Osiit an Analysis Case Study

Pages: 10 (4698 words)  ·  Bibliography Sources: 10  ·  File: .docx  ·  Level: Master's  ·  Topic: Business

What is OSI's Global IT Security policy?

JL: Document

Do you provide for advanced IT and security training for your IT employees?

JL: Yes, we have extensive online and conventional training courses for our employees, including information security.

Are stakeholders (users, managers, and designers) interacting with information security?

JL: indicated that Business unit managers are responsible for enforcing IT security policy and that individual users are also responsible for the following IT policy concerning user accounts and proper use of the computer.

Is the policy part of an internal risk management protocol?

JL: As far as risk management is concerned and even though the company

As defined by the U.S. General Accounting Office, a stakeholder is "an individual or group with an interest in the success of an organization in delivering intended results and maintaining the viability of the organization's products and services. Stakeholders influence programs, products, and services." (Allen, 2005)

Information security planning should include the views of stakeholders, especially when you are planning for information security projects. The stakeholders buy-in is key to the success of information security in an organization. With the company's success in mind, decisions are less likely to be made based on personal beliefs when stakeholders views are considered.

Table 2. Interview with OSI, Inc. IT Director, John Loo (2009).

Buy full Download Microsoft Word File paper
for $19.77
OSI, Inc.'s general provisions mentioned in discussion with Mr. Loo are described in the Global IT Policy first three articles cited in Table 3.

Table 3

1. Purpose

The Global IT Policy establishes the authority of the Information Technology ("IT") department regarding IT development, maintenance, purchase and distribution within all OSI Systems Companies. The IT department mission is to safeguard and enhance the confidentiality, integrity, and availability of IT systems while meeting business needs.

2. Scope

Case Study on Osiit an Analysis of Assignment

This policy applies to all OSI Systems Company corporate IT systems to include, hardware, software, networks and services.

3. Responsibility

3.1 It is the responsibility of the CIO to approve this document.

3.2 It is the primary responsibility of the IT department to ensure this Policy is adhered to by the Company.

3.3 It is the responsibility of the OSI Systems Company business unit management to ensure this policy is adhered to by the business unit.

Table 3. Global IT Policy, OSI, Inc. (2009).

Enforcement of new security provision to the Global IT Policy is part of the scope of Mr. Loo's responsibility in strategic planning of system wide upgrades and risk management. Universal consideration of interface with employees is addressed in the interpretation of human user elements through mapping technologies. There is also the business development aspect of integrated systems as a mechanism for achieving higher productivity- cost, efficiency-cost, and competitive edge by way of streamlined logistics and reduced time to market. Loo's role in this process is critical, as IT directives will address each department within each division and forge a viable plan for implementation.

This includes appropriate software applications (SAP) within the various architectural nodes in the flow of information supporting the company's channel operations, and management of those processes on the back end once aligned, will mean change strategies for administration of new factors into the processes of the respective areas of the business. In addition to the IT Department, OSI, Inc. administrative structure involves departmental capacity in Finance, Human Resources, Internal Audit, Legal and Travel. Incremental in approach, the strategic development of OSI, Inc. IT security program is reliant upon consecutive changes to Company IT Policy, interpreted as the framework to decision on the project.

At present, each main corporate office and facility plant has as its information technology security framework which consists of a combination of dual firewalls with appropriate DMZ zones within the firewall routers for outside user access; along with numerous intrusion detection and protection hardware and software. OSI uses dual T1 lines for interconnection among its corporate entities. The companywide system is also secured with advanced virus protection and encryption technologies to ensure safe operation in applications, and transfer of data. OSI, Inc. current IT Security Policy offers guidelines to its IT program, and internal personnel user policy, and reference to the Company's external stakeholders. The Purpose and Responsibility framework to the existing security policy is cited in Table 4.

Table 4

1 Purpose

1.1 This policy statement clarifies the responsibilities of information technology ("IT") users and the steps they must take to help protect OSI Systems Company information and IT

1.2 Every worker at an OSI Systems Company must comply with the information security policies. This policy applies to all computer systems, networks and network devices, operating systems, and applications owned by or administered by an OSI Systems Company

2 Responsibility

2.1 It is the responsibility of the CIO to approve this document

2.2 It is the responsibility of the IT management team to ensure this document is adhered to Table 4. OSI, Inc. IT Security Policy (2009).

As systems architectures are designed for deeper integration in and between firms, optimization of security now means standardization like never before. Legacy systems which were the 'standard' in unique taxonomies are increasingly becoming a thing of the past as IT engineers base researched recommendations on the capacity of standardization to mitigate most effectively against risk. Combined technical and managerial security controls ensure integrity of information security policy.

To this end, companies also benefit from 'universal' models of IT policy, as global organizations seek competency in law and application to accommodate both statutory provisions, and real user applications. Policy is first and foremost an outline to protocol for, and a value added to control aspects in an organization. A legally binding contract between an organization and its stakeholders, internal policy that follows computer misuse laws, and implicates employees and other users into a relationship of agreement to designated access, evaluation of existing policies and their effectiveness at OSI, Inc. incorporates a four (4) point criteria index, illustrated in Table 5.

Table 5

1. Security technology

It involves different types of tools, methods, hardware and software platforms utilized to maintain security of a system

2. Security tasks

It signifies expected outcomes in terms of goals and deliverables

3. Security Structure

It involves systems of communication, authority and workflow related to information security

4. Stakeholders

These include organizational members including users, managers, developers and designers interacting with information security

Table 5 OSI, Inc. IT Security Policy four (4) point criteria index (2009).

Respective to incremental changes over time within IT systems management, one component in either policy or the network system itself will have an effect on other aspects of the program. Programmatic issues pertinent to the transformation of OSI, Inc. IT Policy will involve evaluation of problems occurring in the actual system where there may be: 1) misalignment between people and security technology; 2) the conflict and disparity between the implemented security technologies and the existing structure; and 3) fit of security technology to task. Knowledge of glitches within an IT network enables informed analysis of laws, and applicable protocol in alignment of policy with the actual security structure proposed as part of the organization's global IT strategy.

Articulation to the current OSI, Inc. Global IT Security provision where security posture on employee authorized access and intrusion is outlined is discussed extensively in Section 4 (4.1-4.16) of the Policy, and circumscribes general accountability to those terms in 4.4, which states that "users are responsible for familiarizing themselves with and complying with all OSI Systems Company policies, procedures, and standards dealing with information security" (Appendix A). Where changes to the policy provision will be sought by OSI, Inc. In response to national legislation on computer misuse, the definition of quite a few of the articles within Section 4 may be altered to encompass the international scope of the Company's position on misconduct. Clauses within the OSI, Inc. Global IT Security Policy are important in respect to organizational practice where the CMA and PJA 2006 are in effect at the Company's UK locations, for example. Article 4.23 indicates,

" Users must not test or attempt to compromise computer or communication system security measures unless specifically approved in advance and in writing by the director of the Internal Audit department. Incidents involving unapproved system hacking, password guessing file decryption, bootleg software copying, or similar unauthorized attempts to compromise security measures may be unlawful, and will be considered serious violations of OSI Systems internal policy" (OSI, Inc., 2010).

The UK CMA and the subsequent Police and Justice Act (PJA) of 2006 make use of court rulings on employer-employee contractual relations, and access to secure information. In the case of R. v Bow Street Magistrates Court and Allison (AP) Ex-parte Government of the United States of America (Allison) [2002]2 AC 216, the House of Lords addresses 'unauthorised access' in cases where an employee could commit an offense by securing access to a computer contrary to section 1 CMA. In the case precedent, it was held that the employee's misconduct had indeed come… [END OF PREVIEW] . . . READ MORE

Two Ordering Options:

Which Option Should I Choose?
1.  Buy full paper (10 pages)Download Microsoft Word File

Download the perfectly formatted MS Word file!

- or -

2.  Write a NEW paper for me!✍🏻

We'll follow your exact instructions!
Chat with the writer 24/7.

Lottery an Analysis of the Symbol Data Analysis Chapter

Financial Analysis of Medassets Term Paper

Analysis of Quantitative Research Term Paper

Diagnostic Analysis Organizational Research Proposal

Job Analysis Process Case Study

View 200+ other related papers  >>

How to Cite "Osiit an Analysis" Case Study in a Bibliography:

APA Style

Osiit an Analysis.  (2010, December 3).  Retrieved April 5, 2020, from https://www.essaytown.com/subjects/paper/osiit-analysis/1965037

MLA Format

"Osiit an Analysis."  3 December 2010.  Web.  5 April 2020. <https://www.essaytown.com/subjects/paper/osiit-analysis/1965037>.

Chicago Style

"Osiit an Analysis."  Essaytown.com.  December 3, 2010.  Accessed April 5, 2020.