Security Policy Analysis - Essay Example

Security Policy Analysis Insert Insert Define program risk A program risk encompasses the likelihood of threats that may affect the original course of a particular project (Vona, 2008). The uncertain event can eventually impact how successful a particular project can get. For instance, if requirements of the project change or you encounter errors.
Define institutional risk
It refers to an occurrence that may prevent an organization from attaining its set objectives. The threat is on the entity that is the institution concerned.
Describe how your selected organization incorporates program risk and institutional risk in its security program. Offer examples of both types of risk
Information technology firms need to develop an initiative to identify, manage and eliminate those risks so that the institution may achieve its set goals within an acceptable timeframe. In most cases, an ICT firm will be handling a number of projects especially those in software. These company’s make earnings from these projects (Luetge & Jauernig, n.d.). As a result, they need to mitigate risks facing the projects as one of the factors that will influence the project. In regard to that, there is a need to identify, examine and regulate the threats that may affect the completion of any project.
The company also faces other threats not related to the projects in any manner. These form the institution risks. Most of them will attempt to obstruct the system from achieving its objectives. It involves the organization settling on priorities concerning the efforts made in the institution and the use of resources for optimum achievement. It should span all the mission areas of the company.
Assume you are a technical advisor for the Chief Information Officer (CIO) of your organization. The CIO sends you an email communicating that she wants to be briefed on "OMB M-11-11" because the administrator has just added it to the list of priorities for the organization. She has limited knowledge of the policy and needs to know how it will effect the organization, and what we have already accomplished towards meeting the requirements within the system.
You have been given 30 minutes with the CIO. What would you report? And why?
First, I would report on what OMB-11-11 is (Xceedium.com, 2015). In relation to that, it is a policy that advocates for the implementation of identity verification among persons to facilitate authorization to have access to information systems, networks and facilities in an organization.
Next, I will report on the implementation of OMB-11-11. The application will entail a detailed procedure and use of software applications that will make the process simpler such as a Xsuite. The access control mechanism will offer privileges such as keeping track of passwords, access methods that rely on keys both for network and information systems. Through such application software, it is possible to separate authorization and authentication to beef up security especially in highly sensitive areas of the institution. In addition, implementation will include setting policies to ascertain where a user goes after authentication and what they are privileged to do there.
I will also report on challenges that will face the implementation of OMB-11-11. For instance, quick deployment of the systems to users with optimal privileges. Most need access to various systems and be able to perform many duties. Others include the infrastructure to implement the policy and inclusion of legacy systems in the institution.
Finally, I look at what the institution has done so far. In this case, the company solely relies on administrator, clients privileges to restrict access to information. That is done through the use of passwords.
References
Luetge, C., & Jauernig, J. Business Ethics and risk management.
Vona, L. (2008). Fraud risk assessment. Hoboken, NJ: J. Wiley & Sons.
Xceedium.com, (2015). HSPD-12 - Privileged Access Control | Xceedium | Xceedium. Retrieved 24 April 2015, from http://www.xceedium.com/solutions/federal-government-solutions-summary/federal-government-solutions-detail-page-2-hspd-12-and-omb-11-11-smartcard-mandates Read More