Management Information Systems Security Plan … Other
Pages: 9 (2417 words) | Style: n/a | Sources: 0
Management Information Systems -- Information Security
A project plan is essentially a formal document that guides the execution and control of a project. It is meant to achieve the planning objectives and facilitate the planning decisions of the project. It also facilitates interaction and communication between the project stakeholders while detailing the costs, scope, and milestones of the project.
Before developing a project plan, it is important to have a statement of the project vision and objectives. The vision statement gives a clear picture of the direction that the project intends to take in order to be successful. Objectives, on the other hand, are the targets that the project will achieve to achieve the desired outcome. These two are necessary because they guide the planning and execution of the project.
There are four categories of constraints that relate to project plan implementation and are noted in the chapter. These are technological, industrial, distribution and operational risks. Technological risks relate to failures when using different technologies, industrial risks relate to key providers being unwilling to use and share technology, distribution risks relate to distributors not delivering the project requirements, and operational risks relate to lack of commitment from project management and personnel.
The first step in executing the project plan is planning the project. This involves creation of a detailed project plan. The second step is supervising the different tasks and actions to lead the project implementation while the last step is the wrap up of the project where the managers finalize status reports and deliver a final report of the project.
Projectitis is when the project manager develops a significant attachment to the project team and spends more time on documentation and performance measurement than the actual project actions. It can be avoided through focus on the project actions, organization and coordination.
A work breakdown structure is a planning tool that allows the project manager to divide the project plan into several tasks that are placed on the task list. Each of these tasks is then further divided into simpler tasks or actions. A WBS is the best way to organize a project plan.
A planner can tell when a task is subdivided adequately when a single individual can complete the tasks or using one skill set, the task can be completed. The task must also include single deliverable only.
A deliverable is a completed action or document that can serve either be used as the starting point of a different action in project or be an element of a completed project.
A resource is a source or a supply from which the project accrues benefit. They are divided into tangible and intangible resources. Tangible resources include land, capital, and labor, while intangible resources include information management systems, brands, patents, etc.
It is good practice to delay naming certain individuals as resources in the project planning because instead of assigning individuals as resources, the project plan should focus on the organizational roles and skill sets required to accomplish particular tasks and actions. These tasks, which are not listed in the project plan, are then assigned to individuals.
A milestone is a particular point in the project plan when a task and its related steps are complete and have an impact on the overall progress of the project. A good example is in project planning where the request for proposal document is sent to vendors. This is because it signifies that all preparations on the part of the project sponsor are finalized.
The project manager assign project start and end dates sparingly to reduce the risk and impact of projectitis and at the same time to allow the manager to only specify the completion dates for the major milestones.
The best judge of effort estimates in project tasks and actions is the individual who is most familiar with similar work. All individuals who are assigned specific action steps should review the estimates of completion, understand the required actions and steps and agree with these estimates.
A dependency is defined as a relationship between a certain task or step where one depends on the completion of the other in order to start. A predecessor is that task that precedes another while a successor is that which comes after another task.
A negative feedback loop is a process that is often used to manage the project to completion. The project's assessed results are compared to the results that are expected and when a deviation is found, corrective action is taken to bring the task into compliance with the project plan.
To convert to a new system, one approach is direct changeover. This involves stopping the old system and starting the new one. This is often simple to a certain degree and harder when the change procedures are more detailed. The second is phased implementation where the roll out is done in phases until all systems are changed. Third is pilot implementation where a single department or division is rolled out with the changes and becomes the guinea pig before going out to other departments or divisions. Last is parallel operation where the two systems are used concurrently to allow fallback to the old system.
Technology governance is a complex process where organizations manage the cost of technology and innovation by facilitating communication about technical issues in the organization. Change control is the process where the organization deals with the impact of a technical change.
Accreditation is the authority of an IT system to process, transmit and store information and is issued as assurance that the system is of adequate quality. Certification is a comprehensive evaluation of the technical and non-technical controls in an IT system.
No specific person or department decides where information security should be. It is the role of the entire organization to find a rational place to place the information security function where it can balance the needs of education, training, policy, awareness, etc.
The information security function can be placed within the IT function since it is related to these IT functions and it can also be placed as a peer of physical security since they relate as protective IT functions. It can be placed under administration as a peer to human resources and can also be under the legal department for enforcement of the organization's security policies.
The criteria for selecting IS personnel involves hiring a manager who can work well with different people. This individual should also perceive threats to the organization and understand the technical controls to mitigate these risks.
Attitude, understanding of the role, understanding of the sensitivity of information related to the role, working knowledge of IT technologies, and understanding of the education and training requirements of the role influence an organization's information security hiring decision.
When dismissing an employee in friendly or hostile circumstance, the organization must consider the security of information. The employee may store information in personal drives and storage media. The employee's access to the organization's system should be disable and keycard access revoked. They should remove their personal effects from the premises.
Temporary employees have access to limited information that they require to perform their tasks while contracted employees should not have access to any information unless contract to apply them.
IS professionals have two career paths. The first is ex-law enforcement or military professionals while the second is IT experts such as database or system administrators, and programmers.
It is important to use standard job descriptions for hiring IS professionals because it affects the degree of professionalism in the IS field and improves the consistency of roles and responsibilities within the organization.
The CISO performs the tasks of defining security policies, strategic planning, developing tactical plans, budgeting, and operational planning. The key qualifications include a university degree in an IT field and experience in IS management.
The security manager performs the tasks of policy development, assessing system risks, contingency, operational, and tactical planning. He is also the liaison with other organizational managers. Key qualifications include a graduate degree and experience in IS policymaking and general information security.
The security technician performs the tasks of configuring, implementing, debugging, and troubleshooting security controls. This person is specialized in coordination of the system administration. Qualifications include IS certification and in-depth experience of IS management.
In acquiring professional credentials, an aspiring IS professional should use the rationale that these qualifications only aid the employer to ascertain the candidate's level of proficiency.
The IS professional's certification credentials include CISSP and SSCP from (ISC)2, CISA and CISM from ISACA, GIAC from SANS, SCNP and SCNA from SCP, CCE and CIFI for forensics, and CompTIA's Security+.
The certification expense should be paid by different persons based on the circumstances. The employee should pay if seeking for a first job but if it is a new requirement for a job they hold, the employer should pay.
The standard personnel policies that are part of IS include job descriptions, attracting, interviewing, orientation, on-the-job training, and background checks. These activities increase the chances of… [END OF PREVIEW]
Cite This Paper:
APA FormatManagement Information Systems Security Plan. (2014, December 8). Retrieved March 23, 2017, from http://www.essaytown.com/subjects/paper/management-information-systems-security/9622402
MLA Format"Management Information Systems Security Plan." 8 December 2014. Web. 23 March 2017. <http://www.essaytown.com/subjects/paper/management-information-systems-security/9622402>.
Chicago Format"Management Information Systems Security Plan." Essaytown.com. December 8, 2014. Accessed March 23, 2017.