StudyDaddy Information Systems IT 241 Assign-7To complete this assignment, review the Final Project Document.Below I attached related files with this assign.

IT 241 Assign-7To complete this assignment, review the Final Project Document.Below I attached related files with this assign.

SECURITY POLICY FOR MARRIOTT INTERNATIONAL INC


Security Policy for Marriott International Inc

Rashel Hafiz

IT 241

Alicia L. Peltier

09TH December 2018

Introduction

The security policy is a written document of an organization that denotes measures that can be applied to protect an organization from security threats. The security threats include networks system threats and physical security threats. In the case of security threat occurrence, the security policy states measures of handling security threats once it happens. This policy identifies all company assets as well as all the potential threats to those assets. The security policy institutes certain employee's policies as well as strong physical and network security to safeguard the organization operates. The employees of an organization should keep updated about the security policies so that they can avoid behavior that would expose an organization to a security threat.

An organization should always keep updating the security policies regularly to ensure future threats are detected on time and appropriate measures implemented to avoid the losses that might arise due to security exposure. Marriott International Inc observes all security protocol and through its website on the privacy center updated on May 28, 2018, the organization clearly outlines how the firm collects, uses and disclose customer data or visitors. The firm seeks to use reasonable organizational, technical and administrative measures in order to protect the personal data of customers and its employees because they are critical assets of an organization. The firm welcome customer inputs and opinion on security measures as a way of satisfying customer need and safety.

Roles and Responsibilities:

1. Information security officer:

The information security officer (ISO) for Marriott International Inc is responsible for working with user management, investors, custodian to develop and implement security policies, procedure and control an all protocol after they are approved by executives. The information offer ensure:-

  1. Security policies, procedures, and standard are in place and adhered to by an entity.

  2. This officer offers security support for all system and users.

  3. Offer advice in system development and application

  4. Educating employees and other stakeholders on security protocol ad variance measures to consider avoiding compromising security.

  5. The officer provides security audit and reporting the information to Marriott oversight committees.

2. Management or executives

The management makes decision that is critical to the firm success. The role of management or executive in security policy:-

  1. They approve budget or measures that information security officer presents to them.

  2. The financial support to the measure undertakes and gives assurance of security measures to other stakeholders in case of breach or before.

3. Database Manager

This is the managers that oversee the collection of information and are responsible for the creation of that information.

  1. The duties include knowing the data retention period.

  2. Ensure appropriate procedures are taken in order to protect the integrity, confidentiality, and availability of the information created.

  3. Authorized access and assigning custodian, specific control and communicating control requirement to the stakeholder involved.

4. Employees/ User

This includes individual authorized to read, enter or update information. The users are allowed to access information that:-

  1. That support their job responsibilities

  2. keep personal authentication devices

  3. Report to the ISO the loss of misuse of Marriot Inc information.

  4. Initiate corrective action.

Policy Directives

The policy directive includes mandatory guidance that the Firm took to guide employee and to avoid security exposure. The employees should always follow security protocol put in place and adhere to it. The training program which updates employees on new security threats should be attended by all staffs regardless of position. The system should be updated regularly to be in line with the technological requirement as a way of reducing security exposure. The internal audit should be done every month to check whether the systems are still strong. The physical system should be protected through encryption, installed with a modern firewall, and software such as antivirus and daily monitoring of the system.

Enforcement

The auditing of the security system is conducted every month or quarterly to examine the vulnerability of the company security system. The user for example customer and employee should report security issues they experience on time to ensure the firm takes immediate precautionary measures before the issues get out of hand. The employees should keep their password private and not share it with any other employee. The employee should not open any strange messages or use unencrypted mobile phones to enter into the company network system. The peripheral such as a computer, laptop, and disk should be disposed properly to avoid security exposure. The adverse action includes making sure the software installed in the company system has a professional tool that would allow employees to access their computer even not around to their working place. The firm should have a disaster recovery plan that would Cleary describe what employee need do to in order to avoid network system exposure.

Control and maintenance

  1. The policy is updated by the firm employees, the information and technology officer (ISO).

  1. John Desmond, Marriott's e-security strategy: A business-IT collaboration

  2. The policy will be a review on a quarterly basis or annually depending on the needs. For example, if the new division is adopted then it means that the firm has to updates the system to be in line with the new system requirement.

References

Swiss-U.S. Privacy Shield programs (“Privacy Shield”)

The Marriott Group (PDF)

Marriott International Inc. Privacy center. Retrieved from https://www.marriott.com/about/privacy.mi

John Desmond, (April 16, 2001). Marriott's e-security strategy: business-IT collaboration. Retrieved from https://www.esecurityplanet.com/trends/article.php/688803/Marriotts-esecurity-strategyA-businessIT-collaboration.htm

Privacy shield framework. https://www.privacyshield.gov/assistance

Have a similar question?

Continue to edit or attach image(s).

  • Fast and convenient

    Fast and convenient

    Simply post your question and get it answered by professional tutor within 30 minutes. It's as simple as that!

  • Any topic, any difficulty

    Any topic, any difficulty

    We've got thousands of tutors in different areas of study who are willing to help you with any kind of academic assignment, be it a math homework or an article.

  • 100% Satisfied Students

    100% Satisfied Students

    Join 3,4 million+ members who are already getting homework help from StudyDaddy!