Strategic Information Security Essay

Question:

Select one Organisation of your Choice. Investigate and report on the Current State of this Organisation.

Answer:

Introduction:

E serve global is a revolutionary digital financial transaction company operating in Australia. It enables the telecommunication and financial service providers for creating smooth transactions intended for their customers. A wide range of transactions services are offered by the organization such as commerce, digital wallets, business analytics, rapid service connection, recharge and remittance. Solution and types of services are provided to the client that are example of expertise and innovation (eservglobal.com 2017). Solutions provided are rapidly deployed and developed that will help the customers to adapt to the changing market conditions. In all the areas of business, E serve global has been acting with integrity and they are committed to be a sustainable and respectable global company providing solutions to the world that are technologically advanced. In order to foster a development of positive relationships with the client, organization endeavors to have openness and transparency at all level of interactions. Organization has the belief of getting involves in the sustainable development and minimizing the impact of operations on the environment. E serve global is committed to meet all the requirements of statutory, regulatory and customary regulatory environment in all the areas of operations and the market that they are serving. Irrespective of the operations of business that is from vendors, agents, consultants and business partners, organization does not tolerate any sort of corruption or act of bribery. Discovery of any sort of corruption-involved activities in organization would be decisively terminated (Ab Rahman et al. 2015).

Discussion:

Management of information security-

Information security is something that needs to be taken care of by the proper application of technology and money. Improvement of information security is considered as critical part of success. Critical factor for the appropriate implementation of information security is people working in organization. The ethical commitment of E serve global is based on the values such as positive relationships, loyal and transparency, confidentiality, respect of environment, respect for health, security, and prevention of conflict of interests. Concerning all the areas of business, managers of business should manage the business activities along with the information security.

E serve global is making rapid progress resulting from open-minded production development and production expansion along with efficient utilization of innovations. Prevailing atmosphere encourages cooperation. In order for organization to bear on information security area for facilitating the development of innovative solutions, positive innovations should also be brought. One of the best things regarded in the practices of information security is the adoption of international standards that offers improvement. Benefits attributable from the adoption of such practices involve improved handing of problems that is associated with the wireless technology, internet and portable devices. Moreover, this would also help in better managing the security among sub-contractors, business providers and other service providers. Regardless of cultural regulations of organization, such practice provides a common language for information security (Baskerville et al. 2014).

Information security policy is the policy outlining the guidelines of organization for directing the behaviors relating to their information security. It is a detailed statement of what the organization must do to comply with the rules governing policies. The security requirement of E serve global has not been assessed adequately by the management resulting from the lack of understanding of the issue concerning information security (Harun and Hashim 2017).


From the analysis of the information security management of E serve global, it was ascertained that that existing culture of organization have been ignoring the policies of securing the information assets and least focused on managing the information security. It might be due to the lack of knowledge on art of employees and unawareness of refreshing policies. There are risks related to the information process resulting from lack of updating and reviewing on part of management of organization. Therefore, it is required on part of organization to have significant changes that will be assisted by reviewing and amendment of existing policies. It is required by organization to uniformly enforce the emended policies concerning information security (Safa et al. 201).

Types of ethics and laws those are vital for information security management of organization:

Environmental protection laws:

E serve intends to provide technologically advanced telecommunication solutions to the world and is regarded as the sustainable global company.

Anti-corruption laws:

Any act of corruption or bribery is not tolerated by the organization and organization intends to decisively terminate every such activities. Concerning the data protection, there is a privacy team for legal guide.

Information security policy of E serves global enterprise:

Information security management is the process by which E serve global secure and protects the information resources that maintain and process the information that is crucial for their operations. Risks to the information system is managed, measures and controlled by the organization by ensuring the availability, integrity, accountability and confidentially for system actions. The objective of the management of information security of E serve global is to protect the information sources from damage and unauthorized access. Organization will be able to achieve data integrity, data confidentiality and availability of information resource by way of securing the information resources (Layton 2016).

The business objectives of organization are supported by E serve information resources that involve facilities, hardware, software, infrastructure and many other resources. The reality represented by organization is correctly reflected by the data used by organization in their information system. The shared information confidentiality needs to be ensured by the information technology resources and applicable users of E serve. Information security policy is appliance to all the users of information assets such as employees, agencies, third party service providers or any contractors along with the clients of business. The information resources that are involved in the policy are stand-alone or network that is shared or individual (Crossler et al. 2013). Furthermore, it also relates to personal digital assistants, wireless devices, and workstations, networking devices, software and peripherals.

Some of the supporting policies concerning information resources are guidelines for risk assessments and risk mitigations, policy for controlling documents and records, policy seeking responsibility for management, network security policy, operating system access control and policy for managing the facilities concerning information processing.

Each employees of e serve global does not disclose any information to third parties or to any other people who are not entitled to receive. Employees of organization are committed not to use any privileged information for their own purpose or in connection with any other purpose. A non-disclosure agreement was established by the organization with its sub-contractor and partners. Each person who are involved with e serve global are requited to sign individual deed of confidence. All the regulations and applicable laws that are applicable in the country complies with the organization. It is applicable in the where the organizations are involved in doing business and between the international laws within the country. Such laws are include without any shortcomings:

  • Environmental regulations
  • Universally declaring human rights
  • International labor organization

The interest of each party is respected by the organization and contract terms is fairly negotiated and transparent. Furthermore, these entire contracts also adhere to the principles that are equivalent in the code of ethics.

Governance and strategic planning for security:

Achieving the strategic goals of security helps organization in bringing optimum level of investments and risk posture that is acceptable at the lowest costs. Management and board of organization should have the understanding of criticality of information security. Investment made by organization in information security should be reviewed for making it align with risk profile and strategy of organization. The information security program of organization should have production of reports on regular basis from the management. The management and boards should endorse implementation and development of comprehensive information security programs. Information security governance in organization would lead to the generation of several outcomes. The governance concerning to information security and its criticality and complexity requires the concerns to be elevated to the highest level of organization (Tuna et al. 2017). E serve global to secure their operations of business to clients requires having an effective governance strategy concerning information security.


Information security is regarded as the challenge posed to the governance of organization and the emerging threats associated with it needs to be assessed by the involvement of executives of organization. Improved security of information is of utmost important to organizations with dramatic rise in information crimes such as cyber-attacks and phishing. There needs to be a balance between the applied technology and sound management concerning information security. Organization is also exposed to losing some of their critical information relating to operations, financials and accounting along with the loss of equipment’s, facilities and people. This has made the governance relating to information security critical facets of the total governance of organization.

Governance and strategic planning for security:

The environment in which the organization operates is ever changing and employment of governance operating model will help in addressing need and enhancing the ability of management to implement the governance policy. Model would assist the management and boards in fulfilling their own business objectives. This will assist them in organization the structure of governance and the implementation of mechanisms. There can be faulty structure of governance due to the lack of proper governance model and existence of gaps in the governance mechanisms. It is required by organization to overcome the inadequacies pertaining to the governance and strategic planning of organization. Need of governance operating model is due to huge number of related procedures and complexities in governance (Cassidy 2016). Governance operating model of organization will be able to address the following facts:

  • The model helps in proved the management and boards with the information they requires to affect the governance concerning the financial and operational risks management and the process of reporting. It will enable the organization to conduct their activities by complying with the regulations and thereby serving the strategic ends.
  • It helps in the creation of feedback loop leading to sustainable governance by enabling the management to respond and identify the operational, new business, regulatory and competitive needs.
  • Adoption of such model will also help in bridging the gap between operational realities and governance framework. This is done by bringing the governance framework of organization to the level of responsibilities, roles, reporting lines and communications.

The governance-operating model may solve the common problem of management by memo of the organization because articulating the issues and policies concerning governance by management is quite simple. Such governance framework would enable the organization to assess and execute their governance programs. The operating model involves the governance infrastructure and this involves gathering of the information to the stakeholders and management. Employment of such model will help in translating the polices and framework of governance into job responsibilities, policies, procedures and practices within the infrastructure of corporate governance. Operating model that should be employed by organization have major components such as oversight responsibilities, talent and culture, structure and infrastructure. Various benefits are attributable from the incorporation of corporate governance operating model (Ahmad et al. 2014). Organization has improved clarity, improved coordination, greater visibility and increased effectiveness within the organization.

Governance in the information security planning comes with controlling in few areas such as value delivery, alignment, management of resource, management of risks and management of performance. A larger view is taken by organization concerning information and has an enlightened approach and there must be adequate protection of such information irrespective of how the information is processed, handled, transported and stored by E serve global. It is essential for organization to address the security of information at the total enterprise level. Governance challenge is involved in managing the information security and this comprise of reporting, sufficient risk management and accountability (Peppard and Ward 2016).


The executive management and board of governance of organization calls for organization to review the return and scale of current and future investments in the information resources for their optimization. There should be creation of new opportunities whilst reduction of costs associated with the potential change in technologies that has the potential of dramatically changing the practices of business (Nunan et al. 2014). Some of the associated implication that should be considered by E Serve global are as follows:

  • Increasing reliability of organization on the system and information’s and communication that help in delivering the information.
  • Reviewing the value of enterprise and the impact on reputation arising from the failures of information security.
  • Concerning the importance of security, if there is failure on part of management of organization to set it at the top.

One of the intrinsic parts of the governance efforts of enterprise is the information security and this is regarded as an attempt that should be taken by the board along with aligning the information security governance focus. Governance in the information security is a transparent and integral part of whole governance structure and that should be aligned with the governance framework of information technology. In order to govern other critical resources of organization, it is required by the management and board to make information security a fundamental part of the framework of governance. Safeguarding of information is done by several components involved in the governance that involve organizational structure, processes and leadership. Some of the outcomes associated with inclusion of information security as part of the governance structure is supporting organizational objectives by strategically aligning the business strategy with information security. The management of risks associated with the information to bring it to an acceptable level is execution of appropriate measures for managing and mitigating the risks. It would lead to utilization of knowledge concerning information security and effective and efficient management of resources relating to information. Optimizing the investments in information security by value delivery that is in support of objectives of organization. Organization would be able to ensure the achievement of business objectives by the performance measures governance metrics such as reporting, monitoring and measuring of the information. The adverse impact of bringing the information to an acceptable level of risks concerning information security (Merkow and Breithaupt 2014).

Corporate governance framework of information security

(Source: Peltier 2013)

Information assets are protected against the risks of operational discontinuity, unauthorized disclosures, misuse and risk of loss with the help of information security. It might happen that E serve global would face legal liability due to loss of information or their inaccuracy and management and governance of information security would help against the rising of this increasing potential.

Governance concerning information security requires the commitment of senior management, promoting the security good practices, a culture that is security aware and compliance with the policy. Significant benefits are generated the organization arising from the governance of information security. Organization practicing information security governance can have increased share value of an organization. Risks related to information security at an acceptable level would be lowered by reduced uncertainty and increased predictability (Pearlson et al. 2016).

Recommendations:

The main factor of the productivity growth and competitiveness of organization is technology. For the management of information security, it is required by organization such as E serve global is to adopt the decision tool is the security metrics. It would help the organization to achieve the objectives of improving and monitoring the security level. Moreover, it will also help in contribution towards the improvement in the existing system of information security practices by their integration in the business processes. The creation of security metrics is the concern of organization that is done by collection and development of data and information (Gandhi et al. 2017). It can be achieved by measuring the security policy realization and carrying out the assessment of delivered security services.


The implementation of security metric program concerning the efficient information security management is that it should be aligned to the organizational objectives, it should be associated with costs and measurable and focusing and emphasizing organization’s current issues. The information assets of E serve global can be managed in better way by the application of standards concerning the code practices for information security management concerning the issues and giving recommendations for the same. It is essential for organization to be responsible for importance of managing the information assets that would be possible from the application of standards (Flores et al. 2014). Considering all the dimensions of information security, the standards of information security would deal by recommending the facts.

Conclusion:

From the above discussion and critical analysis of E serve Global enterprise, it can be said that the first and foremost function of the policies mentioned is that they are meant to prevent any situation that may arise due to leaking of any information assets and thereby properly managing the information security. It must be realized by the management of organization that planning decisions and information security funding involves many more things rather than just the employment of technical managers. There needs to be three separate group of decisions makers that is information technology managers, information security professionals and non-technical business managers. For the organization to be competent, it is required that there should be sufficient knowledge of security to the people involved in the organization. From the analysis of the information security management of E serve global, it is ascertained that there is lack of understanding on part of management relating to security issues. There has also been increasing number of unintentional and intentional acts due to lack of management interests and this has resulted in costly and significant disruption to the information system of organization.

References:

Ab Rahman, N.H. and Choo, K.K.R., 2015. A survey of information security incident handling in the cloud. Computers & Security, 49, pp.45-69.

Ahmad, A., Maynard, S.B. and Park, S., 2014. Information security strategies: towards an organizational multi-strategy perspective. Journal of Intelligent Manufacturing, 25(2), pp.357-370.

Baskerville, R., Spagnoletti, P. and Kim, J., 2014. Incident-centered information security: Managing a strategic balance between prevention and response. Information & Management, 51(1), pp.138-151.

Cassidy, A., 2016. A practical guide to information systems strategic planning. CRC press.

Crossler, R.E., Johnston, A.C., Lowry, P.B., Hu, Q., Warkentin, M. and Baskerville, R., 2013. Future directions for behavioral information security research. computers & security, 32, pp.90-101.

Flores, W.R., Antonsen, E. and Ekstedt, M., 2014. Information security knowledge sharing in organizations: Investigating the effect of behavioral information security governance and national culture. Computers & Security, 43, pp.90-110.

Galliers, R.D. and Leidner, D.E. eds., 2014. Strategic information management: challenges and strategies in managing information systems. Routledge.

Gandhi, A., Ruldeviyani, Y. and Sucahyo, Y.G., 2017, July. Strategic information systems planning for bureaucratic reform. In Research and Innovation in Information Systems (ICRIIS), 2017 International Conference on (pp. 1-6). IEEE.

Harun, H. and Hashim, M.K., 2017. STRATEGIC INFORMATION SYSTEMS PLANNING: A REVIEW OF ITS CONCEPT, DEFINITIONS AND STAGES OF DEVELOPMENT. planning, 3(2).

Hosseinian-Far, A. and Chang, V., 2015. Sustainability of strategic information systems in emergent vs. prescriptive strategic management. International Journal of Organizational and Collective Intelligence, 5(4).

Jamroga, W. and Tabatabaei, M., 2016, September. Information Security as Strategic (In) effectivity. In International Workshop on Security and Trust Management (pp. 154-169). Springer International Publishing.

Layton, T.P., 2016. Information Security: Design, implementation, measurement, and compliance. CRC Press.

Merkow, M.S. and Breithaupt, J., 2014. Information security: Principles and practices. Pearson Education.

Nunan, A.E., de Moraes Costa Filho, M.J. and Lima, A.A., 2016. Information security as strategic factor in the information management in public administration. REVISTA DO SERVICO PUBLICO, 67(1), pp.109-129.

Pearlson, K.E., Saunders, C.S. and Galletta, D.F., 2016. Managing and Using Information Systems, Binder Ready Version: A Strategic Approach. John Wiley & Sons.

Peltier, T.R., 2013. Information security fundamentals. CRC Press.

Peltier, T.R., 2016. Information Security Policies, Procedures, and Standards: guidelines for effective information security management. CRC Press.

Peppard, J. and Ward, J., 2016. The strategic management of information systems: Building a digital strategy. John Wiley & Sons.

Safa, N.S., Sookhak, M., Von Solms, R., Furnell, S., Ghani, N.A. and Herawan, T., 2015. Information security conscious care behaviour formation in organizations. Computers & Security, 53, pp.65-78.

Safa, N.S., Von Solms, R. and Furnell, S., 2016. Information security policy compliance model in organizations. computers & security, 56, pp.70-82.

Tuna, G., Kogias, D.G., Gungor, V.C., Gezer, C., Ta?k?n, E. and Ayday, E., 2017. A survey on information security threats and solutions for Machine to Machine (M2M) communications. Journal of Parallel and Distributed Computing, 109, pp.142-154.

us, A. (2017). About us. [online] eServGlobal. Available at: [Accessed 18 Aug. 2017].

Vacca, J.R. ed., 2013. Managing information security. Elsevier.

Von Solms, R. and Van Niekerk, J., 2013. From information security to cyber security. computers & security, 38, pp.97-102.

Whitman, M. and Mattord, H., 2013. Management of information security. Nelson Education

How to cite this essay: