An Information Security Policy Proposal For POS Solutions
The Management Information System
The management information system or MIS is the computer-based database of the financial information that is being organized as well as programmed in a specific method so that it could produce daily report on the operations for each management level in the organization (Laudon & Laudon, 2016). This MIS helps in obtaining specialized reports from that particular system easily and promptly. It eventually receives the relevant data from the organizational functionalities and units. These data are automatically collected from the computer-based checking out counters and are keyed at the periodic intervals.
The routine reports are previously programmed and are also run at the intervals for the purpose of checking connections with the management information systems by networks (Laudon & Laudon, 2015). The following policy proposal report outlines a brief discussion on the policy proposal of the Australian software organization called POS Solutions. This report helps in developing various policies and controls regarding information security, which majorly addresses the potential vulnerabilities and threats as well we plan for the business continuity. Moreover, the information system will be analysed for compliance with the ethical and legal frameworks and proper recommendations.
POS Solutions, being one of the major software organizations in Australia has few of the popular and significant methods to protect their data from all types of threats, attacks and vulnerabilities (POS Solutions. 2018). The unauthorized or unauthenticated accessing of the confidential data is the first type of threat. Moreover, the loss and release of critical business-related data and the lack of security and identity management are the next noteworthy threats and vulnerabilities of the POS Solutions organization (Willcocks, 2013). The other significant risks are issues related to hardware implementation, degradation of data quality, malware attacks, risks associated to operations as well as integration or physical data security and downtime of IT services and these threats often become extremely dangerous for this particular organization of POS Solutions.
The information security policy is the set of several policies that are eventually issued by the organization for the core purpose of ensuring that every user of information technology comply with the guidelines or rules of information security in the core domain of the respective organizational networks (Braglia & Frosolini, 2014). The information that is stored digitally at every network point is secured with the help of these significant policies of information security. There is an evolution of the digital networks, which help in information sharing. The data proportion that is not intended to share is done within a restricted group and these data are protected by the intellectual properties or law (Galliers & Leidner, 2014). This policy of information security endeavours in enacting of the protections and limit the data distribution within the public domain for authorized recipients.
The Policy Proposal of POS Solutions
POS Solutions have identified their potential risks and threats and they require protecting the data or controlling the distribution in both within or without their organizational boundaries (POS Solutions. 2018). It refers to the fact that information could be authorized or encrypted by the third party and institution and could have the restrictions placed on the major distribution about the classification system in respect to policy of information. The basic example of the utilization of the information security policy is within the facility of data storage that eventually stores the database records. This type of policy is enabled in the organizational software, which makes the data manageable (Fountas et al., 2015). Moreover, the organizational employees are contractually bound in complying with this type of information security policy.
The organization of POS Solutions should employ the significant policy of information security to protect their digital assets as well as intellectual rights with the efforts of preventing from thefts of organizational information or data, which are beneficial for their competitors (Tisserye, 2015). These types of information security policies are majorly responsible for containing the various specifications depending on the authoritative status of every organizational employee.
POS Solutions should develop the information security policies for fighting against the cybercrime. They should design these policies for ensuring the corporate as well as personal data by the proper prevention of any unauthorized access (Li, Li, Liu, Khan and Ghani, 2014). This policy should encompass the entire structure of their information technology, right from the on-premises servers until the data present in mobile devices for the cloud security policies. However, the development of these policies of information security even show the subsequent commitment for the protection of client’s data. These policies would be extremely important for state and federal compliance (Eason, 2014). For the protection or prevention from future risks, this particular organization of POS Solutions should complete the due diligence in various IT security risks.
The statement of purpose of this information security policy is to provide a basic guideline about the rules and regulations of information security within an organization. This particular security policy applicable to every authorized member of the organization.
The major elements of the information security policy are as follows:
i) The information security policy defines every risk for the data, whether the data is digital or not (Mason, 2017). This policy mitigates the risks after defining the variety of several safeguards for the protection of their data.
Potential Risks and Threats Faced by POS Solutions
ii) This information security policy of POS Solutions also defines the procedure of how the users could access their data digitally.
iii) The information security policy of POS Solutions defines the series of consequences for violating the policies.
iv) There is a proper detailing of employee training for defending against the cyber-attacks (Venkatesh, Brown & Bala, 2013). This factor helps the employees to identify several cyber threats or breaches and hence take necessary actions.
v) This policy also mitigates the risks by properly defining the events of cyber breaches, data losses or employee theft.
vi) The information security policy also details on the solutions that this particular organization would utilize for proper defence against the several vulnerable threats. For this purpose an upgraded version of antivirus software is present.
vii) The building, as well as maintenance of secured networks and systems, is done so that there exists no issue of security in networks.
viii) POS Solutions have implemented firewalls to monitor and test the networks.
ix) The business continuity planning is also done within this information security policy regularly.
x) The international issues like data getting lost from multimedia objects and autonomous information systems are also eradicated with development of global schema, proper data access and security.
There could be some of the major issues related to the future risks of the information system as well as data of POS Solutions (Xu et al., 2014). There are three types of issues possible for these risks. These issues are legal, cultural and ethical.
i) Legal Issues: The legal issues or data and information security mainly addresses that particular are, in which concerns of information security and law are intersecting. The legal compliance and security of information systems are extremely important for the proper protection of corporate infrastructure and critical government or even the information, which POS Solutions think of protecting from the future or unreasonable intrusion (Goetsch & Davis, 2014). Moreover, the intellectual property that is created by the several organizational systems and individuals are also checked by the proper identification of legal issues. This organization of POS Solutions should effectively build several privacy responses as well as security responses for their confidential information for the protection of their business and business-related critical data. When the legal requirements are not met in the maintenance of organizational data or systems, such legal issues could arise (Bajdor & Grabara, 2014). Social engineering, dumpster diving and shoulder surfing are considered as the major future risks that could enhance legal issues in POS Solutions.
The Importance of Information Security Policies
ii) Cultural Issues: The second type of issues are cultural issues for data and information security in the organization of POS Solutions. In respect to security as well as privacy, one of the basic approaches is to pay extra attention to the organizational operation in several jurisdictions (Gallagher & Sixsmith, 2014). The monitoring of confidential data or organizational employees is one of the major and the most significant example of how the cultural expectations, as well as local laws, need extra caring considerations. This organization would even require to utilize the employee monitoring schemes for the proper inclusion of monitoring of electronic mails, web application usability and network usability. The employees of POS Solutions should make it a habit of including all the above mentioned rules for the core purpose of maintaining a proper culture regarding privacy and security of information and data (Demir & Krajewski, 2013). The differentiation of products is yet another significant cultural issue in POS. The decision is often not discussed with every employee and hence the end product is erroneous. This mainly occurs due to the cultural issues with information. Moreover, the incompatibility of information system also occurs for such issues. The organizational strategy of building, as well as maintenance of secured networks and systems, would be quite effective for these issues. The IT head or technical head is responsible for checking every such discrepancy and they will report to the organizational CIO or Chief Information Officer.
iii) Ethical Issues: The third significant type of issue for information security in POS Solutions is an ethical issue. Every professional, who is completing their duty is eventually affecting the data security of his organization with formal training or courses (Klukas, Chen & Pape, 2014). Ethical issues are prevalent for the professionals and this is mainly because the information technology security personnel have to access the sensitive and confidential data as well as knowledge regarding the organizational systems, networks or even individuals. After getting subsequent access to such knowledge and data, these individuals often turn unethical or illegal and utilize those confidential data for wrong purposes (Shelestov, Kravchenko, Skakun, Voloshin & Kussul, 2013). There are no standardized training requirements to hang out to the security of information technology. POS Solutions should restrict the access to such data and information for each and every personnel of information technology. Moreover, proper training should also be given to the employees for maintaining ethics in their organizations regarding data application or utilization (Dahlstrom, Walker & Dziuban, 2013). This particular step would help in the proper maintenance of ethical standards and removal of several ethical issues within the organization of POS Solutions.
Key Elements of the Information Security Policy for POS Solutions
The information system is the software, which is responsible for helping to organize as well as analyse the confidential data (Dahlstrom & Bichsel, 2014). This type of information system also makes it possible for solving the problems that are relevant to the mission of POS Solutions. Most of the organizations work with the bulk amount of data. These data are the basic facts or values, which are organized within the database. The major purpose of this information system is turning of raw data into useful and effective information, which could be utilized for the decision making process within the organization. The most common and effective types of information systems are DBMS or database management system (Klukas, Chen & Pape, 2014), ERP or enterprise resource planning, ES or expert systems and GIS or geographic information systems. The major components of the information systems are hardware, software, databases, procedures and networks.
POS Solutions is facing some of the major and the most significant issues regarding their information and data security as well as maintenance of information security assets and systems. These information systems are incrementing drastically from the source of quality decisions within the organization and hence for the proper maintenance of security of this information and data, compliance is important (Demir & Krajewski, 2013). Since, most of the systems have become available and there is a major requirement as well as complexity to validate the systems effectively. For bringing compliance in the information systems, the organizational staffs could provide important gap assessments, hardware or software designing specifications and even user requirements (Goetsch & Davis, 2014). The employees of the organization of POS Solutions could eventually generate as well as execute the needed software integration testing, performance qualification of the systems and acceptance of hardware or software. These employees should also develop the significant relationships with each and every system integrator or vendor for providing realistic and comprehensive user requirements as well as specifications of system designing (Venkatesh, Brown & Bala, 2013). Moreover, for compliance, the test documentation is to be provided to ensure that the procedure of data security is repeatable acceptable and constantly achieves the previously expected outcomes.
The process control in POS Solutions organization could ensure proper system installation, operation and performance in the most consistent manner with various site requirements as per the regulating authority. This particular organization of POS Solutions could use the system of SCADA or Supervisory Control and Data Acquisition in their business (Petter, DeLone & McLean, 2013). The major advantages of SCADA system mainly include downtime tracking, security of confidential information, documentation systems and client and server systems. This compliance could also be maintained with two frameworks of legal and ethical. The description of legal and ethical frameworks for POS Solutions are as follows:
Future Risks and Issues
1. Legal Framework: The first and the foremost framework for this particular organization of POS Solutions is the legal framework (Kerzner & Kerzner, 2017). The proper development of the successful model of information security policy helps in the significant protection of rights to access to the information. This information security has effectively become the most important and vital factor for the development of the electronic administration. This specific framework comprises of relevant legal rules, standards and codes, which are needed for protecting the information systems as well as information to be processed from any unauthorized or unauthenticated access (Braglia & Frosolini, 2014). The legal risks are extremely important when the pragmatic approach is not undertaken. To complete the framework, few steps are to be executed and these are as follows:
a) Identification of Risks
b) Identification of Safeguards
c) Creation of Safeguards
d) Verification of the Safeguards
e) Updating Safeguards.
ii) Ethical Framework: The second important and significant type of framework is the ethical framework (Galliers & Leidner, 2014). This particular framework is responsible for encompassing every activity related to ethics of data security in POS Solutions. Each employee of the POS Solutions should undertake some of the steps for facilitating the ethical utilization. There should be a broader range of tools and technologies for subsequently achieving the various objectives of information security and hence ethics is eventually followed by the guideline discussion to design as well as develop the tools and technologies (Laudon & Laudon, 2016). The distinct framework of ethics for POS Solutions data security is given below:
a) Integrity
b) Objectivity
c) Professional Competence as well as Due Care
d) Confidentiality.
The above mentioned two frameworks of law and ethics are extremely effective and efficient in respect to the other framework, since they provide better ideology of maintenance of law and ethical standards within the organization of POS Solutions.
The major and the most significant recommendations for POS Solutions to use as well as apply confidential data are as follows:
- i) The first and the foremost recommendation of data usage and application for POS Solutions is to use the data in organizational decision making process. With the help of confidential collected data, it would be extremely easier for the organization to undertake such decisions that are much relevant and appropriate to the business of POS Solutions.
- ii) The second important recommendation for data uses and application in POS Solutions organization is to apply them for building the frameworks of cultural and ethical so that each and every employee gets the idea and gets to know the importance of information security effectively and efficiently.
Conclusion:
Therefore, from the above discussion, it can be concluded that information security or InfoSec is the significant practice to prevent all types of unauthorized or unauthenticated access, utilization, disruption, disclosure, inspection, modification and also destruction or recording of the confidential information. These data or information might undertake any of the forms like physical and electronic.
The most significant focus of this information security is providing a balanced protection to the confidentiality, integrity and finally availability of data often termed as the triad of CIA. This focus is also maintained on the efficient implementation of policies and without the hampering any of the organizational productivity. It is usually achieved through the multistep process of risk management, which is majorly responsible for the significant identification of assets, threat sources, possible controls and potential impacts that is followed by the proper assessment of risk management plan efficiency. The above report has properly outlined the importance of information security policy development for one of the largest software organization of Australia called POS Solutions. There are some of the most significant standards of information security that are required to be maintained properly. This report has clearly demonstrated the analysis of information security for the compliance of this organization with the ethical as well as legal frameworks with significant recommendations for using and applying data. Proper and relevant details are also provided in this particular report.
Ethical Issues
References:
Bajdor, P., & Grabara, I. (2014). The Role of Information System Flows in Fulfilling Customers’ Individual Orders. Journal of Studies in Social Sciences, 7(2).
Braglia, M., & Frosolini, M. (2014). An integrated approach to implement project management information systems within the extended enterprise. International Journal of Project Management, 32(1), 18-29.
Dahlstrom, E., & Bichsel, J. (2014). ECAR Study of Undergraduate Students and Information Technology, 2014. Educause.
Dahlstrom, E., Walker, J. D., & Dziuban, C. (2013). ECAR study of undergraduate students and information technology (p. 2013). 2013.
Demir, I., & Krajewski, W. F. (2013). Towards an integrated flood information system: centralized data access, analysis, and visualization. Environmental Modelling & Software, 50, 77-84.
Eason, K. D. (2014). Information technology and organisational change. CRC Press.
Fountas, S., Carli, G., Sørensen, C. G., Tsiropoulos, Z., Cavalaris, C., Vatsanidou, A., … & Tisserye, B. (2015). Farm management information systems: Current situation and future perspectives. Computers and Electronics in Agriculture, 115, 40-50.
Gallagher, S., & Sixsmith, A. (2014). Engaging IT undergraduates in non-IT content: Adopting an eLearning information system in the classroom. Interactive Technology and Smart Education, 11(2), 99-111.
Galliers, R. D., & Leidner, D. E. (2014). Strategic information management: challenges and strategies in managing information systems. Routledge.
Goetsch, D. L., & Davis, S. B. (2014). Quality management for organizational excellence. Upper Saddle River, NJ: pearson.
Kerzner, H., & Kerzner, H. R. (2017). Project management: a systems approach to planning, scheduling, and controlling. John Wiley & Sons.
Klukas, C., Chen, D., & Pape, J. M. (2014). IAP: an open-source information system for high-throughput plant phenotyping. Plant physiology, pp-113.
Laudon, K. C., & Laudon, J. P. (2015). Management information systems (Vol. 8). Prentice Hall.
Laudon, K. C., & Laudon, J. P. (2016). Management information system. Pearson Education India.
Li, J., Li, Q., Liu, C., Khan, S. U., & Ghani, N. (2014). Community-based collaborative information system for emergency management. Computers & operations research, 42, 116-124.
Mason, R. O. (2017). Four ethical issues of the information age. In Computer Ethics (pp. 41-48). Routledge.
Petter, S., DeLone, W., & McLean, E. R. (2013). Information systems success: The quest for the independent variables. Journal of Management Information Systems, 29(4), 7-62.
POS Solutions. (2018). Retrieved from https://www.possolutions.com.au/ [Accessed on 26 Nov. 2018].
Shelestov, A. Y., Kravchenko, A. N., Skakun, S. V., Voloshin, S. V., & Kussul, N. N. (2013). Geospatial information system for agricultural monitoring. Cybernetics and Systems Analysis, 49(1), 124-132.
Venkatesh, V., Brown, S. A., & Bala, H. (2013). Bridging the qualitative-quantitative divide: Guidelines for conducting mixed methods research in information systems. MIS quarterly, 37(1).
Willcocks, L. (2013). Information management: the evaluation of information systems investments. Springer.
Xu, B., Da Xu, L., Cai, H., Xie, C., Hu, J., & Bu, F. (2014). Ubiquitous data accessing method in IoT-based information system for emergency medical services. IEEE Trans. Industrial Informatics, 10(2), 1578-1586.