Information Security Policy Compliance, Term Paper Example

Some of the questions from Chapter 3 were relatively simple, while others were more difficult to answer because a number of possible answers were likely. This led to some degree of confusion, particularly because some of the terms may have similar meetings and/or applications under specific circumstances. This contributed to a high level of analysis regarding these questions and the potential responses that might be selected for consideration. I missed question #4 because I could not remember the meanings of the acronyms, I missed question #10 because I was unsure of the exact requirements regarding quality assurance, and I also missed question #15 because I was unsure of the terms least privilege and separation of duties. The questions were not necessarily surprising, but they offered an opportunity to address possible situations that could occur in real life in order to make effective decisions that could impact my future career. This was a positive learning exercise because it enabled me to identify terminology that I am not familiar with so that I am able to learn these terms and apply them in the future.

Principles of Security

Modern organizations require a high level of knowledge and experience in information security needs in order to provide key users with the level of access that will enable them to successfully perform their roles. This requires a behind-the-scenes approach that will positively impact organizational efficiency and improvement by establishing access-based rules to ensure that roles are properly assigned within a given information systems framework (Kuhn et.al, 2010). This process is critical to ensure that user permissions are appropriate and that the system design for this process is efficient (Kuhn et.al, 2010). Role-based access control (RBAC) is one alternative that supports a viable approach to addressing user roles and access, while also remaining flexible in the event that these roles change in the future (Kuhn et.al, 2010).

Information security roles and access are essential in managing a system properly and efficiently; therefore, user permissions must be regulated and monitored to ensure that access is appropriate and timely at all times (Kuhn et.al, 2010). System designs may vary; however, the primary directives must be similar in scope and method to enable users to only have access to systems that are required and essential to their roles (Kuhn et.al, 2010). This article provides important information regarding user access, which is a directive that is not often considered by standard users because it is performed by knowledge experts behind the scenes. However, this capacity is essential to promote organizational performance and effectiveness for all employees at all times.

Security Management Planning

Organizations must be able to identify the core principles of information security that are critical in achieving the desired level of performance. Users must be involved in this process and must be able to participate in decision-making to ensure that security measures are followed at all times (Spears & Barki, 2010). Information breaches may be minimized with employee support and compliance with all security requirements, along with a higher level of monitoring that will enable an organization to be effective in managing its security risks (Spears & Barki, 2010). Therefore, user involvement in mitigating security risks is critical for organizations in order to support a higher level of success and achievement in this area (Spears & Barki, 2010). Priorities in information security management must also be considered so that an organization is prepared to identify the areas where risks could impact long-term objectives and influence how information and confidentiality are protected (Spears & Barki, 2010). This article is relevant because it addresses the significance of holding employees accountable and active in promoting security in all activities involving user systems and information. All employees must be active participants in this process to protect the information system as best as possible.

Terms and Definitions

The chosen information system strategy must be acceptable and appropriate for an organization and its specific needs. This process requires a high level of knowledge of strategy to ensure that the security plan in place encompasses the desired framework. The chosen strategy must be able to recognize the importance of critical issues of vulnerability so that the system is strong and protective of confidential information (Bulgurcu et.al, 2010). In this context, an organization requires full compliance from its employees in an effort to produce the desired outcomes, while also considering other factors that will improve operations and enable employees to accept responsibility for their actions related to information system development (Bulgurcu et.al, 2010). The chosen information system must be safe to use and protective of private information, while also remaining accessible to the needs of individuals within the organization when they are provided with the appropriate level of access (Bulgurcu et.al, 2010). The management of this system must convey confidence that employees are in compliance with the system, along with other factors that will favorably impact operations, including increased confidence and assurance that the system in place is meeting expectations (Bulgurcu et.al, 2010). This is a critical path that an organization must follow so that it is able to address its strengths and weaknesses regarding information security, accompanied by other factors that will protect the organization in the event that breaches might occur. This article is important because it supports a high level framework regarding the needs of organizations that will positively impact operations so that the firm will be able to operate in the desired manner with as few security breaches as possible.

References

Bulgurcu, B., Cavusoglu, H., & Benbasat, I. (2010). Information Security Policy Compliance: An Empirical Study of Rationality-Based Beliefs and Information Security Awareness. MIS quarterly, 34(3).

Kuhn, D. R., Coyne, E. J., & Weil, T. R. (2010). Adding attributes to role-based access control. IEEE Computer, 43(6), 79-81.

Spears, J. L., & Barki, H. (2010). User Participation in Information Systems Security Risk Management. MIS quarterly, 34(3).