Reading: Prior to the first meeting of the RWW Enterprise Policy Review Committee, Mike and Iris met in Mike’s office to formulate a common IT and information security approach to the upcoming policy review cycle. Here is part of their conversation:
Mike motioned for Iris to sit down, and then said, “You’ve convinced me that IT and InfoSec policy are tightly integrated, and that InfoSec policy is critical to the enterprise. I would like you to join me as a member of the Enterprise Policy Review Committee. Okay?”
Iris, who knew how important policy was to her program’s success, replied, “Sure. No problem.” Mike continued, “Good. We’ll work together to make sure the EISP you’ve drafted gets equal status with the other top-level enterprise policies and that the second-tier issue and third-tier system policies are also referenced in all other top-level policies, especially those of the HR department.”
Iris nodded. Mike went on, “I want you to take the current HR policy document binder and make a wish list of changes you need to be sure we get the right references in place. Let me see your HR policy change plan by the end of the week.”
1. If the Enterprise Policy Review Committee is not open to the approach that Mike and Iris want to use for structuring information security policies into three tiers, how should they proceed?
Mike and Iris really need to either find a way to get the committee agreeing to their ideas, or back up and listen to ideas from the committee. Either way, the approach should be agreed upon by all those needing to implement it otherwise the success will be jeopardized.
2. Should the CISO (Iris) be assessing HR policies? Why or why not?
Iris, or the CISO, should be assessing the HR policies or at least the portions of the policies that involve and IT involvement. The “thin line” here is that most if not all data that HR uses is stored on some sort of computer system. So the physical policies that involve the data (security, accessibility, and related things) should be control by the CISO. The actual HR policies regarding employees should be overseen and created by HR and management.
Are you looking for a similar paper or any other quality academic essay? Then look no further. Our research paper writing service is what you require. Our team of experienced writers is on standby to deliver to you an original paper as per your specified instructions with zero plagiarism guaranteed. This is the perfect way you can prepare your own unique academic paper and score the grades you deserve.
Use the order calculator below and get started! Contact our live support team for any assistance or inquiry.