Login Signup
Verified Document

Findings And Analysis IT Security Essay

Related Topics:
Systems Analyst Hypothetical Security Security Management
Open Document Cite Document

¶ … business organizations incorporate risk management practices of risk IT framework to overcome the security and privacy issues of cloud computing?" The survey questions highlighted the way that managers within these organizations approached this problem from the perspective of philosophy and function. At a fundamental level, most managers understood the need for security, which is the basic starting point. In practice, however, the managers of the different departments noted that not all best practices are adhered to. The solutions that there determined to be the best most common were that security practices are kept in-house, that there are data logs and that there are procedures in place for implementing a hierarchy of access for sensitive data. All companies employ certified, qualified dedicated systems analysts in security, another important consideration. These are the best practices that organizations have to incorporate risk management practices of risk IT framework to overcome the security and privacy issues of cloud computing. There were also three secondary research questions. The first of these was "How important are the organization's and people's data when deploying cloud computing systems?" The findings indicate that data is considered to be quite important. There are qualified security people in place to ensure a high level of security, and the organization typically maintains its own in-house security protocols. Furthermore, having a hierarchy for access to data is an important element of cloud computing security. That these practices are widespread shows support for the idea that data is an important consideration that it taken into account when deploying cloud computing systems.

The next secondary research question was "To what extent do collaborations exist between business and cloud computing vendors?" The responses indicated that there was some concern with the vendors. This could be because the vendors are out of control of the in-house IT managers, for example. But vendors were frequently subjected to security checks prior to signing contracts, and very few managers expressed support for outsourcing security with respect to the cloud. This desired to keep security issues close, and to avoid leaving security entirely as a vendor role, indicates that most IT managers are uncertain about the security practices of the vendors.

The final secondary research question is "How can risk IT framework be incorporated to the operations domains of cloud computing?" There is a gap in some instances between the best practices of these companies and best practices. Some of these gaps are with fairly simple things, such as passwords. Where these gaps exist there are opportunities to use the risk IT framework in order to improve the risk management practices of these organizations.

Implications

The study provides insight into the risk management practices within a couple of different organizations. These insights show that there are many different areas where risk management practices can be improved. In these organizations, the managers appear to get some of the big things right, like having certified and qualified staff, but they are still getting little things like passwords wrong. These are exactly the sorts of risks that expose many organizations unnecessarily. Effective risk management is not...

This study shows that there is still some work to do, within these organizations, in terms of improving risk management practices. Using risk IT framework, some of these issues can be overcome, as they relate to cloud computing.
Limitations

The study is limited in a couple of ways. First, the survey was conducted among managers of two organizations, so it cannot be extrapolated beyond that. The samples were done on the basis of convenience sampling and no attempt was made at randomization, so this should be viewed more as a case study than anything that can be extrapolated to a broader population. The other major limitation of this study is that the response rate was quite low. Of the original 60 surveys that were sent out, only 22 were returned, which gives a return rate of 36.7%. This is a fairly low return rate. Furthermore, the people who returned the survey were self-selecting. This may create a bias, for example that only managers who felt their IT security performance with cloud computing was strong enough would return. Others might avoid answering the survey for fear of revealing that their security practices are actually rather poor. So the self-selection bias could potential skew the results towards showing better security practices among the population than may actually exist. This cannot be tested for, but it is important to realize that this limitation exists.

Delimitation

The choice of the population was done on the basis of convenience. This delimitation has ruled out extrapolating the results beyond the population studied. Other organizations, and other industries, may have dramatically different practices than the ones studied here. Given more time and resources, this delimitation could have been eliminated.

The research also specifically omitted asking questions that directly references IT risk framework. The main reason for this was that it would be left to the researcher to examine how well these practices fit the framework, rather than asking the survey respondents to familiarize themselves with this framework and make their own assessments. The differences that might exist in understanding the framework or how it applies to their businesses would introduce too much variability in interpretation to the results for them to be valuable. Thus, this particular line of questioning was not introduced, but rather the paper was structured for this framework to be implemented by the researcher. Importantly, that includes outlining how the organizations in question can introduce the framework going forward to improve their IT security processes with respect to cloud computing.

Significance of the Research to Leadership

The research has some bearing on leadership of IT because leadership is on all elements. First, there is the philosophical element, wherein the leader needs to set the cultural tone for the organization. It is important at that stage that the leader instills a baseline ethic with respect to IT security practices. The research also relates to best practices, which come from leadership. Not only does leadership set out such practices, but leadership is also responsible for ensuring that best practices are adhered to. So there are some rather pragmatic significance to…

Continue Reading...
Cite this Document:
Copy Bibliography Citation

Related Documents

Essay
Securities Regulation of Nonprofit Organizations
Words: 12607 Length: 45 Document Type: Dissertation or Thesis complete

Securities Regulation SECURITIES REGULARIZATIONS IN NON-PROFIT ORGANIZATIONS The ensuring of the fact that an organization is working as per regulations and is following the code of conduct, while keeping the interest of the public first, are matters which are becoming more and more complicated with the passage of time. Therefore, it can be said with some emphasis, that today one of the most basic issues of many organizations is the issue of

Read More
Essay
Security Overview Businesses Today Are
Words: 3366 Length: 13 Document Type: Research Paper

(Gartenberg, 2005) Like all other aspects of business today, security systems often prove to be highly complex and hard (even for the participants) to identify. The culture of an organization is like the culture of a family, a community, or a nation: Because it surrounds the people in it they often have a great deal of difficulty in recognizing to what extent policies and procedures arise from the constraints of culture

Read More
Essay
Security - Agip Kazakhstan North
Words: 14948 Length: 35 Document Type: Term Paper

They need to know what their responsibilities are not only as individuals but also as team members and corporate employees. David cites an excerpt from a corporate security document that illustrates his point: "A security policy serves many functions. It is a central document that describes in detail acceptable network activity and penalties for misuse. A security policy also provides a forum for identifying and clarifying security goals and

Read More
Essay
Security Planning and Assessment Security
Words: 2028 Length: 7 Document Type: Thesis

It's not necessary, for the purposes of this paper, to look in detail at these steps for a basic understanding of how a security assessment is conducted. To understand the nuances, there are about a million books one can read, but we will discuss a few general "rules." The first thing to keep in mind with an assessment is that the methodology is flexible. It has to be to adapt to

Read More
Essay
Security Awareness the Weakest Link
Words: 8202 Length: 30 Document Type: Case Study

To offer an information security awareness training curriculum framework to promote consistency across government (15). Security awareness is needed to ensure the overall security of the information infrastructure. Security awareness programs is the can help organizations communicate their security information policies, as well as tips for users, to help keep systems secure, and the practices the entire organization should be utilizing. However, as Kolb and Abdullah reiterate, "security awareness is not

Read More
Essay
Security Analysis in the UK
Words: 2541 Length: 8 Document Type: Essay

Security Report In the present day, organizations are reliant on information in order to continue being relevant and not become obsolete. To be specific, organizations are reliant on the controls and systems that have been instituted in place, which provide the continuing privacy, veracity, and accessibility of their data and information (Lomprey, 2008). There is an increase and rise in threats to information contained within organizations and information systems (Lomprey, 2008).

Read More

Sign Up for Unlimited Study Help

Our semester plans gives you unlimited, unrestricted access to our entire library of resources —writing tools, guides, example essays, tutorials, class notes, and more.

Get Started Now