Developing the Corporate Strategy for Information Security

Term Paper: The Rookie Chief Information Security Officer

SEC 402: Cyber Security

Part1.

• Information Security Strategy

Organization chart

Illustrate the roles that will be required to ensure design, evaluation, implementation, and management of security programs organization.

Every organization must identify and implement information security policies, standards, guidelines, procedures, and the best practices to further strengthen its security programs to protect its information assets while assuring its goals and objectives requirements. The information security officer (ISO) manages organizational security program. There are five important objectives for the information security programs. They protect the agency’s information and information processing assets. Manages vulnerabilities within the information-processing infrastructure and educate the employees about the information security and privacy protection responsibilities. All the departments within the organization organize an ISO to control the organizational compliance with information security requirement (Tu & Yuan, 2014).

Executive management

The organization has the ultimate responsibility for information security and risk management within the organization. Annually the organization director must certify that the organization complies with state policies governing information technology security and risk management. It is possible by giving the organization management and privacy program a compliance certification.

The roles for the information security officer within the organization are to provide the organizational guidance and assistance in fathoming ISO role and responsibilities in developing and maintaining the efficient information security system. The guide closely aligns with the office of information security and private protection producing more information about the roles of the organization.

Information security officer

The ISO need to check the organizational compliance with policies and procedures related to the security of information assets. The information security officer must be directly responsible to the organization enabling the acceptance to create the relationship on functional basis rather than reorganizing the department.

Strategic

The organization ISO must understand the organizations programs, the business requirements, and their roles within the activities of the agency. The personnel’s must keep the evolving technologies to ensure appropriate security control within the organization. They have the roles of identification of the security risks to the organization and being able to evaluate and recommend appropriate security measures. The strategic analysis enables the organizational management to understand and reduce the risks.

Management and communication skills

Effective communication is the basis of the development of the organizational management and effective communication both verbally and written must be properly understood for effective functionality of the organization.

Technical competence

The ISO needs to have certain level of technical competence to lead their organizations security initiatives. They need a general knowledge of how technical issues the business and the organization in general. It is quite difficult for a security leader get respect by the organization without having proper technical security knowhow.

Identify the reporting structure for the roles such as IT Security Compliance officer, security manager, CIO, CICO, IT Security Engineer, Privacy Security Professional, and IT Procurement Specialist

The information technology leaders emerge central in the overall organizational structure based on the scope and breathe of services the IT unit is expected to provide the organization. In the complex organizations, the matrix reporting relationships among the most senior executive staff under is not unusual. In smaller and less complex organizations, such stages are required and the direct reporting relationship to CEO is feasible. The decisions for the appropriate balance of a centralized verses decentralized recourses pool of staffing and budget resources is directly related to expectations of the organization. The centralized IT organization structure is defined by considering the requirements of the primary organizations.

Types of resources required to fulfill the forensic duty of the organization of the roles identified.

There are very vital resources required to fulfill the forensic duty of the organizations of the roles identified. The resources include the forensic professionals and the relevant duties they perform to accomplish their duties. There are team leaders within the organization to ensure safety of personnel and security at the scene. They ensure that all the personnel use the protective equipment and follow the standard recommendations to protect them room any danger that is presented by blood or other human body fluid. The team leaders ensure the safety of personnel by ensuring that the professionals protect themselves. The team leader ensures that sufficient supplies and equipment are available for personnel (Rebollo et al, 2015).

The photographer and the photographic log recorder

Photograph the whole area before access by anybody and photograph the victim’s crowd and the vehicles. It allows photographing major evidence items before they are moved. They are also used to latent fingerprints and other impression evidences before lifting and casting are accomplished. Prepare photographic log and photographic sketch.

Sketch preparer

It is used to diagram immediate area of scene and orient diagram with sketch. They set forth major items of evidence on sketch. They ensure the necessary administrative information recorded in sketch

Align the organization chart to reflect the department of Homeland Security (DHS) three values, physical security, security professional, and privacy professional.

Organization chart to reflect the Department of Homeland Security (DHS)

Part2:

Request for proposal Plan (RFP)

Two activities to be monitored

Develop a request for proposal (RFP) plan to solicit qualified vendors that could collaborate with your internal team to deliver optimum IT service delivery.

The RFP is the face of every organization to potential collaborators and it is very important to compose them well. The perfect ones lead to good proposal; good proposals lead to better working relationships leading to better projects and outcomes. There’s need to become an expert in web design to write RFP if it can establish clear goals providing right details and collecting information from vendors.

Project overview

There is the introduction of the organization and the purpose of the RFP stating what the service provider has to do about the central part of the organization. It is important because it enables individuals to think outside the box. All kinds of solutions available will meet the requirement if the people better than what people have in mind and web professional can suggest solution you may not have thought of yet.

Organizational background

It helps in the description of what the organization is all about and what the organization does. The organizations have the specialty in certain area of web development tailored to fit the requirements of the users.

Project goals and target audience

Project goals; explain the plans to complete or what outcome individuals have in mind. It shows or prescribes whom the Website is to serve. Its most importance is the clear articulation of what the individuals are specifically after.

Sitemap

It depicts the strategic location on which the organization is to be situated including the visual designing to impact visitor’s perception of the organization. The sitemap helps in the determination which contents the site bears at what specific time. Site map provide technical requirements many web vendors use a sitemap to identify different kinds of content that the site requires to publish such as the blogs, articles, news or views must be inclusive (Kegel & Wieringa, 2015).

Methods to develop a qualified trusted supplier list

There are various methods for a service provider that certifies the requirements of the users within the organizations pertaining to specific task performed by the individuals involved with the organization.

Step1: document the organizations needs

Before any selection of the vendors to give the services required by the users, there should be an elaborate description of what kind of the services needed by the users to be provided by the service provider.

Step2: identify the potential sources

Select an organization that provides the services you require at their best and vent your request through the phones or via the internet services. The organization selected should well suit the customer’s needs.

Step3: initial vendor’s discussion

Very many service providers need to provide the services needed by the customers. The customers have the rights to discuss about the organizations performance pertaining to the services they provide to their customers and go for the best deal possible while selecting the supplier.

Step4: weed out vendors

This is the elimination stage for the organizations, which does not certify the requirement of the user or are too expensive for the individuals to fall for their provisions.

Step5: final vendor round

It is the final chance for the various finalist to make their offer stick to win the users business. They become more specific about what special needs they offer from the customer requirements.

Step6: make a concrete decision and stick to it

This is the stage for the best decision in the selection of the best service provider and the vendor must be very careful to select the best one fulfilling all their requirements.

Part 3: physical security plan

Physical security plan is the understandable written plan providing proper and economical use of personnel and equipment to prevent or reduce loss or damage from theft, misuse, espionage, sabotage, and other criminal or disruptive activities.

The purpose of the physical security plan is to provide guidance, assign responsibility, and it should set minimum standards for the security of property and personnel. The physical security officer must first determine the types and the extent of protection required on the post.

Part 4: Enterprise Information Security Compliance Program& Part 5: Develop a risk management plan:

Risk management is the process of risk identification, assessment, and reduction of its acceptable level. It is an essentials management function and is critical for any agency to successfully implement and maintain an acceptable level of security.

The information security officers ISO leads the planning, developing, managing and controlling of the risk management schedules within the organizations. The main goal for the risk management process is to identify and avoid the impacts of threats to information and technology assets. The main goal of the of the program is to protect the agency and its ability to perform its mission not just its IT assets.

Risk management plan

REFERENCES

Kegel, R. H., & Wieringa, R. J. (2015). Behavior Change Support Systems for Privacy and Security. In Proceedings of the Third International Workshop on Behavior Change Support Systems (BCSS2015), Chicago, USA, June (Vol. 3).

Rebollo, O., Mellado, D., Fernández-Medina, E., & Mouratidis, H. (2015). Empirical evaluation of a cloud computing information security governance framework. Information and Software Technology, 58, 44-57.

Tu, Z., & Yuan, Y. (2014). Critical Success Factors Analysis on Effective Information Security Management: A Literature Review.