Academic Integrity: tutoring, explanations, and feedback — we don’t complete graded work or submit on a student’s behalf.

Prior to the first meeting of the RWW Enterprise Policy Review Committee, Mike a

ID: 451619 • Letter: P

Question

Prior to the first meeting of the RWW Enterprise Policy Review Committee, Mike and Iris met in Mike's office to formulate a common IT and information security approach to the upcoming policy review cycle. Here is part of their conversation: Mike motioned for Iris to sit down, and then said, "You've convinced me that IT and InfoSec policy are tightly integrated, and that InfoSec policy is critical to the enterprise. I would like you to join me as a member of the Enterprise Policy Review Committee. Okay?" Iris, who knew how important policy was to her program's success, replied, "Sure. No problem." Mike continued, "Good. We'll work together to make sure the EISP you've drafted gets equal status with the other top-level enterprise policies and that the second-tier issue and third-tier system policies are also referenced in all other top-level policies, especially those of the HR department." Iris nodded. Mike went on, "I want you to take the current HR policy document binder and make a wish list of changes you need to be sure we get the right references in place. Let me see your HR policy change plan by the end of the week." 1. If the Enterprise Policy Review Committee is not open to the approach that Mike and Iris want to use for structuring information security policies into three tiers, how should they proceed? 2. Should the CISO (Iris) be assessing HR policies? Why or why not?

Explanation / Answer

Answer-1 If the Enterprise Policy Review Committee is not open to Mike’s and Iris information security structuring approach, Mike and Iris should schedule a meeting with the committee to reiterate the current Information security needs and requirements while requesting the committee feedback to find a common ground where changes can be implemented while ensuring organizational success implementing proper Information Security. Applying Information Security can be very restrictive to any organization, so in the real world, we will find ourselves that anything requiring changes, especially with technology will require greater efforts on getting change that can be checked any time.

Answer-2 The CISO should be assessing the HR policies involving IT related policies or procedures. We should keep in mind that in this case, many, if not all of the HR data, is stored in Information Systems. Having said that, policies involving the data security (CIA Triad), must be control by the CISO.

Related Questions

Prior to a recent gubernatorial election, a survey was conducted to determine wh
Question #3269284
Prior to a recent gubernatorial election, a survey was conducted to determine wh
Question #3295901
Prior to a set of compensation policy changes at a company 28% of the employees
Question #3220201
Prior to a set of compensation policy changes at a company 29% of the employees
Question #3220153
Prior to a set of compensation policy changes at a company 29% of the employees
Question #3242652
Prior to a set of compensation policy changes at a company 29% of the employees
Question #3257369
Prior to a set of compensation policy changes at a company 30% of the employees
Question #3220149
Prior to a set of compensation policy changes at a company 31% of the employees
Question #3364273
Hire Me For All Your Tutoring Needs
Integrity-first tutoring: clear explanations, guidance, and feedback.
Drop an Email at
drjack9650@gmail.com
Chat Now And Get Quote

Navigate

Previous
Prior to the first meeting of the RWW Enterprise Policy Review Committee, Mike a
Next
Prior to the first meeting of the RWW Enterprise Policy Review Committee, Mike a

Integrity-first tutoring: explanations and feedback only — we do not complete graded work. Learn more.