1 IT GOVERNANCE Introduction: The purpose of this report is to discuss and implement security governance policy of into the Information Technology infrastructure of the organization consists of several computer system as well as consists of vulnerable network server since, currently the organization does not have security compliance to protect their operational assets. High Priority areas: While analyzing the IT infrastructure of the organization it is identified that there are three significant areas which requires security governance otherwise it will become very difficult for the organization to protect their data and operational activities. The identified high priority areas are listed below- ï‚·Information security-into the IT infrastructure of the organization it is very essential to implement three levels of security compliance which includes the official level, secret level and top secret level. It also requires to protect the organizational network as well (Watson et al., 2018). ï‚·Physical Security-in order to enhance the security of the organization it is also very essential to protect the systems of the organization. ï‚·Personnel security-this area has been selected with the purpose to protect the user identity. Thus, it is very essential to implement effective security compliance to protect the nominated areas. Required Control: Followed by the above identification the IT infrastructure of the organization requires to implement effective controls that will help to define an effective policy, spread security
2 IT GOVERNANCE awareness to the staffs, protect organizational system, implement multi-functional authentication, installation of anti-virus as well as implementation of IDS (Pedley et al., 2018). Required Compliance: Followed by the above identifications for the organization it is identified that adoption of EU General Data Protection Regulation and privacy regulation will help to protect the personal data of the organization with the purpose to improve the security areas of the nominated organization (Duncan and Whittington 2016). Required Standards: Followed by the above identified that in the selected IT infrastructure it will be very effective to implementNIST Cyber security Framework. One of the primary reason behind thisrecommendationistoenabletheorganizationtoanalyzethesecurityneedofthe organization as well as it will help to eliminate security threats with mitigation effective mitigation strategies (Heitzenrater and Simpson 2016).
3 IT GOVERNANCE IT policy framework: Overview: As requested by the company this framework will provide effective strategies to protect the IT infrastructure of the company. This will help to identify the vulnerabilities as well as will help to protect the IT infrastructure of the organization with technical guidelines. Purpose: The primary objective of this framework is to help the company by improving the IT security infrastructure of the organization. Scope: This framework will effectively help the organization to protect their organizational data, physical security as well as the personnel data. Policy: Remote access-will help the organization to keep the track of their IT infrastructure remotely in order to avoid the possible threats. Password Protection-will help the organization to protect the organization data with effective password protection procedure. Role based access-will help the organization to allow role base data access to its staffs which will help to avoid unwanted access of the organization data. Conclusion: After completion of this paper it can be concluded that this report has effectively analyzed the IT infrastructure of the organization and recommended effective strategies to protect the organization assets as well.
Paraphrase This Document
Need a fresh take? Get an instant paraphrase of this document with our AI Paraphraser
4 IT GOVERNANCE Reference: Duncan, R.A.K. and Whittington, M., 2016. Enhancing cloud security and privacy: the power and the weakness of the audit trail.CLOUD COMPUTING 2016. Heitzenrater, C.D. and Simpson, A.C., 2016. Policy, statistics and questions: Reflections on UK cyber security disclosures.Journal of Cybersecurity,2(1), pp.43-56. Pedley, D., McHenry, D., Motha, H. and Shah, J., 2018. Understanding the UK cyber security skills labour market.United States Sentencing Commission, Sentencing Guidelines for United States Courts, http://www. ussc. gov/FEDREG/05_04_notice. pdf. Watson, J., Ketsopoulou, I., Dodds, P., Chaudry, M., Tindemans, S., Woolf, M. and Strbac, G., 2018. The security of UK energy futures.London, UK.