Information Technology Governance Policies and Procedures of Deloitte

Verified

Added on 2020/05/28

AI Summary

This report delves into the critical aspects of Information Technology (IT) governance, focusing on policies, procedures, and risk management within the context of a Deloitte project. It begins by highlighting the significance of information security laws and regulations, emphasizing their role in protecting IT systems from attacks and unauthorized access. The report then explores the impacts of these laws and regulations on information security programs, underscoring the importance of confidentiality, integrity, and availability of information. It identifies key information security risks, including inadequate system logging, outdated information systems, and improper security regulations, and proposes policies and procedures to mitigate these risks. The report also discusses baseline controls used to measure the effectiveness of IT governance strategies and provides insights into data collection and improvement methods to enhance security procedures. The analysis is supported by references to relevant academic literature.

Running head: INFORMATION TECHNOLOGY
Information Technology (IT) Governance Policies and Procedures of Deloitte Project
Name of the Student:
Name of the University:

Paraphrase This Document

Need a fresh take? Get an instant paraphrase of this document with our AI Paraphraser

1INFORMATION TECHNOLOGY
1. Importance of information security laws and regulations
Rebollo et al., (2015) stated that regulatory as well as security laws and regulations are
important aspect of the information security which are important for the Deloitte Project. The
information security regulations are comprised of directives which would safeguard the
information technology as well as computer systems from any type of attacks or stolen. The
security professionals are expected to respect the laws as well as regulations which would govern
the use of both computers and information. If the laws and regulations are outdated, then there is
possibility of hacking of the information from any unauthorized person.
2. Impacts of information security laws and regulations on information
security program
In the age of the advanced technology, protection of the information becomes important
as protecting the property of the organization. It is the practice to protect of physical as well as
digital information from any type of unauthorized access. The purpose of the information
security program is to offer the overview of the laws and regulations, standards which make a
better IT security program of the organization. When there are perfect rules and regulations of
the organization, then only a proper information security program is conducted (Wu, Straub &
Liang, 2015). It is the responsibility of the users to make sure of confidentiality of the
information from unauthorized access, integrity along with availability of the information stored
and processed by the information system. Compliance with the applicable laws and regulations,
policies govern the information security as well as protection of privacy. The impact of
information security rules and regulations provides the management and users with detailed

2INFORMATION TECHNOLOGY
understanding of the project goals and implemented controls to secure the information assets of
the organization.
3. Information security risks with attention to the organizational,
governmental, and regulatory requirements
The risks of information security are as follows:
Inadequate system logging: The organizational team can login into the system without
the permission of authorized person. Then, the information and data are stolen by unauthorized
person and shared it with others (Thompson, Ravindran & Nicosia, 2015). Therefore, when any
unauthorized person can login into the system, there is possibility of hacking of confidential
information saved into the database of the organization.
Outdated information system: All the information system should require to be updated
on time, then the information are lost from the system. Therefore, maintenance and update of
security software are required to protect the information. Security software is required to defend
against the known threats (Hums & MacLean, 2017). Any malicious code which is of outdated
version of security will be undetected.
Improper security regulations: The organization may not follow a strict rules and
regulations of information security. Storage, sending and encryption of the data have
implications for safety. When improper regulations are taken, it results into exposure of data. It
also causes of data breaches and loss of sensitive data.

3INFORMATION TECHNOLOGY
4. Policies and procedures to address the risks
A standard approach of the risk management allows the risks to prioritize across the
operations of the business which means to control over the risks which are required to manage
the operations in the future. The policies and procedures to address the risks are as follows:
1. Equipment precautions includes of safety training and proper inspection of the
organizational equipments
2. There is requirement of detailed record which show when the equipment is used to
perform the job after it was last inspected and maintained (Bennett & Raab, 2017).
3. Screening as well as hiring of IT employees
4. Detailed records show the employees those are received training
5. Proper maintenance of ethics within the organizational workplace
5. Baseline controls used to measure effectiveness of strategy
Project baseline serves the organization about which they are going to deliver as well as
measure of the project success. It is critical to deliver the project on the schedule date along with
the budget. When the project has no plan, vision and strategies, then the project team will not be
able to deliver the client on time. The baseline documentation helps the team of the project to
organize and plan along with execute it (De Haes & Van Grembergen, 2015). Baseline controls
are required to measure if the project is handled properly and control the high risks.
6. Ways to collect data and improvement purposes
The data are collected from the company’s report on the selected area. In this paper, the
selected area is information security rules and regulations, which are required to be updated on

Paraphrase This Document

Need a fresh take? Get an instant paraphrase of this document with our AI Paraphraser

4INFORMATION TECHNOLOGY
time with strict policies and procedures on yearly basis (Wu, Straub & Liang, 2015). Each of the
organization should improve their security procedures by proper maintenance.

5INFORMATION TECHNOLOGY
References
Bennett, C. J., & Raab, C. D. (2017). The governance of privacy: Policy instruments in global
perspective. Routledge.
De Haes, S., & Van Grembergen, W. (2015). Enterprise governance of information technology:
Achieving alignment and value, featuring COBIT 5. Springer.
Hums, M. A., & MacLean, J. C. (2017). Governance and policy in sport organizations. Taylor &
Francis.
Rebollo, O., Mellado, D., Fernández-Medina, E., & Mouratidis, H. (2015). Empirical evaluation
of a cloud computing information security governance framework. Information and
Software Technology, 58, 44-57.
Thompson, N., Ravindran, R., & Nicosia, S. (2015). Government data does not mean data
governance: Lessons learned from a public sector application audit. Government
information quarterly, 32(3), 316-322.
Wu, S. P. J., Straub, D. W., & Liang, T. P. (2015). How information technology governance
mechanisms and strategic alignment influence organizational performance: Insights from
a matched survey of business and it managers. Mis Quarterly, 39(2), 497-518.