Security Awareness Program: Roles and Responsibilities for ABC Company

Verified

Added on 2022/08/30

AI Summary

This report provides a comprehensive analysis of a Security Awareness Program (SAP) for an IT company, ABC organization. It defines the roles and responsibilities of key personnel, including the Chief Information Security Officer (CISO), Information System Owner, Information Owner, Senior Agency Information Security Officer, Information System Security Officer, Security Manager, Security Technician, Security Administrator, and Security Consultant. The report outlines the company's vision and mission, emphasizing its commitment to providing secure and high-quality IT solutions. Each role's duties are thoroughly explained, from the CISO's strategic oversight to the security technician's operational tasks. The report also includes an organizational chart and references, offering a structured approach to understanding the SAP's structure and function within the company. The analysis aims to develop an effective security team to ensure extensive security controls, covering various aspects like anticipating threats, implementing preventive measures, and ensuring compliance with information security requirements. The report emphasizes the importance of a strong security team in maintaining a secure environment for the organization.

Running head: SAP-ASSIGNING ROLES AND RESPONSIBILITIES
SAP-ASSIGNING ROLES AND RESPONSIBILITIES
Name of student
Name of university
Author’s note:

Paraphrase This Document

Need a fresh take? Get an instant paraphrase of this document with our AI Paraphraser

1
Table of Contents
Description of organisation............................................................................................2
Description of role of each member...............................................................................2
Chief information security officer..............................................................................2
Information system owner..........................................................................................3
Information owner......................................................................................................3
Senior agency information security officer................................................................4
Information system security officer...........................................................................4
Security manager........................................................................................................5
Security technician.....................................................................................................5
Security administrator................................................................................................5
Security consultant.....................................................................................................5
Organisational chart.......................................................................................................6
References......................................................................................................................0

2
Description of organisation
The considered ABC organisation is an IT company that specialises providing IT
solutions to their customers. The company provides networking solutions to their customers
by establishing the most appropriate network setup in that organisation and then managing
the devices in the network efficiently. The vision of the organisation is ‘To be a premier
manager service partner for the small as well as medium business in the California area’. The
mission of the organisation is providing significantly exceptional services by efficiently
delivering secure and high quality IT systems as well as solutions that would allow the clients
with effectively meeting the business goals. This report intends to develop an effective
security team for the ABC organisation for ensuring extensive security controls in the
company.
Description of responsibility of each member
Chief information security officer
Chief Information Security Officer within ABC organisation is senior level executive
whose responsibility is the development as well as the execution of the information security
platform which includes the processes as well as the policies that are designed for protecting
the enterprise communications, assets as well as the systems from both the internal and the
threats from any external source.. CISO efficiently works in the organisation with Chief
Information Officer for procuring the cybersecurity products as well as the services. The role
of the CISO in the ABC organisation is the management of business continuity plans and the
disaster recovery plans. Rather than waiting for any kind of data breach or any security
occurrence, CISO is mainly provided with the task of anticipation of any different threats and
actively working on implementing the preventive measures of the breaches. CISO should
function with the other executives through the various departments for ensuring the proper

3
working of the security systems for reducing the operational risks of the organisation in the
situation of any security attacks (Maynard, Onibere & Ahmad, 2018). The duties of the CISO
in the ABC organisation includes conducting the security awareness training of the
employees, development of secure business as well as the communication practices,
identification of security metrics as well as objectives as well as purchasing various security
goods from the merchants.
Information system owner
Information system owner could be considered as the official of the organisation who
are accountable for obtaining, combination, creation, action, alteration, removal as well as the
maintenance of the information system in the organisation (Tonelli et al., 2018). System
owner is the crucial contributor in the development of specifications of the system design for
ensuring the documentation, testing as well as the implementation of the user and security
operational requirements. The role of the Information system owner within the company is
addressing all the operational benefits in user community and to ensure the compliance with
the requirements of information security. Along with proper compliance with information
system security officer, the information system owner has been considered as mainly
accountable for development as well as the maintenance of security plan as well as ensure the
deployment and operation of security plan in proper accordance with pre-determined security
controls. Along with gaining proper guidance from authorising official, information system
owner efficiently notifies the suitable officials of the organisation of all the requirement of
conducting security authorisation, ensuring the availability of proper resources for effort as
well as provide the needed access, documentation as well as information to information
system. The results of the security assessment is gained by information system owner from
security control assessor.

Paraphrase This Document

Need a fresh take? Get an instant paraphrase of this document with our AI Paraphraser

4
Information owner
Information owner are the officials of organisations with the management, statutory or
the operational authority to any particular information and they are mainly responsible for
establishment of procedures as well as policies that are governing the production, collection,
dissemination, processing as well as the disposal of particular information (Cavka, Staub-
French & Poirier, 2017). In the ABC organisation, information owner is mainly accountable
for te establishment of rule for the appropriate utilisation as well as the protection of subject
information as well as retain the responsibility when the sharing of information is done with
other organisations. The information owners offers required input to the IT as well as ICS
owners regarding the requirements as well as controls of cybersecurity for systems any
information is stored, processed as well as transmitted.
Senior agency information security officer
Senior Agency Information Security Officer has been referred as the individual in the
ABC organisation who offers the organisation wide procedures for SecCM, participates or
manages the Configuration Control Board as well as provides the technical staff with analysis
of security impact (Rosiek, 2018). Senior Agency Information Security Officer is also
accountable with executing the responsibilities of Chief Information Officer in the ABC
organisation.
Information system security officer
Information system security officer have responsibility of establishing as well as
enforcing the security policies for protecting the computer infrastructure, data and the
network of the organisation (Crespo-Martinez, 2019). The Information system security
officer shows the vital role in offering the required protection to the organisation due to the
fact that any breach of information security could lead in the disruption of business, loss of

5
significantly confidential or even commercially delicate data as well as the financial loss. The
Information system security officer of ABC organisation has the responsibility of assessing
the infrastructure as well as the data for identifying the vulnerabilities that are caused because
of the flaws or weaknesses in the hardware and software, which could expose organisation
infrastructure to high-level security breach.
Security manager
The security manager of ABC organisation is answerable for the monitoring of
security operations for the organisation. The security policies, rules, regulations would be
implemented by the Security manager and ensure that environment within the organisation is
significantly safe for the visitors as well as the employers (Simpson, Roesner & Kohno,
2017). The main duty of the Security manager in ABC organisation is checking as well as
monitoring access control of the people who could be visiting company.
Security technician
The security technician in the ABC organisation establishes the access to system by
efficiently supplying the IDs, training the client on construction as well as the usage of
password. They are accountable for documenting the access by executing the logging, filing
requests, sorting as well as counting (Holder & Cárdenas, 2018). The access to the system of
the organisation is monitored by the Security technician by monitoring the ID status as well
as verifying the identity of owners.
Security administrator
The security administrator in the ABC organisation is mainly responsible for
administration of security policies and the practices of information as well as the data of the
organisation for ensuring the instant access to the required information to the authorised
users. The Security administrator is also responsible for protection of the information of the

6
organisation in the terms of integrity, confidentiality as well as the availability (Kholis,
Ratnawati & Farida, 2018).
Security consultant
The security consultant of ABC organisation mainly works as the advisor as well as
the supervisor for all the security measures required for effectively protecting the assets of the
company. The security consultants utilises their knowledge as well as the expertise for
assessing the probable security breaches as well as the security threats for preventing as well
as creating the required contingency plans and protocols for the situations when the violations
occurs (Taylor, 2017). The security consultants mainly works as the part of ABC
organisation. The computer systems, networks as well as the software of the organisation is
assessed by the IT consultants for any kind of vulnerabilities and then appropriate designing
and implementing the most appropriate security solutions for the needs of the organisation.
Organisational chart
CEO
(David smith)
CFO
(Davy Jones)
Controller
(Joseph V. Pascua)
COO
(Linda smith)
Director of
operations
(David G. Martinez)
Director of
production
(Mildred A.
Martinez)
Marketing VP
(Andrews Bing)
Search marketing
manager
(Bobby D. Hicks)
Web master
(Darren K. Ireland)
Email marketing
manager
(Mabel W. Leak)
Engineering VP
(Donald T. Johnston)
Programmer
(Leon C. Ames)
Programmer
(John B. Carlson)
VP of IT
(Hugh K. Moore)
Sales VP
(Cheryl G. Alvarado)
Account executive
(Gloria A. Osborn)

Paraphrase This Document

Need a fresh take? Get an instant paraphrase of this document with our AI Paraphraser

Running head: SAP-ASSIGNING ROLES AND RESPONSIBILITIES
References
Cavka, H. B., Staub-French, S., & Poirier, E. A. (2017). Developing owner information
requirements for BIM-enabled project delivery and asset management. Automation in
construction, 83, 169-183.
Crespo-Martinez, P. E. (2019, July). Selecting the Business Information Security Officer with
ECU@ Risk and the Critical Role Model. In International Conference on Applied
Human Factors and Ergonomics (pp. 368-377). Springer, Cham.
Holder, L., & Cárdenas, J. (2018). Strategic Concepts for Training in Integrated Defence of
Peace and Security in Cyberspace. In Risks, Violence, Security and Peace in Latin
America (pp. 85-97). Springer, Cham.
Kholis, N., Ratnawati, A., & Farida, Y. N. (2018). CUSTOMER SATISFACTION ON THE
PERFORMANCE OF SOCIAL SECURITY ADMINISTRATOR (BPJS) HEALTH
IN CENTRAL JAVA, INDONESIA. International Journal of Organizational
Innovation (Online), 10(4), 150-165.
Maynard, S. B., Onibere, M., & Ahmad, A. (2018). Defining the Strategic Role of the Chief
Information Security Officer. Pacific Asia Journal of the Association for Information
Systems, 10(3).
Rosiek, T. (2018). Chief Information Security Officer best practices for 2018: Proactive
cyber security. Cyber Security: A Peer-Reviewed Journal, 1(4), 361-367.
Simpson, A. K., Roesner, F., & Kohno, T. (2017, March). Securing vulnerable home IoT
devices with an in-hub security manager. In 2017 IEEE International Conference on
Pervasive Computing and Communications Workshops (PerCom Workshops) (pp.
551-556). IEEE.

1
Taylor, E. (2017). ‘I should have been a security consultant’: The Good Lives Model and
residential burglars. European Journal of Criminology, 14(4), 434-450.
Tonelli, D., Verzobio, A., Bolognani, D., Cappello, C., Glisic, B., Zonta, D., & Quigley, J.
(2018, March). The conditional value of information of SHM: what if the manager is
not the owner?. In Health Monitoring of Structural and Biological Systems XII (Vol.
10600, p. 106002D). International Society for Optics and Photonics.