When you stepped into your role as a new CIO, you became responsible for the well-being of an organization, not just the IT organization. Some aspects of this organization may be strong, while others are weak. It is easy to focus on only the weaknesses when you consider how to improve the organization. These are the areas where the organization most needs change, and where the changes will have the greatest effect.
Do not ignore the organization's strengths when you plan for change. These areas of strength derive from the organization's "culture" and earlier operating history. Consider how each change is likely to be perceived, and what effect it would have on the culture, before you propose it.
To prepare for this Assignment, review the organization's Information Security Policy document you received in Week 1. Identify aspects of the policy that provide insufficient guidance for the organization, using your experience with the security incident as a guide. Research the course learning resources, Walden University Library, and web to identify industry best and typical practices for each of these aspects.
Rewrite the information security policy to reflect current industry practices in a way that is appropriate for the organization. Remove obsolete content, revise outdated material, and add sections to reflect current technology. Strive for clarity and an appropriate level of detail throughout.
Outline a plan to migrate the organization from its current practices to the new ones. Estimate the necessary budget and schedule and make a cost-benefit argument for adopting the new policy.
The final step is to introduce the changes to the organization. Draft two memos-one to the CEO and your C-level peers, the other to the staff-to introduce the new information security policy.
- New policy: Rewrite the information security policy to reflect current industry practices in a way that is appropriate for the organization. Remove obsolete content, revise outdated material, and add sections to reflect current technology. Strive for clarity and an appropriate level of detail throughout.
- Migration plan: Outline a plan to migrate the organization from its current practices to the new ones. Estimate the necessary budget and schedule and make a cost-benefit argument for adopting the new policy.
- Memos: Draft two memos-one to the CEO and your C-level peers, the other to the staff-to introduce the new information security policy.
You must submit the following:
-Security Incident Logbook
-Revised/updated Information Security Policy
-A plan to roll out the policy to the organization that includes end-user training
-Memos to the executives and staff, including:
- The root cause of the incident
- How it was resolved
- The plan that has been put in place to prevent a future compromise
- A rationale for the new policy and benefits.
Attachment:- Assignment.rar