Question

In: Operations Management

Question 21 40 pts (TCO 1) How should an information security policy be introduced within an...

Question 21 40 pts

(TCO 1) How should an information security policy be introduced within an organization, and who should be involved in the review and approval process?

Solutions

Expert Solution

The information security policy should be established as a Corporate Code which should lay down the foundation for securing and protecting the sensitive and vulnerable information of organization relating to the human resources, trade secrets and corporate dealings. The Information security policy should be introduced in the business organization as an secured Information system which aims to incorporate an online network or software database where all the essential and confidential information will be saved with the access to only specified and recognised people inside the organization. The security policy should call for strict guidelines and regulations on how the information shall be used by the personnel and to what extend it will be shared with external sources. There should be zero tolerance policy against violations of any kind which should be made subject to termination, penalties or even legal action. A confidentiality agreement can also be put at place if required to establish accountability.

A proper code should be introduced for using information inside the organization. The Information System should contain directories dedicated to each resource, operations or field of area of the organization which will help to easily identify and disseminate the information whenever required.

The security policy should establish a framework to prevent and address to the issues of external and internal threats of violation of security and risk of exposing of confidential information. The external threats such as Cyber attack and hacking should be eliminated by securing the network and the internal threats such as misuse of information should be prevented by limiting the access to maintain the integrity of organization.

The top management and all those decision makers should be involved in the review and approval of the process who have a direct concern with the information and frequent requirement of accessing the data for various operational activities and are the key people in managing the activities of organization. They will need to suggest and recommend changes in the system so that protection is maintained along with the ease of using it in times of urgency. . Moreover limited access should be given to certain important employees only who might need the stored information for various purposes with the accountability of not leaking or exposing it.

.

Thanks dear student.. Hope this will help you... Please rate if satisfied :)


Related Solutions

Question 21 40 pts (TCO 1) How should an information security policy be introduced within an...
Question 21 40 pts (TCO 1) How should an information security policy be introduced within an organization, and who should be involved in the review and approval process?
Question 23 40 pts (TCO 9) An important part of many federal information security regulations, such...
Question 23 40 pts (TCO 9) An important part of many federal information security regulations, such as the Gramm-Leach-Bliley Act, is to identify and assess threats against information systems. Define and explain the following concepts associated with this process: threats, threat assessment, threat analysis, threat risk, and threat probability.
Question 1 2 pts (TCO 1) Which of the following is not a necessary life function?...
Question 1 2 pts (TCO 1) Which of the following is not a necessary life function? Nutrients Maintaining boundaries Responsiveness Metabolism Movement Question 2 2 pts (TCO 1) In describing the relationship of the thoracic and spinal cavities, the thoracic cavity is ventral to the spinal cavity. the thoracic cavity is inferior to the spinal cavity. the thoracic cavity is superior to the spinal cavity. the thoracic cavity is proximal to the spinal cavity. the thoracic cavity is medial to...
Thumbs up for all correct answers. Question 1 5 pts (TCO 1) _____ service delivers the...
Thumbs up for all correct answers. Question 1 5 pts (TCO 1) _____ service delivers the fastest connections available at an economical megabit-per-second price. Dedicated leased line DSL Fiber-optic Ethernet Satellite Flag this Question Question 2 5 pts (TCO 1) Which of the following best defines a scalable network? A scalable network is built to support high-altitude environments, including skyscrapers and satellite dishes on mountains. A scalable network supports redundant connections so that alternative paths are available when a device...
Question 216 pts (TCO 6) Which of the following is used in processing ECG outputs to...
Question 216 pts (TCO 6) Which of the following is used in processing ECG outputs to determine heart rate? QR-interval RR-interval RT-interval SS-interval Flag this Question Question 226 pts (TCO 6) Permanent storage of measurements in a medical device utilizes which type of memory? DRAM SRAM Flash RAM RDRAM Flag this Question Question 236 pts (TCO 6) Microshock is a low-value current (microamps), which passes arm-to-arm through the body by skin contact with a voltage source. a low-value current (microamps),...
How often should IT security policies be reviewed within an organization? What is the impact if...
How often should IT security policies be reviewed within an organization? What is the impact if these policies are not reviewed on a regular basis?
(TCO F) What type of information should be included on your resume?
(TCO F) What type of information should be included on your resume?
Q1. Define information security Q2. Describe the information security roles of professionals within an organization
Q1. Define information securityQ2. Describe the information security roles of professionals within an organizationQ3. Explain these Necessary tools: policy, awareness, training, education, technologyQ4. Explain why a successful information security program is the responsibility of both an organization’s general management and IT managementQ5. Identify the threats posed to information security and differentiate threats to the information within systems from attacks against the information within systemsQ6. Differentiate between laws and ethicsQ7. Explain the role of culture as it applies to ethics in...
1. Is it a security policy? 2. What type of security policy is described?
1. Is it a security policy? The textbook defines a security policy as, "... an overall general statement produced by senior management (or a selected policy board or committee) that dictates what role security plays within the organization". Is your selected document a security policy per this definition? If not then describe its purpose. Note that some items on this list may not really be security policies per this definition.2. What type of security policy is described? Assuming the document is...
Question 1 1 pts Horizontal analysis A) compares beginning and ending balances within the same accounts...
Question 1 1 pts Horizontal analysis A) compares beginning and ending balances within the same accounts for the same company for a stated year. B) compares beginning and ending balances within the same accounts between two companies for a stated year. C) compares only ending balances within the same accounts for the same company for a stated year. D) compares only ending balances within the same accounts between two companies for a stated year. Flag this Question Question 2 1...
ADVERTISEMENT
ADVERTISEMENT
ADVERTISEMENT