Information Security Practice And Experience Essay

Question:

Discuss about the Information Security Management.

Answer:

Statement of Purpose

AG, having recently started operations based on an IT platform that incorporates its order management and extends to offer banking services, has not yet developed a comprehensive information security policy. The purpose of this write up has the purpose of ensuring that appropriate measures are implemented to protect to AG corporate information as well as also protecting the private information of the customers and fishermen. The document will outline define what is considered corporate information and private information and who should access the information and at what time (Valacich, 2017). The policy applies to all the staff at AG, the users of the system that include the farmers, and by extension the customers, as well as affiliates such as banks. The policy document aims at guarding against misuse of the AG information relating to fishermen, customers, members, and financial data against misuse, abuse, theft, fraud, breach of confidentiality or privacy, and to also protect against accidental damage/ loss. The document will also outline policies that will protect AG and affiliates, including the fishermen, customers, and partners like the banks against liability or damage arising from the use of its ICT system for purposes contrary to the existing laws and regulations regarding ICT information and data in Australia (Killmeyer, 2006).

Authorized Users

These are people authrized to use various resources within the IT system of AG (Bao & Wang, 2009). There are different groups of users with varying levels of access rights; the authorized users will vary depending on the department. Internally, the staff at AG will have access to all the data relating to fishermen and customers, but with limited access rights. For instance, the accounts department will have full access to the financial system handling payments and production will marketing and customer service will have full access to clients historical data and their transactions. The drivers will have access to customer information such as their location, quantities ordered, and the required delivery deadlines as well as the amounts/ quantities ordered. The fishermen will access information on fish schools from the unmanned aerial vehicles, which the AG staff will also access. The customers will not have access to this information and their only point of contact will be through the AG to make inquiries and place orders; however they will have access to information on the location of trucks delivering their orders (tracking) and locations of the AG centers. The customers will be authorized to access their banking information and only a few restricted AG staff can access this information. Authorities will be authorized to access fish schools information (Liebowitz, 2006)

Unauthorized Users

While the general public will have access to the general features of the application, they are not authorized to use it for any other purposes other than for inquiries. Customers will not be authorized users of the AG backed system involving such information as fish production per fishermen or the amounts banked by them. Only the AG IT staff will have access to data and information for the transactions for purposes of backup. The banks will not be authorized to access fish production data by the AG and by individual fishermen. AG staff, such as drivers and general office staff are not authorized to access banking information relating to individual fishermen finances and financial position. The local authorities from fisheries are not authorized to access individual fishermen financial information; however, they will access general information on total quantities produced from each location for purposes of ensuring compliance, especially on the sizes. The customers will not be authorized to access information on fish quantities from other centers that does not deal with them. The general public can only access information meant for the public through the application, no one is authorized to access to IT system, its servers, backups, or its network if they are not employees of AG; even the fishermen, drivers, and customers are not authorized to access the IT backbone. Non-technical IT staff at AG can also not access the storage, servers, and backup resources of the IT system (Blobel, 2000), (Fisch & White, 2000).

References

Bao, F., Li, H., & Wang, G. (2009). Information Security Practice and Experience: 5th International

Conference, ISPEC 2009 Xi#an, China, April 13-15, 2009 Proceedings. Berlin, Heidelberg:Springer Berlin Heidelberg.

Blobel, B. (2002). Analysis, Design and Implementation of Secure and Interoperable Distributed

Health Information Systems: Analysis, Design and Implementation for Secure and Interoperable Distributed Heal. Amsterdam: IOS Press.

Fisch, E. A., & White, G. B. (2000). Secure computers and networks: Analysis, design, andimplementation. Boca Raton, FL: CRC Press.

Killmeyer, J. (2006). Information security architecture: An integrated approach to security in theorganization. Boca Raton: Auerbach Publications.

Liebowitz, J. (2006). What they didn't tell you about knowledge management. Lanham, Md: Scarecrow Press.

Valacich, J. (2017). INFORMATION SYSTEMS TODAY: Managing the digital world – student value edition. S.l.: PRENTICE HALL.

How to cite this essay: