StudyDaddy Information Systems Assessment Description: The main objective of information security frameworks is to lower the level of risk, reducing the possibility of a vulnerability and making the company more secure. The framewo

Assessment Description: The main objective of information security frameworks is to lower the level of risk, reducing the possibility of a vulnerability and making the company more secure. The framewo

10

Information Technology Governance Framework








Institutional Affiliation:

Instructor’s Name:

Student’s Name:

Course Code:



Evaluate the components of IT governance that facilitate regulatory compliance within the organization.

Mervin INC. has designed and developed its information governance framework to manage its information technology resources effectively, thus allowing it to achieve its objectives. Regulatory compliance is considered a critical aspect in the company's information technology governance, and it has set up several components that will allow it to comply with its regulatory requirements. Some of the components that the company uses include

Policies and procedures

The policies and procedures allow the organization to meet the governance framework as they define the rules and guidelines on how information technology resources should be used and managed. Furthermore, the policies and procedures are designed to ensure information technology resources are standards required by the organization.

Risk management

The risk management process assesses and identifies the risks in the organization and classifies them according to their impacts on the business and the likelihood of the risks happening in the business. After the risks have been identified, the management of the organization sets strategies on how the risks can be eliminated. (Stein, 2018)

Training and Awareness

The organization uses training and awareness to ensure that the employees are aware of their requirements, thus allowing them to work in accordance with the requirements of the organization. Training and awareness allow employees to understand their roles, thus meeting regulatory compliance in the business.

Compliance monitoring

The organization has set and developed compliance monitoring strategies that ensure that the normal running of the information technology resources follows the organization's standards. Compliance monitoring monitors a wide range of systems in the organization, including information technology systems, processes, controls, and issues reported to the required department.

Incident management

The information governance framework of the organization is composed of an audit plan that determines the requirements that are to be met by each regulatory compliance which is followed by an incident management plan which is composed of reporting plan, investigation, and a resolution plan which identifies how the risks of the business are to be handled in the business. (Barbosa et al. 2014)

The overarching guidance and laws the industry should comply with

The overarching guidance and laws allow the organization to operate fairly ethically and comply with its regulatory requirements. Some of the overarching guidance and laws include;

Financial reporting and disclosure requirements – Mervin INC must comply with the financial reporting system and the disclosure requirements that allow it to provide accurate and timely information about its financial performance.

Data protection and privacy laws – Mervin INC is required to comply with data protection and privacy laws that govern how the company can use the information that it collects, uses, and stores associated with the stakeholders of the business.

Anti-corruption laws – the company must comply with anti-corruption laws, which prohibit it from participating in issues associated with corruption and other forms of corruption.

Intellectual property laws – the company is required to comply with intellectual property laws that protect the use of copyrights, trade secrets, and trademarks.

Labor laws – the organization is required to comply with the labor laws which govern issues such as working hours an employee is required to work overtime and a minimum wage for all the employees of the business.

Examine the requisite set of standards, frameworks, policies, and best practices in the development and implementation of the organization's objectives.

The additional requirements that Mervin INC is required to come up with when developing and implementing the objectives of the organization include the Cybersecurity Framework (CSF), the international organization for standardization (ISO), and the National Institute of Standards and Technology (NIST). The cybersecurity framework is composed of voluntary standards and best practices that can be used by an organization to minimize cybersecurity risks. (Tallon et al., 2019)

The National Institute of Standards and technology will play a crucial role in promoting innovation and industrial competitiveness by advancing standards and technology for economic security. NIST can be used in promoting measurements, standards, and technology to produce systems and services which are reliable to support business operations. Lastly, the management can opt to use the international organization for standardization to encourage innovation in the company as it supports the development of innovative ideas associated with the business, thus allowing it to increase its international trade and investment, which can play a crucial role in promoting economic growth and development.

Requirement analysis for formulating and deploying business information systems and solutions

For Mervin INC to formulate and deploy the business information systems, it needs to know the financial tasks that are required to be carried out by the information systems. After identifying the tasks, it has to follow setting up the standards that the company requires for it to be successful, which the company's information technology resources must meet. After setting up the standards, the company is required to identify the risks associated with the data management systems and an effective strategy on how the risks can be mitigated. (Stein, 2018)

After setting up a strategic plan on how the company can analyze the risks, the company can ensure that its policies and procedures are always active and up to date and are adhered to ensure that they are able to comply with the regulatory requirements of the company. The company should ensure that whenever new systems are added to the network, they are well configured to the information systems to ensure that the security controls are effective enough to control security policies to be used in the company. Lastly, the management of the company should ensure that the information technology teams are well-trained in security and procedures on how they can handle data that is stored in the company.

Critical data infrastructure assets of the company

The company's critical infrastructure includes the network, computer utilities, applications, computers, and the customer and client data categories, such as the basic and the interaction data. The networking infrastructure comprises networking hardware, software, and networking services that ensure all computers are in the same network. Computer applications are software that is designed with the aim of helping computer users carry out some tasks, which include managing computers, maintaining computers, and also optimizing computers.

Computer applications are software designed to allow users to achieve a specific purpose, and there are several applications used in the company where they include creativity, communication, productivity, and the purpose of the business. Computers are electronic devices used in processing data, storing data, and running software applications. Client data that is considered to be a critical asset in the infrastructure include basic and interaction, as when criminals come across this data, they can impersonate customers, which leads to risks in the company. (Liu, 2020)

Human resources for technical, management, and legal operations

As a leading loan provider, Mervin INC is associated with multiple human resources for various operations. The human resource for technical operations is the information technology manager to ensure the technical infrastructure of the company meets its requirements. The human resource for management is the chief operations officer, and his main role is coordinating management activities and providing the company with a strategic plan on how various activities are to be done. The human resource for legal operations is to ensure that the company complies with relevant laws, regulations, and industry standards and helps the company overcome legal issues.

The requisite law enforcement entity where data breaches are reported

In case a data breach occurs in the company, the company has to evaluate the record stolen from the data breach and report the incident to the state law enforcement agency, as a data breach is considered a criminal offense where there the company might encounter financial loss and data theft. Reporting the incident to state law enforcement agencies will help the company investigate the attack, identify perpetrators, and prosecute them. (Tallon et al., 2019)

Cybersecurity policies in relation to the organization are aligned with the laws, regulations, and standards.

There are several cyber security rules and regulations that the company has to comply with, which include the Gramm-Leach-Bliley-Act(GLBA), Sarbanes-Oxley Act (SOX) National Institute of Standards and Technology (NIST), and the federal information security management act(FISMA). The Gramm-Leach-Bliley Act requires Mervin INC to safeguard and protect customers' information. The Sarbanes-Oxley Act requires the company to maintain effective internal control of its financial reporting. The National Institute of Standards and Technology requires the company to use documented guidelines to improve cybersecurity risk management in the company. The federal information security management act requires the company to develop and implement security programs that will allow the company to protect information. (Lloyd, 2020)


Reference

Barbosa, S. C. B., Rodello, I. A., & Pádua, S. I. D. D. (2014). Performance measurement of information technology governance in Brazilian financial institutions. JISTEM-Journal of Information Systems and Technology Management11, 397-414.

Liu, W., & Song, Z. (2020). Review of studies on the resilience of urban critical infrastructure networks. Reliability Engineering & System Safety193, 106617.

Lloyd, I. (2020). Information technology law. Oxford University Press, USA.

Stein, V., & Wiedemann, A. (2018). Risk governance: primary rationale and tentative findings from the German banking sector. In Current issues in corporate social responsibility (pp. 97-110). Springer, Cham.

Tallon, P. P., Queiroz, M., Coltman, T., & Sharma, R. (2019). Information technology and the search for organizational agility: A systematic review with future research possibilities. The Journal of Strategic Information Systems28(2), 218-237.



Have a similar question?

Continue to edit or attach image(s).

  • Fast and convenient

    Fast and convenient

    Simply post your question and get it answered by professional tutor within 30 minutes. It's as simple as that!

  • Any topic, any difficulty

    Any topic, any difficulty

    We've got thousands of tutors in different areas of study who are willing to help you with any kind of academic assignment, be it a math homework or an article.

  • 100% Satisfied Students

    100% Satisfied Students

    Join 3,4 million+ members who are already getting homework help from StudyDaddy!