12 | Information Systems homework help

Topic

        The organizational support services team serves a vital role, to address the needs of the employees and customers. What value do they add in terms of security policy implementations? 

Instructions

1) APA format

2) References

3) Body Citations

4) No Plagiarism 

5) 350 words

6) 2 responses (each 150 words)

Response#1(Rohini)

The organizational support services team serves a vital role, to address the needs of the employees and customers. What value do they add in terms of security policy implementations?

Organizational support services team plays an important role. In an organization there are security program managers, the owners for compliance bit, regulatory requirements and running various security programs. Along both technical skills and people management skills are required for these roles. They are responsible for the end to end management of the project and its lifecycle. There is other team member such as senior security analyst who is a mid-level experienced and they are experts in some of the other relevant technology. Senior security analyst skill set includes: expert in Linux, firewalls, anti-virus, VAPT. The responsibilities ensure that they have required amount of technology-oriented people. They can drive sub-projects within the team and company.

The security analyst is who do the work at the ground level. They are responsible for data preparation and analysis, training others, coordination, escalating incidents and supporting projects and implementations. Security Analyst is not an expert in risk analysis, threat hunting, reporting or presentation skills.

The roles and responsibilities of security support team which add value to the organization can be divided on the basis of the team strength and experience. Some of the activities need technical skills and some need security management skills. Tasks can be prioritized and done as agreed. For example, an organization might want to conduct a risk assessment on a yearly basis. Another organization wants to perform a penetration test of the network, application, etc. Monitoring is a broad term, so the responsibilities are wide as well. Different organization check the security attributes in different ways.

Response#2(Ranadheer)

Information security has come to play an extremely vital role in today’s fast moving, yet invariably technically fragile business environment. Consequently, secured communications are needed in order for the two companies and customers to benefit from the advancements that the Internet is empowering us with. The importance of this fact needs to be clearly highlighted so adequate measures will be implemented, not just enhancing the company’s daily business procedures and transactions, yet in addition to ensure that the truly necessary security measures are implemented with an acceptable level of security competency. It is sad to see that the chance of having your company’s data exposed to a malicious attacker is constantly increasing nowadays due to the high number of “security illiterate” staff also having access to sensitive, and sometimes even secret business information. Simply imagine the security implications of someone in charge of sensitive company data, browsing the Internet insecurely through the company’s network, receiving dubious e-mails containing various destructive attachments, and let’s not forget the significant threats posed by the constant use of any Instant Messaging (IM) or chat applications. Related projects in the future, this is point of fact the principal measure that must be taken to reduce the risk of unacceptable use of any of the company’s information resources.

The initial move towards enhancing a company’s security is the introduction of a precise yet enforceable security strategy, informing staff on the various aspects of their responsibilities, general use of company resources and explaining how sensitive information must be handled.

The security strategy is basically a plan, outlining what the company’s critical assets are, and how they must (and can) be protected. Its main purpose is to provide staff with a brief overview of the “acceptable use” of any of the Information Assets, as well as to explain what is deemed as allowable and what isn’t, therefore engaging them in securing the company’s critical systems. The document acts as a “must read” source of information for everyone using in any way systems and resources defined as potential targets. A decent and well developed security strategy should address some of these following elements:

• How sensitive information must be handled
•  How to properly maintain your ID(s) and password(s), as well as any other accounting data
• How to respond to a potential security incident, intrusion attempt, etc.
• How to use workstations and Internet connectivity in a secure manner
• How to properly use the corporate e-mail system