Describe what key duties an information security programme for a smaller business with three full-time employees and two or three part-time workers from other departments should cover. Add Information Security and other pertinent departments. List each department's tasks and which may be outsourced. Justify function allocation.

Describe what key duties an information security programme for a smaller business with three full-time employees and two or three part-time workers from other departments should cover. Add Information Security and other pertinent departments. List each department's tasks and which may be outsourced. Justify function allocation.

Principles of Information Systems (MindTap Course List)

13th Edition

ISBN:9781305971776

Author:Ralph Stair, George Reynolds

Publisher:Ralph Stair, George Reynolds

Chapter11: Strategic Planning And Project Management

Section: Chapter Questions

Problem 1PSE

See similar textbooks

Similar questions

Security breaches in information systems are very commonplace these days even though some organizations have what they believe is good security controls. Because of their vulnerability to threats from hackers, internal personnel, and poor management of Hardware and software devices, security controls always need revisiting.From my perspective as manager of the Accounts and Finance department, every security breach affects this department even if it is just down time to be at meetings, to discuss strategies and costs to repair damages. When the breaches occur, unauthorized access is gained to either, do something malicious to the organization's resources to steal or sabotage data for financial gain.This usually results in the company's reputation/integrity being damaged, Loss of revenue during downtime, high costs to repair and restructure. legal ramifications are expected as well if guilty persons are found or if customers decide to sew for breach of contract and losses.Two Reasons…
Scenario: As a member of the project team, you have to Exhibit responsibility within a team to build the Security Awareness and training presentation for the organizational users.Task:- Exhibit responsibility within a team and develop an Information Security Training - the importance of Security and Awareness training, - the importance of compliance with Legal, - Policies and security practices for the organizational employees.
Explain what critical tasks you would recommend being included in an information security program for a smaller firm with just three full-time workers and two or three part-time employment coming from other departments of the company. Include details for both the Information Security department and any other relevant departments. Specify the duties that will be performed by each department, as well as which functions, if any, may be contracted out to a third party. Please provide a justification for the function allocation.
The control environment includes the governance and management function of an organisation. It focuses largely on the attitude, awareness and actions of those responsible for designing, implementing and monitoring internal controls. One of the main requirements in planning an audit is to study and evaluate the existing internal controls so as to define the tests to be applied to the entity being audited. Internal Control is a process, affected by an entity’s board of directors, management and other personnel, designed to provide reasonable assurance regarding the achievement of objectives in the following categories:1. Compliance with applicable laws and regulations2. Effectiveness and Efficiency of operations3. Reliability of financial reportingYou are required to discuss the components of internal controls that are integrated with managements processes.
Theoretical Background: Scenario: As a member of the project team, you have to write an organized and well-structured technical report as per the task below. This top-level information security policy which is a key component of the organizations overall information security management framework and should be considered alongside more detailed information security documentation including, system level security policies, security guidance and protocols or procedures. Task: Enter a short scoping overview of the organization, including those providing or receiving services under contracts that are to be subject to this information security policy. Note: The statement should take account of the Information Governance aims and expectations set out within the Information Security Management: Code of Practice for organizations. Write an Information Security policy for the organization. Note: The aim of this policy is to establish and maintain the security and confidentiality of…
Explain the steps for policy development using SDLC (list phases and define input, process, output within each)
The main idea and Purpose of MODAF Operational point of view? Answer:
Clinic Management System The Namibian government through the Ministry of Health and Social Services has set up numerous clinics around the country as intermediate health facilities for communities. However, functionalities, such as appointments for patients, managing medication, and keeping track of overall resources is quite a challenge. Key elements within this system could be but are not limited to visiting doctors, nurses, patients, medication, and general stationaries. There may be different levels of nurses within the system and some of their tasks could be placing orders for new medication and scheduling patients for visits. The patients, on the other hand, may request an appointment and upon visiting the clinic they get to be prescribed medication by either the visiting doctor or the nurse. Medication within the clinic system is kept as inventory and nursing staff should be able to track the respective levels of medication, with the intention of placing an order if levels…
Explain, what main functions under an InfoSec program would you recommend a smaller organisation with three full time staff and two or three part-time roles from other parts of the business? Specify for InfoSec department and other departments. Specify the functions that would be performed by the different departments and indicate if any functions could be outsourced. Justify your allocation of functions.
How do user needs vary from system requirements?
Explain what key functions under an InfoSec program you would propose for a smaller organization with three full-time employees and two or three part-time positions from other areas of the company. Specify for the InfoSec department as well as other departments. Specify the functions that will be done by each department and specify whether any functions may be outsourced. Justify your function allocation.
Scenario: As a member of the project team, you have to write an organized and well-structured technical report as per the task below. This top-level information security policy which is a key component of the organizations overall information security management framework and should be considered alongside more detailed information security documentation including, system level security policies, security guidance and protocols or procedures. Task:1)scoping overview of the organization, including those providing or receiving services under contracts that are to be subject to this information security policy. 2) The statement should take account of the Information Governance aims and expectations set out within the Information Security Management: Code of Practice for organizations. 3) Write an Information Security policy for the organization.4) The aim of this policy is to establish and maintain the security and confidentiality of information, information systems, applications and…