IT SECURITY RECOMMENDATIONS REPORT
INTRODUCTION
Online platform has become the latest tools employed by many organizations in
getting across directly with their product’s end users. Reports have proved the
increase in customers satisfaction as they can provide firsthand feedback that will help
the organization improve their products and increase sales (E. Yao et. al., 2009.)
The main purpose of this report is to bring your company’s attention to the importance
of good Information Security Governance. Focusing on its outcomes when
implemented correctly and provides professional recommendations to avoid major
pitfall attached to business online.
Benefits of Good Information Security Governance
According to (Brotby, 2009), a good Information Security Governance is the main
difference for those organizations that achieved their objectives. Organizations
believes that the Tech guys are responsible for Information security within the
organization. However, Information security should be dealt with at the top level
according to standard IT regulating organizations. Some of the benefits of a good
Information Security Governance includes;
1. Aligning Security with Business Objectives
Placing the right security measures into considerations towards the success of
your overall objectives.
2. Providing the structure and Framework to Optimize Allocations of Limited
Resources
Due to limited resources, proper structure must be in place to optimize resource
by assigning priority which result into resources being use efficiently.
2|Page
3. Providing Assurance that Critical Decisions are Not Based on Faulty
Information
Decision at this level needs to base on key fact and not intuition. Good
Governance allows your organization to make informed decision which will help
mitigate risk.
4. Increasing Trust of Customers and Stakeholders
You are giving your customers and stakeholders reasons to believe in your
project and will increase the company’s worth.
5. Increasing
Predictability and
Reducing
Uncertainty of
Business
Operations
Mitigating risk are put into consideration thus, reducing uncertainty of business
operations.
Information Security Strategy
The overall business strategy aims at increasing sales using online platform, here are
few examples on how Information Security strategy will help achieve the overall goal
by aligning business goals with security.
1. One of the strategy Information Security will provide is to setup an e-commerce
website.
2. Add security to the e-commerce website to protect valuable information.
3. Provide backup in case of unforeseen circumstances.
4. Set up Policies that will guide the use of the website.
RISKS AND IMPACTS
The overall objectives of any security implementation are confidentiality, integrity and
availability. There are lots of risk to consider once your presence is online. However,
3|Page
with good Information Security Governance these risks can be mitigated to an
acceptable level. Here are some of the top risks involved with online business.
1. Fraud
Your presence online will put your company at risk of being defrauded.
According to (Security Newswire, 2017) $57.8 Billion was lost through ECommerce Fraud in 2017. This risk must be considered as it impacts within
your organization might leave a huge debt that can lead to business closure.
2. Denial of Service
This is another threat that is susceptible to online business putting your
organization at a great risk. When this type of attack occurs, legitimate
customers will not be able to access resources in your network. Thus, bringing
the whole organization to halt which will have a drastic impact on company’s
reputation and loss of revenue.
3. Data Theft
This is a common risk that deal with online business. Your customers trust you
with their information (Bank details, address, phone numbers) and its your
organization responsibility to protect such information from hackers. Such
information if leaked will affect the organization reputation and make your
customers vulnerable to different fraudulent activities.
How will the company’s investment add value to your Business?
Investing in a good Information Security Governance will be able to make informed
plans that will mitigate risk thus providing the business with a chance to survive and
increase the customer base on the online platform. Thus, leading to increase in sales.
4|Page
RECOMMENDATIONS
Information Security Manager
To attain the overall objectives that is required with the implementation of taking the
business online, I would strongly recommend having an Information Security Manager.
Highlighted below are the roles description required of the Information Security
Manager.
1. Performs detailed Information security assessment on risks and disaster
recovery plan.
Ability to provide you with detailed fact that will be useful in making decision
towards mitigating risks and recovery plans in case there is a breach.
2. The Information Security Manager will document security policies and
procedures.
This policy is part of security measure as it provides you with the guideline of
what acceptable within the organization
3. Awareness of Information security.
Providing relevant education to promote different activities to make employee
aware of information security and bringing the organization up to date regarding
latest technologies.
4. The manager becomes the consultant on different security related
matters within the organization.
How this Role fits into the Organization
The Information Security Manager role will help in achieving the objectives of security
within your organization, thus, giving your customer a level of assurance that will allow
them to perform their transaction and lead to increase in sales.
5|Page
Need for Steering committee
It’s important to set up a steering committee with the addition of Information security
Manager into your management teams. With increase in the team, there is need for
interoperation between these teams leading to overall efficiency from various
management team within the organization. Also, steering committee will help prioritize
activities and resolve any dispute with your organization.
Key Goal Indicator (KGI)
KGI refers to pre-set indicators of process objectives that indicate what should be
achieved by a process defined in the strategy (Mania, 2015). There is a need to know
how to determine if the goals