Developing Comprehensive Organizational Security Strategy Report

Verified

Added on 2022/10/11

AI Summary

This report delves into the crucial aspects of IT security, information assurance, and risk management within an organizational context. It begins by defining IT security and its importance in preventing threats and protecting sensitive data, referencing the impact of breaches, such as the one experienced by Marriott International. The report then explores information assurance and risk management as interconnected processes for managing risks associated with information and technology. It emphasizes the need for robust security strategies, including security metrics, to measure and improve security posture. The report highlights the development of strategic security metrics, the importance of information assurance in safeguarding customer data, and the development of organizational strategies for information assurance. The report also addresses security gaps and provides a critical evaluation of the effectiveness of the strategy through the correct metrics. The report concludes by emphasizing the importance of strategic planning in companies and presents a critical evaluation of security gaps faced by Marriott International and the strategy to deal with cyber-attacks.

ORGANIZATIONAL AND
INFORMATIONAL
STRATEGY
INFORMATION ASSURANCE AND RISK MANAGEMENT IN ORGANIZATION

Paraphrase This Document

Need a fresh take? Get an instant paraphrase of this document with our AI Paraphraser

INTRODUCTION
• IT security refers to the prevention of potentially existing
threats which have a great impact upon the working of an
organization (Ahmad, Maynard & Park, 2014).
• Breach within a system of the organization can lead to the
leak of delicate information for the Marriot International’s
customers.
• A variety of ransom ware along with the likes of spyware
impact a lot of the users as well as the business (Peltier,
2016).

INFORMATION ASSURANCE
AND RISK MANAGEMENT
• Information security along with the inclusion of risk
management are referred to as the related processes of
managing the risks associated with the utilization of
information as well as technology (Cardona, 2013).
• This procedure involves the identification and treating of the
risk which is related to the cyber risk.

INFORMATION ASSURANCE
AND RISK MANAGEMENT
STRATEGY
• Security related rules and regulations should be considered
for guests having valuable amenities along.
• Billing system of the Marriot International should be secure
enough not to let customer information let out (Cherdantseva
& Hilton, 2013).
• Cyber security professionals taking care of any breach taking
place.

Paraphrase This Document

Need a fresh take? Get an instant paraphrase of this document with our AI Paraphraser

STRATEGY SECURITY METRICS
• Considered as the first thing for security professionals to
implement metric system.
• Implemented as a measure of Strategy for Security.
• An important process for the procedure of measurement
(Cherdantseva & Hilton, 2015).

DEVELOPMENT OF STRATEGIC
SECURITY METRICS
• The first step includes the method of perception related to the
metrics.
• Specific tie up to the particular business objectives of the
Marriot International (Kott, 2014).
• Proper structure of the context related metric in a better
purpose following.

INFORMATION ASSURANCE
• Keeping the customer related information safe and secure
to avoid any leakage resulting in customer retention (Lam,
2014).
• An effective way to deal with the threats of cyber security.
• Designing of an information system which will lead to a
better way of dealing with amenities which are valuable to
the customer.

Paraphrase This Document

Need a fresh take? Get an instant paraphrase of this document with our AI Paraphraser

ORGANIZATIONAL STRATEGY
FOR INFORMATION
ASSURANCE
• Developing services for information assurance within Marriot
International.
• Provision of access to the security leaders (Park, Sharman &
Rao, 2015).
• Digitization for the proper usage of existing infrastructure.

REFERENCES
Ahmad, A., Maynard, S. B., & Park, S. (2014). Information security strategies: towards an
organizational multi-strategy perspective. Journal of Intelligent Manufacturing, 25(2), 357-370.
Peltier, T. R. (2016). Information Security Policies, Procedures, and Standards: guidelines for
effective information security management. Auerbach Publications.
Cardona, O. D. (2013). The need for rethinking the concepts of vulnerability and risk from a
holistic perspective: a necessary review and criticism for effective risk management.
In Mapping vulnerability (pp. 56-70). Routledge.
Cherdantseva, Y., & Hilton, J. (2013, September). A reference model of information assurance &
security. In 2013 International Conference on Availability, Reliability and Security (pp. 546-555).
IEEE.

REFERENCES contd.
Cherdantseva, Y., & Hilton, J. (2015). Information security and information assurance:
discussion about the meaning, scope, and goals. In Standards and Standardization: Concepts,
Methodologies, Tools, and Applications (pp. 1204-1235). IGI Global.
Kott, A. (2014). Towards fundamental science of cyber security. In Network science and
cybersecurity (pp. 1-13). Springer, New York, NY.
Lam, J. (2014). Enterprise risk management: from incentives to controls. John Wiley & Sons.
Park, I., Sharman, R., & Rao, H. R. (2015). Disaster experience and hospital information
systems: An examination of perceived information assurance, risk, resilience, and his
usefulness. Journal of Consumer Research, 12(4), 382-405.