all these vulnerabilities turn out to be extremely dangerous for this particular college (Xu et al. 2014). These risks are mainly for the information security of the Young Minds Secondary College. All these risks could be controlled with the approach of risk management plan and cost benefit analysis. The most significant risks to the information security of this college are given below:

  1. i) Social Engineering: The first and the foremost risk to the information security is social engineering. It is the significant activity to manipulate people for performing various actions to divulge the confidential data or information for the malicious purposes. The most basic example of the social engineering technique is phishing (Peltier 2016). It is the attempt for obtaining the sensitive information like passwords or usernames by simply acting as the most trustworthy entity within any electronic communication device.
  2. ii) Disclosing Confidential Information: The second important and significant risk to the information security is the disclosure of confidential information. The confidential or sensitive information should be properly preserved with the only motive to secure the data properly and perfectly (Cherdantseva and Hilton 2013). If this data is disclosed in any manner, this type of activity can be dangerous for the organization and thus the disclosure of this information can turn out to be extremely vulnerable for this college.

iii) Access to the Network by Unauthorized Persons: The next important risk or threat to the information security is the access to the network by any unauthorized person or individual. The access to the network of this college should be restricted properly for avoiding any type of vulnerability to enter within the information system.

  1. iv) Maintenance Errors: Another important risk is the maintenance errors. All the wrong data or errors should be checked properly and this can only be done by proper maintenance (Andress 2014). The maintenance errors can turn out to be extremely dangerous for this college and hence should be mitigated within time.
  2. v) Theft of Hardware: Stealing of hardware is yet another important security risk for the Young Minds Secondary College information system. If this hardware is stolen at any point, it could be extremely dangerous for the college as they will not be able to perform any operation.
  3. vi) Malfunctions of Equipments: If the equipments does not work properly and malfunctions, the information system of the college could be in danger (Von Solms and Van Niekerk 2013). This type of issue is thus extremely vulnerable for this particular college.

vii) Human as well as Natural Disasters: Various natural disasters like volcanoes, earthquakes and storms  are termed as the most dangerous for this college and these disasters could not be controlled or managed. Moreover, the human errors can also occur for this college (Sommestad et al. 2014). All the human errors can either be intentional or unintentional.

viii) Destruction of Records: The record destruction is another important and significant risk for the information system of the Young Minds Secondary College. This type of destruction of records thus is extremely important for the organization.

However, with the presence of the risk management plan, all of the above mentioned risks could be easily managed.

The legal and the statutory requirements have some of the major implications on the Young Minds Secondary College. Both of these requirements are required by law. All of these are non-negotiable and should be complied properly. If it is not complied properly, these requirements could lead to penalty or fine (Disterer 2013). Hence failure is mandatory. The risk management plan comprises of several benefits and all of them are required for the business. Thus, the selected approach of risk management and contingency planning are required for the business.

The risk management plan approach for the organization of Young Minds Secondary College comprises of several important and significant benefits or advantages. The most significant advantages of the risk management plan for this particular organization are given below:

  1. i) Treating of Risks: The first and the foremost advantage of the risk management plan for the organization of Young Minds Secondary College is that it helps to treat the various threats or risks properly (Lam 2014). These risks could be treated easily and hence it is a significant approach for them.
  2. ii) Minimization of Risks: The risk minimization is another important advantage of the organization of Young Minds Secondary College. This approach is perfect for the organization as this would be solely minimizing the risks to a greater extent (McNeil, Frey and Embrechts 2015). These risks are eventually handled within the provided assessment plans.

Development of Security Policy and Methodology

iii) Awareness of the Risks: The risk awareness is the next important benefit of this particular organization. The awareness of the risk is extremely important and hence risk management plan should be incorporated within the college.

  1. iv) Proper Business Strategies: They can even take up proper business strategies with the help of this risk management plan (Safa et al. 2015). All the business strategies will become successful with this plan.
  2. v) Cost as well as Time Savings: Risk management plan is extremely cost effective and time saving and thus all the issues related to high cost and time is easily resolved.
  3. vi) New Opportunities: Various new opportunities could be incorporated with this plan and thus is termed as the most important approach towards the success of the company.

The steps of the risk management plan are as follows:

  1. i) Identification of Risks
  2. ii) Analysis of Risks

iii) Evaluation or Rank of the Risks

  1. iv) Treating the Risks
  2. v) Monitoring and Reviewing the Risks.

The importance contingency planning, risk analysis and CBA for the college is extremely vital to make the organization successful (Lam 2014). This college comprises of the possibility of the situation, which adversely effects the operations. When the response of the situation is proper, it has an impact on the business like loss of information or data. The various above mentioned risks are well mitigated with the contingency planning.

The ongoing process of Security Management comprises of various important and significant benefits. They are as follows:

  1. i) Secures Information: Security Management is responsible for securing information within the organization.
  2. ii) Increases Resilience to the Cyber Attacks: The resilience is increased to the cyber attacks or threats (Crossler et al. 2013).

iii) Providing Centrally Managed Framework: The third advantage is that it provides centrally managed framework for the organization.

  1. iv) Offering Protection: It even offers protection to the organization for securing data or information.
  2. v) Reducing Expenses: Security Management also reduces the expenses to a greater extent and thus it is another important advantage of this type of management (Peltier 2013).

Conclusion

Therefore, from the above discussion, it can be concluded that information security is the various activity, related to the proper protection or security of the assets of information infrastructure and information that are against the threats of misuse, damages, losses and many more. This information security management eventually describes several controls, which any organization requires to implement for ensuring that it is properly managing all the risks or threats. Various types of risks and threats are possible to the information system of any organization. The major threats or vulnerabilities to the organization are the threats to the assets or information system. The security management and governance are extremely important for the organization to mitigate all of their risks effectively and efficiently. The above report has outlined the case study of Young Minds Secondary College. The management of the organization have decided to implement information security management and governance within their organization. They had growing steadily exponentially in the last 10 years. They are concerned about their information security and hence should implement this governance properly. The risk management plan and the contingency planning are properly done in this perspective. Moreover, the advantages or benefits of security management for this particular organization are properly mentioned here. The various legal as well as statutory requirements are eventually proved in this report.

References

Andress, J., 2014. The basics of information security: understanding the fundamentals of InfoSec in theory and practice. Syngress.

Cherdantseva, Y. and Hilton, J., 2013, September. A reference model of information assurance & security. In Availability, reliability and security (ares), 2013 eighth international conference on (pp. 546-555). IEEE.

Crossler, R.E., Johnston, A.C., Lowry, P.B., Hu, Q., Warkentin, M. and Baskerville, R., 2013. Future directions for behavioral information security research. computers & security, 32, pp.90-101.

Disterer, G., 2013. ISO/IEC 27000, 27001 and 27002 for information security management. Journal of Information Security, 4(02), p.92.

Lam, J., 2014. Enterprise risk management: from incentives to controls. John Wiley & Sons.

McNeil, A.J., Frey, R. and Embrechts, P., 2015. Quantitative risk management: Concepts, techniques and tools. Princeton university press.

Peltier, T.R., 2013. Information security fundamentals. CRC Press.

Peltier, T.R., 2016. Information Security Policies, Procedures, and Standards: guidelines for effective information security management. CRC Press.

Safa, N.S., Sookhak, M., Von Solms, R., Furnell, S., Ghani, N.A. and Herawan, T., 2015. Information security conscious care behaviour formation in organizations. Computers & Security, 53, pp.65-78.

Siponen, M., Mahmood, M.A. and Pahnila, S., 2014. Employees’ adherence to information security policies: An exploratory field study. Information & management, 51(2), pp.217-224.

Sommestad, T., Hallberg, J., Lundholm, K. and Bengtsson, J., 2014. Variables influencing information security policy compliance: a systematic review of quantitative studies. Information Management & Computer Security, 22(1), pp.42-75.

Von Solms, R. and Van Niekerk, J., 2013. From information security to cyber security. computers & security, 38, pp.97-102.

Xu, L., Jiang, C., Wang, J., Yuan, J. and Ren, Y., 2014. Information security in big data: privacy and data mining. IEEE Access, 2, pp.1149-1176.

Yang, Y.P.O., Shieh, H.M. and Tzeng, G.H., 2013. A VIKOR technique based on DEMATEL and ANP for information security risk control assessment. Information Sciences, 232, pp.482-500.

Order an Essay Now & Get These Features For Free:

Turnitin Report

Formatting

Title Page

Citation

Outline

Place an Order
Calculate the price
Pages (275 words)
$0.00
Course Scholars
Company
Legal
How Our Service is Used:
Course Scholars essays are NOT intended to be forwarded as finalized work as it is only strictly meant to be used for research and study purposes. Course Scholars does not endorse or condone any type of plagiarism.
Subscribe
No Spam
© 2025 Course Scholars. All rights reserved.
Course Scholars will be listed as ‘Course Scholars’ on your bank statement.

Order your essay today and save 15% with the discount code GINGER

Order Now