IT Governance Report: Security Policy Framework and Compliance

Verified

Added on 2022/08/31

AI Summary

This report provides an analysis of an organization's IT infrastructure, identifying critical areas requiring security governance. It highlights three high-priority areas: information security, physical security, and personnel security. The report recommends implementing controls such as multi-functional authentication, anti-virus software, and intrusion detection systems. It also suggests adopting EU General Data Protection Regulation and the NIST Cybersecurity Framework to enhance security. The IT policy framework outlined includes remote access management, password protection, and role-based access control to protect organizational data. The report concludes with recommendations for strengthening the organization's IT infrastructure and protecting its assets.

Running head: REPORT ON IT GOVERNANCE
REPORT
ON
IT GOVERNANCE
Name of the Student
Name of the university
Author Note:

Secure Best Marks with AI Grader

Need help grading? Try our AI Grader for instant feedback on your assignments.

1
IT GOVERNANCE
Introduction:
The purpose of this report is to discuss and implement security governance policy of into
the Information Technology infrastructure of the organization consists of several computer
system as well as consists of vulnerable network server since, currently the organization does not
have security compliance to protect their operational assets.
High Priority areas:
While analyzing the IT infrastructure of the organization it is identified that there are
three significant areas which requires security governance otherwise it will become very difficult
for the organization to protect their data and operational activities. The identified high priority
areas are listed below-
 Information security- into the IT infrastructure of the organization it is very essential to
implement three levels of security compliance which includes the official level, secret
level and top secret level. It also requires to protect the organizational network as well
(Watson et al., 2018).
 Physical Security- in order to enhance the security of the organization it is also very
essential to protect the systems of the organization.
 Personnel security- this area has been selected with the purpose to protect the user
identity. Thus, it is very essential to implement effective security compliance to protect
the nominated areas.
Required Control:
Followed by the above identification the IT infrastructure of the organization requires to
implement effective controls that will help to define an effective policy, spread security

2
IT GOVERNANCE
awareness to the staffs, protect organizational system, implement multi-functional authentication,
installation of anti-virus as well as implementation of IDS (Pedley et al., 2018).
Required Compliance:
Followed by the above identifications for the organization it is identified that adoption of
EU General Data Protection Regulation and privacy regulation will help to protect the personal
data of the organization with the purpose to improve the security areas of the nominated
organization (Duncan and Whittington 2016).
Required Standards:
Followed by the above identified that in the selected IT infrastructure it will be very
effective to implement NIST Cyber security Framework. One of the primary reason behind
this recommendation is to enable the organization to analyze the security need of the
organization as well as it will help to eliminate security threats with mitigation effective
mitigation strategies (Heitzenrater and Simpson 2016).

3
IT GOVERNANCE
IT policy framework:
Overview:
As requested by the company this framework will provide effective strategies to protect the IT
infrastructure of the company. This will help to identify the vulnerabilities as well as will help
to protect the IT infrastructure of the organization with technical guidelines.
Purpose:
The primary objective of this framework is to help the company by improving the IT security
infrastructure of the organization.
Scope:
This framework will effectively help the organization to protect their organizational data,
physical security as well as the personnel data.
Policy:
Remote access- will help the organization to keep the track of their IT infrastructure remotely
in order to avoid the possible threats.
Password Protection- will help the organization to protect the organization data with
effective password protection procedure.
Role based access- will help the organization to allow role base data access to its staffs which
will help to avoid unwanted access of the organization data.
Conclusion:
After completion of this paper it can be concluded that this report has effectively
analyzed the IT infrastructure of the organization and recommended effective strategies to
protect the organization assets as well.

Secure Best Marks with AI Grader

Need help grading? Try our AI Grader for instant feedback on your assignments.

4
IT GOVERNANCE
Reference:
Duncan, R.A.K. and Whittington, M., 2016. Enhancing cloud security and privacy: the power
and the weakness of the audit trail. CLOUD COMPUTING 2016.
Heitzenrater, C.D. and Simpson, A.C., 2016. Policy, statistics and questions: Reflections on UK
cyber security disclosures. Journal of Cybersecurity, 2(1), pp.43-56.
Pedley, D., McHenry, D., Motha, H. and Shah, J., 2018. Understanding the UK cyber security
skills labour market. United States Sentencing Commission, Sentencing Guidelines for United
States Courts, http://www. ussc. gov/FEDREG/05_04_notice. pdf.
Watson, J., Ketsopoulou, I., Dodds, P., Chaudry, M., Tindemans, S., Woolf, M. and Strbac, G.,
2018. The security of UK energy futures. London, UK.