Please enable JavaScript.
Coggle requires JavaScript to display documents.
CASE ANALYSIS AND DISCUSSION :pencil2: - Coggle Diagram
CASE ANALYSIS AND DISCUSSION :pencil2:
To investigate Enterprisewide Security Governance in both large and medium sized organizations
DIVERSITY OF DECISION MAKING IS OFTEN LACKING.
Decision makers are found to make decisions without looking at the opinions of others either from within or from the business unit
For some decision makers, because their governing structure did not succeed in pushing it, they never listened and implemented
advice given by others
Corporate (Executive) Level mission statements are vague and provide little guidance for those responsible
for security at the enterprise level
Security Governance
is found to be an add-on to the business and follows an IT Governance approach
Approach from bottom to top
5.1 LIMITED DIVERSITY IN DECISION MAKING
:computer:
limited
diversity in decision-making is common.
The decisions of corporate security are passed down to the enterprise level via policies, procedures and
standards, not objectives or strategies.
Very little thought, innovation or ingenuity enters into security at ITUM at the enterprise level.
If the template does not fit, it will likely create a situation where those involved are involved
in security consider security as an A-Z checklist of things to do.
5.2 CORPORATE LEVEL SECURITY MISSION STATEMENTS PROVIDE LITTLE GUIDANCE .
:smiley:
Governance has become a recognized area of focus in larger organizations
Area
Information Security is a complex and critical component to organizational success
To implement security strategies, the parties involved are not only senior management, but intermediate management
They also need a governance framework to create
accurate decisions on Information Security.
Security related activities at ITUM are performed at the
:question:
- Security Architecture
:!:
Authentication and control of user access,
Identification and verification of users
Monitoring of access control
- Security Application(s) Needed
:!:
Range of hardware
Software and policies exists such as firewalls
proxy servers
monitoring software,
Acceptable use policies
Surveillance technology
Document retention policies
Security Objectives aim to clarify the focus and
provide a reference framework for every important aspect of security activities.