Developing a Way to Protect the Information in the BioMed Devices Company - Case Study Example

Information Classification Name Institution Executive summary The report is about GSM, which stands for Global System for Mobile Communications. A European standard that describes the protocols for second generation networks for cellular digital phones, it is of help in the management of Information Security. The report covers the functions of protecting information. The European Institute for Telecommunication development of the standard basing on second generation (2G) ideas and principles. The standard went global as the default standard for the world in 2014 with more than90% shares in the market. It is in over 219 countries and regions over the world. The 2G replaced the 1G. The GSM has telephony, full duplex, and packet data. The 3GPP Standards followed 4G LITE standards although they do not operate in ETSI – GSM ways. There is the use of Proprietary software to protect the information of BioMed Device Company. There are two ways of classifying data that is, Objective and Subjective classification. In the objective method, classification of data goes by the set policies as compared to Subjective where the owner has the right to classify their data. The task was to develop a way to protect information in the BioMed Devices Company in three weeks. The work involved the selection of different pieces of information, getting methods to classify them and lastly to review those methods used. Table of Contents Executive summary 2 Introduction 4 Information Box 7 Reference 18 Information Classification Introduction Several companies are getting more concerned with security issues. The whole idea is to protect the company’s vital information from intruders and others. BioMed Devices is a competitive company specialized in technology that creates the human implantable device. These devices are of medical origin. There are implants such as body mass transferred from one body part to another. These collective body parts may have in them some artificial elements placed in them in order to suit the interests of the patient. The other point is that there are specifications that need to be in place before having such implants placed in the body of someone. There is a need for technology to help in the manufacturing of the products in the best way that is possible. For example, there are circumstances in which there will be a need to draw representatives of the desired shape and size. For example, most of the medics in this area of specialization will have to have a picture of the implant that a person wants to have in their body. The specialization performed by the physician should be so professional in order to get the desired specification of he required an implant. The truth is that technology matters. The technology works in the planning, drawing, and making of the body implants. In the past, there were situations in which a media would ask the person interested in having an implant the specifications that they wanted. Having got a clear picture of the shape and size of the required implant, the medic advises s the patient the advantages and disadvantages of such implant chosen. The physician would go ahead to explain to the person the design specification of how the implants work. Not all these ideas can come to pass unless there is right technology in place to help in the manufacture of such as good speech and hearing devices. The use of improved technology helps in the process of keeping information intact. Several ways of doing this exist. For example, there are alarms that are sensitive to even the slightest movement in the store. The intruder, on entering the store that has the classified files will most certainly go where he should not be. Take into consideration thieves who are in the position of stealing a company. In most of these people, do not know the area so well. It is a tie if the thieves are intruders. The intruders on entering the store will find difficulty. The first thing the information manager will do has padlocks and passwords that do not allow illegal entrance. In this way, intruders are in no position to access the store having classified files. The alarms will go on. The signals go on because of having their environment violated. There are sensors in the alarms that detect the slightest movements in the surrounding atmosphere. The change in frequency of the moving air close to the sensors makes them go on. The security manager should have offices next to the store with classified information. The person in charge of the security office will realize that the alarm is on. The intruder will have no way of escaping. The security manager will also resort to other methods of protecting the information. For example, there will be only certain people who can access the store with classified files. Each of these executives or members access codes to allow them to get into the store. The reason is that one of the favored members misbehaves, and then he or she cannot access the store (facility) using another person’s code. The person who misbehaves will have the privilege to access the store removed from him. Therefore, it will be so hard for them to locate the store that they will not think of wanting to do the unimaginable. The fact is that not all people can have access to the store. If this was so, then there will be problems. The probability of all people knowing all the company’s classified information will be high. Therefore, by introducing this policy, then all people will know the detailed information. The security manager should have a secretive team of people who work to endeavor what happens in the company remains in it. The team will have specific dates when meetings will occur to have an update on issues concerning security. The CEO will have to know about the update. The team should work in secret with the CEO. The general members of BioMed should not know. The security manager will have to use software to check on people who may want to hack into the system of BioMed Company. The software could be DLP that will block the release of information that should not go out. A system in which a team of security officers will check all people entering for important meetings will exist. Other ways to protect information will be to inform all members of the BioMed Company about the security. In these sessions, the workers of the company will have lectures concerning protection. In these sessions, workers will learn to save and classify information. Protection of Data Once data is in the position where sealed, then no one should have access to the information. There is a way of sealing information. The company will implore several of these methods. A company stamp will classify individual marks. The stamp will be particular with specific shapes and identity. Only authorized people will use the mark. The patch will work at specific times. Information Box There will be a box having classified files. This file will be the base of all required information concerning the progress of the company. The box will need locking to avoid access to classified data. Policies Systems help to direct people to work the right manner. These strategic principles will assist in the execution of several orders. For example, VPN will protect the emails that go on to the phone of the CEO. There are people who will want to hack into the system of the company. The result will be to protect classified information. The GSM will work to allow all users of smartphones to be careful with the information in their systems. The truth is that there are people good at hacking into the system of the company. VPN will have the responsibility of protecting the information of the company from third parties. For example, VPN will introduce a policy of protecting all servers that have classified information in the company. For example, take in into consideration the fact that servers need protection. The best thing would be to have VPN to have passwords installed into the phone of the CEO to avoid other people into hacking in her phone. The phone of the CEO will have a connection to VPN’s system. The association seeks to avoid the intrusion of other third parties from hacking into the system. In case that scenario in which hackers are on the rise, VPN will tell the CEO to take her phone to their offices. At VPN’s offices, the phone will undergo investigation. The investigation will have results to show the parts of the phone that could have had the likelihood of unsafely. VPN will have to create a full report on the way to avoid future hackers from getting into a system of the phone and company. For example, all components of the phone will have investigations to check for any vital information. Classification There are different ways to classify information. All people involved in the disrespectful sale of vital information about the company will face the disciplinary committee. The court wills ahead who will most likely be the Information Security manager. The person found in the act will have to explain to the manager the circumstance that led them to commit such a thing. The manager will have to make a conclusion on the judgment to take effect. There will be a jury to follow the proceeding in court. Once the accused is guilty, an appropriate punishment follows. There are several punishments such as; 1. Indefinite suspension. 2. Remove the rank. 3. Demotion the culprit. Some of the information that needs protection includes: 1. Name and personal information about people especially those with some ailments 2. The place of birth and parent of the workers 3. Future expansion plans of the company. 4. The Company’s financial strategy for the next five years. 5. The dealings with the government concerning delicate issues. 6. The Company’s secrets regarding it specifications on individual products that no other competitor should know. 7. Business plans of the company showing the tactful skills that will help in the execution of the stated goals. 8. Accurate information concerning the customers that are so supportive of the company. Usually, customers that have for a long time supported the company will want to tell executives about their personal issues. These issues should remain intact in the company. 9. The incoming financial withdraws from the bank. 10. The company’s total amount of assets. However, there is information that needs the public should know.These are; 1. The status of the company is in term of assets and liabilities. The assets are all the items and commodities that the company owns and if sold would add money to the company. On the other hand, liabilities are those items that the company has to incur costs for its continued existence. For example, transport fees for all the workers. Other items are food, fuel, and maintenance costs. 2. The audited presentations: These are a must for the public to know as they show the financial standing of the company at the end of the year. In most situations, there are helpful in the sense that a good audit will show the financial strength of the company. The meaning is that more customers will be customers. 3. The company’s website will show that services are human implantable such as those for speech and hearing. The other information will be the date of inception, the total number of workers, the net and gross profits. 4. The goal of the company: Different companies have goals. The goal states what exactly the company aims at achieving. 5. The methods of operations and activities that the company engages. 6. The successful projects and contracts for the company. Imperative to know, are several steps involved in making information classified. The purpose is to have a quick and efficient process that will in turn avoid the unnecessary spread of information. These steps are: 1. The value of the Business Information Base needs determination 2. All concerned risks and threats undergo an assessment. In the assessment, calculation exists to find out how much worth an individual set of information has. In the event that the information assessed has value, then other steps follow. The next step will involve the process of getting an appropriate way of keeping the information safely. There will be a several question asked. The risk calculations will include probability to determine the degree of safety of some information. In the calculation will handle the possibility of the third party knowing the classified information. The security officer ensures that the probability is small. 3. The question will arise and include, why people have an interest in the information? What is the value of the information at risk? 4. The information at stake will have a process of determining the exact value present in it. The level of the value will help to suggest what kind of information is at stake. Next is to get the right method of protecting the information. The value will need categorization in which case one will need to know crucial and the least important values. The information will the most wanted value will need careful handling. The processing of such information will be professional.The person handling the files should have experience. 5. The information has an attached method of protection dependent on values. Several methods work. For example, the security manager can use computers where the document has a lock. The document will have a password that only authorized people should use to access the information. The security office can use files that will have the valuable information. These files need proper storage. There are places where some data exist. For example in the office of the security manager, a safe will exist into which the files can have safety. 6. The classified information will need a review. In the review, the document will have a substantial assessment on issues concerning the reason as to why classification occurred. The report will state the circumstance under which the given document underwent classification. In most cases, the report provides the methods used in the classification of the material. Others go on to state the period for which a material will remain classified. The time of rating depends on several issues. Some of these issues are the safety time of the record and urgency. Classified documents help to avoid the release of information during the time that is risky. 7. A general meeting would help all the members of the company to know what documents have a classification mark on them. The members will know that it is responsibility to endeavor that the information in the classified files has the amount of protection from all kinds of intruders. Furthermore, the data will undergo shipment to certain areas of safety where only authorized people can have access to them. Individual policies will appear in connection with the security of the information. The Security Information Manager will assign a different member of the company. 8. Usually, there are policies and rules that govern the conditions concerning the safety of the classified information. The rules help in the long term safety of the files in the sense that certain stringent aspects accompany the use of distributed data. 9. The setting up of new rules relating to the data having a classification mark matters. The rules should be valid and read to all member of the company. Hardware classification The purpose is to keep away certain critical information from intruders. The materials are files and safe boxes. Information ownership All people in the company will need to show they wrote or made will have to undergo classification. It will be a directive from the Information Security Manger. For information that other members of the company makes, they have right to secure it in all way possible. However, it does not mean that the workers should hide the information from the other concerned member of the company. The reason is that the rules of the company need an earnest following. There are instances when people should remain silent with vital information and tell it to the concerned people. Document protection Several documents in the company will have passwords in order to access them. It will prevent intruders and members not part of the company to access the classified files and documents on computers. The will be stores having locks and password to enter them. These stores will have classified paperwork. Data loss Loss of data will be with backup measures. The Information Security Manager will have to save all the company’s vital information in safe hard disks, classified files and safety boxes. RSA - DLP System The software operates in a way that not all emails can go through. All classified information undergoes protection through blocking hackers that would want to hack into the system. Work Plan Table 1 shows the different steps that will help in the implementation of the 3-week plan. In this plan, information of the Company will be in proper protection with the help of GSM on the smartphone of the CEO. Table 1: Three Week work plan No. Week Work Explanation 1. 1 Collection of Data 1. Select data that needs protection. 2. Group data as Very Important, Important, and Least significant. 2. 2 Critical examination 1. Each component of the Information undergoes criticism 2. Value the Data sampled out. 3. Selection of information to protect 3. 3 Classifying data 1. 1. Make a list of areas of storage for the information. 2. Assign data groups. 3. Information Manager keeps the information in selected storage. 4. Apply RHS – DLP to reject hackers and blocking information. 5. Inform members of the company that there is a new way protecting data. 6. Inform members what files undergone classification. 7. Review all information that experienced classification. 8. When a classification is okay, then files undergo transfer to the selected stores like be hard disks, safety boxes, and files. 9. When it comes to stores, computers, there will be the creation of passwords to avoid intrusion. Reference Calabrese, T. (2004). Information security intelligence: Cryptographic principles and applications. Clifton Park, NY: Delmar Learning. Dhillon, G., & Ebrary, Inc. (2001). Information security management: Global challenges in the new millennium. Hershey, Pa: Idea Group. Read More