Statement of Applicability
The inventory of asset is made for the development of the list of assets that would help in keeping an eye on the physical goods sold or bought for the development of the business (Freeman 2016). The cash and carry organization had been providing household and food items for their customers. The inventory of assets for the cash and carry organization is shown below,
|
Inventory of Asset for Information System |
|||||
|
Asset Name |
Category |
Short brief |
Possible Owner |
Acceptable Use |
Required Level of Protection |
|
Customer Information |
Database |
The customer information is the database that stores and records the information of the customers of the organization. |
Database Admin |
Should be limited for business purposes only |
High |
|
Online Platform |
Virtual Network |
The online platform helps in developing improved operations for forming the supportive and effective operations for the internet based processes. |
Web Development team |
Spreading of business to a larger scale |
High |
|
Disaster Recovery |
Tool |
It would help in recovering the data and information that had been lost due to any disaster event. |
Database team |
Restoration of the data lost due to any accident |
|
|
Payment Platform |
Process |
The payment platform provides the option for making payments via internet gateways. |
Accounts Department |
Secure connection with banks should be made for safe money transfer |
High |
|
Business Continuity Management |
Strategy |
The business continuity management would help in easing the processes of developing business operations for effective development model. |
Business Developer |
Strategies for increasing the performance of the business should be carried on |
Medium |
The statement of applicability is a proper document that highlights the various risk factors of the organization for delivering the advanced operations to its customers (Cam-Winget, Popa and Hui 2017). The online operations would be helpful for the deployment of the effective operations that would result in implementing effective operations for the management of the operations. The statement of applicability is shown below,
|
Statement of Applicability |
||
|
Organization: Cash and Carry Organization |
||
|
Made by: Katie Longs |
Version: 1.0 |
Date: 3rd April, 2018 |
|
Objective: To increase the security of the information system for overcoming the problems of fraudulent emails, malicious code infection, and denial of service The company has faced the problem of fraudulent mail been sent to the customers via company’s official mail id. The mail has resulted in seeking information from the customers along with customer information. The implication of the effective system security would help the organization in securing the information for listing improved operations. |
||
|
Control: 4.5.1 Title: Implementation of IaaS Cloud Platform Description: The implementation of information as a service cloud platform would help in controlling the access to the cloud online network of the organization based on the information. The implementation if IaaS would ensure that the cloud network implementation would help the organization for the deployment of the successive implementation. The IaaS cloud platform would be helpful for the deployment of the access limited online platform. |
||
|
Documents Required: Cloud Vendor List, Existing Information Migration |
||
|
Control: 4.5.2 Title: Network Control Implementation Description: The implementation of the network control functions using IDS/IPS would be helpful for detecting and preventing the infiltration in the network. The IDS works as a detection system that identifies the infiltration in the network. The IPS works successively with IDS and prevents the system from performing any operation or completing any query once intrusion is detected. The network control would help the organization for keeping any attack or virus away from the organization’s network. |
||
|
Documents Required: Network Infrastructure Design, Security Protocols |
||
|
Control: 4.5.3 Title: Addition of Encryption Function Description: The addition of the encryption would help in easing the flow of information and develop effective management of the data security. The various cipher methods would be helpful for the addition of key cipher method. The development of the encryption would help in easing the deployment of the data security and integration. The encryption would allow the formation of the activities and alignment of the operations. |
||
|
Documents Required: Security key for Cipher |
Risk Register: Risk Register is a tool used for the analysis of the factors of risk for developing effective operation development (Li 2014). The analysis of the factors of the risk would help in developing control strategies for overcoming the implication of the risk management operations. The risk register for the information system and the various issues of Cash and Carry organization is given below,
|
Risk Name |
Malicious Codes |
Security Infiltration |
Lack of Secure Devices |
Internet Viruses |
|
Causes |
The malicious codes are resulted due to the internet/cloud connection. The malwares present in the cloud network would infiltrate into the network for causing disruption in the operations. |
The security infiltration is resulted due to the wearing of the security functions. The advanced hackers and cyber criminals would get access into the system for extracting information for their personal benefits. |
The absence of secure device would result in causing the major infiltration probability. The absence of secure device would tend to cause the major infiltration into the operations. |
The virus present in the internet cloud would tend to form the issues in operations. |
|
Probability |
Low |
Medium |
Medium |
Low |
|
Impact |
High |
High |
Medium |
High |
|
Risk Level |
High |
Extreme |
Medium |
Medium |
|
Control Strategy |
Avoid |
Reduce |
Transfer |
Avoid |
|
Control Action |
Increment of security function in the system would help in overcoming these issues |
Implementation of IDS/IPS in the Network of the organization would be helpful |
Replacement of the existing tools by taking advice from a security expert advisor |
Increment of security function in the system would help in overcoming these issues |
|
Proximity |
Immediate |
Immediate |
Immediate |
Immediate |
|
Risk Name |
Design Issues |
Lack of information |
Cyber thefts |
Data Misuse |
|
Causes |
The major issue of the design is its incompatibility with the functions. |
Absence of information would tend to form the issues in development of the operations |
External cyber criminals would extract the information from the network |
The data would be misused for harming the organization |
|
Probability |
High |
High |
Low |
Medium |
|
Impact |
Medium |
Low |
High |
High |
|
Risk Level |
High |
Medium high |
Medium high |
Extreme |
|
Control Strategy |
Transfer |
Accept |
Avoid |
Reduce |
|
Control Action |
SDLC design phase should be followed |
Utilization of the existing information should be used |
Deployment of the preventions against cyber attacks |
Encryption of data would make it unusable for the thieves |
|
Proximity |
Immediate |
Immediate |
Immediate |
Immediate |
Perform security audit
|
Audit Report |
|
|
Information System of Cash and Carry Organization |
|
|
Overview of Scenario |
The Cash and Carry organization provides household and food items for its customer while operating in 12 branches of UK with a total manpower of 130. The inclusion of online platform had resulted in many risks for the organization. They faced the problem of fraudulent emails, DoS attack, and malware attacks due to the weak security infrastructure. They have realized the problems would result in causing the major issues for growth of the organization. |
|
Risk Identified |
The major risk factors identified in the organization are Malicious Codes, Security Infiltration, and Lack of Secure Devices. |
|
Control Objectives |
The control objectives for Cash and Carry Organization are, To develop security functions for limiting the access to the information To develop the implementation of network security in the system To restrict the access for unauthorised users from the network |
|
Evidence |
Fraudulent email sent to customers, Denial of Service (DoS) attack, and Cross Site Scripting (XSS) are the problems faced by the organization and they would act as the evidence showing the slackness in the security |
|
Result |
Non-conformity |
|
Recommended Action |
Preventive |
Security Policy
“Establishing and Maintaining confidentiality and security of the information, network, and applications while managing the operations of the organization.”
|
#001231 Control action name: Implementation of IaaS cloud services Type: Operational Duration: Mid Owner: Client Responsibility: Cloud Vendor Status: In progress |
|
#001232 Control action name: Alignment of Security Functions Type: Tactical Duration: Long Owner: Client Responsibility: IT Team Status: In progress |
The study helped me in analysing the elements and components of the information system of an organization considering them as assets in the asset inventory. I even used the statement of applicability for the analysing the gaps in the information system. The risk register that I developed was based on the understanding of the risks and the alignment of the improved operations. The security audit would be helpful for the alignment of the control strategies and the alignment of the recommended actions favourable for the deployment of the operations. The security policy developed helped me in listing the practices that would be helpful for the alignment of the operations.
The proposed risk control would be helpful for the alignment of the operations and the development of the security policy in the organization. The risk control strategy would be helpful for the deployment of the contingency planning against the security issues. The plan development would also support the operations that are favourable for the operations of risk management.
I have realized the major issues in the security risk assessment and it would form the major analysis of the project operation development. The risk assessment would help in overcoming the probability of the effective operation development. It was hard for analysing the scope of the risk factors and the continuation of the operations.
Risk Register
Almadhoob, A. and Valverde, R., 2014. Cybercrime prevention in the Kingdom of Bahrain via IT security audit plans. Journal of Theoretical and Applied Information Technology, 65(1), pp.274-292.
Cam-Winget, N., Popa, D. and Hui, J., 2017. Applicability Statement for the Routing Protocol for Low-Power and Lossy Networks (RPL) in Advanced Metering Infrastructure (AMI) Networks.
Chandramouli, M., Schoening, B. and Nordman, B., 2015. Energy Management (EMAN) Applicability Statement. Energy.
Chen, Z., 2016. Time-to-produce, inventory, and asset prices. Journal of Financial Economics, 120(2), pp.330-345.
Duggan, J.M., Eichelberger, B.A., Ma, S., Lawler, J.J. and Ziv, G., 2015. Informing management of rare species with an approach combining scenario modeling and spatially explicit risk assessment. Ecosystem Health and Sustainability, 1(6), pp.1-18.
Forouzanfar, M.H., Alexander, L., Anderson, H.R., Bachman, V.F., Biryukov, S., Brauer, M., Burnett, R., Casey, D., Coates, M.M., Cohen, A. and Delwiche, K., 2015. Global, regional, and national comparative risk assessment of 79 behavioural, environmental and occupational, and metabolic risks or clusters of risks in 188 countries, 1990–2013: a systematic analysis for the Global Burden of Disease Study 2013. The Lancet, 386(10010), pp.2287-2323.
Freeman, T.Y., 2016. Improving the Asset Inventory Process. South Carolina State Documents Depository.
Hom, M.A., Joiner Jr, T.E. and Bernert, R.A., 2016. Limitations of a single-item assessment of suicide attempt history: Implications for standardized suicide risk assessment. Psychological assessment, 28(8), p.1026.
Ifinedo, P., 2014. Information systems security policy compliance: An empirical study of the effects of socialisation, influence, and cognition. Information & Management, 51(1), pp.69-79.
Johnston, A.C., Warkentin, M., McBride, M. and Carter, L., 2016. Dispositional and situational factors: influences on information security policy violations. European Journal of Information Systems, 25(3), pp.231-251.
Kanatov, M., Atymtayeva, L. and Yagaliyeva, B., 2014, December. Expert systems for information security management and audit. Implementation phase issues. In Soft Computing and Intelligent Systems (SCIS), 2014 Joint 7th International Conference on and Advanced Intelligent Systems (ISIS), 15th International Symposium on (pp. 896-900). IEEE.
Li, W., 2014. Risk assessment of power systems: models, methods, and applications. John Wiley & Sons.
Liang, C.S. ed., 2016. Europe for the Europeans: The foreign and security policy of the populist radical right. Routledge.
Ma, S., Lee, K.H., Kim, C.H., Rhee, J., Zhang, X. and Xu, D., 2015, December. Accurate, low cost and instrumentation-free security audit logging for windows. In Proceedings of the 31st Annual Computer Security Applications Conference (pp. 401-410). ACM.
Perri, R. and Shuli, I., 2016. FINANCIAL STATEMENT ANALYSIS IN ALBANIA-A SURVEY OF ITS APPLICABILITY AMONG DIFFERENT USERS’CLASS AND THE DIFFERENCES FROM THE DEVELOPED COUNTRIES. CEA Journal of Economics, 4(2).
Safa, N.S., Von Solms, R. and Furnell, S., 2016. Information security policy compliance model in organizations. Computers & Security, 56, pp.70-82.
Order an Essay Now & Get These Features For Free:
Turnitin Report
Formatting
Title Page
Citation
Outline
