WEEK 4 Assignment
IT Security Policy Framework Approaches
Roles and Responsibilities/Separation of DutiesOverview
Strategic LLC is a IT Management Company in California. It includes the best auditors and experts in the field of information security. The company works with private and public institutions to evaluate the effectiveness of its company structure to guarantee the security of its information. The company maintains compliance with licenses and audits related to compliance with SOC1, SOC2 and HIPAA. It also maintains the FedRAR estimates of several companies for its design and control analysis.
The information security is the core of every company. Keep in mind that security breaches have become a hot news around the world, each company tends to adjust its access controls and security protocols to protect its resources. They are well known for maintaining the assessment and expectations of providing the necessary security protection against security breaches. This is attributed to a combination of the best auditors and information security specialists.
Separation of roles and responsibilities
The partition of characters is an important aspect of each effort. The duties and responsibilities for the efficient provision of services in Strategic LLC and the partners are divided into sections and each section assigned to a particular group within the organization. Torten, R., Reichi, C., and Boyle, S. (2018) reduces the load of each team member and increases their effectiveness. Because it is too much to do, they are decreasing rapidly and this can compromise their decisive potential. In addition, create a group of people with different skills and a security team against the collapse of the members of the company.
Below, I describe the roles and responsibilities of each and every level of leadership in ensuring information security.
This is the highest level of leadership with the responsibility to oversee all information security practices. The executive management roles are less technical and more manageable. They receive information from experts in information security and analyze it for decisive purposes (Adityaiva, L., and Abdale-Atti, M. (2015).
Information system (IS) security professionals
This is the technical part of management. It has IS professionals with the responsibility to ensure that the design and implementation of the system comply with the standards of systematic security. They review policies and review security policies and ensure they are strong and effective for the security of company information.
Information security auditors
IS auditors are assigned the roles that go through all systems, strategies and technological performance of the system, and provide an audit report regarding the efficiency and suitability of the policies. They advise management on the recommended improvements according to the results of their audit.
Monitoring and compliance is an essential role of the administration in each organization. Linford and company. This makes the command and functions work efficiently following the chain of the division. The specialists in IS are in charge of the technical part of the audited by the auditors and the information is related to the executive management for the decision making.
Takabi, H., Joshi, J. B., & Ahn, G. J. (2010). Security and privacy challenges in cloud computing environments. IEEE Security & Privacy, (6), 24-31.
Torten, R., Reaiche, C., & Boyle, S. (2018). The impact of security awareness on information technology professionals’ behavior. Computers ; Security, 79, 68-79.
Veiga, A. D., ; Eloff, J. H. (2007). An information security governance framework. Information Systems Management, 24(4), 361-372.