| Information Security Organization Essay Good thesis writing Essay done for you
Information security department is an important level in Rochester Institute of Technology, generally located on the third level of the organization hierarchy. The information security department has beneficial advantages and disadvantages. In this level there are many employees involved, hence officers can face problems.
From the office organization chart above, all the departments of the information security office report to the chief information security officer. This is to develop the flow of communication from the top level to the lower levels of the office. Therefore, if any problems are incurred in the lower levels, they are immediately reported to the chief information security officer. This creates a well-managed environment which results to well, improved and higher performance records, which help with teamwork among staff and office faculties. Apart from that, the setting also helps to identify any threats like suspicious activities which endanger the office work to be quickly identified and necessary steps to be taken.
However this general setting is not advantageous in that the security office should be in the management level, such that the chief security officer can easily be involved in decision-making with other officers, share opinions and other important procedures. Also one of the limitations is the flow of information from other departments. This long way down from the higher level may lead to lose of information hence problems may arise.
Personnel in the Iformation Security Office
The following people with their job titles classification work directly in the information security office of RIT.
Executive director, information security officer
The executive director of the information security department is the topmost manager who oversees all the dynamics of the organization. He is responsible for all the management of the office, its risks, evaluation and implementation of risks management, and information security programs and policies. Apart from management he also handles financial resource allocation for the office, makes all the decisions in the security management of the organizations to ensure that its integrity is not compromised. He develops the important link towards the outside and internal world of the organization. This makes him to be a good decision maker, takes also advices from other |ers, colleagues to help him in improving his decision making and management. Also, most importantly, he is a team player, thus being informed of every proceeding and happenings in the office and organization.
Enterprise information security lead engineer
This is an individual with in-depth knowledge about the various controls in the organization, like technical, maintenance, different intrusions, attacks and firewalls. He is also responsible for keeping track of the defensive mechanisms, and tools which are used. Mainly he is responsible for implementing security measures in regard to the organizations polices and standards.
Sr. information security forensics investigator
From the name, the forensics investigators key responsibility is to investigate the security compromise which had taken place. They are required to keep records that can help them answer questions like why, when and where did the compromise happen. The records can be used for the future decision-making and preventive mechanisms.
Policy and awareness analyst
This is responsible for security Training, Education and Awareness Programs (SETA). It tackles policies and administration roles. The person is responsible of evaluation and collection of personal opinions regarding particular polices in order to avoid disagreements and disruptions, hence prevention of loss and destruction.
Information Security Office Reports
The information security office reports to the Global Risk Management Services and, therefore, the roles in the information security departments are as follows.
Director of public safety
He is responsible for the prevention and control of loss, therefore his main responsibility is the prevention and development of a safe, secure living, working environment for the RIT society. He creates awareness of any incidents or situations. He makes it his responsibility to protect the community against fires, natural disasters, and, thus, make people ready for disaster management.
Director of print and postal hub
He is mainly involved in spreading information and awareness regarding information security. The information office reports to this office to create posters and other materials with awareness information to also prevent loss.
Director of risk management and insurance
He deals with risk assessment and loss financing, but also it is his responsibility to prevent students, staff, faculty and properties from loss and insurance claims for loss.
Director of business continuity
His main responsibility is to provide pre and post incident recovery processes, emergency response, crisis management, communication, risk assessment, loss control and evaluation.
Manager of financial and administrative operations
He is responsible for finance resourcing as well as for allocating financial resources for the use by other departments and information security office.
Associate risk and compliance officer
He is mainly responsible for the implementation of the compliance program, which also deals with loss prevention. His responsibilities are for the general development of institutional compliance programs, compliance mentoring programs, promotion of compliance awareness, identification of policy concerns, and also making sure the risk assessment is consistent with the institutes mission.
Information Security Roles and Responsibilities
Creates awareness of the risks associated with information at RIT. Responsible for directing students, staff, faculty, and staff to ensure full compliance with RITs information security standards.
Information security coordinator
Acts like the liaison between the information security offices and colleges. He is also responsible for managing information security projects, communications and training.
RIT faculty or staff member
Ensures the integrity of e-mails received by the information comply with the standards.
Systems, network, applications, or web page administrator
Responsible for the management of systems, support for network applications, associate with the RIT community. Also provides technical support for maintaining the availability, integrity and confidentiality of all resources.
They follow the standards and policies established in regard to the information accessibility and compliance.
Involves all the trustees, members, or affiliate groups who are affiliated with the RIT, but with less accessibility to private information.
Institute audit, compliance and advisement (IACA)
It is a responsible team, which reviews all the compliance, with all the security standards as part of the office audits.