Access and Use of Sensitive Information of the Organization

Question: Discuss about the Access and Use of Sensitive Information of the Organization. Answer: Assumptions From the given case study of Farmer for Farmer," it is clear that the organization is going to implement a new wireless communication policy for its different members and stakeholders. It is important for Farmer for Farmer (3F) organization to secure the information for its users. This policy is applied to different workstations, PDAs, servers, software applications used inside the organization. This policy applies to all the staffs, farmers and external users (Horvath, Dixler and Shaughnessy 2012). The main objective of this wireless policy is to protect the wireless network of the organization, increase the reliability and improve the utilization of the network by the users. In addition to this, the policy also governs the deployment, administration, and support provided to the organization's wireless network. The following assumptions are made to implement the wireless communication policy. The policy will govern the electronic resources at the organization. The database used by the organization will consist of the details of the farmers and other stakeholders in the whole process (Gartland 2013). The wireless or electronic communication technology is changing with time as the result of it some security and reliability related issues will arise for the organization, to mitigate these questions and provide effective communication between the different stakeholders (Farmers, customers, drivers of the different distribution vehicles). The policy will also govern the network reliability, security of the system, and the support provided to it. It is also assumed that the information security system has some flaws that can be used by the intruders to steal the data from the organization's database (Ng, Lo and Schober 2014). Therefore, to secure and expand its services to the farmers of New South Wales, it is important to assign responsibilities to the users so that the system would not be misused. In addition to this, the policy will be responsible for providing secure and reliable wireless communication network to its different stakeholders. Statement of the purpose The wireless communication policy will help to establish a set of standards or guidelines for the users of Farmers for Farmers for wireless communication (Horvath, Dixler and Shaughnessy 2012). Also, it can be said that the, the policy also help the administration to govern the devices which are not physically connected to the organization. The purpose of this policy is to secure the information assets that are owned by Farmers for Farmers. The organization provides work stations, networks and electronic information to achieve different goals and initiatives. Therefore, the standards established by the policy are important to grant access to the different resources of the organization (Baldini et al. 2014). The organization must manage and provide privilege to the users in such a manner that the availability, confidentiality and the integrity of the organizational assets are secured. The policy specifies different conditions that a wireless device must fulfill to connect with the wireless network of the organization. If any exception is made for a specific device, then it is granted by the information security department of the organization (Gartland 2013). Authorized uses Network administrators of the organization have the authority to grant access to a device of a farmer or other stake holders to use the wireless communication network so that they can use it to connect to the internet to order the fertilizers for their crop, track the distribution trucks at the real time. Administrators authorizing individuals to use the network must supervise the individuals in such uses. Other authorized users are executives at the organization who are managing the networks, the quick response team (Whitmore, Agarwal and Da Xu 2015). For these users too, their activities must be supervised so that any possible intrusion can be prevented. For the organization like 3F, the insiders can be a great threat to the wireless communication system. Since this type of threats are hard to distinguish, and they may know the different flaws of the existing infrastructure of the wireless communication system and try to exploit them for their interest (Horvath, Dixler and Shaughnessy 2012). They can also interrupt the services provided by the system. In this way, insiders can misuse the information assets of 3F. Since the data which is transmitted through wireless media is more vulnerable to different type security risks and can be intercepted by hackers, therefore, it must be protected from hackers and intruders. Therefore, the users of the network should take responsibility for the security of the network. Like when the farmers or other stake holders should use VPN (Virtual private network) while accessing any private, organizational or financial information in the information system of 3F. Moreover, users should use https (secured connection protocols) while accessing the information system outside the organization (Kalyvas, Overly and Karlyn 2013). Additionally, the personal computers should install firewall softwares to minimize the risk data interception by the hackers. Use of encryption of data while transmitting, use of passwords for using the workstations can help 3F to secure its wireless network. Prohibited uses The unauthorized or prohibited uses are those who are not intended or supported by the organization. Unauthorized users are not involved in the different business process of the organization (Whitmore, Agarwal and Da Xu 2015). These unauthorized users also include the business competitors, intruders or hackers outside the organization. Different risks and threats are related to the unauthorized use of organizations wireless network or information system. As an example, if any intruder or hacker gets access to the wireless network of 3F, then it can alter, or misuse the information that is stored inside the information system. Due to this alteration of data, 3F may have to face huge loss in its business. Like if the data related to distribution process or order from the customer is altered then, the farmers will not get their expected profit from their crop (Ng, Lo and Schober 2014). Different flaws and weaknesses of the information system and wireless communication network are explored by the hackers. After this by using different hacking mechanisms (use of Trojan horses, brute force attacks, spoofing) and tools they can get control over the network and its resources (Horvath, Dixler and Shaughnessy 2012). This attacks and unauthorized uses by the un-desired users can result in the unavailability of the system to its users and administrators of 3F. System management The information system used by the organization is new, and the information security policies are to be developed to protect it from different security and external threats (Gartland 2013). The network administrator or system administrator has the sole responsibility to analyze and resolve any type of security issues and concerns. The administrator or system manager must implement control mechanisms so that the unauthorized access and use of the organizational resources can be prevented. For this each whether its farmer, truck driver or other stake holders in the organization must use a unique username and password. This will help the wireless network to authenticate the users (Kalyvas, Overly and Karlyn 2013). This in turn also helps in protecting the confidentiality of the users, as well as organizational data. The maintenance of the implemented policies is considered as a tedious job; at the same time, it is necessary to secure the assets of the organization. Managing the security and credibility of the network:The wireless network must not be used for personal use by the different stakeholders (farmers and distributers). Since the employees or stakeholders may use the network for any criminal activity for which the organization may have to face legal prosecution. To provide a extra level of security it can be suggested that, different access points that are used by the stakeholders and farmers to connect with the network must ask them to provide unique authentication IDs, that is transmitted through the secure channels like SSL (Secured Socket Layer) to prevent the misuses of the network assets and credentials of the users. The wireless network of 3F is used by the farmers and other stakeholders to remote access the organizational database and knowledge base to get required information related to agriculture (Whitmore, Agarwal and Da Xu 2015). Therefore to maximize the effect of the network usage and minimize the impacts of different threats it is important to authorize different connected network devices such as different type of servers (DNS servers, DHCP servers and FTP servers), network gateways to investigate the suspicious data packets getting in or getting out of the organization's network. Violations of policy If any stakeholder or member of the organization is found violating any of the network related policies, then the individual or group of people will be subjected to disciplinary action by the organization. In addition to this, suspension of access to the network can be enforced against them (Baldini et al. 2014). A violation of the policy also includes the negative communication network that may affect the wireless service for others. Any illegal use of the communication system or violation of laws would be referred for civil or criminal prosecution. Misuse or fraud regarded to organizations wireless communication policy would be resulted into progressive or disciplinary action by the organization (Kalyvas, Overland Karlyn2013). In addition to this, termination of membership and criminal prosecution can also be applied to the individual or group of people. The administration of information system and its security is a troublesome task for a system manager or network administrator. Policy reviews and modification Use of wireless technology in the organizations provides a high rate of growth in functional efficiency (Gartland 2013). At the same time, it is always a security reason for organizations like 3F. The reason behind this can be stated as; wireless access points are easiest access points to get control over the organization's network. Also this, it is possible that the encrypted data is intercepted and readable due to the different vulnerabilities of the network devices (Horvath, Dixler and Shaughnessy 2012). Hence whenever new network device or user is added to the network, it is important to asses some of the following security issues, a) How secure is the newly implemented authentication mechanism in the context of the 3F. b)The level of security and process of transmission of data using any new encryption technique. c) The SSID (Service set Identifier) of any wireless devices must be configured in such a way that, it does not indicate any information about the organization's departments, personnel or product identifiers (Kalyvas, Overly and Karlyn 2013). d) The policy also states that the portion of the network which directly supports and contains wireless devices must be supported from the part that does not support wireless devices (Whitmore, Agarwal and Da Xu 2015). Since the part of the network which does not contain or support wireless devices considered as more secured than another part. Limitations of liability The access to the wireless communication network is available for free to the different stakeholders like farmers, workers at distribution centers employees, etc. By using this service, they acknowledge that the service does not pose any kind of liability to 3F (Gartland 2013). For any kind loss of profit, loss of business, data; the organization is not liable in any form. No technical support will be provided to the users who are trying to access the wireless communication network of the organization. The 3F also reserves the right to intercept, monitor and disclose any kind of information that is transmitted using their wireless network. Also, the organization holds the right to disclose or provide user records and other related information under some specific circumstances. Justifications Organizations like 3F are relying on the different information technologies like wireless communication technology to increase the effectiveness and profitability of the business (Horvath, Dixler and Shaughnessy 2012). Therefore 3F needs to secure its exclusive business data from different type of security threats. It is important to prevent its network from intruders and protect the business data from public disclosure, destruction, and alteration. In addition to this nature and extent to which the organization is liable for any fraud is not predictable, therefore to survive in this competitive market 3F should set a limitation of liability(Kalyvas, Overly and Karlyn 2013). This will help the organization (3F) from being accused by the users for their own losses due to the use of the wireless network. References Baldini, G., Karanasios, S., Allen, D. and Vergari, F., 2014. Survey of wireless communication technologies for public safety.IEEE Communications Surveys Tutorials,16(2), pp.619-641. Calloway, T.J., 2012. Cloud computing, clickwrap agreements, and limitation on liability clauses A perfect storm. Duke L. Tech. Rev.,11, p.163. Feng, D., Jiang, C., Lim, G., Cimini, L.J., Feng, G. and Li, G.Y., 2013. A survey of energy-efficient wireless communications.IEEE Communications Surveys Tutorials,15(1), pp.167-178. Gartland, J.J., 2013. Limitation of Liability and the Seaplane.St. John's Law Review,16(2), p.2. Ho, C.K. and Zhang, R., 2012. Optimal energy allocation for wireless communications with energy harvesting constraints.IEEE Transactions on Signal Processing,60(9), pp.4808-4818. Horvath, R., Dixler, T. and Shaughnessy, M.L., Motorola Mobility, Inc., 2012.Method and apparatus for increasing the performance of a wireless communication system. U.S. Patent 8,194,572. Kalyvas, J.R., Overly, M.R. and Karlyn, M.A., 2013. Cloud computing: a practical framework for managing cloud computing riskpart II.Intellectual Property Technology Law Journal,25(4), pp.19-27. Kuzlu, M., Pipattanasomporn, M. and Rahman, S., 2014. Communication network requirements for major smart grid applications in HAN, NAN and WAN.Computer Networks,67, pp.74-88. Ng, D.W.K., Lo, E.S. and Schober, R., 2014. Robust beamforming for secure communication in systems with wireless information and power transfer.IEEE Transactions on Wireless Communications,13(8), pp.4599-4615. Whitmore, A., Agarwal, A. and Da Xu, L., 2015. The Internet of ThingsA survey of topics and trends.Information Systems Frontiers,17(2), pp.261-274.