Information Plan to Protect Information for Mobile Communications - Term Paper Example

Information Classification Name Institution Table of Contents Executive Summary 2 Introduction 3 Executive Summary The report is about the protection of information from MedDev Company with the help of software such as Global System for Mobile Communications (GSM). With the help of other parties such VPN that will keep all the emails pertaining to the phone of the CEO the company’s computers. The CEO will promote the proper management of the company. The GSM will be in use to protect information using second generation (2G) principles derived from the first one (1G). The GSM deals with cellular phones in terms of operation of networks. The standard is now the world’s standard now. The creation of the standard by The European Telecommunication body (EITD) is impressive. The study came out with several ways of protecting data (information) through methods like the use of safety containers, computers with passwords, and limited access. Not all people should have access to certain information, as they would spread the information unnecessarily. The report ended with a three-week plan to achieve the duty of having an Information plan to protect information. The assignment showed how the Information Security Manager will work. He has to identify information that is prone to GSM attacks. Later he will come up with related countermeasures, and develop a three-month work plan for the new product to avoid loss of valuable ideas. Information Classification Introduction The term GSM means Global System for Mobile communication. It is a cell phone system widely used by the European countries and the rest of the world. The system is digital in nature. There are different sector access and has three wireless technology which are GSM, TDMA, AND CDMA. The system compresses and digitizes data while sending it to several streams of users for a particular time slot. The operations are 900 MHz and 1800MHz. Now there are several users with GSM phones. The advantage of GSM is that there are agreements signed by people travelling to several countries to allow them to use their phones in foreign countries. There are four essential parts of GSM. These are: 1. Subsystem base station in which controllers and base stations operate. 2. Subsystem switching: It is the core and fixed network. 3. Core network: An optional part allows internet connections. 4. Support system: The system maintains GSM. Over the years, companies have put up efforts to improve the technology concerning the protection of certain information. The result has shown benefits in the sense that competitors will not know the next move of a company. The company has enough time to invent the new technology. MedDev Company specializes in the production and supply of human implantable tools and materials. When it comes to MedDev Company, there is no difference as the primary objective of the company is to keep ahead of others in the industry of supplying and making human implantable tools. All workers in MedDev will be in positions to attend sessions that talk about the need for having inside issues remain inside and not to go outside, as is the case of some companies. The Information Security Manager will endeavour that all members of the group learn how to protect vital information in the right place. There will be penalties for people who misbehave and want to give way information to the third party and competitors for the sake of money (Hovenga 2010). Risks There are several risks associated with GSM. These risks are broad and narrow. General risks centre on incoming threats of the company as a whole. The small ones deal with personal threats for each member such the CEO (Richard, 2014). No. Broad Countermeasures Narrow Countermeasures 1. Hacking of Phones Encrypting codes that undergo constant changes Phone insecurities Members should call trusted people only. 2. Passive attack on GSM Decrypting keys that do not allow passive scanners from operating in real time. Inherent Security Weaknesses on phones Have a high strength signal that captures a specific voice and does not allow it to spread to other areas. 3. Interrupted and listened phone calls Cellcrpt mobile phones that only allow encrypted mobile calls only. Cyberspace attackers on Company Cellcrpt mobile phones that only allow encrypted mobile calls only. Scope The assignment centres on identifying the information used in the phone, countermeasures to control attacks on GSM, and lastly developing an action plan for MedDev devices for three months concerning the new product. Assumptions The assumptions in the assignment are; 1. Ninety percent of the information used on the CEO’s phone is vital and so needs protection CEO’S phone. 2. There are several hackers phone intruders who would want to listen to the conversation on the CEO’S phone. 3. The technology of GSM is vital for a successful FDD – TDD Harmonization. 4. FDD – TDD dual mode hand holds terminals basing on most used hardware. 5. For SAR limitations, power is less than 30dBm in the case for terminals with an output. 6. All members of the MedDev Devices Company want the security of classified information. Information Safety Tools These safety tools help in the keeping of data way from the public to avoid the harmful spread of information that could hurt not only the feeling of people but also promote growing disbelief in the company. The doubt will lead to financial drop down in which the sales of the human implantable parts for speech and hearing will be on the decline. The decline will lead to fewer sales and, in the end, less money generated. These tools are safety saves to mention a few. Stated Policies Several roles will be in position for implementation. For example, VPN will strictly deal with the safety of all email that pertains to the CEO’s phone with the aim of shielding the company from intruders and hackers. The Information Security Manager will be in the position to organize work schedules that concern the protection of work. The aim gets the best of the system. The manager will go ahead to investigate any problems associated with failure of the system. In so doing, he will regularly maintain those (Black et al. 2001). All made tests and checks are in line with stated procedures of the company in the event that relevant information is out in the public. There is a team of experts from VPN and the company. The representatives of the company are the CEO, and the Information security manager who wills both be in a position to understand the nest calculated move to avoid the future exposure of information. Bothe representative for VPN and the company will make a report make the next move in the aftermath of information leaking to the public. The procedures in the aftermath of such an event would involve, analyzing the length of the damage to all concerned parties and followed by compensation of all damaged parties. It will not be a right move to deny the information in the media, but a lawyer would work in case some people want to exploit the event for their gain (Norman 2007). Classification The classification of information takes on different shapes and methods. However, classification is both Objective and Subjective. Individual classification takes into account the owner’s desire and feeling in the process. On the hand, Objective classification considers the drafted policies that run the operation and classification of the company. Several ways to discipline culprits who do not respect information are 1. Okay people in terms of cash and property. 2. Strip off titles and privileges. 3. Putt the culprit in a lower position several documents that need protection are; 1. The company’s financial secrets and pin numbers in the bank. The importance is to protect such information to avoid unlawful withdrawal of money. 2. The tactful skills help in the provision of the new technology of GSM. 3. The next strategic moves of the company in as far as improving sales of the human implantable matters. Several steps should have priority in the implementation of a plan supposed to guide the formation of a classified document. The nine steps are as follows: 1. The worth of the Business Base needs to be understandable. 2. Risks of the information going into the public need careful handling because if they are not, a problem arises. The risks of having untrustworthy members of the company need a solution like telling workers the importance of valuing principles. One of the principles of the company is solidarity. The meaning of this is that not all information should go into the public more so if it is going to lead harm in the near future. 3. Certain questions like who should get certain types of information needs critical handling. 4. The data at stake will determine the exact value present in it. The position of the value will help to suggest what kind of information is at stake. Next is to get the correct method of protecting the data. The worth of the information needs grouping in which case one need to know important and the least important information. The data will be in the most wanted value will need careful handling. The processing of such information will be in good faith. The manager handling the safety of the documents will have the required experience. 5. The data has an attached procedure of protection dependent on values. Different way help get to the intended result. Take into consideration the security manager using computers having passwords. The particular file will need a password that only authorizes people to access the information. The security department can use data that will have significant information. These documents have the best storage. There are areas having certain data. For example in the place the of the Information security manager, a laptop will exist into which the information can have a place of safety. 6. The secured data need a cautious review. In the review, the information will have a substantial assessment on issues concerning the facts for the classification. The report will state the conditions under which the given information went through classification. In daily situations, the report provides the ways used in the process used for of the material. Several others state the time for which a material remains classified. The rating time depends on a number of issues. Several of these aspects are the quality time of the record and need. Detailed data assists to prevent the release of relevant data at a risky period (American Society of Insurance Management, 1969). 8. There are policies that show there are particular ways of concerning the protection of information. 9. There should be new rules placed to guide all members of MedDev Devises Company on how to handle work in order to avoid. Hardware classification There are documents that need safety in terms of files. The documents that need protection such as information concerning the new technology will require security places such as files and computers. The information is in the computer will be safe and not destroyed. There are documents that are in ink and others typed. Ownership of Information Several people write and edit information. The way they do this work is in their hands basing ton the fact only them alone know the importance of the information. The security manager for Information should ask all writers the importance of the work that they do and come up with the best way of ensuring that their work has protection. After knowing and understanding the kind of work that these several editors have, the manager will make an informed decision on which documents are excellent for classification (Bidgoli 2006). However, the workers should explain in detail the value of the information to the manager. The manager in return tells the CEO, which information has undergone classification. The view of the CEO would make a clear picture of the best choice of the safety of the information. Protection of Documents Several reasons exist as to why data needs protection while others do not. The truth is that not everyone should know all information. There is the situation in which the company will not be in a good shape financially. During these times, it is only fair that not all people know about the status of the company. The truth is that should all people know about the dangerous situation, and they will be scared and lose focus. It is imperative that one should keep away such vital information from the public (Ruan, 2013). The result is that not all people know about the situation, and there is much concentration on work. It helps to shield certain kinds of information from people to avoid them from losing focus. Documents have protection because if information goes out of hand, then competitors will take advantage of the situation. In this case, the Information Manager should avoid information concerning the new technology about GSM from going to the third party. There will be a consideration of not allowing information into the public. MedDev is on the verge of losing of losing the contract of handling the provision of brain and phone material (Brown & Brown 2011). Loss of Data As people work in the company, there are high possibilities that data may vanish. The Information security manager should develop ways to arrest any future occurrences. These events lead to financial debts in the end. Some of the ways that the manager will use are setting up a separate account for backup and a continuous assessment of all data in the company. In the assessment of the data, all systems need updating to get the status of required work. The manager will put up a separate team to save classified information in a different place like a computer. There are circumstances in which hackers or intruder use viruses to destroy the database of the company. The manager should react before such people come into play. The manager will have to ensure that the company’s software is up to date and protected against viruses. System Protection Several software packages help in the protection of information. For example, Excel sheets having classified information can have passwords. For example, the Security Information Manager will tell all workers working to remember to put passwords on their clothes to avoid unnecessary exposure. The same procedure works for all micro soft documents such as word, and office documents. The use of these passwords should be such that no one can discover the passwords. The Information Security Manager should develop a mechanism to block the unlocking of the password. Work Schedule (Plan) The work plan has three months for implementation. The starting point is to identify the information that needs protection followed by selecting the best way of protection. The information has to undergo evaluation in order to determine the level of importance of the document. The level of importance of the material will determine the method of protection. After the information is safe, a review follows. The review will check if the method of keeping the information is okay while stating the reasons for classifying the document. Table 1: Three-Month work Schedule No. Month Duties Sub duties 1. 1 Collection of Data 1. Get information that needs protection from all departments especially the information exchanged through calls. 2. Put all the information into the section that shows the weight. There are three part; that is First, Second, and Third Classes. In the each group, there are crucial documents with valuable information. 3. Pick the risks associated to GSM 2. 2 Selection of Countermeasures. Consider the risk and derive an appropriate countermeasure to overcome it. 2. Providing evidence for the ideas to undergo protection. 3. Pick the data and arrange it. Start with the most concerned to the least part of the information. 3. 3 Classifying data 1. Make new policies on protecting GSM. 2. Pick members that know the protected information. 3. Determine the classification time for the document in need of protection. Some reports need too much time to undergo consideration. Handling particular specifications of a company takes time. 4. Introduce crytcell mobile, encrypted codes, and calling trustworthy people. It is a way to overcome attacks of GSM. The result is to protect the new product against unwanted and third parties. Reference American Society of Insurance Management., & Risk and Insurance Management Society. (1969). Risk management. New York, N.Y: American Society of Insurance Management. Brown, S. A., & Brown, M. (2011). Ethical issues and security monitoring trends in global healthcare: Technological advancements. Hershey, PA: Medical Information Science Reference. Bidgoli, H. (2006). Handbook of Information Security Volume 3. Hoboken: John Wiley & Sons. Black, C., Beken, T. ., Belgium., & Rijksuniversiteit te Gent. (2001). Reporting on organised crime: A shift from description to explanation in the Belgian annual report on organised crime. Antwerpen: Maklu. Dhillon, G., & Ebrary, Inc. (2001). Information security management: Global challenges in the new millennium. Hershey, Pa: Idea Group. Gifford, N. (2009). Information security: Managing the legal risks. Sydney: CCH Australia Limited. Hovenga, E. J. S. (2010). Health informatics: An overview. Amsterdam: IOS Press. Information Resources Management Association., & Khosrow-Pour, M. (2001). Managing information technology in a global environment. Hershey, PA: Idea Group Publishing. Norman, T. L. (2007). Integrated security systems design: Concepts, specifications, and implementation. Amsterdam: Elsevier Butterworth-Heinemann. Ruan, K. (2013). Cybercrime and cloud forensics: Applications for investigation processes. Hershey, PA: Information Science Reference. Read More