CONSULTING IT REPORT
Kitchener, Ontario
June 12, 2017
To: Mr. Raj and Mr. Harjot
From: Andre Luis Lumertz Peres
Subject: Consulting IT Report – Online Sales
Executive Summary
The purpose of this report is to provide an analysis, considerations, and information necessary for the implementation of an online sales ordering platform. Based on information from the organization that makes $ 2 to $ 3 million in annual sales selling Drones their store located in Kitchener Ontario and with approximately 20 employees. The strategy of owners is to increase their business by offering their products online. They are not familiar with the steps they need to take to establish online sales the owners are concerned about how to keep customer data
…show more content…
This analysis is focused on Information Security for owners Raj and Harjot and the designated technical group.
1- Analyzes of Benefits of good Information Security governance
Have a good Information Security Governance that translates into a set of policies, processes, and responsibilities associated with structures and people in the organization. It makes it possible to clearly establish the decision-making process and the guidelines for the management and use of IT, all in a way that is aligned with the organization's vision, mission and strategic goals. It also ensures the alignment of IT plans with business plans, which the anticipated benefits are actually being generated. Allowing the organization to recognize all risks (and opportunities) for the business by deciding the appropriate plans to mitigate, accept or avoid them. Having fundamental performance measurement throughout this process, monitoring and monitoring strategy implementation, use of resources and delivery of services.
In view of this definition, the creation of a Board Committee is fundamental to define, guide and ensure that all processes and risks are being considered. Another important factor in this analysis mainly because the company's lack of knowledge of the online sales process would be to establish procedure and the creation of a contingency plan in case of any problems such as system crash, hacker attack or any other
Until now IT has become the significant role of execution within organization. Due to the efficiency of IT governance, it is apply to organization area more extensive. In addition, The IT Governance Institute cites 5 specific areas that need to be considered by those with the responsibility of managing IT, the five areas are: adding value, managing risk, matching IT to strategy, measuring performance and managing resources.
IT Governance is an internal IT strategy used to analyze and prioritize current and future IT projects through the IT governance process. It involves assessing current projects, defining future vision, and ensuring project road maps are structured properly. “Good governance enables you to make and implement better decisions faster, and provides the foundation for weaving together business and IT strategies (Broadbent, Kitzis, 2005).
I.T. Security has a place in a specific situation that has its possess culture. Vital to shield data from unapproved get to and
In today’s IT world every organization has a responsibility to protect the information and sensitive data they have. Protecting data is not only responsibility of security and IT staff but every individual is involved in protecting the information. The risks to information security are not digital only, but it involves technology, people and process that an organization may have. These threats may represent the problems that are associated to complex and expensive solution, but doing nothing about these risks is not the solution.
A sound information security policy begins with an understanding of what is the current climate, which can consist of policies, regulations, and laws. It is imperative to understand what legislation your line of business must comply with as well any applicable governance requirements. Beginning with defining what is a policy, a guideline and a standard: a policy provides specific requirements or rules to abide by, which can be either at the governmental level, meaning a statute and/or organization-specific directive; also known as administrative law. According to the SANS Institute (n/d), a leading cooperative research and education organization, a standard can be an amalgam of requirements that is applicable to the user body; and a guideline can be considered akin to a recommendation for a best practice (SANS Institute, n/d). Current government policies can be issued by federal, state, local and/or tribal
|Review of Informational |Whether the Information Security Policy is|The security policy |Without the review of |Each policy should be |
An effective information security program should include, periodic assessments of risk, including the magnitude of harm that could result from the unauthorized access, use, disclosure, disruption, modification, or destruction of information and information systems that support the operations and assets of the organization. Policies and procedures should be based on risk assessments, cost effective reduced information security risk, and it should ensure that the information security is addressed throughout the entire life cycle of each and every organizational information system. Subordinate plans for providing sufficient information security for groups of the information system, facilities, networks, or information systems.
In the final chapter of CompTIA Security + Study Guide eBook, it covers some great topics, key elements of implementation, support, and managing the security efforts in a company or organization. It’s important for IT Professionals to understand their role in a company/ organization. It’s also extremely important for them to understand the boundaries of security within that company/organization. Adopting best security practices while adhering to company policies will ensure that both parties are happy. There are many fines lines with security management.
IM/IT governance helps the organization make business decisions more accurately and in a timelier manner (Glandon, Smaltz, Slovensky, 2008). In order to complete this, five general guidelines were created. They are as follows: Develop a consistent IT strategy, Align IT Planning with Organizational Planning, Develop IT Infrastructure, Architecture and Policies, Set IT Project
Assess the adequacy and effectiveness of the organization’s IS security policy. In addition, assess whether the control requirements specified in the organization’s IS security standards adequately protect the information assets of the organization. At a minimum, the standards should specify the following controls and require them to be applicable to all information systems:
Limitations of Research: Considering all the studies this paper also has limitations. Since Information security management is prominently growing area, the guidelines maybe unstable and quick changes can happen. However the loss can be overcome if the organization maintains its security policies in clear and update them timely.
IT governance incorporates ideas and information about the way you execute your business strategy. It is about how you operationalize and capitalize on market opportunity. It is only at the lowest levels of division that IT governance is about decision rights, compliance, regulations, standards, and policies. And while not to minimize the extreme importance of these elements for IT governance, I do declare that if your IT governance solution is primarily about being compliant, etc., and secondarily about business execution, then neither your IT organization nor your business is likely to benefit from your implementation. You will have missed the opportunity that IT governance offers.
After the information system is installed, the IS security controls must be monitored and assessed on a continuous basis. Continuous monitoring ensures the security controls in place are effective. In this step, there are five tasks. The first task requires managers to determine the security impact based on the threat environment. The second task is conducting assessments on certain security controls as outlined in their Continuous Monitoring Strategy. The third task is correcting discrepancies found in the assessment. The fourth task requires updating the Security Authorization package based on the previous results. The fifth task requires the appropriate officials to make a risk determination and acceptance by reviewing the reported security
Moreover, now days using information system is not as walking as in the park, it has many new security treats that the company might lose their confidential data, financial and personal information.
Safety of information is the most valuable asset in any organization particular those who provide financial service to others. Threats can come from a variety of sources such as human threats, natural disasters and technical threats. By identifying the potential threats to the network, security measure can be taken to combat these threats, eliminate them or reduce the likelihood and impact if they should occur.