Comprehensive Organizational Information Assurance Strategy Report

Verified

Added on 2022/10/11

AI Summary

This report delves into the critical aspects of organizational and information strategy, focusing on the role of Information Assurance and Risk Management (ISRM) within organizations, particularly highlighting the challenges faced by Marriott International concerning security gaps. It emphasizes the importance of ISRM in addressing cyber-attacks and protecting sensitive customer information. The report outlines key areas where ISRM needs implementation, including security norms, billing systems, and reservation systems. It also discusses the development of strategic security metrics, stressing the importance of perception, business objective alignment, and proper context structuring. Furthermore, the report explores organizational strategies for information assurance, advocating for risk avoidance, threat mitigation, and the design of an effective information assurance strategy to improve operational efficiency and maximize technology. The report includes references to relevant literature supporting the discussed concepts.

Running head: ORGANIZATIONAL AND INFORMATIONAL STRATEGY
ORGANIZATIONAL AND INFORMATIONAL STRATEGY
Name of the Student:
Name of the University:
Author Note:

Paraphrase This Document

Need a fresh take? Get an instant paraphrase of this document with our AI Paraphraser

1ORGANIZATIONAL AND INFORMATIONAL STRATEGY
Table of Contents
Role of Information Assurance and Risk Management.............................................................2
Development of Strategic Security metrics................................................................................3
Organizational Strategy for information assurance....................................................................4
References..................................................................................................................................6

2ORGANIZATIONAL AND INFORMATIONAL STRATEGY
Role of Information Assurance and Risk Management
Information security and the related to risk management or commonly referred to as
ISRM are the related processes of managing the risks specifically associated with the usage
of information and technology (Cherdantseva & Hilton, 2013). This method involves the
procedure of identifying, assessing as well as treating the risks taking into consideration the
confidentiality, integrity and the availability of the assets related to the organization.
Reports have shown that the Marriott International has faced some complications
related to the security gaps, which have been existing within the company. Information
Assurance and Risk Management is the only method of rectification that need to be
implemented in order to have a proper dealing with the cyber-attacks which take place within
the existing system of the Hotel.
The Marriot International on an assured basis do need the importance for cyber
security. However, the hotel does not have the containment of transactions such as the likes
of big retail stores consist since, the transactions which they deal with have larger size in
general. However, the personal information, which the Marriot International deals with, is of
a greater significance in relation to the cyber risks.
Marriot International needs to get a clear understanding about the fact that the
information, which they deal with are sensitive with relation to the customer, are the part of
vulnerabilities within the field of Hotel industries (Park, Sharman & Rao, 2015). Following
are the three key areas within the system of the Marriot International, where the Information
Assurance and Risk Management needs to get implemented for an additional security related
to the information of customers.
 Security norms, which need to be practiced by the Marriot International consists of
the main focus being upon the physical property. The Guests coming in for a stay

3ORGANIZATIONAL AND INFORMATIONAL STRATEGY
need to be careful about the possessions, which they have carried along. At times,
when they are in possession of valuable items, they demand stronger security than just
the existing locks on the door but take up the option of the room safe or in such cases
is maintained by the security staff of the hotel.
 Another obvious scenario is that the billing systems of the hotel, which includes the
information related to personal as well as financial. However, the reservation systems,
which are connected centrally, share the exposure ranging far beyond the hotel
booking of a single hotel (Lam, 2014). Hence, the Marriot International needs to
implement a better security system for the protection of private information related to
the customer.
 When a breach of security takes place within the Marriot International, a
responsibility lies with the authorities to inform the information control branch and
prevent the cyber activity going further. In such situations, the cyber security
professionals are entrusted with the responsibility to identify the particular source of
intrusion, how far the breach took place and to provide with the details of the
examination.
Development of Strategic Security metrics
Metric systems are considered to be the foremost thing, which the Security
Professionals consider of, however the metric system is the last thing, which gets
implemented as a measure of Strategy related Security, since to be in possession of the
process is necessary before starting with the procedure of measurement.
The first thing involved with the Strategic Security Metrics is the method of
perception related to the metrics, which shall be explicitly be the negative along with that of
the positive (Cardona, 2013). However, not taking into consideration the amount of

Paraphrase This Document

Need a fresh take? Get an instant paraphrase of this document with our AI Paraphraser

4ORGANIZATIONAL AND INFORMATIONAL STRATEGY
percentage reported, the percentage, which have been patched within the negative solicits
refer to a much differentiated perspective present on the matrix.
Secondly, the metrics need to have a specific tie up to the business objectives of the
Marriot International. The Strategic metrics shall share an articulation with the strategic
alignment of the business driver. Being a security department of the Marriot International,
there exists success at the time of budget negotiation in respect to the Security initiatives,
which have been adapted by the Marriot International hotel.
The third strategic metric refers to the proper structuring of the context metric
referring to a better-purposed way. This specifically puts forward the meaning that it is
important to have a clear understanding about the objectives related to the business of the
Marriot International (Cherdantseva & Hilton, 2015). Along with the services of high value,
security controls serving the critical situation, risks associated with the critical business as
well as the disruptive event that can have a huge impact upon the brand value, which the
Marriot International Hotels have (Kott, 2014). To maintain a consistency within the field of
Strategic Security metrics, the best viable way is to outsource the procedure of Security
operations.
Organizational Strategy for information assurance
As the count of security threats increase on a toll along with that of the evolution,
professionals working within the field of security are responsible for doing a diligent work as
a method of refining the information assurance within the business system of the Marriot
International hotel. The most effective method of cyber security strategy in the recent times
refer to the avoidance of risk as well as the mitigation of threats related to it (Peltier, 2016).
Designing of an information assurance strategy for the Marriot International to make

5ORGANIZATIONAL AND INFORMATIONAL STRATEGY
improvements within the operational efficiency, reduction of costs and maximization of
technology in course providing protection for the users and related information to the
customers staying and enjoying the services of the Marriot International (Ahmad, Maynard &
Park, 2014). The strategy includes,
 Development of program services for the articulation of the information assurance
strategy related to the Marriot International.
 Providing access to the security leaders belonging to the executive level having built
some of the largest existing security related programs for the Marriot International.
 Digitalized strategy for the proper utilization of the current infrastructure in case of
selecting new technologies along with the development of new information for the
better protection of the Marriot International and the information related to its
customers.

6ORGANIZATIONAL AND INFORMATIONAL STRATEGY
References
Ahmad, A., Maynard, S. B., & Park, S. (2014). Information security strategies: towards an
organizational multi-strategy perspective. Journal of Intelligent Manufacturing, 25(2),
357-370.
Peltier, T. R. (2016). Information Security Policies, Procedures, and Standards: guidelines
for effective information security management. Auerbach Publications.
Cardona, O. D. (2013). The need for rethinking the concepts of vulnerability and risk from a
holistic perspective: a necessary review and criticism for effective risk management.
In Mapping vulnerability (pp. 56-70). Routledge.
Cherdantseva, Y., & Hilton, J. (2013, September). A reference model of information
assurance & security. In 2013 International Conference on Availability, Reliability
and Security (pp. 546-555). IEEE.
Cherdantseva, Y., & Hilton, J. (2015). Information security and information assurance:
discussion about the meaning, scope, and goals. In Standards and Standardization:
Concepts, Methodologies, Tools, and Applications (pp. 1204-1235). IGI Global.
Kott, A. (2014). Towards fundamental science of cyber security. In Network science and
cybersecurity (pp. 1-13). Springer, New York, NY.
Lam, J. (2014). Enterprise risk management: from incentives to controls. John Wiley & Sons.

Paraphrase This Document

Need a fresh take? Get an instant paraphrase of this document with our AI Paraphraser

7ORGANIZATIONAL AND INFORMATIONAL STRATEGY
Park, I., Sharman, R., & Rao, H. R. (2015). Disaster experience and hospital information
systems: An examination of perceived information assurance, risk, resilience, and his
usefulness. Journal of Consumer Research, 12(4), 382-405.