Information System Management and Strategy at VSpace Tours CISO
VerifiedAdded on 2023/06/03
|10
|2338
|98
Report
AI Summary
This report addresses the critical need for an Information Security Program Manager at VSpace Tours, arguing that the CISO cannot effectively handle all security operations alone. The Information Security Program Manager would oversee cybersecurity protection, detection, response, and recovery, manage systems like firewalls and data leakage protection, evaluate vendor risks, and ensure policy compliance. The report also outlines mandatory security requirements for recruiting this role, in compliance with the Australian Protective Security Policy Framework, including identity, eligibility to work, employment and residential history, referee, police, credit, and qualification checks. Finally, it details the selection criteria for the position, emphasizing education, professional qualifications, and essential functions such as physical requirements, work environment considerations, and necessary equipment proficiency. Desklib provides a platform to explore similar documents and solved assignments for students.
Running head: INFORMATION SYSTEM MANAGEMENT
Information system management and Strategy
Name of Student:
Name of College:
Authors Note:
1
Information system management and Strategy
Name of Student:
Name of College:
Authors Note:
1
Paraphrase This Document
Need a fresh take? Get an instant paraphrase of this document with our AI Paraphraser
INFORMATION SYSTEM MANAGEMENT
Contents
Topic 1.............................................................................................................................................2
Topic 2.............................................................................................................................................3
Topic 3.............................................................................................................................................5
References........................................................................................................................................7
2
Contents
Topic 1.............................................................................................................................................2
Topic 2.............................................................................................................................................3
Topic 3.............................................................................................................................................5
References........................................................................................................................................7
2
INFORMATION SYSTEM MANAGEMENT
Topic 1
It is very important for the board of directors of VSpace Tours of having a dedicated Information
Security Program Manager Position in the organization as it is alone not possible for the Chief
Information Security Officer of the company to handle all security related operations of the
company. As opined by Hwang and Choi (2017) the Information Security Program Manager will
assist the Chief Information Security Manager regarding the management of all information
system security of the company. The Information Security Program Manager of the company
will serve as the expert on cybersecurity protection, detection, response and recovery.
As stated by Cao and Pan (2014) the Information Security Program Manager of the company
will be expected to play the role of a technical security manager in the organization who will be
typically in charge of the system and the teams who manages those systems. The Information
Security Program Manager will be entrusted with the responsibility of looking after the firewall,
data leakage protection system, encryption, vulnerability, data leakage protection system,
international business system and pen testing.
According to Muhammad Siddique Ansari (2016) the Information Security Program Manager
will be also playing the role of a program security manager who will be responsible for
evaluation of risks associated with various vendors, analysing the contracts of the vendors,
analysing the terms of service of various vendors, helping various teams of the company to
understand the risks which are associated with third party and helping them understand the
importance of data privacy in the absence of the Chief Information Security Officer.
As stated by Cecez-Kecmanovic, Kautz and Abrahall (2014) it is very important from the point
of view of the company to have a dedicated Information Security Program Manager who will
responsible in monitoring internal and external policy compliance in the company so as to ensure
that both the vendors and the employees of the company are working within the framework of a
policy which was agreed upon. The Information Security Program Manager will be responsible
for monitoring regulation compliance as it is very important for the company to ensure that they
follow all the regulatory frameworks in a regulated business environment.
3
Topic 1
It is very important for the board of directors of VSpace Tours of having a dedicated Information
Security Program Manager Position in the organization as it is alone not possible for the Chief
Information Security Officer of the company to handle all security related operations of the
company. As opined by Hwang and Choi (2017) the Information Security Program Manager will
assist the Chief Information Security Manager regarding the management of all information
system security of the company. The Information Security Program Manager of the company
will serve as the expert on cybersecurity protection, detection, response and recovery.
As stated by Cao and Pan (2014) the Information Security Program Manager of the company
will be expected to play the role of a technical security manager in the organization who will be
typically in charge of the system and the teams who manages those systems. The Information
Security Program Manager will be entrusted with the responsibility of looking after the firewall,
data leakage protection system, encryption, vulnerability, data leakage protection system,
international business system and pen testing.
According to Muhammad Siddique Ansari (2016) the Information Security Program Manager
will be also playing the role of a program security manager who will be responsible for
evaluation of risks associated with various vendors, analysing the contracts of the vendors,
analysing the terms of service of various vendors, helping various teams of the company to
understand the risks which are associated with third party and helping them understand the
importance of data privacy in the absence of the Chief Information Security Officer.
As stated by Cecez-Kecmanovic, Kautz and Abrahall (2014) it is very important from the point
of view of the company to have a dedicated Information Security Program Manager who will
responsible in monitoring internal and external policy compliance in the company so as to ensure
that both the vendors and the employees of the company are working within the framework of a
policy which was agreed upon. The Information Security Program Manager will be responsible
for monitoring regulation compliance as it is very important for the company to ensure that they
follow all the regulatory frameworks in a regulated business environment.
3
⊘ This is a preview!⊘
Do you want full access?
Subscribe today to unlock all pages.
Trusted by 1+ million students worldwide
INFORMATION SYSTEM MANAGEMENT
Also it is also not advisable for the company to keep a single individual in charge in the form of
a CISO, who will be responsible for performing all information security roles ranging from
planning to implementation of new policies, measures and technologies in the company. As
stated by Lee, Park and Lee (2015) therefore the appointment of an Information Security
Program Manager in the organization will help in reducing the burden of the CISO which will
enable him to plan better policies and the entire responsibility of implementing such policy,
measures or technologies will be vested on the Information Security Program Manager recruited
by the company.
As opined by Mccarthy, O’raghallaigh, Fitzgerald and Adam (2018) it remains the responsibility
of the CISO of the company to document and develop a security incident response program in
order to ensure that a plan of action is in place if any incident of security breach takes place in
the company but it is the responsibility of the Information Security Program Manager of the
company to ensure that the security incident response plan is thoroughly tested and every high
level manager of the company is aware about the own responsibilities during such incident.
Therefore it is very important for the company to appoint an Information Security Program
Manager in the company to assist the CISO in ensuring top level information technology
security.
Topic 2
There are various mandatory requirements which will be checked for the recruiting role of
Information Security Program Manager in VSpace Tours in order to comply with the Protective
Security Policy Framework imposed by the Australian federal government. According to Dages,
Zimmer and Jones (2017. in order to recruit an Information Security Program Manager in
VSpace Tours the company needs to fulfil the core requirements and supporting requirement
guidelines imposed by the Protective Security Policy Framework. The following security checks
are needed to be conducted by VSpace Tours in order to comply with the PSPF framework and
recruit candidates in the company.
Identity Check- An identity check helps in establishing confidence regarding an
individual’s identity and provides the company with a level of assurance about the
prospective employee.
4
Also it is also not advisable for the company to keep a single individual in charge in the form of
a CISO, who will be responsible for performing all information security roles ranging from
planning to implementation of new policies, measures and technologies in the company. As
stated by Lee, Park and Lee (2015) therefore the appointment of an Information Security
Program Manager in the organization will help in reducing the burden of the CISO which will
enable him to plan better policies and the entire responsibility of implementing such policy,
measures or technologies will be vested on the Information Security Program Manager recruited
by the company.
As opined by Mccarthy, O’raghallaigh, Fitzgerald and Adam (2018) it remains the responsibility
of the CISO of the company to document and develop a security incident response program in
order to ensure that a plan of action is in place if any incident of security breach takes place in
the company but it is the responsibility of the Information Security Program Manager of the
company to ensure that the security incident response plan is thoroughly tested and every high
level manager of the company is aware about the own responsibilities during such incident.
Therefore it is very important for the company to appoint an Information Security Program
Manager in the company to assist the CISO in ensuring top level information technology
security.
Topic 2
There are various mandatory requirements which will be checked for the recruiting role of
Information Security Program Manager in VSpace Tours in order to comply with the Protective
Security Policy Framework imposed by the Australian federal government. According to Dages,
Zimmer and Jones (2017. in order to recruit an Information Security Program Manager in
VSpace Tours the company needs to fulfil the core requirements and supporting requirement
guidelines imposed by the Protective Security Policy Framework. The following security checks
are needed to be conducted by VSpace Tours in order to comply with the PSPF framework and
recruit candidates in the company.
Identity Check- An identity check helps in establishing confidence regarding an
individual’s identity and provides the company with a level of assurance about the
prospective employee.
4
Paraphrase This Document
Need a fresh take? Get an instant paraphrase of this document with our AI Paraphraser
INFORMATION SYSTEM MANAGEMENT
Eligibility to Work in Australia- This security check helps in conforming whether an
individual is eligible to work in Australia. This security check requires conformation that
the prospective employee holds an Australian citizenship and in case he does not it is
necessary to confirm that the individual holds a valid work visa to work in Australia.
Employment History Check- The employment history check helps in checking and
identifying if there are un-explained gaps anomalies in the employment record of the
prospective employee.
Residential History Check- The residential history check helps in substantiating the
identity of a prospective employee in the community and it is required for all interested
employees provide evidence of their current permanent residential address.
Referee Check- A referee check helps the company in engaging individuals of the
appropriate quality, suitability and integrity.
National Police check- According to Marshall, Milligan-Saville, Mitchell, Bryant and
Harvey (2017) the National police check helps involves processing of an individual
biographic details in order to determine whether the detail of the individual matches with
any other individual who may have past criminal convictions. It is also known as criminal
history or police record check.
Credit History Check- The credit history check helps in analysing whether a prospective
employee has a financial default history or is in a financial unstable situation or there re
question regarding the financial health of the prospective employee.
Qualification check- The qualification check helps in verifying the qualifications of a
prospective employee with the issuing authority of the qualifications.
Conflict of interest check- According to Stroup (2014) the conflict of interest check helps
in identifying various conflicts, both real and perceived regarding the employment of the
individual and their private, professional business interests that could influence the
performance of their official duties in a negative manner and thus their ability to
safeguard the resources of the Australian Government.
Entity Specific checks- The entity specific checks helps companies to mitigate various
types of security risks which are not addressed by the above mentioned security checks
by undertaking additional checks based on the individual.
5
Eligibility to Work in Australia- This security check helps in conforming whether an
individual is eligible to work in Australia. This security check requires conformation that
the prospective employee holds an Australian citizenship and in case he does not it is
necessary to confirm that the individual holds a valid work visa to work in Australia.
Employment History Check- The employment history check helps in checking and
identifying if there are un-explained gaps anomalies in the employment record of the
prospective employee.
Residential History Check- The residential history check helps in substantiating the
identity of a prospective employee in the community and it is required for all interested
employees provide evidence of their current permanent residential address.
Referee Check- A referee check helps the company in engaging individuals of the
appropriate quality, suitability and integrity.
National Police check- According to Marshall, Milligan-Saville, Mitchell, Bryant and
Harvey (2017) the National police check helps involves processing of an individual
biographic details in order to determine whether the detail of the individual matches with
any other individual who may have past criminal convictions. It is also known as criminal
history or police record check.
Credit History Check- The credit history check helps in analysing whether a prospective
employee has a financial default history or is in a financial unstable situation or there re
question regarding the financial health of the prospective employee.
Qualification check- The qualification check helps in verifying the qualifications of a
prospective employee with the issuing authority of the qualifications.
Conflict of interest check- According to Stroup (2014) the conflict of interest check helps
in identifying various conflicts, both real and perceived regarding the employment of the
individual and their private, professional business interests that could influence the
performance of their official duties in a negative manner and thus their ability to
safeguard the resources of the Australian Government.
Entity Specific checks- The entity specific checks helps companies to mitigate various
types of security risks which are not addressed by the above mentioned security checks
by undertaking additional checks based on the individual.
5
INFORMATION SYSTEM MANAGEMENT
6
6
⊘ This is a preview!⊘
Do you want full access?
Subscribe today to unlock all pages.
Trusted by 1+ million students worldwide
INFORMATION SYSTEM MANAGEMENT
Topic 3
The selection criteria for the recruiting role in Information Security Program Manager are as
follows:
Education and Professional qualifications:
Bachelor of Science in computer engineering, electrical engineering, computer science or
in a closely related IT or other cyber security discipline.
In depth-knowledge of Knowledge of practical applications of engineering science and
technology to different security related designs and systems implementations.
Designing and maintenance of large and complex networks such as WAN and LAN and
of other associated hosts.
Development of future cyber defence architecture programs.
Active SCI/TS with Poly.
As stated by Zafar, Ko and Osei-bryson (2016) system development lifecycle, program
management and process methodology which are related to areas such as governance,
engineering, management and operations with sound experience in supporting different
project activities at operations and engineering review boards.
According to Karanja and Rosso (2017) minimum of 6 years’ of progressively
responsible experience in security and risk management, asset security, security
engineering, network and communication security, access and identity management,
security operations, security assessment and testing and software development security
including experience in IC and hands on experience with the requirements of ICD 503
and other related risk management framework requirements.
Desired Requirement:
Sound knowledge of and hands on experience with the Program Management Framework
of different clients.
Sound knowledge of the legal aspects which are associated with the above mentioned
activities such as knowledge of the various regulatory and legal frameworks of the
7
Topic 3
The selection criteria for the recruiting role in Information Security Program Manager are as
follows:
Education and Professional qualifications:
Bachelor of Science in computer engineering, electrical engineering, computer science or
in a closely related IT or other cyber security discipline.
In depth-knowledge of Knowledge of practical applications of engineering science and
technology to different security related designs and systems implementations.
Designing and maintenance of large and complex networks such as WAN and LAN and
of other associated hosts.
Development of future cyber defence architecture programs.
Active SCI/TS with Poly.
As stated by Zafar, Ko and Osei-bryson (2016) system development lifecycle, program
management and process methodology which are related to areas such as governance,
engineering, management and operations with sound experience in supporting different
project activities at operations and engineering review boards.
According to Karanja and Rosso (2017) minimum of 6 years’ of progressively
responsible experience in security and risk management, asset security, security
engineering, network and communication security, access and identity management,
security operations, security assessment and testing and software development security
including experience in IC and hands on experience with the requirements of ICD 503
and other related risk management framework requirements.
Desired Requirement:
Sound knowledge of and hands on experience with the Program Management Framework
of different clients.
Sound knowledge of the legal aspects which are associated with the above mentioned
activities such as knowledge of the various regulatory and legal frameworks of the
7
Paraphrase This Document
Need a fresh take? Get an instant paraphrase of this document with our AI Paraphraser
INFORMATION SYSTEM MANAGEMENT
government of Australia such as The Electronics Transactions Act 1999. Electronic
Transactions Regulations 2000, Privacy Amendment Bill 2016 and the Privacy Act 1988.
Essential Functions:
Physical Requirement- The job position involves extended periods of sitting and standing and the
physical requirements of the job role includes sitting, walking, standing and access to remote
structures.
Work Environment- The individual must be ready to travel to other work areas and follow the
necessary safety requirements for those areas besides working in various locations of the
company. The individuals must complete their work in safe manner which abides by the safety
standards of the company.
Equipment and Machines- Computer work is must for every individual. Besides computer
systems, the individuals must have hands on experience in working with scientific calculators,
printers, fax machines, scanners, telephone and filing cabinets.
Attendance- Attendance and punctuality is a vital requirement of the company from the
individuals and at times overtimes may be required.
Other Essential Function- As opined by Marks (2016) the interested individuals must be able to
communicate in an effective manner with all levels of the organization and must be able to
embrace change in the organization. The individual must work under pressure in order to meet
the deadline requirements of the company and must not possess a safety risk or hazard to other
employees of the company.
8
government of Australia such as The Electronics Transactions Act 1999. Electronic
Transactions Regulations 2000, Privacy Amendment Bill 2016 and the Privacy Act 1988.
Essential Functions:
Physical Requirement- The job position involves extended periods of sitting and standing and the
physical requirements of the job role includes sitting, walking, standing and access to remote
structures.
Work Environment- The individual must be ready to travel to other work areas and follow the
necessary safety requirements for those areas besides working in various locations of the
company. The individuals must complete their work in safe manner which abides by the safety
standards of the company.
Equipment and Machines- Computer work is must for every individual. Besides computer
systems, the individuals must have hands on experience in working with scientific calculators,
printers, fax machines, scanners, telephone and filing cabinets.
Attendance- Attendance and punctuality is a vital requirement of the company from the
individuals and at times overtimes may be required.
Other Essential Function- As opined by Marks (2016) the interested individuals must be able to
communicate in an effective manner with all levels of the organization and must be able to
embrace change in the organization. The individual must work under pressure in order to meet
the deadline requirements of the company and must not possess a safety risk or hazard to other
employees of the company.
8
INFORMATION SYSTEM MANAGEMENT
References
Cao, Y., and Pan, J. (2014). The Study of Network Information System Security Strategy Based
on Trusted Cloud Computing. Applied Mechanics and Materials, [Online] 571-572, 400–403.
Available: doi:10.4028/www.scientific.net/AMM.571-572.400 Accessed as on 2/10/2018
Cecez-Kecmanovic, D., Kautz, K., and Abrahall, R. (2014). Reframing Success and Failure of
Information Systems: A Performative Perspective. MIS Quarterly, [Online] 38(2), 561–588.
Available: doi:10.25300/MISQ/2014/38.2.11 Accessed as on 2/10/2018
Dages, K., Zimmer, S., and Jones, J. (2017). Pre‐employment risk screening: Comparability of
integrity assessment technology platforms. International Journal of Selection and
Assessment, [Online] 25(4), 390–400. Available: doi:10.1111/ijsa.12193 Accessed as on
2/10/2018
Hwang, K., and Choi, M. (2017). Effects of innovation-supportive culture and organizational
citizenship behavior on e-government information system security stemming from mimetic
isomorphism. Government Information Quarterly, [Online] 34(2), 183–198. Available:
doi:10.1016/j.giq.2017.02.001 Accessed as on 2/10/2018
Karanja, E., and Rosso, M. A. (2017). THE CHIEF INFORMATION SECURITY OFFICER:
AN EXPLORATORY STUDY. Journal of International Technology and Information
Management, [Online] 26(2), 23-47. Available at- doi: 10.1108/ICS-02-2016-0013Accessed as
on 2/10/2018
Lee, J., Park, J., andLee, S. (2015). Raising team social capital with knowledge and
communication in information systems development projects. International Journal of Project
Management, [Online] 33(4), 797–807. Available at doi:10.1016/j.ijproman.2014.12.001
Accessed as on 2/10/2018
Marks, M. (2016). Strategic challenges for chief information officers: How IT aligns with
business strategy (Order No. 10256371). Business Premium Collection. [Online] Available at-
https://search.proquest.com/docview/1880572821?accountid=30552Accessed as on 2/10/2018
9
References
Cao, Y., and Pan, J. (2014). The Study of Network Information System Security Strategy Based
on Trusted Cloud Computing. Applied Mechanics and Materials, [Online] 571-572, 400–403.
Available: doi:10.4028/www.scientific.net/AMM.571-572.400 Accessed as on 2/10/2018
Cecez-Kecmanovic, D., Kautz, K., and Abrahall, R. (2014). Reframing Success and Failure of
Information Systems: A Performative Perspective. MIS Quarterly, [Online] 38(2), 561–588.
Available: doi:10.25300/MISQ/2014/38.2.11 Accessed as on 2/10/2018
Dages, K., Zimmer, S., and Jones, J. (2017). Pre‐employment risk screening: Comparability of
integrity assessment technology platforms. International Journal of Selection and
Assessment, [Online] 25(4), 390–400. Available: doi:10.1111/ijsa.12193 Accessed as on
2/10/2018
Hwang, K., and Choi, M. (2017). Effects of innovation-supportive culture and organizational
citizenship behavior on e-government information system security stemming from mimetic
isomorphism. Government Information Quarterly, [Online] 34(2), 183–198. Available:
doi:10.1016/j.giq.2017.02.001 Accessed as on 2/10/2018
Karanja, E., and Rosso, M. A. (2017). THE CHIEF INFORMATION SECURITY OFFICER:
AN EXPLORATORY STUDY. Journal of International Technology and Information
Management, [Online] 26(2), 23-47. Available at- doi: 10.1108/ICS-02-2016-0013Accessed as
on 2/10/2018
Lee, J., Park, J., andLee, S. (2015). Raising team social capital with knowledge and
communication in information systems development projects. International Journal of Project
Management, [Online] 33(4), 797–807. Available at doi:10.1016/j.ijproman.2014.12.001
Accessed as on 2/10/2018
Marks, M. (2016). Strategic challenges for chief information officers: How IT aligns with
business strategy (Order No. 10256371). Business Premium Collection. [Online] Available at-
https://search.proquest.com/docview/1880572821?accountid=30552Accessed as on 2/10/2018
9
⊘ This is a preview!⊘
Do you want full access?
Subscribe today to unlock all pages.
Trusted by 1+ million students worldwide
INFORMATION SYSTEM MANAGEMENT
Marshall, R., Milligan-Saville, J., Mitchell, P., Bryant, R., and Harvey, S. (2017). A systematic
review of the usefulness of pre-employment and pre-duty screening in predicting mental health
outcomes amongst emergency workers. Psychiatry Research, [Online] 253, 129–137. Available
at doi:10.1016/j.psychres.2017.03.047Accessed as on 2/10/2018
Mccarthy, S., O’raghallaigh, P., Fitzgerald, C., and Adam, F. (2018).Social complexity and team
cohesion in multiparty information systems development projects. Journal of Decision
Systems, [Online] 27, 18–31. Available at doi:10.1080/12460125.2018.1462992 Accessed as on
2/10/2018
Muhammad Siddique Ansari. (2016). INFORMATION SYSTEM SECURITY (CYBER
SECURITY). Jurnal Informatika, [Online] 2(1). Available
at-https://doaj.org/article/66b5d379420242cfa06bdef19b1ffa91Accessed as on 2/10/2018
Stroup, J. W. (2014). The current mind-set of federal information security decision-makers on
the value of governance: An informative study (Order No. 3611414). Business Premium
Collection. [Online] Available at- https://search.proquest.com/docview/1501935215?
accountid=30552Accessed as on 2/10/2018
Zafar, H., Ko, M. S., andOsei-bryson, K. (2016). The value of the CIO in the top management
team on performance in the case of information security breaches. Information Systems
Frontiers, [Online] 18(6), 1205-1215. Available at- doi: http://dx.doi.org/10.1007/s10796-015-
9562-5 Accessed as on 2/10/2018
10
Marshall, R., Milligan-Saville, J., Mitchell, P., Bryant, R., and Harvey, S. (2017). A systematic
review of the usefulness of pre-employment and pre-duty screening in predicting mental health
outcomes amongst emergency workers. Psychiatry Research, [Online] 253, 129–137. Available
at doi:10.1016/j.psychres.2017.03.047Accessed as on 2/10/2018
Mccarthy, S., O’raghallaigh, P., Fitzgerald, C., and Adam, F. (2018).Social complexity and team
cohesion in multiparty information systems development projects. Journal of Decision
Systems, [Online] 27, 18–31. Available at doi:10.1080/12460125.2018.1462992 Accessed as on
2/10/2018
Muhammad Siddique Ansari. (2016). INFORMATION SYSTEM SECURITY (CYBER
SECURITY). Jurnal Informatika, [Online] 2(1). Available
at-https://doaj.org/article/66b5d379420242cfa06bdef19b1ffa91Accessed as on 2/10/2018
Stroup, J. W. (2014). The current mind-set of federal information security decision-makers on
the value of governance: An informative study (Order No. 3611414). Business Premium
Collection. [Online] Available at- https://search.proquest.com/docview/1501935215?
accountid=30552Accessed as on 2/10/2018
Zafar, H., Ko, M. S., andOsei-bryson, K. (2016). The value of the CIO in the top management
team on performance in the case of information security breaches. Information Systems
Frontiers, [Online] 18(6), 1205-1215. Available at- doi: http://dx.doi.org/10.1007/s10796-015-
9562-5 Accessed as on 2/10/2018
10
1 out of 10
Related Documents
Your All-in-One AI-Powered Toolkit for Academic Success.
+13062052269
info@desklib.com
Available 24*7 on WhatsApp / Email
![[object Object]](/_next/static/media/star-bottom.7253800d.svg)
Unlock your academic potential
Copyright © 2020–2025 A2Z Services. All Rights Reserved. Developed and managed by ZUCOL.