Develop a report that presents the needs and requirements to implement an ICT Security Program for KORI
KORI - Koala’s of Raymond Island (trading as KORI Ltd)
KORI Ltd (KORI) is a dedicated animal shelter operating out of the rural centres of Paynesville and Raymond Island in Victoria. It is primarily an animal rescue and rehabilitation centre focussing on the rescue of Koalas and other native Australian marsupial mammals. KORI has 4 locations and have been a driving force in providing a training ground for the science and veterinary community understanding of the unique biology and needs of the native Australian marsupials, with a speciality in focussing on the koala populations of South-eastern Victoria. KORI has a long history in the development of treatment techniques and the specific development and use of veterinary drugs abd pharmacological treatments for marsupials. This is a highly specialised area that requires specialised testing and development of compounded medicines within their own pharmacy laboratory. They currently lead the country in customised treatments for a unique species. This is the result of a grant that allowed drug trialling data to be analysed utilising Machine Learning/Artificial Intelligence. KORI have recently developed an AI/ML supported Rapid Adaption and Intervention Diagnostic (RAID) system that has significantly aid the recovery of the sick and injured wildlife in their care, reducing the number of fatalities by 25% and decreasing recovery time by more effectively applying treatments based on entered injuries and ongoing observations.
KORI have four (4) treatment centres in Victoria (each with approx. 12 staff). Attached to the Bairnsdale treatment centre is an Administrative Centre with 15 staff and Research Veterinary Laboratory with an additional 25 staff, funded through a long-term research grant with the Government Department Environment Victoria. There are also approx. 12 Melbourne Polytechnic Animal Studies Students on placement at the KORI research lab and treatment centres at any time, and approx. 50 to 100 volunteers that assist KORI in there day to day animal care activities.
The Treatment Centres, Administrative Centre and Research Veterinary Laboratory have a standard computer network, which is supplemented by a VPN connection to an AWS Data centre where all ML/AI systems and processing is conducted. KORI treatment centres are standardised and maintain. common treatment items and pharmaceuticals in stock. A Website, Service Catalogue and an online portal allow treatment centres to order equipment and connect with the Bairnsdale laboratory where all high-level treatment is coordinated. There is also an online store and marketing for fundraising and to maintain social media awareness and reporting of an animal injuries.
A key part of KORI has been the development of the Artificial Intelligence Rapid Adaption and Intervention Diagnostic (RAID) system. The development and early positive results from RAID represent a commercial opportunity, as the model of AI supported Veterinary treatment could be adapted to any commercial livestock production industry and may represent a saving in the millions if not billions of dollars per year if preliminary animal health outcomes could be replicated in commercial industries. Care must be taken with the development that the information is retained within the organisation and laws relating to copyright, patents and trade secrets as well as not releasing important commercial information (decreased fatality and increase recovery rates). RAID Systems Design, development, and testing is coordinated through the administrative office at the Bairnsdale Lab.
The Bairnsdale research veterinary laboratory has the following main staff: Research and Development (Veterinary) (10 staff); Data Analytics (4 Staff); AI/ML DevOps (4 Staff); admin (5 staff). Lead Researcher [Head of Department] (1) and Systems Program Manager [2IC] (1)
The Administrative Centre roles include Executive (4 staff) general admin (3) Finance (1) Payroll and Accounts (3), General ICT (1), Security (1) Governance, Risk and Compliance (2), and Human Resources (1). Support and oversight for Treatment Centres is largely provided by the Administrative Centre.
The accounting of stock and supplies is supported Sage X3 ERP Software. It provides for sales invoicing (for website sales) and accepting payments of clients and paying invoices.
RAID access and diagnostics is handled by a separate portal, this is limited to a service screen hosted in the cloud environment that has a client server connection to the AI. Treatment centres do not have access to the RAID data system directly.
Payroll is managed via Sage MicroPay Cloud Payroll. All staff access and online portal to record attendance and online HR issues. KORI uses many other common application programs: email, word processing, spreadsheets, etc. Except for the RAID system implementation ICT has the responsibility of organising and implementing the network, admin servers, and computing facilities (AWS Cloud) as well as maintaining the general applications in use in all centres and services accessed by all staff. There are currently no Business Continuity locations.
KORI has only recently identified a need for a more formal approach to securing their ICT systems, though there are currently some elements implemented in an ad hoc fashion (firewalls, virus and malware protection, user access controls which are overseen by the ICT technical staff).
Your Role - PolTech Security Services (PTSS) KORI have contracted your consulting service, PolTech Security Services (PTSS), to provide a report outlining the need for a Security Management Program, its purpose, and a suggested framework for the development of a Security Management Program that oversees security concerns across their business. As an employee of PTSS, you have been asked to develop a report that presents the needs and requirements to implement an ICT Security Program for KORI. This plan should discuss how Information Security could be better managed for KORI by developing a Security Management Program and provide an overview of how to develop such a program with significant reference to the organisation directly. This would include identifying the tasks and roles at KORI that need to be assigned for the development and implementation of a Security Management Program
