Question

In: Operations Management

ANALYSIS Direction: Answer the following question carefully Guideline: The students can solve the assignment as a...

ANALYSIS
Direction: Answer the following question carefully

Guideline:
The students can solve the assignment as a group if they like. Your answer must include the following:
- Your answer must be coved and discussed for each section.
- Also, you must support the answer with an appropriate example in detail: i.e how to implement the example in this section.
- You can answer the question by group: each group consists of 2 students, one of the students must be a leader for the group, and the leader will present the idea after answer the solution.
Q1 Imagine the scenario showing that you are the head of control department in your company required to prepare a strategic plan for the company to achieve the ISO/17799, Analysis the sections of ISO/IEC 17799, support your answer with appropriate example,
Your answer includes the explanation and example for each section.
Sections
Explanation
(How to implement the example for each section)
1.
2.
3.
4.
5.
6.
7.
8.
9.
10.
Application:
Q1. Marking scheme:1 mark for each of the complete explanation, and 1 mark for each of the complete reflected example.

Solutions

Expert Solution

Based on the assignment, ISO/IEC 17799 establishes the guidelines and general principles for initiating, maintaining, implementing, and improving information security management in an organization or the business. The objectives or the goals outlined to provide general guidance on the commonly grounded accepted goals of the Information Security Management System (ISMS). The ISO/ IEC comprises the information security standards that published jointly by the team of International Organization for Standardization (ISO) and the International Electrotechnical Commission (IEC).

As an employee, who is the head of the control department in the company and required to prepare a core strategic plan for the company’s information security to achieve the ISO/17799 and here we analyze the sections for the detailed brief about the security standardization of information’s. The ISO 17799 provides the practical guidelines and policies for developing organizational security controls system and effective security management practices for the business.

The ISO/IEC 17799 includes the best practices of control objectives, security cores, and controls in the following areas of information security management, and the purpose is to identify by a risk assessment (key structure of the ISO 17799):

(a) Security policy: The establishment of security policy is well packed with policies related to security of information and how it connected to the broader ISMS and it will provide interested parties the right confidence they need to trust what sits behind the security policy. Example: The top management of company ABC advocate the security policy for the information protection and building trust within the stakeholders to associate with the company.

(b) Asset management: This aspect involves the aspect or requirement of a management system towards the asset management of the business. This provides a core framework to establish the policies, processes, objectives, and governance and facilitates the asset management of an organization's achievement of its strategic goals. Example: The Company XYZ ensure to prepare the policies based on the asset management and ensure to track the information related to the assets in efficient ways. The Company has to meet all the standards for keeping the norms in place.

(c) Organization of information security: This model helps to establish a management framework to initiate, collaborate, and control the implementation and operations of information security within the purview of the organization. Example: Company ABC is handling the websites of the projects and it is mandatory to ensure the security of the information. In the time being, the Company has to consider the importance of information security to protect it from threats.

(d) Human resources security: The human resource is a crucial part of the organization and it operates the employee recruitment, hiring, compensation, and other financial records of the company. The section manages the data threats and gain the confidence of the human resources. Example: The Company HR Manager, ABCD ensures to register the files, records, and details regarding the employees under the policy of ISO to secure the information.

(e) Physical and environmental security: The programs that define the measures or controls that in-directly protect the organization's data from loss of connectivity and further availability of computer processing in information management caused by theft, flood, fire, intentional destruction, mechanical equipment failure, unintentional damage, and power failures. Example: The head controller of the company have to consider the security arrangements to secure and regain the information during the time of distress or calamity in nature. The manager of the organization has to ensure the data are secured and reserved for further utilizations.

(f) Access control: It is crucial to determine the Access Control Policy (ACP), user access management, and application control within the purview of information security management. This security technique which completely regulates who, where, or what can view, access, or use the information resources in a computing environment. Example: The IT executive in the department cannot access the Management Information System (MIS) of the company due to a lack of access to the particular network.

(g) Communications and operations management: In the scenario, the Information technology systems have the process of large quantities of universal data. These information systems – include computers, mobile devices, networking equipment, storage media, and other related IT components – must be managed well so as to protect information. Example: The head of the IT has to assign the respective person to manage the communication networks and operations management to ensure the best security in the system.

(h) Information systems acquisition, development, and maintenance: It is crucial to attain development models, acquisition of systems, the development of core structures, and the timely maintenance of the system for the better management of the information. This is to ensure that the security mechanism is an integral part of the information systems. Example: The department has to consider the security mechanisms in a better way if any lack of management arises in the long run of the operations. This failure of employees will affect the overall security in systems acquisition, development, and maintenance.

(i) Business continuity management: To counteract the interruptions to every business activity and to protect the critical business processes from the impacts of major failures of information systems and to ensure their timely resumption. Example: In the organization, information security is directly connected with the business continuity management, the team of employees has to track and monitor the security of the information because of the sensitive nature of information management.

(j) Compliance: This is to avoid the breaches of any law, regulatory, statutory, or contractual obligations of the information management and of any kind of security requirements. Example: The department under the IT has to consider and monitor the legal aspects of the breach or contractual obligations of the information security in the real world collaborations.

Conclusion

The above sections are very crucial and important in the security aspects of information security management. Each organization is very unique in culture and operation, therefore each business will face different threats, issues, and vulnerabilities. It is very important to understand the controls that mentioned in the standard algorithms are not as organized or well prioritized according to any specific criteria. Each control has equal importance, validity, and considered at the information systems and business project requirements specification and every design stage. Failure to meet this will result in less cost-effective measures, a threat to the security management of information, or even failure in achieving adequate security for the organization.


Related Solutions

Read the coding guideline B3.2a. Multiple procedures. Apply the guideline to the following case and answer...
Read the coding guideline B3.2a. Multiple procedures. Apply the guideline to the following case and answer the questions. What is the root operation? Is there one procedure code or multiple procedure codes? Do all the codes have the same root operation or different? Do a research on what are condylomas? Which body system do they affect? What is the approach used in this procedure(s)? Provide the procedure code(s). B3.2a- During the same operative episode, multiple procedures are coded if: a....
Read the following case study carefully and answer the question that follows it QUESTION 1 Takyiwaa,...
Read the following case study carefully and answer the question that follows it QUESTION 1 Takyiwaa, Salamatu and Adade are Undergraduate Students from the University of Professional Studies who studied Management of Small and Medium Enterprise. After their National Service they decided to start a Restaurant Business. The overarching purpose for opening a Restaurant, was to be the second to none producers of Quality service in the Restaurant Business in Accra and respect for the customer. Starting a business of...
Read the following text on Reliability Maintainability and Availability (RMA) analysis carefully and answer the questions....
Read the following text on Reliability Maintainability and Availability (RMA) analysis carefully and answer the questions. [8 Marks] The first step in defining Reliability Maintainability and Availability (RMA) requirements is to articulate a representative sample of mission scenarios in which the network is going to be used; these are documented in an anecdotal narrative that describes how the usage will occur, when, what is necessary for this mission to succeed, and how important it is to network users. This includes...
Case Study Analysis Read carefully the following case/scenario and answer the questions given at the end....
Case Study Analysis Read carefully the following case/scenario and answer the questions given at the end. A manufacturing company, involved in the business of food processing, faces a technical problem at one of their major plants. Recently they faced a technical issue which resulted in loss of production and was fixed by engaging their mechanical staff. Now this technical problem can result in even bigger loss of production and if it gains attention of public through social or electronic media,...
Excel Assignment 2 Direction: Use Microsoft Excel to answer the following three questions (Excel Instructions are...
Excel Assignment 2 Direction: Use Microsoft Excel to answer the following three questions (Excel Instructions are provided in previous assignment) 1. An Economist was interested in sex differences in the number of books a person reads (see file: Number of Books). Two random samples were taken, one of men and the other, and the number of books read during the last month was recorded. Is there a difference with respect to the number of books read by females and males?...
Conduct an analysis (you can use Excel) to answer the following question. Show an ANOVA table....
Conduct an analysis (you can use Excel) to answer the following question. Show an ANOVA table. A grower wishes to compare yields of four different varieties of pumpkins for yield (tons/ac).  His experiment consisted of four replications for each variety.  Is there a significant difference between the varieties in yield?  Do a Tukey’s test. Give complete conclusions with a properly labeled tabulated results. Data are as follows: Variety A        Variety B        Variety C       Variety D 27                   29                   30                   32 28                   28                   29                   29 29                   29                   29                   31 25                   27                   31                   32 An experiment was conducted to compare the...
Question: No handwriiten answer atleast 3 pages read carefully then answer the question. I'll rate Technolo......
Question: No handwriiten answer atleast 3 pages read carefully then answer the question. I'll rate Technolo... No handwriiten answer atleast 3 pages read carefully then answer the question. I'll rate Technology in the news! Technology, Labor, and Society. instructions: Select a technology developed between 1980 and 2000, and then craft a narrative which addresses the following questions: What is the technology? What problem does it solve? Who developed it? How did this technology influence another technology? Examples? Is this technology,...
Answer the following questions: Question 1: Why is it important to carefully read each email before...
Answer the following questions: Question 1: Why is it important to carefully read each email before sending it? Questions 2: Name three examples of communication technology commonly used in corporate communications
Answer the following assignment .
1.An accounting information system is a set of interrelated: A. Activities and documents only. B. Activities and technologies only. C. Documents and technologies only. D. Activities, documents and technologies. 2.The components of an accounting information system are designed to collect ___ and report ___. A. Data; information B. Data; data C. Information; information D. Information; data 3.An accounting information system is defined by the text as a set of three interrelated elements. Which of the following choices best gives an...
Please read carefully what is required and answer all the sections. if you cannot solve, leave...
Please read carefully what is required and answer all the sections. if you cannot solve, leave to someone who can.Thanks. You are currently working at a mid-sized certified public accounting firm. Your client is Bob Jones. Bob, age 60 and single, has recently retired from IBM. He has $690,000 available in his 401(k) fund and he is thinking of using that money to open a used car business that will be located at 210 Ocean View Drive in Pensacola, Florida....
ADVERTISEMENT
ADVERTISEMENT
ADVERTISEMENT