Process Innovation Implementing Converged Security

Question: Discuss about the Process Innovation for Implementing Converged Security. Answer: Introduction: The present report analyses the security aspect of information in Premier Ambulance Services Sdn Bhd, which is mainly oriented towards the practice of preventing unauthorised access, usage, modification, or disclosure of information. According to a report by Gullander et al. (2014), these aspects are critical in cases, when the concerned action related to information breach results into the risk to the organisation which in turn is linked with reduced functionality, harm the market reputation and damage the competitiveness. The company considered for discussion works in the healthcare sector and the business association is mediated between customers (patient community), healthcare settings, and transport/automotive related stakeholders. Identify and describe the organisations physical, human, and electronic information holdings that may be at risk. The fundamental aspect in this regard is linked with human resources in which strategic management department, staffing structure, policies and guidelines, as well as employee relation structures and agreements are crucial. The information holding in this regard include the following elements (Davenport, 2013): Strategy and management division This part of the organisation is responsible for the delivery of personnel-related information, in which the key responsibility area for which the information is vital, includes recruitment, promotion, pay or incentive details, disciplinary actions, special leave, and absenteeism of their employees. Staffing structure - The information aspect in this consideration include the details of policy and guidance materials for the ambulatory staff, such as attendance management, the conduct of actions and procedures, diversity management and organisational culture, leaving, pay and benefits of employees as per the national and corporate guidelines, and performance criteria. The policies, procedures, and guidelines related to human resources The information content in this section mainly holds the conditions of service. For example, the application recruitment laws like civil services, equal pay scale, gender non-discrimination, driving license, and adjuvant technical qualifications such as pharmacy, nursing, and social worker. Similarly, for the performance management aspect, the day-to-day functionality, challenges, negotiation, and delegation are included. Other than this, it also includes information such as pension policies, provident funds, and grievance. Employee relations and agreements The management and trade union within this scope are committed towards the conduct of their industrial and employee relations businesses. The bargaining purpose related information which is holding risk include (i) the public and commercial services; (ii) prospect for future of employees; and (ii) first division association (FDA). Likewise, another important aspect includes information related to physical resources such as ambulatory vehicles and property assets, property holdings, estate development plans, maintenance arrangement of vehicles. Notably, the associated stakeholders, vendor for temporary vehicles, and contract drivers are of high importance, for which the information security is essential (Mubarak Alharbi, Zyngier Hodkinson, 2013). Lastly, electronic resources include record management policy which also includes record retention schedule. The information mainly includes audit reports, annual reports, and other details of the accounting. In addition to this, it also includes the consideration of file and folder system at the workplace such that employee should utilise the resources only for the organisational purpose, no personal work must be executed using the firm information, and all the information sharing must be executed among authorised or concerned professionals only (Mubarak Alharbi, Zyngier Hodkinson, 2013). The mentioned provision of information and association is requisite for computer professional and not for the drivers or field-workers. Identify and describe the actual and potential physical, human, and electronic threats to the organisations information holdings. The major threats to the above-mentioned organisation aspect are all linked towards rational usage of data, preserving information for biased usage, and sharing among the authorised professionals only for concerned activities. Importantly, it is also ascertained with the information holdings that they will be used only for the organisational purpose, especially during work execution. Hence, any form of use that can cause harm to the firm is considered to be a breach. The components crucial in this regard include following aspects (Narasimhan Aundhe, 2014): Confidentiality Prevention of unauthorised disclosure of information related to customers, which can be deleterious in the case of sensitive information and may result in financial or market image loss for the firm. Integrity The prevention of erroneous editing or modification within the information is also critical, as storing incorrect data, corrupting the information, or making errors and omission of details may result in loss of functionality for the ambulatory services. Availability - This is linked with prevention of unauthorised withholding of information. As in many cases, personnel withholding or disclosure of information to public domain may result in loss or discontinuity for the firm. Authenticity - This is the procedure of verifying the users and providing a genuine logging detail to the employee, ensure optimal usage of information. This will not only hold the sensitive information from being biased but will also be helpful in tracking the information user for a particular task or according to time.Design a security plan that describes counter-measures that will manage the threats that put the organisations information holdings at risk. For the assess-related threat, the counter-measures include strong authentication and protection of authentication cookies using SSL (secure sockets layer). For exploiting and penetration related threat to information, using data hashing and signing are adequate methods. This also includes secure communication links with the product to offer message integrity. Other than this, the use of strong encryption is also effective to avoid any unauthorised editing or modification of information (Abawajy, 2014). Note that the mentioned security aspect is critical for the recording, documentation, and online processing of information by the company associates and customers. Other than this, the privilege related threats can be managed with counter-measures such as using hint question and verifying the answers from users; using the date of birth or other date-related information for authorization. The same system is also applicable to customers, as they can manage their information, through online means. In advanced systems, the use of retinal scans, fingerprints, and facial recognition are effective, but is not applicable for this company, due to existing infrastructures and resources. Note that these mentioned countermeasures are effective in conjunction with physical and human-related information (Aleem, Wakefield Button, 2013). The computer resources are requisite to be managed with SQL, SSL, and key or one-time-password linked with phone numbers or e-mail account is effective. Additionally, in certain sections of the company, paper-based record system is also maintained. The counter-measures to such informational security is possible to manage with the help of authorised entry to record storage room, strict instructions to concerned professional, and restricting the movement of original documents within the storage room only (only photocopies are allowed for sharing). Develop a comprehensive information security education and awareness programme for use by management, staff members and contractors). The information security education program will include following elements (Peltier, 2016; Safa, Von Solms Furnell, 2016): Giving a general overview and rationale behind the security management aspects This will not only include elaboration to the facts but will also include the consequence of the information threat (breach) to the concerned individual as well as to the firm. The discussion of relevant legislation and guidelines are also requisite to be included. Linking phone/e-mail/computer system to the server database Employees mainly staff (temporary and permanent), as well as drivers and contract workers, are requisite to give the inputs following which they will be linked to the organisational server. Hence, any form of authorisation can be collected on that basis. Demonstrating the usage This includes a demo for logging in and out, sharing of information, granting permission, pending request, approval strategy, and level-wise authorisation for information usage. For the paper-based record system, authorised application and channel to pass the information is needed. Lastly, the sustainability of learned terms can be concluded with the help of monitoring and evaluation framework. Necessary technical support is thus requisite in this regard to all the employees. Note that for the management team, the program guidelines include arrangement of facilities for learning, training, and execution of task. Likewise, the evaluation and monitoring terms are also included for management responsibility, such that sustainability can be achieved (Safa, Von Solms Furnell, 2016). References: Abawajy, J. (2014). User preference of cyber security awareness delivery methods.Behaviour Information Technology,33(3), 237-248. Aleem, A., Wakefield, A., Button, M. (2013). Addressing the weakest link: Implementing converged security.Security Journal,26(3), 236-248. Davenport, T. H. (2013).Process innovation: reengineering work through information technology. Harvard Business Press. Gullander, P., Fast-Berglund, ., Harlin, U., Mattsson, S., Groth, C., kerman, M., Stahre, J. (2014). MeetingsThe innovative glue between the organisation system and information system. InThe sixth Swedish Production Symposium. [Assessed from https://publications.lib.chalmers.se/records/fulltext/202978/local_202978.pdf Dated 25 mar 2017]. Mubarak Alharbi, I., Zyngier, S., Hodkinson, C. (2013). Privacy by design and customers perceived privacy and security concerns in the success of e-commerce.Journal of Enterprise Information Management,26(6), 702-718. Narasimhan, R., Aundhe, M. D. (2014). Explanation of Public Private Partnership (PPP) Outcomes in E-Government--A Social Capital Perspective. InSystem Sciences (HICSS), 2014 47th Hawaii International Conference on(pp. 2189-2199). IEEE. Peltier, T. R. (2016).Information Security Policies, Procedures, and Standards: guidelines for effective information security management. CRC Press. Safa, N. S., Von Solms, R., Furnell, S. (2016). Information security policy compliance model in organizations.computers security,56, 70-82.