Report: Security Management and Governance for Power AI - BIT361
VerifiedAdded on 2023/03/20
|18
|4422
|57
Report
AI Summary
This report, prepared for Power AI (PAI), a company specializing in AI software development, addresses the critical aspects of security management and governance. The report begins by outlining the benefits of viewing security management as an ongoing process and emphasizes the importance of having a robust security policy. It details the development of a comprehensive security policy and management plan, including the identification of key functions, tasks, roles, and responsibilities within a Security Management Program. The report further explores the roles different individuals and groups play in governance and identifies relevant security models and methods, such as access control. It then delves into the implications of legal and statutory requirements, highlighting the advantages of a formal approach. Part B of the report focuses on risk management, explaining the benefits of a Risk Management Plan, the steps involved in its creation, and the significance of contingency planning for PAI. A detailed risk analysis and cost-benefit analysis are included, along with a discussion of the threats, vulnerabilities, and attacks the formal plan would manage, clarifying the responsibilities of both the user and the vendor. The report concludes with a comprehensive overview of the recommendations and insights provided, along with supporting appendices, including a preliminary Risk Assessment/Management Plan.
Running head: SECURITY MANAGEMENT AND GOVERNANCE
Security Management and Governance for Power AI
Name of the Student
Name of the University
Author Note
Security Management and Governance for Power AI
Name of the Student
Name of the University
Author Note
Paraphrase This Document
Need a fresh take? Get an instant paraphrase of this document with our AI Paraphraser
1SECURITY MANAGEMENT AND GOVERNANCE
Table of Contents
Introduction................................................................................................................................2
Part A:....................................................................................................................................2
Benefits derived from seeing Security Management as an on-going process....................2
Reasons for having a policy...............................................................................................3
Development of a Security Policy and Security Management Plan..................................4
Identification and description of the functions, tasks, roles and responsibilities that need
to be defined for the Security Management Program for PIA...........................................5
Roles of different individuals/groups would play in terms of governance in general.......6
Identification of any models or methods that may be relevant for the development of a
Security Management Program..........................................................................................7
The implications of legal and statutory requirements and the benefits your formal
approach would bring.........................................................................................................7
Part B:.....................................................................................................................................8
The benefits a Risk Management Plan can bring to a company........................................8
The steps necessary to build a Risk Management Plan......................................................9
Discussion on the importance of Contingency Planning to PIA........................................9
Discussion on the risk analysis and CBA........................................................................10
The threats, vulnerabilities, and attacks that your formal plan would manage................10
The responsibility for the user and the vendor.................................................................10
Conclusion................................................................................................................................11
References................................................................................................................................12
Appendix..................................................................................................................................14
Appendix I............................................................................................................................14
Appendix II..........................................................................................................................16
Table of Contents
Introduction................................................................................................................................2
Part A:....................................................................................................................................2
Benefits derived from seeing Security Management as an on-going process....................2
Reasons for having a policy...............................................................................................3
Development of a Security Policy and Security Management Plan..................................4
Identification and description of the functions, tasks, roles and responsibilities that need
to be defined for the Security Management Program for PIA...........................................5
Roles of different individuals/groups would play in terms of governance in general.......6
Identification of any models or methods that may be relevant for the development of a
Security Management Program..........................................................................................7
The implications of legal and statutory requirements and the benefits your formal
approach would bring.........................................................................................................7
Part B:.....................................................................................................................................8
The benefits a Risk Management Plan can bring to a company........................................8
The steps necessary to build a Risk Management Plan......................................................9
Discussion on the importance of Contingency Planning to PIA........................................9
Discussion on the risk analysis and CBA........................................................................10
The threats, vulnerabilities, and attacks that your formal plan would manage................10
The responsibility for the user and the vendor.................................................................10
Conclusion................................................................................................................................11
References................................................................................................................................12
Appendix..................................................................................................................................14
Appendix I............................................................................................................................14
Appendix II..........................................................................................................................16
2SECURITY MANAGEMENT AND GOVERNANCE
Introduction
Security and governance policy in any organisation is considered as the strategy for
the company to help in reduction of risk and another raised access to the technology e r the
information technology systems and information generated from the business. The enterprise
security governance and its activities are mostly involved with the institutionalization,
development, improvement and assessment of an organisation regarding its risk management
and security policy. It was determined how the different personal, business unit, staff and
executives is required to work together for the protection of the digital assets of the
organisation to ensure that there is no data loss while at the same time help in protecting the
reputation of the organisation from the public. Here, Power AI is an organisation mostly
focused on developing software for industrial business purpose and residential use. The focus
is mostly developed on the artificial intelligence system for controlling power use, storage
and also helps in generating various environments (Tang & Zhang, 2016). There are many
unique solutions from the applications developed by the company and it is required that all
these designs need to be protected.
Part A:
Benefits derived from seeing Security Management as an on-going process
The primary goal of the information security governance is helping the business
organisation to achieve all the security objectives it is trying to reach. This is done because
every organisation needs to determine the strategy that would work for the specific goals of
the organisation according to the requirements of the company. It is not that the security
governance would be a flexible one and the implementation of one kind of information
system governance would fit every organisation (Fazlida & Said, 2015). Therefore, it is
Introduction
Security and governance policy in any organisation is considered as the strategy for
the company to help in reduction of risk and another raised access to the technology e r the
information technology systems and information generated from the business. The enterprise
security governance and its activities are mostly involved with the institutionalization,
development, improvement and assessment of an organisation regarding its risk management
and security policy. It was determined how the different personal, business unit, staff and
executives is required to work together for the protection of the digital assets of the
organisation to ensure that there is no data loss while at the same time help in protecting the
reputation of the organisation from the public. Here, Power AI is an organisation mostly
focused on developing software for industrial business purpose and residential use. The focus
is mostly developed on the artificial intelligence system for controlling power use, storage
and also helps in generating various environments (Tang & Zhang, 2016). There are many
unique solutions from the applications developed by the company and it is required that all
these designs need to be protected.
Part A:
Benefits derived from seeing Security Management as an on-going process
The primary goal of the information security governance is helping the business
organisation to achieve all the security objectives it is trying to reach. This is done because
every organisation needs to determine the strategy that would work for the specific goals of
the organisation according to the requirements of the company. It is not that the security
governance would be a flexible one and the implementation of one kind of information
system governance would fit every organisation (Fazlida & Said, 2015). Therefore, it is
⊘ This is a preview!⊘
Do you want full access?
Subscribe today to unlock all pages.
Trusted by 1+ million students worldwide
3SECURITY MANAGEMENT AND GOVERNANCE
required that the organisation's description and requirements would be analysed to make sure
what benefits it would have information security governance. If implemented properly, the
following would be the benefits of information security governance strategies:
It would provide the organisation with a much effective and reliable strategy
for improving the security of the data as well as enhancing its reliability,
accessibility, security, integrity and quality. The effective information security
governance strategy would involve a set of rules and responsibilities. This
affects the types of data flowing through the organisation even after the
implementation of the strategy.
These strategies are able to accept the intelligence of the business using
critical success factor of the data driven Enterprises. PAI is also a data driven
organisation and this is why it is obvious that they would access the critical
business intelligence for every authorised user (Al-Hila et al., 2017).
It enhances improve collaboration, data sharing and decision making for the
organisation and enhances the success rate of the business running at this point
of time.
The information lifecycle of the streamlined data within the organisation gains
more value having an authentic, easily accessible and high-quality data.
The entire strategy is much more cost-effective and reduces the effect of risk
within the organisation.
Reasons for having a policy
It is essential that the organisation utilizes the consultancy for setting up a strong
information governance Framework that has rules within the organisation and responsibility
setup in a well define manner so that the essential practice within the entire organisation for
required that the organisation's description and requirements would be analysed to make sure
what benefits it would have information security governance. If implemented properly, the
following would be the benefits of information security governance strategies:
It would provide the organisation with a much effective and reliable strategy
for improving the security of the data as well as enhancing its reliability,
accessibility, security, integrity and quality. The effective information security
governance strategy would involve a set of rules and responsibilities. This
affects the types of data flowing through the organisation even after the
implementation of the strategy.
These strategies are able to accept the intelligence of the business using
critical success factor of the data driven Enterprises. PAI is also a data driven
organisation and this is why it is obvious that they would access the critical
business intelligence for every authorised user (Al-Hila et al., 2017).
It enhances improve collaboration, data sharing and decision making for the
organisation and enhances the success rate of the business running at this point
of time.
The information lifecycle of the streamlined data within the organisation gains
more value having an authentic, easily accessible and high-quality data.
The entire strategy is much more cost-effective and reduces the effect of risk
within the organisation.
Reasons for having a policy
It is essential that the organisation utilizes the consultancy for setting up a strong
information governance Framework that has rules within the organisation and responsibility
setup in a well define manner so that the essential practice within the entire organisation for
Paraphrase This Document
Need a fresh take? Get an instant paraphrase of this document with our AI Paraphraser
4SECURITY MANAGEMENT AND GOVERNANCE
data management would be kept at place. It would not be a tough concept for increasing if the
organisation has previous idea about the information security governance. If not, the
company should be made aware of all the aspects of information security governance and the
roles and responsibility of the individual employees in maintaining the framework required
for the organisation to follow through for providing security to the information and data
generated within the organisation.
Power AI would require information security governance system as for the control
policy and adaptation standardization as it is concerned with making business decisions for
mitigating the risks. The IT security governance helps in determining the authorising power
within the organisation for making decisions (Carcary et al., 2016). It also specifies why the
accountability framework would be included in the organisation for providing an oversized
ensuring that all the risk within the organisation are mitigated. It ensures that controls are
implemented for eradicating all the risks from the organisation and at the same time
recommend security strategies to align with business objectives and is consistent with the
regulations and rules set by the company.
Development of a Security Policy and Security Management Plan
It is essential that a set of controls for the Information Security Program is set up to
control the organization to govern over their information security plan. It is required that the
requirements of the organization be first observed to make sure about the requirements of the
organization. Without knowing the requirements that the organization would need to
implement the technology of Security Policy and Security Management Plan, it would be
difficult to implement the same (Venkatraman, 2017). It has already been justified above that
it is not a developed single idea or plan that would fit every industry. It depends on the
characteristics, business size and understanding of the people.
data management would be kept at place. It would not be a tough concept for increasing if the
organisation has previous idea about the information security governance. If not, the
company should be made aware of all the aspects of information security governance and the
roles and responsibility of the individual employees in maintaining the framework required
for the organisation to follow through for providing security to the information and data
generated within the organisation.
Power AI would require information security governance system as for the control
policy and adaptation standardization as it is concerned with making business decisions for
mitigating the risks. The IT security governance helps in determining the authorising power
within the organisation for making decisions (Carcary et al., 2016). It also specifies why the
accountability framework would be included in the organisation for providing an oversized
ensuring that all the risk within the organisation are mitigated. It ensures that controls are
implemented for eradicating all the risks from the organisation and at the same time
recommend security strategies to align with business objectives and is consistent with the
regulations and rules set by the company.
Development of a Security Policy and Security Management Plan
It is essential that a set of controls for the Information Security Program is set up to
control the organization to govern over their information security plan. It is required that the
requirements of the organization be first observed to make sure about the requirements of the
organization. Without knowing the requirements that the organization would need to
implement the technology of Security Policy and Security Management Plan, it would be
difficult to implement the same (Venkatraman, 2017). It has already been justified above that
it is not a developed single idea or plan that would fit every industry. It depends on the
characteristics, business size and understanding of the people.
5SECURITY MANAGEMENT AND GOVERNANCE
The management plan requires to be controlling and evaluating the devised plan that
would focus on the continuous improvement of the entire business structure. Thus, it would
include the following steps for implementing a security policy and security management plan
and at the same time describe the entire life cycle of the program while managing a
continuous improvement plan:
Planning and organizing
Implementing the plan
Operating and maintaining
Monitoring and evaluating
These processes will ensure that the policy would be feasibly implemented within the
organization and at the same time would be feasible enough the maintain the continuous
improvements as well. It has also been found that various organizations do not implement a
proper approach throughout the development plan without looking for a proper life cycle
plan.
Identification and description of the functions, tasks, roles and responsibilities that need
to be defined for the Security Management Program for PIA
Description of the functions: Since, PIA is an organization that is required to
develop the software for business, industry and home utility, the functions of the IT security
and governance policy should explain this system entirely within the policy.
Tasks required: The policy should also identify how it would be covering the
challenges and the pushbacks that would be occurring within the organization and how the
organization would formulate the framework for defining the processes for the governance
structure of IT processes and controls within the organization (Libel, 2016). In addition, the
The management plan requires to be controlling and evaluating the devised plan that
would focus on the continuous improvement of the entire business structure. Thus, it would
include the following steps for implementing a security policy and security management plan
and at the same time describe the entire life cycle of the program while managing a
continuous improvement plan:
Planning and organizing
Implementing the plan
Operating and maintaining
Monitoring and evaluating
These processes will ensure that the policy would be feasibly implemented within the
organization and at the same time would be feasible enough the maintain the continuous
improvements as well. It has also been found that various organizations do not implement a
proper approach throughout the development plan without looking for a proper life cycle
plan.
Identification and description of the functions, tasks, roles and responsibilities that need
to be defined for the Security Management Program for PIA
Description of the functions: Since, PIA is an organization that is required to
develop the software for business, industry and home utility, the functions of the IT security
and governance policy should explain this system entirely within the policy.
Tasks required: The policy should also identify how it would be covering the
challenges and the pushbacks that would be occurring within the organization and how the
organization would formulate the framework for defining the processes for the governance
structure of IT processes and controls within the organization (Libel, 2016). In addition, the
⊘ This is a preview!⊘
Do you want full access?
Subscribe today to unlock all pages.
Trusted by 1+ million students worldwide
6SECURITY MANAGEMENT AND GOVERNANCE
employees should be made aware of the steps that would be required for establishing the
policy and the ways by which they would ensure the security of the generated business
information.
Roles and responsibilities: The security government policy is itself a set of defined
responsibilities that needs to be practised within the organization as per the instructions of the
legislation body of the country in which the organization is settled in. These should be first
established by the board members and the executive management bodies. The mapping of the
business objectives would be required to manage the security with the support of the
management bodies and define the roles and responsibilities.
Roles of different individuals/groups would play in terms of governance in general
The employees within the organization are required to be knowledgeable enough to
make sure that the governance policy is not produced to absolute Laymen. Since, Power AI is
an IT security organization, then it would not be difficult to understand what the organization
has been trying to implement with the IT security Governance policies (Cavelty & Mauer,
2016). It is also the responsibility of the individual employees within the organization to
share their part in securing personal and confidential company information. They need to
make themselves aware and at the same time make it essential for the other people within
their close proximity be aware about all the security policy measures. This would help them
in playing their individual part in respecting the integrity of the company and individual
information.
employees should be made aware of the steps that would be required for establishing the
policy and the ways by which they would ensure the security of the generated business
information.
Roles and responsibilities: The security government policy is itself a set of defined
responsibilities that needs to be practised within the organization as per the instructions of the
legislation body of the country in which the organization is settled in. These should be first
established by the board members and the executive management bodies. The mapping of the
business objectives would be required to manage the security with the support of the
management bodies and define the roles and responsibilities.
Roles of different individuals/groups would play in terms of governance in general
The employees within the organization are required to be knowledgeable enough to
make sure that the governance policy is not produced to absolute Laymen. Since, Power AI is
an IT security organization, then it would not be difficult to understand what the organization
has been trying to implement with the IT security Governance policies (Cavelty & Mauer,
2016). It is also the responsibility of the individual employees within the organization to
share their part in securing personal and confidential company information. They need to
make themselves aware and at the same time make it essential for the other people within
their close proximity be aware about all the security policy measures. This would help them
in playing their individual part in respecting the integrity of the company and individual
information.
Paraphrase This Document
Need a fresh take? Get an instant paraphrase of this document with our AI Paraphraser
7SECURITY MANAGEMENT AND GOVERNANCE
Identification of any models or methods that may be relevant for the development of a
Security Management Program
As most organizations follow, the established security models would be approached in
this case as well for practising or developing the methodology to be implemented for the
Security Management Program (Safa, Solms & Futcher, 2016).
The Access Control Model would be most beneficial in this case to establish the
proper Security Management Program. This would be justified with the following
methodologies:
Regulating the admission of the users within the areas in organizations that
would be trusted.
Information systems would have logical access systems.
A collection of policies would be utilized to carry out the programs
The categories of Access Control that would be required to be implemented
within the organization of Power AI would the Preventive, Deterrent,
Detective, Corrective, Recovery and Compensating.
The employees would be by default be provided with least amount of
information for regular duties.
Tasks would be split up to ensure individual responsibility of the employees to
prevent too much unnecessary involvement of employees.
The implications of legal and statutory requirements and the benefits your formal
approach would bring
The statutory implications of the of the legal and statutory requirements that would
benefit the formal approach would bring about the eradications of the following implications:
Identification of any models or methods that may be relevant for the development of a
Security Management Program
As most organizations follow, the established security models would be approached in
this case as well for practising or developing the methodology to be implemented for the
Security Management Program (Safa, Solms & Futcher, 2016).
The Access Control Model would be most beneficial in this case to establish the
proper Security Management Program. This would be justified with the following
methodologies:
Regulating the admission of the users within the areas in organizations that
would be trusted.
Information systems would have logical access systems.
A collection of policies would be utilized to carry out the programs
The categories of Access Control that would be required to be implemented
within the organization of Power AI would the Preventive, Deterrent,
Detective, Corrective, Recovery and Compensating.
The employees would be by default be provided with least amount of
information for regular duties.
Tasks would be split up to ensure individual responsibility of the employees to
prevent too much unnecessary involvement of employees.
The implications of legal and statutory requirements and the benefits your formal
approach would bring
The statutory implications of the of the legal and statutory requirements that would
benefit the formal approach would bring about the eradications of the following implications:
8SECURITY MANAGEMENT AND GOVERNANCE
Personal privacy of data
Corporate Governance, Stock market requirements, financial reporting
(Rebollo et al., 2015)
Criminal acts and money laundering activities
Communications through the internet media and the digital signature policies.
Part B:
The benefits a Risk Management Plan can bring to a company
There are various important benefits that can be brought about in a company with the
implementation of a Risk Management Plan (Veiga, 2016). These can be described as below
in a descriptive way:
Find out the apparent risks that may not be visible at first to the naked eye.
There might be incidences where a risk apparently does not become visible.
These can create bigger problems in the future. Identifying of the deeply set in
risks is easy to be understood with the help of a Risk Management Plan.
The proper Risk Management Plan helps in the provision of a proper
identification of the risks that might harm the organization in near future and
at the same time provide them with proper identifying features about the risks
that may be out of their preferred areas of expertise (Fitzgerald, 2016).
Many companies can obtain credit for implementing Risk Management Plan
within their organization for identifying impending risks and applying
appropriate measures to eradicate them at same time.
Personal privacy of data
Corporate Governance, Stock market requirements, financial reporting
(Rebollo et al., 2015)
Criminal acts and money laundering activities
Communications through the internet media and the digital signature policies.
Part B:
The benefits a Risk Management Plan can bring to a company
There are various important benefits that can be brought about in a company with the
implementation of a Risk Management Plan (Veiga, 2016). These can be described as below
in a descriptive way:
Find out the apparent risks that may not be visible at first to the naked eye.
There might be incidences where a risk apparently does not become visible.
These can create bigger problems in the future. Identifying of the deeply set in
risks is easy to be understood with the help of a Risk Management Plan.
The proper Risk Management Plan helps in the provision of a proper
identification of the risks that might harm the organization in near future and
at the same time provide them with proper identifying features about the risks
that may be out of their preferred areas of expertise (Fitzgerald, 2016).
Many companies can obtain credit for implementing Risk Management Plan
within their organization for identifying impending risks and applying
appropriate measures to eradicate them at same time.
⊘ This is a preview!⊘
Do you want full access?
Subscribe today to unlock all pages.
Trusted by 1+ million students worldwide
9SECURITY MANAGEMENT AND GOVERNANCE
The steps necessary to build a Risk Management Plan
The necessary steps that is required to implement a proper Risk Management Plan
within the organization can be listed as follows:
Step 1: It is important that the risk is identified at the first stage
Step 2: The identified risk is then required to be analysed to find out the
severity of the risk.
Step 3: The identified risk is them required to be evaluated as per the severity
of the risk to rank them in order (Nocetti, 2015).
Step 4: The risk should then be treated with proper measures identified.
Step 5: The risks would then be monitored and reviewed in the proper way so
that it can be identified if the risk has been eradicated properly or would have
a probability of appearing again.
Discussion on the importance of Contingency Planning to PIA
Planning is an important aspect at every phase within a business and it is crucial as it
is useful for preventing any kind of occurrence of risks and eradicating them at the same
time. Therefore, to put it in a simple way, Contingency Plan is important within every
organization as it would formulate as a backup plan for the organization of Power AI that the
business would only activate with the occurrence of any disastrous situation when required
(Soomro, Shah & Ahmed, 2016). The situation may have the affect such that the business of
Power AI may disrupt of its operations without the chance of recovery. The contingency plan
would protect the organization of Power AI from these situations by providing a proper
backup plan.
The steps necessary to build a Risk Management Plan
The necessary steps that is required to implement a proper Risk Management Plan
within the organization can be listed as follows:
Step 1: It is important that the risk is identified at the first stage
Step 2: The identified risk is then required to be analysed to find out the
severity of the risk.
Step 3: The identified risk is them required to be evaluated as per the severity
of the risk to rank them in order (Nocetti, 2015).
Step 4: The risk should then be treated with proper measures identified.
Step 5: The risks would then be monitored and reviewed in the proper way so
that it can be identified if the risk has been eradicated properly or would have
a probability of appearing again.
Discussion on the importance of Contingency Planning to PIA
Planning is an important aspect at every phase within a business and it is crucial as it
is useful for preventing any kind of occurrence of risks and eradicating them at the same
time. Therefore, to put it in a simple way, Contingency Plan is important within every
organization as it would formulate as a backup plan for the organization of Power AI that the
business would only activate with the occurrence of any disastrous situation when required
(Soomro, Shah & Ahmed, 2016). The situation may have the affect such that the business of
Power AI may disrupt of its operations without the chance of recovery. The contingency plan
would protect the organization of Power AI from these situations by providing a proper
backup plan.
Paraphrase This Document
Need a fresh take? Get an instant paraphrase of this document with our AI Paraphraser
10SECURITY MANAGEMENT AND GOVERNANCE
Discussion on the risk analysis and CBA
Risk analysis with the cost benefit analysis helps an organization in recognising the
occurrence of the risk and at the same time enables a light on the risks and uncertainties that
the business would otherwise be aware of. With a proper CBA implemented within the
organization, the company would be able to understand the probability at which the
organization should manage their expenses while handling the eradication plans for the risks
(Safa, Solms & Furnell, 2016). This would help Power AI to have a prior idea about their
resource expenditures.
The threats, vulnerabilities, and attacks that your formal plan would manage
The formal plan would help the organization of Power AI in handling all the issues
that the company has about the generation of the information within the organization and
their management (Goodman, Straub & Baskerville, 2016). The threats, vulnerabilities and
attacks would also be handled well as the policy would help in effectively handling business
information governance strategy to improve the safety, reliability, security, accessibility,
integrity and quality of the data generated.
The responsibility for the user and the vendor
SSS has been outsourced to formulate the IT security governance plan for Power AI,
but the responsibilities of the user and vendors cannot be outsourced. The development of the
IT security and governance policy helps in the integration of a new set of rules for the
organization, its employees and also its vendors (Luna-Reyes et al., 2017). Therefore, it is
important that hey understand their responsibilities well for maintaining the integrity of the
company information and help in adding up the security system.
Discussion on the risk analysis and CBA
Risk analysis with the cost benefit analysis helps an organization in recognising the
occurrence of the risk and at the same time enables a light on the risks and uncertainties that
the business would otherwise be aware of. With a proper CBA implemented within the
organization, the company would be able to understand the probability at which the
organization should manage their expenses while handling the eradication plans for the risks
(Safa, Solms & Furnell, 2016). This would help Power AI to have a prior idea about their
resource expenditures.
The threats, vulnerabilities, and attacks that your formal plan would manage
The formal plan would help the organization of Power AI in handling all the issues
that the company has about the generation of the information within the organization and
their management (Goodman, Straub & Baskerville, 2016). The threats, vulnerabilities and
attacks would also be handled well as the policy would help in effectively handling business
information governance strategy to improve the safety, reliability, security, accessibility,
integrity and quality of the data generated.
The responsibility for the user and the vendor
SSS has been outsourced to formulate the IT security governance plan for Power AI,
but the responsibilities of the user and vendors cannot be outsourced. The development of the
IT security and governance policy helps in the integration of a new set of rules for the
organization, its employees and also its vendors (Luna-Reyes et al., 2017). Therefore, it is
important that hey understand their responsibilities well for maintaining the integrity of the
company information and help in adding up the security system.
11SECURITY MANAGEMENT AND GOVERNANCE
Conclusion
Therefore, in conclusion, it can be said that the entire IT security and Governance
policy that would be outsourced to be developed for Power AI by Secure Security Services or
SSS would help in developing new rules for the organization in protecting the information
generated within the organization from every aspect. This would help in the developing the
IT Governance and Security Policy that needs to implement and IT security program for
Power AI. The organization of Power AI is a privately-owned company which has 50
employees. Out of them, approximately 25 are directly involved with design, development,
testing and implementing the products. The organization has two major units that relate
directly to their products. The products include Sales, Development and Support. Other vital
parts of PAI’s business structure are Finance and Accounts, IT Services and Human
Resources. Though most of the employee positions are stable, the turnover of employees in
the Development Unit is fairly high because of the large demand for IT employees with
detailed knowledge of AI systems. Senior management consists of 3 employees. IT manager,
Finance manager and Sales Manager plus the business owner. HR is overseen by the owner
and this is where the implementation of IT Security and Governance policy needs to focus on
the most. This is why the organisation has consulted Secure Security Services and this
consultancy is providing the organisation with a framework for developing the on-going
security management program that will oversee the security concern across the entire
business. The consultancy helped in representing the organisation with the due requirements
and needs for implementing ICT security program. This has been done with a plan and
discussion of better management of the security system with developing a security
management program and providing a program including task and rules for the security
management program development. This also included discussions regarding risk assessment
management plans and cost benefits analyses.
Conclusion
Therefore, in conclusion, it can be said that the entire IT security and Governance
policy that would be outsourced to be developed for Power AI by Secure Security Services or
SSS would help in developing new rules for the organization in protecting the information
generated within the organization from every aspect. This would help in the developing the
IT Governance and Security Policy that needs to implement and IT security program for
Power AI. The organization of Power AI is a privately-owned company which has 50
employees. Out of them, approximately 25 are directly involved with design, development,
testing and implementing the products. The organization has two major units that relate
directly to their products. The products include Sales, Development and Support. Other vital
parts of PAI’s business structure are Finance and Accounts, IT Services and Human
Resources. Though most of the employee positions are stable, the turnover of employees in
the Development Unit is fairly high because of the large demand for IT employees with
detailed knowledge of AI systems. Senior management consists of 3 employees. IT manager,
Finance manager and Sales Manager plus the business owner. HR is overseen by the owner
and this is where the implementation of IT Security and Governance policy needs to focus on
the most. This is why the organisation has consulted Secure Security Services and this
consultancy is providing the organisation with a framework for developing the on-going
security management program that will oversee the security concern across the entire
business. The consultancy helped in representing the organisation with the due requirements
and needs for implementing ICT security program. This has been done with a plan and
discussion of better management of the security system with developing a security
management program and providing a program including task and rules for the security
management program development. This also included discussions regarding risk assessment
management plans and cost benefits analyses.
⊘ This is a preview!⊘
Do you want full access?
Subscribe today to unlock all pages.
Trusted by 1+ million students worldwide
1 out of 18
Related Documents
Your All-in-One AI-Powered Toolkit for Academic Success.
+13062052269
info@desklib.com
Available 24*7 on WhatsApp / Email
![[object Object]](/_next/static/media/star-bottom.7253800d.svg)
Unlock your academic potential
Copyright © 2020–2025 A2Z Services. All Rights Reserved. Developed and managed by ZUCOL.