Information Security Management

Security Standards

Pampered Pests, the organisation discussed in the assessment manufactures and sells pet foot. It is get some orders from customer’s emails. The digitalisation of the business will therefore allow the business to keep client details and process payments. Therefore GDPR and PCI-DSS standards will apply

Evaluating Pampered Pets against GDPR standards;
i. Data Protection by ensuring that personal data is protected. The Company should create a data protection policy that outlines how data is protected in line with what GDPR recommends
ii. Ensure that Pampered Pets is Accountable and demonstrate that it is complying with GDPR standards.
iii.Ensuring that Pampered Pets is individual rights regarding their data are respected as recommended by GDPR. Ensure that data processing records are kept.
iv. Pampered records must ensure that data is protected against unauthorized access and this can be done by implementing appropriate security measures.
v. The company must ensure that data is securely transferred when necessary. This can be implemented through using secured methods like encryption.

Evaluating Pampered Pests against PCI-DSS Standards;
i. Ensure there is adequate Network Security to protect payment card data.
ii. Implement strong Access control measures to limit access to payment card data
iii. Implement Data encryption when transmitting data
iv. Implement Incident response plan

Recommendations be to meet those standards
For GDPR, we make the following recommendations;
• Reviewing the organization's data protection policy.
• Interviewing staff to see if they are aware of the GDPR and how to protect personal data.
• Inspecting the organization's IT systems and security measures.
• Reviewing the organization's records of data processing activities.

For PCI-DSS we make the following recommendations;
• Reviewing the organization's network security measures.
• Reviewing the organization's access control measures.
• Reviewing the organization's data encryption measures.
• Reviewing the organization's vulnerability management process.
• Reviewing the organization's incident response plan.

Security Frameworks

The following frameworks would be applicable to international banks
• ISO 31000 is a framework would be ideal for an international bank because it covers all aspects of the risk management lifecycle, from risk identification to risk monitoring.
• The Committee of Sponsoring Organizations of the Treadway Commission (COSO) Enterprise Risk Management (ERM) framework is another popular risk management framework that would work for an international bank because focuses all of the risks facing an organization, including strategic, operational, financial, and reputational risks.
• GDPR is a framework of security requirements that global organizations must implement to protect the security and privacy of EU citizens' personal information. It is also ideal for international banks

The following frameworks would be applicable to large hospitals:
• ISO 31000 framework world also be ideal for a large hospital for the same reason that it covers all aspects of the risk management lifecycle, from risk identification to risk monitoring.
• HITRUST Common Security Framework
• GDPR is also applicable if the hospital is within the European Union.
• ISO 27799 defines information security in healthcare, which is useful for companies that require HIPAA compliance. This will be applicable in large hospitals.
• NIST CSF

The following frameworks would be applicable to large food manufacturing companies:
• ISO 31000 framework is applicable in this case.
• NIST SP 800-171
• NIST CSF

Summary of Tests and recommendations;
For the respective organisations, conduct a risk assessment to identify and evaluate the organisation’s risks in line with the framework recommended for the organisation. Implement risk management as well based on the recommended framework as shown below;
• For the international bank, use ISO31000, COSO or GDPR.
• For Large Hospital use ISO31000, HITRUS, GDPR, ISO 27799 or NIST CFS
• For Large food manufacturing company use ISO 31000, NIST SP 800-171 or NIST CSF

Future Trends

We will take a look at the future trends of Information Security Managemet

Collaborative Discussion 1: The Risks of Digitalisation

According to the case study by Kovaite and Stankeviciuiene (2019), industry 4.0 is the 4th industrial revolution that is building on the 3rd industrial revolution that introduced the use of the internet and approach of decentralisation of energy acquiring in 1970 and later. The 4th industrial revolution moves from there and is characterized by the use of automation, data exchange, and artificial intelligence in manufacturing and it explores the decentralisation of communication between people and machines. Examples include the Internet of things (IoT) and artificial Intelligence.

Examples of real- world risks associated with this include;
1. Technical Risks
2. Data Security Risks

The journal by Nurse et al. (2017), agrees with the case study by Kovaite and Stankeviciuiene (2019), that there is a need for a new approach to risk assessment because the new technologies that are arising are bringing in new challenges and extending existing risk assessment methodologies to these new systems could be blind to new risks. The article by Kovaite and Stankeviciuiene (2019) aims to determine the types of risks that appear under the impact of Industry 4.0 on business models and assess which types have more impact on different business model blocks.

References

Nurse, J. R. C., Creese, S., & De Roure, D. (2017). Security risk assessment in internet of things systems (pp. 1-9). Retrieved from https://www.cs.ox.ac.uk/files/9680/2017-itpro-ncd_author-final.pdf

• Learn more