Practical Connection Assignment

As an information technology (IT) specialist, knowledge, skills, and theories relating to information governance and security policy are part of day-to-day decisions within the organizations I have interacted with as an employee. Every digital transaction between organizations and their clients leaves an auditable trace of data. In some cases, the data is sensitive; hence necessitates security, discovery control, and privacy mechanisms. In other cases, the trail of data left behind has no value and simply consuming space. Differentiating between these forms of data and understanding where it all lives is the greatest noticeable challenge I have observed in some organizations I have worked in so far.

People and organizations using computers often categorize their needs for information security and privacy, and trust in the systems based on three factors. The first is confidentiality, implying who gets to read or encode your information. The second is integrity, where data can only be altered in an authorized and specified manner. Lastly, there is the availability aspect, ensuring that authorized users can continuously access the information and related resources. As an IT professional, I have noted that the three requirements are often emphasized differently depending on the application. For instance, a defense information system’s primary concern is to ensure confidentiality of classified information, protecting it from unauthorized users. However, strong integrity controls are essential for systems such as fund transfers. The requirements for internally interconnected systems differ from applications without similar interconnections (Moody, Siponen & Pahnila, 2018). As such, the particular requirements and control for organizations’ information security vary.

Another area that is significant to almost every organization is the security policy. Security is the framework within which organizations strive to satisfy the need for information security. A security policy is described concisely by the individuals responsible for the organization’s information values, organizational commitment, and protection responsibilities in an organization structure. To be practical, a security policy must not state the information security need but instead address diverse circumstances and operating standards under which the need can be met. Without this aspect, a security policy is rendered useless. In any particular situation, some threats to the organization’s security systems are more feasible than others (Amankwa, Loock & Kritzinger, 2018). As such, a prudent information security specialist and policy setters must evaluate each threat, assign a level of concern of every danger, and state the information security based on the threats to be resisted or managed first. Effective management control systems, technical, procedural, and administrative mechanisms and techniques must be instituted to implement the security policy (Smallwood, 2019). An effective management control covers all the essential facets of information security, such as classification of information, physical security, and mechanisms to recover from the breach of security, and creating awareness among the users of the data.

The above observations can be summarized in terms of information governance, a key concept in my course. Under this approach, an organization considers information as an organizational asset. As such, extensive oversight and coordination are essential to ensure accountability, integrity, preservation, and appropriate protection of an organization’s information (Smallwood, 2019). An organization must devise approaches to maximize information’s value, mitigating risks linked to its creation, usage, and sharing. A significant conclusion from the observation is that vital information protection requires organizations to articulate security policy that captures diverse circumstances and operating standards under which an organization’s security needs are met.

References

Amankwa, E., Loock, M., & Kritzinger, E. (2018). Establishing information security policy compliance culture in organizations. Information & Computer Security.

Moody, G. D., Siponen, M., & Pahnila, S. (2018). Toward a unified model of information security policy compliance. MIS Quarterly, 42(1).

Smallwood, R. F. (2019). Information Governance: Concepts, strategies, and best practices. John Wiley & Sons.