Application: Incorporating Security Into IT Processes
Security in an organization does not reside in a silo; it is affected by other processes and vice versa. Therefore, security should be integrated into the overall IT process to make it effective.
You have already investigated the functionality and capabilities of identity and access management tools. The process for creating and removing supplier IDs should be incorporated into an identity and access management tool.
To prepare for this Assignment, refer to the case study "Developing a Monthly Vulnerability Scanning Process" from the media Selection and Evaluation of IT Solutions. This case study will provide you with an example of how to incorporate a security feature into the overall IT process.
For this Assignment, provide a 3- to 5-page report describing a process that incorporates security for managing supplier credentials into an identity and access management tool. Be sure to do the following in your report:
- Develop a numbered outline with the steps in a workflow.
- Identify the teams involved in this process, and explain the steps each team performs.
- Explain shortcomings in the process that you may need to overcome.
Readings
- Brotby, K. (2009). Information security governance: A practical development and implementation approach. Hoboken, NJ: Wiley.
- Chapter 8, "Risk Management Objectives"
- Section 8.3.1, "Recovery Time Objectives"
In this section, you are introduced to the recovery time objectives. You will explore the organizational considerations for determining such objectives.
- Hawkins, S. M., Yen, D. C., & Chou, D.C. (2000). Disaster recovery planning: A strategy for data security.Information Management & Computer Security,8(5), 222-230. Information Management and Computer Security Volume 8 by Hawkins, Yen, & Chow. Copyright 2000 by EMERALD GROUP PUBLISHING LIMITED. Reprinted by permission of EMERALD GROUP PUBLISHING LIMITED via the Copyright Clearance Center. In this paper, you will investigate the importance of disaster recovery planning in the business world. You will also explore a strategic planning process that an organization could follow to develop its own disaster recovery plan.
- Document: Sample Presentation Template (PowerPoint file)Note: You will use this document to complete this unit's Project.
Optional Resources
- Bahan, C. (2003). The disaster recovery plan. Retrieved fromhttps://www.sans.org/reading_room/whitepapers/recovery/disaster-recovery-plan_1164 In this article, you will be introduced to the important aspects of a disaster recovery plan.
- Devlen, A. (2003, March 10). 12 key elements of an enterprise-wide disaster recovery program.ITManagementNews. Retrieved from https://archive.itmanagementnews.com/articles/0310ad.html In this article, you will explore the essential elements that an organization's disaster recovery program should include in order to be effective.