Information Security Policy - Processes - and Practices

Question: Discuss about the Information Security for Policy, Processes, and Practices. Answer: Introduction In the current business scenario, Issue specific security policy is used by every business to address the specific issues within the technology. This report presents the issue specific security policy for the Auto-fishing Group. It also discusses the different components of ISSP to make effective policy. These components are Statement of Policy, Authorized access and usage of equipment, Prohibited Uses, systems management, Violations of Policy, policy review and modification and Limitations of Liability. There are different assumptions made by auto fishing group to make the ISSP. In the case of Unmanned Aerial Vehicles (UAVs), it is assumed that Auto fishing group employs the high level of automation in aircraft and also employs few programs such as land immediately and return to home. It is also assumed that smallest UAVs is used by Auto fishing group which weight is less than 2 kg together with weight of heavy UAVs is approximately less than 25 kg. Another assumption is that UAVs is used by Auto fishing group to effectively capture the requirements regarding the customers and fisherman. Another assumption is that UAVs used by Auto fishing group did not harmed to any customers also deliver the services quickly. In the case of online banking, it is assumed that Auto fishing group employs approximately 200 employees. Another assumption is that auto fishing group performed all banking transactions such as Account Information, Online instructions, Demat Account Information, Requests, Bill payments and other merchant payments, from the comfort of customers like home and office. It is also assumed that Auto fishing group is offered the prompt payment services to customers. It is assumed that online banking facilities provided by Auto fishing group is effective to minimize the risk and maximize the return of fishermans member and customers. In the case of marine and fisheries training, it is assumed that there are approximately 3 trainers to provide training to their 20 students. These trainers are proficient and having skills regarding fishing process. As a result, they have provided training about techniques used by the fishermen. It is also assumed that training which is offered by Auto fishing group is related to health and safety, environment protection and also associated with ways of improving efficiency. Issue specific security policy (ISSP) ISSP must use by Auto-fishing Group, Tasmania to identify specific issues and facilitate the instructions regarding the appropriate usage of specific technology to fishermen and its member. This report develops a policy for use of Unmanned Aerial Vehicles (UAVs), online banking, and marine and fisheries training within the Auto-fishing Group, Tasmania. Unmanned Aerial Vehicles (UAVs) is applicable to get the optimal quantity of fish from the fishermen on time and to deliver the order of the customers rapidly. Furthermore, online banking facilities are provided by AG group to its member and fishermen (Goodman, et al., 2016). Training is also used to provide the instruction to the student to show the live videos of fish shoals and schools as well as the techniques used by the fishermen. An unmanned aerial vehicle (UAV) is an unmanned aircraft which weighs less than 55 pounds on takeoff and also included everything that is on board. The use of Unmanned Aerial Vehicles within the Auto-fishing Group increases the fish yield of its member and fishermen and also enables the organization to supply the fish to the customers as speedily as possible at a rational price. This whole procedure is based on automated onboard computers hence the distribution vehicles are connected to the office of Auto-fishing Group and the mobile devices of the fishermen (Peltier, 2016). It is beneficial to pull out the human potential and also allows the organization to execute dangerous and difficult tasks safely and efficiently, and also saving time, money and lives of people. The Civil Aviation Safety Authority (CASA) is the government agency who is responsible for providing the instruction about unmanned aircraft vehicle. It is beneficial for using UAV from an aviation safety perspective. Furthermore, instructor of Auto-fishing Group is responsible and accountable to offer the training. Authorized access and usage of equipment All the users of Auto-fishing Group are agreed to comply the code of conduct to protect the data of the organization. There are three technology unmanned aircraft vehicle, online banking facilities and marine and fisheries training of the AG network, which should be designed to only for business purpose so the authentic use of this technology can only be the fulfillment of business intention (Ifinedo, 2014). These technologies should not be used by managers and fishermen for personal use because it is only for business purposes. Access to the Auto-fishing Group network must be Authenticated and verified for customers and fishermen. Further, use of computer, laptops, and other devices within the Auto-fishing Group should be authorized for training proposes (Whitman and Mattord, 2011). Along with this, marine and fisheries training should be provided by the experts to give instruction about the process. Personal devices such as mobile devices, laptops, tablets, person computers, USB are authorized to bring in the Auto-fishing Group but the connection to the network should be authorized and monitored. These devices are prohibited from accessing the Auto-fishing Group's communication, any personal information, sharing fishermen member's personal information to the public. All members should use password protected network to comprehensive use of the devices (Ifinedo, 2016). Any fishermen members required to use the personal devices for any emergency should be approved by the authorized fishermen member. The UAVs should not fly over the height of 150m and should not fly surrounded by prohibited areas around airports (UAV Coach, 2016). Along with this, Auto-fishing Group should obtain the certificate of the operator from CASA for using the UAV because it protects the data of the company. Auto-fishing Groups member is individually accountable for monitoring the use of UAV in the home network. Auto-fishing Group member must protect the software, networks and any devices provided to the employees and fishermen in any use. Furthermore, online banking society is responsible for providing the banking facilities to fishermen and its member (Whitman, and Mattord, 2011). Managing Director of Auto-fishing Group is responsible for building the guidelines about the use of UAV device in the Intranet and also shows all the lists of the authorized devices, hardware, and password encrypted user accounts (The University of Texas, 2012). Together with, two instructors of AG must responsible for providing marine and fisheries training in Hobart. According to the code of conduct of Auto-fishing Group, if employees, students, and managers are a failure to obey the security requirements and policies then they should be penalized due to disciplinary action issue, legal issues and also prohibited over the network access at any time within the organization. Moreover, The Civil Aviation Safety Authority (CASA) is prohibited from flying of UAV in a way which will hazardous to property and a person (Australian Government, 2017). As per the law, if the company will hazardous to people and property or breach this provision then it must give a maximum penalty of 50 units that is equal to approximately $8,500. Policy Review and Modification This policy must be reviewed and modified based on the fishermen agreement at the end of every year. Along with this, the UAV review board should modify the plan for authorization. The envisioned action should comply the applicable laws, government regulations, and university policies. Auto-fishing Group should not only be limited to the policy on Unmanned Aircraft but also involve the policy related to marine and fisheries training, and online banking facilities. The envisioned process should not be tolerated a threat to health, safety, and privacy (Harris, 2015). If technology will hazardous to health, safety, and privacy of people then, it will be modified by the code of conduct practices of an authorized board member. As per the principle of Auto-fishing Group, company is not responsible for any lost and stolen devices during the unauthorized use inside the Auto-fishing Group. If employees and fishermen are failures to obey the rules and regulations then, they will give penalties together with the company can issue the infringement notification. As per the rule, an operator has liable to not fly closer than 30m to vehicle, boats, buildings which are not on the private property of operators. Hence, Auto-fishing Group must have explicit authorization from the private property owners (UASSA, 2017). Along with this, the operator should not allow flying the UAV over any populated areas like a garden, beaches, parks and sports ovals. Moreover, if these rules are violated then CASA can take action such as issue the infringement notices of up to $8500 per offense. Along with this, if these rules are critically breached and harm to a person then CASA will forward the case to Commonwealth Director of Public Prosecutions with the purpose of criminal charges. Together with, if an employee breaches the company policy related to use of company technology such as UAV, marine and fisheries training, and online banking facilities then the company will not protect them and the company is not held liable for these actions (Lynskey, 2012). It can be proved by the organization that such act would be conducted without their knowledge and authorization. Issue specific security policy (ISSP) is used to prevent waste and inappropriate use of organization resources. This policy is also significant for organization because it limits and eliminates the potential legal liability that can be existed from employees and third parties. This policy is also beneficial for organization to preserve and protect precious, private, and proprietary data from unlawful access and disclosure. Along with this, security policy is required to secure the confidential information from the network security assets within a company (Peltier, 2016). Since, security policies are appropriate to employees at all levels within the organization hence it should be written at a reading level and should be comprehensible for all employees. Conclusion From the above discussion, it can be concluded that there are three technologies is used by Auto-fishing Group, Tasmania named Unmanned Aerial Vehicles (UAVs), online banking, and marine and fisheries training. Further, it can be evaluated that ISSP is created by the company to identify the specific issues and to offer the guidelines to their members and fishermen. It is found out that these policies entailed different components to effectively address the issues in these technologies. Finally, it can be summarized that if an employee violated these policies then it will be penalized by the Civil Aviation Safety Authority (CASA). References Australian Government (2017) Flying drones/remotely piloted aircraft in Australia. [Online]. Available at: https://www.casa.gov.au/aircraft/landing-page/flying-drones-australia (Accessed: 14 March 2017). Goodman, S., Straub, D. W., and Baskerville, R. (2016)Information Security: Policy, Processes, and Practices. UK: Routledge. Harris, C. (2015) Regulation of Drones in Australia - A Balancing Act. [Online]. Available at: https://www.corrs.com.au/publications/corrs-in-brief/regulation-of-drones-in-australia-a-balancing-act/ (Accessed: 14 March 2017). Ifinedo, P. (2014) Information systems security policy compliance: An empirical study of the effects of socialization, influence, and cognition,Information Management,51(1), pp. 69-79. Ifinedo, P. (2016) Critical Times for Organizations: What Should Be Done to Curb Workers Noncompliance With IS Security Policy Guidelines,Information Systems Management,33(1), pp. 30-41. Lynskey, D. (2012) Current Uses of Unmanned Aerial Vehicles (UAV). [Online]. Available at: https://www.pitt.edu/~dkl10/Writing%20Assignment%203.pdf (Accessed: 14 March 2017). Peltier, T. R. (2016)Information Security Policies, Procedures, and Standards: guidelines for effective information security management. USA: CRC Press. The university of Texas (2012) Unmanned Aerial Vehicles. [Online]. Available at: https://policies.utexas.edu/policies/unmanned-aerial-vehicles (Accessed: 14 March 2017). UASSA (2017) Unmanned Aerial Systems. [Online]. Available at: https://uasservicesaustralia.com/ (Accessed: 14 March 2017). UAV Coach (2016) Drone Laws in Australia. [Online]. Available at: https://uavcoach.com/drone-laws-in-australia/ (Accessed: 14 March 2017). Whitman, M. E., and Mattord, H. J. (2011)Principles of information security. USA: Cengage Learning.