How would one go about with this assignment?

User Generated

yniregl

Writing

Description

Write a paper that includes

  • An analysis of the major principles (clear roles, separation of duties, rotation of duties, etc.) for protecting operations.
  • An explanation of how these major principles can be mapped to system administrator best practices.
  • An assessment of major issues involved in developing information security policy, its alignment with corporate policy, impact on corporate culture, implementation of security policy, risk assessment, roles and responsibilities of stakeholders, and personnel and training issues.
  • An evaluation of the benefits of ensuring that the overall network is operating utilizing known best practices.

User generated content is uploaded by users for the purposes of learning and should be used following Studypool's honor code & terms of service.

Explanation & Answer

Attached.

Running head: INFORMATION SECURITY POLICY

1

Information Security Policy
Name
Institution Affiliation
Instructor’s Name
Course Code
Date

INFORMATION SECURITY POLICY

2

Information Security Policy
Security controls is one of the most critical areas in any organization. Availability of
improved information technologies have exposed most organizations to both internal and external
security threats. Internal threats are controlled by establishing effective security management
policies while external threats are technological oriented issues. Most organizations are using
information technologies to improve work effectiveness. Despite the benefits associated with
information technologies, many threats are associated with the use of IT. To effectively manage
information technology systems in an organization, security controls must be put in place. Security
controls are the measures that are put in place in order to ensure the safety of information systems
against attacks on confidentiality, integrity and availability, of computer systems, information,
data and network systems. To achieve security controls, organizations must manage the major
principles of internal controls (Principles of operations). These principles include clear definition
of roles, separation of duties and job rotation (Hernandez, 2009).
Ability to manage the principles of operations effectively helps to achieve sustainable risk
management. Clear roles ensures that every individual have a clear knowledge of what he/she is
expected to do. Clear definition of duties helps to improve internal controls in an organization.
Internal controls are very critical in organizations with high level of sensitive information. This is
because unauthorized access to private information can cause great damage to the success of an
organization. Separation of duties ensures that different steps of a given process are managed by
different individuals. According to (Coleman, 2008), one person should not be given the role of
executing all the steps of a given process. Assigning one individual to execute the whole process
may pose the risk of the individual deleting, adding or modifying some information for his/her
personal gain. Separation of duties ensures that there is no one person with the power to execute

INFORMATION SECURITY POLICY

3

the whole process of a given task. This helps to eliminate any issues of conflict of interest among
employees and helps in detecting control failures (Gramling, 2010). Conflict of interest may lead
to fraud, wrongful acts, errors and abuse of power. Control failures may lead to cyber-attacks,
information theft, and circumvention of security controls. Job rotation is the process of rotating
job responsibilities among employees in order to detect and eliminate incidences of collusion and
fraud (Stewart et al, 2012).
An organizational culture that promotes security management will promote successful
implementation of the major principles of protecting operations. Every individual employee should
be responsible of promoting security controls. To achieve an organizational culture that promotes
security management and control, the following areas must be addressed. Incorporate information
security policies in the organizational goals and objectives, establish clear and effective
communication channels among employees and ensure that the employees are well informed about
information security management practices (Shopbell, 2008). To map the major principles of
protecting operations in the administration system of an organization, security control measures
should be incorporated in the objectives and goals of an organization. Effective communication
channels will ensure that information is passed effectively and efficiently between and among
admins, users, management, and the external vendors. Having a workforce that is well informed
about security control issues will help to implement principles of operations protection effectively
and efficiently. A state of knowledge about security systems will ensure that the employees can
operate the systems in a way that does not compromise the safety of the security systems, networks
and data being used.
When developing information security policy, the CIA triad must be considered. The...


Anonymous
Just what I was looking for! Super helpful.

Studypool
4.7
Trustpilot
4.5
Sitejabber
4.4

Related Tags