Discuss about the Information Security Policies in Large Scale Business.
As we seek to have a deeper understanding of the information security system policies and frameworks adopted in the current business world, getting the relevant information and data regarding the information security policies is very essential. A study by Chatterjee, Sarker, and Valacich (2015) defines research as comprising of defining or redefining challenges and formulation of hypothesis to suggested solutions as well as collection and organization of related data. It is followed by the process of evaluation of data, decision-making on the effective conclusions. Understanding different security domains can also e important in knowing some of the relevant and essential steps that when adopted can reduce the incidences of information security policies. The conclusion can be further tested to prove their relevancy to the formulated hypothesis. The research methodology is hence a systematic and scientific study aimed at finding a solution to a problem (Feng, 2011). This paper presents the study of the various steps mentioned above, along with the logic behind every step to arrive at an appropriate solution. The paper systematically conceives planned, systematic designs that will be applied in the study.
Large business organizations are characterized by large number of employees who are given the responsibility of performing various activities within the organization. According to Feng (2011), the traditional information security strategies adopted by large-scale organizations are no longer sufficient in dealing with the dynamic and expanding cyber-risk environments. There is a thus a need of research so as to approve the policies that can be adopted or are practiced by the large-scale organizations to manage, govern, and perform the function of securing the business information. With the advancement of information technology, there are increased cases of cyber crimes as well as information insecurity. Delicate business secretes find its way to the third party and even result to loss of trust and huge finances. Carrying out research on the most sufficient and appropriate in understanding the information security policies adopted so as to understand the appropriate recommendations that can be adopted to manage the increased cases of information insecurity as a result of technological advancement.
In ensuring success towards attaining the goal of the study from a global technological viewpoint, the study gives the highest priority to the information security policies adopted in various global businesses today. Various studies report that very sensitive company or corporate information tend to be very vulnerable to different attacks, mainly on information that is of prime importance (Guo et al., 2011). The study thus narrows to the hypothesis and objectives stated below.
This main aims of this study will be to find answers to the following questions
What are the advantages of implementing information security in large-scale businesses organization?
What is the status of information security policies applied in the worldwide market?
The identification and comparison of the information security domains and systems adopted by different security parameters and that commonly implemented by different businesses.
These questions will be essential in finding answers to the vital aim of the project research: finding out information security policies adopted in large-scale businesses.
This study is vital as it will help in identifying or determining the information security policies adopted by various firms or global businesses. Understanding different security domains can also be important in knowing some of the relevant and essential steps that when adopted can reduce the incidences of information security policies. For this reason, this study will focus on the information policies on the security of the organizations that are adopted by different global businesses. Such security policies will also be implemented by other smaller organizations to help in reducing cases of insecurity towards essential organizations information.
The research study aims at collecting information security policy strategies from the selected global business organizations. These organizations are further divided into three sections or categories such and BPO, Hardware, and Software. Of the three types of companies, the respondents expected will be the top level of medium employees of these business organizations. The targeted respondents thus include information officers, security officer, information security managers, software developers, system administrators, chief technical officer, project managers, and network administrators of the organizations. Other groups that will be targeted as part of the interview respondents also include the human resource managers together with authorized users as they primarily support the relevant preliminary security information in many global business organizations. Ambiguity is normally associated with terms, words, concepts, and notations that are not clearly defined for a specific concept according to Chen, Ramamurthy, and Wen (2012). For instance, in sending the questionnaires, the questionnaires will be monitored so as to avoid generating query regarding any undefined or unknown concepts. The step will thus ensure the study mainly focuses on information security standards in relevancy to the policy guidelines regarding the validity, and reliability of the questionnaires.
In the current business world, the use of information technology is a pensive issue. However, with the internet proliferation and easy access to technological innovations, there is an increase in the use of technology for very unethical issues in many businesses. In many instances, problems such as hacking, plagiarism, spoofing, and software piracy, among others are on the rise. The distributing trend on a large scale has proliferated unethical IT use, thus fuelling the global popularity of the internet and personal computers. As a result, serious security concerns have caused various security violations, especially by insiders of different organizations.
Based on the research objectives, problem statement and justification of the study, the project will test the following hypotheses.
The research design is the outline of the study indicating the steps taken by the research process concerning the operational implications and the hypothesis to the final analysis of data. Research design, thus ensures the arrangement of the data collection and analysis parameters in a manner, aiming at combining relevance to the purpose of the research and its economic procedures (Goel, 2015). It thus constitutes decision regarding where, why, what, how, and when concerning the research inquiry. It involves the sampling, observational, statistical, and operational design for the study of the information security system policies in various global business sectors.
According to Goel (2015), the sampling design adopted in a study is based on the element selection technique and the representational basis adopted by a study. The investigation of the information security policies will adopt a random sampling method in selecting the samples of data. The random sampling process will be carried out in five of the top thirty global businesses that also operate within the markets of the United States, i.e. ICBC, China Construction Bank, Toyota Motors, Apple, Samsung Electronics. The study will ensure that the top ten global companies selected to adopt the use of IT at different levels of their information security systems to make the sampling data relevant to the objective of the study.
Each of these companies will have over 45 employees’ sizes, dealing specifically with information security and where nine employees will be selected from every company. Among the nine employees selected, the study will randomly select three software, three hardware, and 3 BPO information specialists. The study is aimed at selecting the IT company employees based on the employee size since the objectives of the study mainly target the administrative or management information security systems and not on the technical policies adopted within the organizations. Information security policy implementations are greatly affected by the administrative policies subjected to the organization employees for proper implementation.
It will involve the use of questionnaires that will be sent to all the randomly selected employees. The study will then record the number of employees who have responded to the study as it analyses the kind of information filled in the data. With the aim of sufficiently collecting equal information security representation from the software, hardware, and BPO, the study will randomly choose three employees from the selected nine information security personals. The random sampling method will be used in the study as it is a simple but effective method of sampling and data collection in a less or more homogenous on the information under study.
The observation method adopted in a study involves the different methods adopted in the process of collecting primary and secondary data for a study (Kothari, 2004). In his study, Kothari notes that survey method is commonly adopted for the primary data collection by many researchers. However, the collection of the primary data for this study will involve the use of observation and direct interview carried out on particular IT personnel in the selected companies. The questionnaires used for the study will also collect information regarding internet access, data access, email access, physical access, and user access to other domains of security policy strategies employed by the organizations.
Interview method involves the presentation of oral-verbal response and stimulus in the process of collecting verbal information from the targeted audiences according to Liu and Meng (2010). It is the fastest, cheapest, one of the most flexible methods (Kothari, 2004) that will be adopted in the study so as to identify the relevant questions and information that will be adopted in the pilot survey of the study. This will involve a one-on-one discussion with some of the employees of the selected organizations. From the collected information during the pilot survey, questionnaires can thus be formulated with relevant information that targets specific personnel of the selected organizations so as to collect the relevant information security policies adopted.
Questionnaires for the study will be formulated with a base on various information security policies, standards, and security procedures that are globally accepted. The questionnaires will be designed for twelve different information security domains. The domains include Hardware acquisition, digital signatures, organization security structures, disaster recovery and business continuity planning, software acquisition, Telecom and Network security, as well as access to the user, data, emails, and the internet. In the process of the survey and distribution of the sampling questionnaires, observation method of sampling will as well be used for collection of vital security procedures.
Each of the selected domains above will be a representation of the subset of the entire questionnaire. All the questions that will be adopted in the study will as well be subjective questions based on a yes or no type while less than 10% of the questions were of multiple choices. The subsets of the questionnaires will then be distributed to different information security departments as per the domains of the organizations. The questionnaires will be forwarded to the respective organizations through the human resource department authority.
Procedures such as the security policy protocols followed when visiting the selected organizations will provide primary information about the information security strategies accepted within the organization (Chen, Ramamurthy &Wen, 2012). Information regarding the gate passes of different points of entry, security protocols regarding denying or allowing particular behaviour or access by visitors, and the use of information security devices such as pen drives, mobile phones, or CDs within the organization will be very essential (Gao & Luo, 2013). Automatic door lock facilities or even denying the use of internet in specific machines will as well provide vital primary information security strategies that are adopted by the organizations according to Domitrackos (2012).
In their study, Chen, Ramamurthy and Wen (2012) denote that different statistical tools are majorly used for different roles in designing research project processes. They are as well important in analyzing any data collected with the aim of drawing the relevant conclusions of the study. These statistical tools are hence essential in testing or measuring different statistical hypothesis so as to attain specific objectives of a study process. At the end of the study, SPSS and Excel software will be used to analyze the data collected. However, for the selected organizations, data segregation and consolidation will be done using Minitab software. The same Minitab or SPSS will be used in the calculation of the percentage analysis of BPO, Software, and Hardware which will be the three different software companies.
Cross tables
Cross tabulations will be used in representing the data output after the analysis has been done using different tools. Chatterjee, Sarker, and Valacich, (2015) define a cross tabulation as the table representing the joint frequency distribution of discrete variables. As a result, the columns and rows will represent or correspond to the possible value of the first as well as second variable as the cells containing the frequency of the occurrence of the corresponding pairs of value of both the first and second variables. The cross tabulation will be used in the representation of the data because it has several advantages. For instance, Siponen and Vance (2010) report that they are very easy to interpret and understand thus preferred by people who are not interested in using other sophisticated measures. The tables will also give a deeper insight of the security policies of the organizations rather than just suing a single statistic. It thus helps in avoiding cases of sparse or empty cells and is simple to conduct. As a result, the cross tables will be used at any level of measurement of the information security data on whether ordinal, interval, nominal, or even ratios.
The study will be organized as follows:
Proposal of the research project as presented in this assignment.
An in-deep analysis of the recession of the case study.
This will include the methodology focusing in the literature review, data analysis, as well as the observation of the key recession indicators and methods of data analysis.
The project outcome and analysis of the research.
Summarizing the vital findings of the project together with their implications
The table below is indicating the projected duration that the research is expected to take from the beginning to the end.
|
Task |
Starting date |
Ending date |
Days |
|
Project proposal |
10/8/2016 |
21/8/2016 |
11 |
|
Reviewing the relevant information and the literature |
05/09/2016 |
25/09/2016 |
20 |
|
The data collection process |
6/10/2016 |
6/12/2016 |
60 |
|
Analysis of the collected data |
15/12/2016 |
30/12/2016 |
15 |
|
Final report submission |
5/1/2017 |
30/1/2017 |
25 |
Deliverables and milestones
The process of research and completion of the project is expected to $5500 within the stipulated time as per the Gantt chart. The budget is specified due to the following reasons:
|
Perimater |
Estimated expenditure |
|
Literature review |
$ 1500 |
|
Collecting data |
$2500 |
|
Analyzing the data |
$1500 |
|
Total budget |
$ 55000 |
References
Akinbinu, T. a., & Tiamiyu, M. A. (2016). Attitude of Civil Servants Towards the Use of Research Information in Policymaking in Selected Ministries in Lagos State, Nigeria. Library Philosophy & Practice, 1-25
Chatterjee, S., Sarker, S., & Valacich, J. S. (2015). The Behavioral Roots of Information Systems Security: Exploring Key Factors Related to Unethical IT Use. Journal Of Management Information Systems, 31(4), 49-87. doi:10.1080/07421222.2014.1001257
Chen, Y., Ramamurthy, K., & Wen, K. (2012). Organizations’ Information Security Policy Compliance: Stick or Carrot Approach?. Journal Of Management Information Systems, 29(3), 157-188
Dimitrakos T. (2012). The CORAS framework for a model-based risk management process. In the Proceeding of the 21th International Conference on Computer Safety, Reliability and Security, 2002. 18.
Feng M, (2011). “An information systems security risk assessment model under uncertain environment”. Applied Soft Computer, Vol. 11, No.7, pp. 4332-4340.
Gao Y, & Luo J. Z. (2013). Information security risk assessment based on grey relational decision making algorithm” , Journal of Southeast University, Vol. 39, No. 2, pp. 225-229.
Goel, C. V, (2015). Information security risk analysis – a matrix-based approach. Journal of Southeast University, Vol. 39, No. 2, p. 168-75
Guo, K. H., Yuan, Y., Archer, N. P., & Connelly, C. E. (2011). Understanding Non-malicious Security Violations in the Workplace: A Composite Behavior Model. Journal Of Management Information Systems, 28(2), 203-236
Puhakainen, P., & Siponen, M. (2010). Improving employees’ compliance through information systems security training: an action research study. MIS Quarterly, 34(4), 767-A4
Siponen, M., & Vance, A. (2010). Neutralization: New insights into the problem of employee information systems security policy violations. MIS Quarterly, 34(3), 487-A12
Essay Writing Service Features
Our Experience
No matter how complex your assignment is, we can find the right professional for your specific task. Contact Essay is an essay writing company that hires only the smartest minds to help you with your projects. Our expertise allows us to provide students with high-quality academic writing, editing & proofreading services.
Free Features
Free revision policy
$10Free bibliography & reference
$8Free title page
$8Free formatting
$8How Our Essay Writing Service Works
First, you will need to complete an order form. It's not difficult but, in case there is anything you find not to be clear, you may always call us so that we can guide you through it. On the order form, you will need to include some basic information concerning your order: subject, topic, number of pages, etc. We also encourage our clients to upload any relevant information or sources that will help.
Complete the order form
Once we have all the information and instructions that we need, we select the most suitable writer for your assignment. While everything seems to be clear, the writer, who has complete knowledge of the subject, may need clarification from you. It is at that point that you would receive a call or email from us.
Writer’s assignment
As soon as the writer has finished, it will be delivered both to the website and to your email address so that you will not miss it. If your deadline is close at hand, we will place a call to you to make sure that you receive the paper on time.
Completing the order and download