Information Security Governance Framework-Samples- for Students

Questions: 1.Does your host company have in place a formal IT Governance framework? 2.Describe a situation in your Internship, or previous work, where you have taken account of an Australian Standard in fulfilling your ICT task, and why. 3.Describe a situation in your Internship, or previous work, where you have taken account of Compliance legislation in fulfilling your ICT task, and why. Answers: 1.The host company has a comprehensive IT Governance framework that outlines the organizational structure and roles of stakeholders. The framework defines how the decision-making process is executed and provide information on governing companys visions as well as aligning organizational operations. The framework identifies managers, organizational board, and customers as the key stakeholders in the firm. The role of each stakeholder in the company is determined in the framework. Managers are held accountable for the IT strategy and resources used in the company. The organizational board is given the responsibility of collaborating within the framework to guide company operations in consultation with the managers (Veiga, 2007). Customers are considered to have a critical role in the governance process as they are concerned with the state of IT services offered. Besides defining the roles of stakeholders, the framework outlines how the stakeholders are represented in formal governance. Each stakeholder is represented in the governance process to enable the company to effectively dictate how the services should be delivered. The framework provides a guideline for the decision making process. It reflects the changes in roles brought by strategies adopted to improve business leadership. An integral component of the framework is a definition of decision rights and the process through which decisions are made (De Vries, 2010). It shows the roles and relationships of various groups within the organization in relation to the governing process. The framework provides information on planning company vision and governing business operations. It also defines the stakeholders involved in aligning technology operations across the company. 2.As an intern in a networking company, I have to conduct myself in a manner that aligns with AS8015. AS8015 is an Australian standard developed for governance of information and communication technology (Juiz, 2015). This standard provides a model which is used to establish responsibilities for ICT, planning ICT, and ensuring ICT infrastructure performs as expected, respects human factors and conforms to the rules established. During the internship, I may perform various ICT tasks allocated by the company management. For example, I may be given the task of maintaining a customers network. This is an ICT task that is governed by the AS8015 standard which governs ICT in the corporate sector. When executing such task, I have to adhere to the standard by ensuring that I observe all formal rules established by the company as well as focus on respecting human factors involved in the situation. When performing various ICT tasks within the company, I have to consider the AS8015 standard. The standard applies to all organizational tasks that involve the use of ICT (Feltus, 2012). As an intern, I will perform a range of ICT tasks which are under the scope of this standard. This implies that I have to adhere to the guidelines provided by the standard. When providing networking services to the companys clients, I have to focus on follow the ICT responsibilities given and utilize the ICT systems in place in an appropriate manner. Also, I have to follow the rules established in the company such as the acceptable use of IT assets. 3.As an intern in an ICT company, I may be involved in a range of tasks which involve handling sensitive and confidential data. The company requires the data to be safeguarded from unauthorized disclosure to maintain confidentiality and integrity of the data. Some confidential data that may be handled during the internship include customer profiles, companys financial data, business operations data, employee information, etc. This type of data is sensitive and should be protected to ensure the confidentiality of the company, its employees, and clients is maintained (Li, 2010). When handling confidential data, Im not only required to consider company rules but also Australias privacy legislation. The government has implemented a privacy act which gives firms the responsibility of protecting personal information they hold (Solove, 2008). Penalties are given to any organization that violates the Act. The Act applies to businesses operating in the private sector regardless of their size or revenue turnover. Thus, when working with confidential data, I have to consider the Privacy Act which outlines the precautions that a company should take to secure data and the legal ramifications of violating the privacy principles established. The Privacy Act has led to development of privacy principles which an integral component of data privacy framework. These principles set standards that have to be used when handling or accessing confidential information such as clients information (Svantesson, 2010). When working with such data, I have to consider these legally binding principles. Adherence to the Privacy Act is required when collecting, accessing, or handling personal information in the workplace. References De Vries, J.P., 2010. The resilience principles: A framework for new ICT governance. Feltus, C., 2012. Introducing ISO/IEC 38500: Corporate Governance in ICT.ITSMF Jaarcongres 2008, pp.27-28. Juiz, C. and Toomey, M., 2015. To govern IT, or not to govern IT?.Communications of the ACM,58(2), pp.58-64. Li, M., Lou, W. and Ren, K., 2010. Data security and privacy in wireless body area networks.IEEE Wireless communications,17(1). Solove, D.J., 2008. Understanding privacy. Svantesson, D. and Clarke, R., 2010. Privacy and consumer risks in cloud computing.Computer law security review,26(4), pp.391-397. Veiga, A.D. and Eloff, J.H., 2007. An information security governance framework.Information Systems Management,24(4), pp.361-372.