WRTG393_WA4
docx
keyboard_arrow_up
School
University of Maryland, College Park *
*We aren’t endorsed by this school
Course
393
Subject
Information Systems
Date
Dec 6, 2023
Type
docx
Pages
7
Uploaded by BrigadierIceStarling13
1.
Date:
April 15, 2023
To:
Chris Taylor
From:
Jae Woo
Subject:
Concerns about the current personnel policies
Memo:
Hello Chris! First and foremost, I am entirely grateful for the opportunity of
working for Lawn and Order for the position of manager in customer service! I have looked
through the current policies that our company is allowing, and I have come across a few
roadblocks. I have noticed that our current arrangement in policies leaves a great hole of
vulnerabilities for the company. If any medical emergencies or sudden news that an employee
had to leave the company for any reason were to happen, then we will be in big trouble.
Currently, we have four main staff members within the IT department. Jack is charge of
CloudSecure, Sandra maintains the website using WordPress, Marsha manages the company
Blog, and Jared runs the payroll. Due to these employees being the main members of each
department, this could become a risk in the future if anything were to happen to them whether
it’s from a medical emergency or an accident, we won’t be able to access any of our data and
other information that will allows us to access departments. I have some suggestions on what
we could do to achieve our goals all while avoiding possible setbacks due to lack of personnel. Ill
provide more details on what the potential ideas we could accomplish below.
2.
Executive Summary:
We are currently at risk of potentially having to deal with cybersecurity threats that
could pose as a danger for the company. If a disgruntled employee were to be dissatisfied for
any reason at all, they will be able to take advantage of the company. We are going through
issues from lack of separation of duties which will play as an enormous risk factor for the
company because if we designate just one person with the information needed to access certain
information then we will be at risk of losing that type of information. If an employee were to get
sick or get into an accident and is unavailable at work to access our systems data, then we will
be a tough spot to retrieve said data and information for our company to thrive. I want to
implement more ideas on how to apply separation of duties, job rotations policies, and having
agreements with specific vendors so that we could discuss private passwords and login
information. Chris, I will now go over different steps and ideas on how we can overcome these
potential risks for the betterment of our company. Please take a glance at the table of contents
below to get a general idea of how to find what you’re looking for.
3.
Table of Contents:
Memo
1
Executive Summary
2
Table of Contents
3
The Problem
4
The Suggested Solution
5
Conclusion
6
References
7
Your preview ends here
Eager to read complete document? Join bartleby learn and gain access to the full version
- Access to all documents
- Unlimited textbook solutions
- 24/7 expert homework help
4.
The Problem:
The biggest underlying issue that we currently are going through is the lack of best
practices in security for the field of information technology. We currently only have a single staff
member for each category of IT within the company. We hired Sandra Davidson, a web
developer, to help come up with the Lawn and Order website. However, she uses her personal
email and password to log into the system, leaving risk in the future if something were to
happen to Sandra and she isn’t able to come into the office.
Jack Johnson develops and maintains a database for customers in the past and present.
This includes personal information, such as their physical address, email address, and even
credit card information for some customers. If Jack were to miss some time at work, then this
leaves a hole in the company because nobody else has access to his CloudSecure information.
The only approved employee is Jack.
We hired Marsha Nolton to maintain the company blog as an effective marketing tool.
Again, another important role in the company, but risks a day that she may not be able to come
into the office and yet, she is the sole maintainer of the blog. Jared Stone was hired to be in
charge of payroll. Jared also used information that is put in the cloud and is maintained by
CloudSecure. No one else is able to access these payroll records.
5.
The Suggested Solution:
Separation of duties
This strategy is very important when it comes down to security and the use of access control.
Our company uses CloudSecure as a main source of cloud computing for storing private data
and information. Separation duties can be achieved by hiring multiple personnel’s that is
proficient in that same category of work. Instead of relying solely on just one person, it is a safer
bet to have a few more people within the same department. According to this article about
Blockchain-based RBAC model with separation of duties constraint in cloud environment, this
new method of cloud computing allows the usage of a platform for storing access control
policies (Ri, 2022). This strategy will allow individuals like Sandra and Jack to share their
personal information to other employees within the same department to have access control to
certain platforms. This will also mean that the information that these employees use to create
an account will not be derived from their own personal emails and passwords, but instead a
company given login information.
Job rotation policies
The strategy of job rotation policies is to rotate two employees within the same business. These
employees will take on their new tasks for a while before rotating back. This allows cross
training and learning new experiences and gaining new skill sets. This strategy provides
flexibility among the employees so if one person were to leave then someone else can take over
or provide the missing information. This strategy will let the employees like Marsha and Sandra
to switch their job position because they are related. They will learn each other’s roles so that if
an emergency were to arise, then the company could move Marsha or Sandra over to the
department they are needed.
Agreements with vendors about passwords and login information
This strategy has to do with agreements with our vendors so that they won’t have anything to
worry about on who has access to our confidential information and risk a security breach. In
order to protect our own data and security, we must maintain a good relationship with our
vendors so that we can ensure that we can manage the protection of our data. While an
organization can outsource services, liability in the form of a data breach may be traced to the
source. We must avoid all the risks involved by standardizing data security (Atchinson, 2015).
IT confidentiality agreements
In this strategy, and in my opinion, the best way to maintain a tight-knit security policy, we must
come up with an IT confidentiality agreement with our partners and clients. A confidentiality
agree is a contract between parties involved to maintain a treatment specified information.
When we hire new employees, especially if they will be working within the IT department
where sensitive information is present, they must come to an agreement about keeping
personal and sensitive information to themselves or in a workplace. This will not only benefit us
in a confidentiality perspective but also requires the parties involved to maintain a high
integrity-based workstyle (Crail, 2022). This strategy is really important for the security of
personal information. Jared could benefit from this strategy because he is in charge of payroll.
Jared’s department must be one of the top priorities when it comes down to confidentiality
agreements because personal information and money is involved.
6.
Mandatory vacations
Lastly, this strategy involves an idea of implementing a time for mandatory vacations for our
employees to build productivity and happiness in a workplace. Most disgruntled employees will
find reasons to be disgruntled and upset about their jobs. We need to show our employees that
we care about them and that we are thinking about their well-being. Giving our employees a
well-earned and deserved vacation time will create a better work environment for everyone
involved. We will be able to avoid many possibilities involving a disgruntled employee.
Conclusion:
In conclusion, considering our current predicament in our security and risks involving our
IT department, I have gotten together many pursuable ideas that could help negate these issues
and our company will benefit in the future successes. Implementing ideas like separation of
duties and job rotations will be ideal to further protect our sensitive information as well as
avoiding all risk of losing that type of information. We must spread the workload to other
reliable employees and promote IT confidentiality as well to prevent scary outcomes like having
our single employee in a very important department leave due to an emergency. We will also
avoid all possible instances involving disgruntled employees in a workplace. Chris, thank you
once again for giving me this opportunity and for going over this report to you. If you have any
other further questions about this, then please feel free to email me!
Your preview ends here
Eager to read complete document? Join bartleby learn and gain access to the full version
- Access to all documents
- Unlimited textbook solutions
- 24/7 expert homework help
7.
References
Ri, O.-C., Kim, Y.-J., & Jong, Y.-J. (2022).
Blockchain-based RBAC Model with Separation of
Duties constraint in Cloud Environment
.
Atchinson, D. (2015, December).
The Chain is Only as Strong as the Weakest Link
. Google.
Retrieved April 18, 2023, from https://chrome.google.com/webstore/detail/adobe-acrobat-
pdf-edit-co/efaidnbmnnnibpcajpcglclefindmkaj?hl=en-GB
Crail, C. (2022, August 18).
What is a confidentiality agreement? everything you need to know
.
Forbes. Retrieved April 18, 2023, from https://www.forbes.com/advisor/business/what-is-
confidentiality-agreement/