Developing An Issue Specific Security Policy For Cosmos Organization

Authorized and Prohibited Users

Discuss about the Development Of Issue Specific Security Policy.

The main purpose of this project is to understand as well as develop an Issue Specific Security Policy for the organization of Cosmos. This organization of Cosmos publishes an online newspaper that is situated in Australia (Ifinedo 2014). It has the globalized network of all freelance reporters, who are reporting news from anywhere in the world. The clients who wish to read the newspaper or watch live video streaming, will have to complete the process of registration after paying smaller amount of fees. The main income of this organization is from the advertisements that eventually contain various live or playback videos. This organization accepts all types of advertisements from the individuals or companies, only when it is complied with regulations, guidelines or media codes within Australia (Cheng et al. 2013). It has been estimated that more than 100,000 people would be accessing this newspaper in beginning and gradually, the number would increase to 500,000. They are even providing freelance reporters for the purpose of live reporting from several areas that does not have Internet connection. Recently, they have decided to upgrade their information security policies for the information system. This project will be helping to understand the authorized uses and prohibited uses of the given case study. Moreover, the systems management, violations of policies, reviewing and modification of policies with limitations of liabilities will be covered here (Berger 2014). The final part of this project provides assumptions and their proper justifications.

Cosmos is the online newspaper publishing organization that provides freelance reporters who work for them in every corner of the world. The main headquarter of this organization is in Sydney, Australia and mainly gets income from the advertisements, containing live as well as playback videos (Sommestad et al. 2014). The authorized users of this particular organization mainly refer to those users, who are maintaining and following all the rules and regulations. The authorized users of this particular organization are the registered members or clients of the newspapers. They are claimed as the authorized users since; they are using the service of Cosmos, only after registering themselves with the newspaper (Yeo, Pak and Yang 2013). Thus, they are following the rules. The other authorized users are the organizational employees. Recently, the permanent employees are Chief Executive Officer, the Finance Manager, the human Resources Manager, the Technical Manager, and the Publishing Manager. Moreover, the Technical Manager is assisted by twenty supporting staffs. This particular organization would be providing the most secured and reliable services for their staffs, freelance reporters, customers and advertisers. The news that they provide is absolutely genuine and does not provide any forged details.

Systems Management in Cosmos Organization

Security and accurateness are the two most significant requirements in Cosmos organization (Wall, Palvia and Lowry 2013). They do not provide any type of fake news for their customers and thus they make sure that the news they are delivering is absolutely accurate and justified. They even provide evidence for their customers. For the purpose of security, they only allow authorized users to access their data or information. The customers, who are wishing to access the news from their website, at first, will have to register to their organization after paying a small amount of money to the website. The prohibited users refer to those users, who are not authorized and have not registered themselves with the website. These types of users can exploit the news and can even sell the news to other companies (Siponen, Mahmood and Pahnila 2014). This type of exploitation would be extremely dangerous for the organization as they would be major losses. The prohibited uses could be stopped after implementing various security measures to the website and the access would be restricted.

The management of systems of any organization refers to the administration of various distributed systems that even includes the computer systems (Crossler et al. 2013). This systems management is eventually influenced by the initiatives of the network management within telecommunications. It plays the most significant role in the security system of computers.

The freelance reporters of the organization of Cosmos are provided with several devices of telecommunications for the purpose of live streaming or reporting from those areas that have poor Internet connection or even does not have Internet connectivity (Peltier 2013). This systems management in Cosmos organization would be completing the tasks like managing security, managing storage, managing virus or malware of the systems. Moreover, the systems management also manage the capacity of network; monitor the capacity, software inventory, installation of software and many more.

Cosmos organization has a network administrator and it is his responsibility to ensure that the entry points are properly configured with accurate settings according to the ISSP or Issue Specific Security Policy (Sommestad and Hallberg 2013). The ISSP also involves configurations of authentication, encryption and authorization for the purpose of making the security of the systems extremely higher than normal. Furthermore, the customer should ensure the fact that the details entered by them are absolutely accurate and they are watching the news after successful registration.

If the telecommunication devices and information systems of the organization are not updated regularly, there is a high chance that the information or rather the vital news would be lost or would be in the hands of the hackers with wrong intentions (Kim, Yang and Park 2014). Cosmos organization thus, authenticates the utilization or access of the confidential information regarding the news with the systems management.

Policy Violations

The policy violation occurs when any user eventually records the details by violating the organization’s existing policies. It is the significant occurrence of any type of inappropriate utilization and access to information by the prohibited users (D'Arcy, Herath and Shoss 2014). Since, the prohibited users do not have the authority to access the information or rather news of this online newspaper, if they will try to access anything, it would be considered as policy violation. Various types of policy violations can occur in the organization of Cosmos. The first and the foremost type of policy violation is the hacking of news by the prohibited users (Soomro, Shah and Ahmed 2016). The second important and significant type of policy violation occurs when the news is being outsourced by the authorized users. The third type of policy violation occurs when the information is breached. Cosmos organization takes up several legal steps for the users, who are violating the policies. The steps could be either legal or can even go up to employee termination. The first time violators are provided with a notice and if this type of activity is repeated, the employee is either terminated or is handed over to the police (Peltier 2016). Cosmos organization is extremely cautious regarding the security of their news and makes sure that there is policy violation.

The analysis of this ISSP or Issue Specific Security Policy is done according to the information systems of the Cosmos organization. This type of analysis is done regularly and thus it is checked daily that changes or alterations are required within the policy or not (Safa et al. 2015). After the review, if it is found out that modification is required for the policy, immediate action is taken. The technology up gradation is the most important requirement for Cosmos, as they deliver news to the customers. If the telecommunication devices of the freelance reporters are not upgraded regularly, they will not be able to take the news and deliver them on time. Moreover, the information would be losing authenticity and integrity. The existing policies of Cosmos organization are solely reviewed and finally modified with the help of new policies (Yeo, Pak and Yang 2013). This type of modification helps the organization to keep the systems and information absolutely safe or secured. Hence, the policy review and modification is required for the ISSP.  

The organization of Cosmos has no liability for unauthorized or prohibited uses. This type of prohibited acts usually violates the national, international, states, federal and local legislations (Ahmad, Maynard and Park 2014). Since Cosmos is an online newspaper company, any type of violation in the legislation is extremely dangerous for the customers. The reporters would be terminated if they would deliver wrong news. Moreover, the membership would be effective immediately terminated if violations occur. This organization thus has no liability to pay.

Policy Review and Modifications

The assumptions for the case study of Cosmos organization are as follows:

1. The first assumption is that the registration with the Cosmos organization would be extremely beneficial for those customers, who want accurate news.
2. The second assumption in this case study is gain huge customers for the organization of Cosmos. In the beginning it is estimated that the number of customers would be around 100,000; however, within three years of time, this number would exceed to 500,000.
3. The third significant assumption of this project is that many reporters can work for this organization, irrespective of their location. They can work as freelance reporters and thus they would be successful in their careers.
4. The fourth assumption for the case study of Cosmos is that live streaming of news could be done even in place that do not have Internet connection or have poor Internet connection. The organization has provided suitable telecommunications for all the freelance reporters.
5. The fifth assumption for this case study of Cosmos organization is that they would be delivering news and provide video feeds on their website 24*7.
6. The final assumption in this scenario is that Cosmos organization will be making a globalized network of various freelance reporters worldwide.

Cosmos is the online newspaper organization that is situated in Sydney, Australia. This particular organization has the globalized network of all types of freelance reporters, who could report news from anywhere in the world. The customers, who are willing to get news from this newspaper and read the online newspapers or watch live videos, will have to complete the procedure of registration by paying a smaller amount of money. The main income of this organization is from the advertisements, containing the playback and the live videos. They accept all types of advertisements from the citizens and organizations, only when they are complied with Australian regulations and guidelines. They have made a rough estimation that around 100,000 people would be accessing the newspaper in the beginning and finally after three years, the number would increase to 500,000. They provide telecommunication devices to the freelance reporters for the purpose of live reporting where the connectivity of Internet is poor. The information or the data of the organization is solely managed by the organization in such a way that there is no chance of data breaching. Since, this organization is dealing with news; they have focused on the quality of their news and confidentiality or integrity of the news is maintained. They have thus prepared an Issue Specific Security Policy for their organization. Cosmos wishes to follow this policy and also wishes to achieve their organizational goals and objectives.

The ISSP of this organization comprises of the statement of purpose, authorized uses and prohibited uses. The statement of purpose comprises of the details of the policy and what this policy is delivering to the organization. The authorized uses section of the policy refers to those uses that are executed only by the authorized users. In this case, the authorized users are the registered customers and all the persons involved with Cosmos. The prohibited uses refer to those uses that are unauthorized and can bring major problems regarding the confidentiality within the company. The fourth section is the systems management that details about the various systems of the organization and how those systems are being managed by the network administrator of Cosmos. Moreover, the importance of systems management is also stated here. The next part deals with the policy violation within the organization. Legal actions could be taken if the policies are violated in any case. The sixth step is the policy review and modification. This type of review and modification is extremely important for the organization and thus they should be done effectively. The final part of ISSP is the limitations and liabilities. The organization has no liability to pay. This policy is extremely beneficial for the organization of Cosmos.

References

Ahmad, A., Maynard, S.B. and Park, S., 2014. Information security strategies: towards an organizational multi-strategy perspective. Journal of Intelligent Manufacturing, 25(2), pp.357-370.

Berger, T.U., 2014. Norms, Identity, and National Security. Security Studies: A Reader.

Cheng, L., Li, Y., Li, W., Holm, E., & Zhai, Q. (2013). Understanding the violation of IS security policy in organizations: An integrated model based on social control and deterrence theory. Computers & Security, 39, 447-459.

Crossler, R.E., Johnston, A.C., Lowry, P.B., Hu, Q., Warkentin, M. and Baskerville, R., 2013. Future directions for behavioral information security research. computers & security, 32, pp.90-101.

D'Arcy, J., Herath, T. and Shoss, M.K., 2014. Understanding employee responses to stressful information security requirements: A coping perspective. Journal of Management Information Systems, 31(2), pp.285-318.

Ifinedo, P., 2014. Information systems security policy compliance: An empirical study of the effects of socialisation, influence, and cognition. Information & Management, 51(1), pp.69-79.

Kim, S.H., Yang, K.H. and Park, S., 2014. An integrative behavioral model of information security policy compliance. The Scientific World Journal, 2014.

Peltier, T.R., 2013. Information security fundamentals. CRC Press.

Peltier, T.R., 2016. Information Security Policies, Procedures, and Standards: guidelines for effective information security management. CRC Press.

Safa, N.S., Sookhak, M., Von Solms, R., Furnell, S., Ghani, N.A. and Herawan, T., 2015. Information security conscious care behaviour formation in organizations. Computers & Security, 53, pp.65-78.

Siponen, M., Mahmood, M.A. and Pahnila, S., 2014. Employees’ adherence to information security policies: An exploratory field study. Information & management, 51(2), pp.217-224.

Sommestad, T. and Hallberg, J., 2013, July. A review of the theory of planned behaviour in the context of information security policy compliance. In IFIP International Information Security Conference (pp. 257-271). Springer, Berlin, Heidelberg.

Sommestad, T., Hallberg, J., Lundholm, K. and Bengtsson, J., 2014. Variables influencing information security policy compliance: a systematic review of quantitative studies. Information Management & Computer Security, 22(1), pp.42-75.

Soomro, Z.A., Shah, M.H. and Ahmed, J., 2016. Information security management needs more holistic approach: A literature review. International Journal of Information Management, 36(2), pp.215-225.

Wall, J.D., Palvia, P. and Lowry, P.B., 2013. Control-related motivations and information security policy compliance: The role of autonomy and efficacy. Journal of Information Privacy and Security, 9(4), pp.52-79.

Yeo, G.T., Pak, J.Y. and Yang, Z., 2013. Analysis of dynamic effects on seaports adopting port security policy. Transportation Research Part A: Policy and Practice, 49, pp.285-301.