StudentShare
Contact Us
Sign In / Sign Up for FREE
Search
Go to advanced search...
Free

Policy and Procedure Development in IT - Admission/Application Essay Example

Cite this document
Summary
The paper "Policy and Procedure Development in IT" suggests that information security is a misunderstood concept, as some organizations relate it to technical excellence. Likewise, they often miss the idea of addressing information security holistically. Information security has three pillars i.e…
Download full paper File format: .doc, available for editing
GRAB THE BEST PAPER97.8% of users find it useful
Policy and Procedure Development in IT
Read Text Preview

Extract of sample "Policy and Procedure Development in IT"

of the of the 8th November Information Security Sift Skills Information security is a misunderstood concept, as some organizations relate it to the technical excellence. Likewise, they often miss the concept of addressing information security holistically. Information security has three pillars i.e. Confidentiality, Integrity and Availability. Confidentiality related with any information that is personal, need to be protected and information that is uniquely identifying meaningful data. Integrity is associated with any data that loses its originality and the recipient receives amended data. Availability simply related to non-availability of data when it is required. Examples for these three pillars are: Confidentiality: personal information, mission critical information exposed Integrity: Original email is amended and the recipient do not know Availability: Email is required to fulfill a task and it is not available. For minimizing the threats to information security, a continuous cycle comprising of process, people and technology is required. Likewise, the processes will be made for effecting handling information security practices both for technical and management domain. People need to be aware of threats associated with information security. For establishing awareness, a continuous information security awareness program is required that will aware all employees of the organization for associated risks and current threats. Furthermore, the technology part will also play a critical role as technical controls can be implemented via technology. These practices will help us achieve risk mitigation on critical assets at an acceptable level and they can be transferred, mitigated and avoided. A security manager must establish policies, standards, procedures and guidelines to make a repeatable and documented security practices within the organization. Security breaches are constantly happening and there is a requirement of periodic security risk assessment to address potential vulnerabilities and mitigate threat by implementing controls. Moreover, security governance is considered as a pre-requisite before establishing a security management program within the organization. Security governance facilitates in creating awareness at the senior management and board of the organization. Once the advantages are understood, the security management program will be successful to some extent and management will actively participate in every day security functions, as security is a responsibility of all personnel. Communication Skills Communication is a vital soft skill of information security personnel, as he or she needs to organize and manage people and establish communication with the senior management in a business language, while excluding the technical details. Likewise, the personnel must have adequate technical knowledge to understand the system and take decisions. Moreover, for enhancing communication, information security personnel need a soft skill for translating technical requirements in business terms and communicate the same to the senior management. For instance, in a steering committee chaired by the president and chief executive officer, the information security personnel needs present and map information security objectives with the business objectives. Moreover, a dollar value also needs to be incorporated with the investment on the information security function. Policy and Procedure Development For providing improved functionality for the organization, policies and procedures must be defined. They play a vital role for an organization’s smooth functioning. In order to implement policies and procedures, group discussions are required for constructing and implementing them in a real world scenario. The first requirement is to differentiate both of them. A security policy comprises in the form of a document or rules that specify the statement ‘What must be done’ in order to assure security measures in the system or the network. Whereas, procedures are associated with the rules and practices that are implemented in order to impose the rule. For instance, in a network security scenario, where there is a requirement for preventing the wireless network, anonymous access must be blocked. Likewise, the security policy document will define ‘What needs to be done’ to block anonymous access for a wireless network. Whereas, the procedures will define the practices and rules that needs to be followed in order to block the anonymous access. After differentiating both the security policies and procedures, these two are associated with development and administration in an organization. The term security in terms of development and administration is more like a management issue rather than a technical issue in an organization. The justification is to utilize and classify employees of an organization efficiently. Moreover, from the management perspective, discussions take place for describing various vulnerabilities and threats along with the creation of policies and procedures that may contribute for the achievement of organization goals. After the discussions and alignment of policies and procedures to contribute for organization’s success, the development process is initiated at a high level, and afterwards implemented at lower levels within an organization. The conclusion reflects the development of policies and procedures, requirement of an approval from concerned personnel and then implementing them smoothly for the employees. On the other hand, initiation of these security policies is easy and not expensive, but the implementation is the most difficult aspect. If the development and administration do not comply effectively, or fails to establish awareness between employees related to the policies and procedures, the disadvantages may affect inadequately for the organization. For instance, an attack from a social engineering website such as ‘Facebook’, ‘twitter’, or ‘MySpace’ may extract sensitive information from senior or trusted employees of an organization. If the policies and procedures were understood or implemented properly, employees will be well aware of not providing any credentials or they will verify authorization before providing information on the sites Awareness Skills Information security personnel must raise the awareness level of information security within the organization. There are many ways to achieve this goal, as he or she must be updates about the recent security breaches, threats, spyware, adware, and malwares reported. A security bulletin or a security flyer can be circulated to all staff containing a small video or power point presentation or a graphical image identifying risks associated with the recent security vulnerability discovered. Moreover, awareness level can also be achieved by face to face communication, as training plans needs to be conducted to all staff and segregations needs to be established between the technical and non-technical staff. Human Resource Checklist The credentials of the candidate needs to be evaluated specially in the context of organization’s trade secrets specifically the one that can be tracked on the Internet. Likewise, the trade secrets may incorporate access codes, credentials, top secret research that contributes to the strategic objectives and continuing existence of an organization. An extensive pre-employment security checks on (Evans and Reeder): Academic Achievements Elementary Grades Experience Letters Any involvement in a crime/cyber-crime/ embezzlement/fraud etc. Communication skills checks on (Evans and Reeder): Excellent Communication skills both written and verbal along with persuasion, narration and imparting Translation of Jargons in a generic message Work Experience checks on (Evans and Reeder ): Any previous anti-espionage incident incorporating people, process, technology, documentation, monitoring capabilities along with regulatory compliance Any incident response process successfully accomplished Business Continuity and Disaster Recovery Planning drill previously accomplished Leadership abilities checks on: Officially an information security representative of the organization if required Capability of establishing communication with different senior management employees Lead the information security team to its full potential Apart from the above mentioned checklist, there are numerous cultural factors that may include candidates coming from top educational universities or one of the most successful employers in the market. Moreover, if an information security personnel candidate is coming from an International Standard Organization certified organization, it will be an added advantage. Work Cited Evans, K., and F. Reeder. A Human Capital Crisis in Cybersecurity: Technical Proficiency Matters. Center for Strategic & International Studies, 2010. Print. Read More
Cite this document
  • APA
  • MLA
  • CHICAGO
(“The Skills That Matter Admission/Application Essay”, n.d.)
The Skills That Matter Admission/Application Essay. Retrieved from https://studentshare.org/information-technology/1664507-the-skills-that-matter
(The Skills That Matter Admission/Application Essay)
The Skills That Matter Admission/Application Essay. https://studentshare.org/information-technology/1664507-the-skills-that-matter.
“The Skills That Matter Admission/Application Essay”, n.d. https://studentshare.org/information-technology/1664507-the-skills-that-matter.
  • Cited: 0 times

CHECK THESE SAMPLES OF Policy and Procedure Development in IT

An In-Depth Study of Mobile Phone Policy

policy for Cell Phone Usage Instructor Name policy for Cell Phone Usage Introduction of the topic and policy Nowadays cell phones are a permanent fixture in our lives.... 'I definitely think that employers need to be sensitive to the fact that cell phone use is now the primary way we communicate,' says Nancy Flynn, director of the Columbus, Ohio-based ePolicy Institute 'But you want to have a policy in place to protect your organization's assets and reputation....
4 Pages (1000 words) Essay

Field Experience #5 Policy

It is a regular process instituted by the District's Teacher Evaluation System to facilitate high quality teaching and professional development in teachers.... This might be the beginning of the trouble in understanding policy and procedural requirement of teacher evaluation because of some inconsistencies in the application of the two especially after the law changes in Arizona.... On the other hand teacher evaluation procedure is a set of guidelines agreed upon by professionals in the field on best practice in evaluating teachers for compliance to education policies....
4 Pages (1000 words) Essay

Procedural criminal laws of Hungary

In Hungary, the Criminal procedure Law is one of such provisions that ensure that all people who are accused in one way or the other are given fair representation before the law for them to be taken through the whole execution of the definition of the law.... criminal procedure law may be defined in the context of Hungary as a sovereign country as “safeguards against the indiscriminate application of criminal laws and the wanton treatment of suspected criminals” (Farlex, 2012)....
4 Pages (1000 words) Research Paper

Assn. 2 Environmental Policy & Procedures

74 (1994) the court ruled that development permits must be roughly proportional to the effects the land in question will have to the community.... Concerning procedural environmental law, the rights to public participation, access information, and access to justice are realistic ways to attain environmental protection and attain development .... All projects must pass through some procedure to determine if they will have negative or positive impact on the environment....
2 Pages (500 words) Essay

Policies and Procedures Summary

The basic procedural areas of procurement comprise of the purchasing cycle, correct application of purchasing forms and the development of authorized agreements.... The purchasing cycle procedure describes the details of the procurement that employees must observe when contacting suppliers (Monczka, 2009).... The policy of operational issues is essential for the control of harmful wastes, which helps in the conservation of the environment and the community....
2 Pages (500 words) Essay

Policy and procedure Development

All practices have to undergo a piloting program to determine their effectives and any policy and procedure development Fatigue Relief for Chemotherapy Cancer Patients through Massage Policy & Procedure Cancer policies and procedures are standard that govern the treatment of cancer.... The following policy and procedure provides a guide for the management of fatigue for cancer patients.... A legal consultation will help align the policy and procedure with state and federal medical laws (Barr, 2013)....
2 Pages (500 words) Essay

Policy and procedure Development

The following policy and procedure provides a guide for the management of fatigue for cancer patients.... A legal consultation will help align the policy and procedure with state and federal medical laws (Corbin, 2005).... One Fatigue Relief for Chemotherapy Cancer Patients Through Massage al Affiliation Policy & procedure Cancer policies and procedures are standard that govern the treatment of cancer.... raft policyPhysician and the medical practitioner will form a research team that will come up with the proposed procedure and policy....
2 Pages (500 words) Essay

Development of a Personnel Policy within an Organization

The author of the paper aims to analyze several sources related to personnel development.... Specific steps are given on the development of operating procedures that are needed in an emergency.... The first article is 'Strategic fit, contractual, and procedural governance in alliances' that gives a special focus on the double effects of mediating and controlling the effects of governance forms....
8 Pages (2000 words) Annotated Bibliography
sponsored ads
We use cookies to create the best experience for you. Keep on browsing if you are OK with that, or find out how to manage cookies.
Contact Us