Part 1
Strategic Management
Case Study #6—IKEA (Case Study Info at bottom of the document)
Research and prepare a 7- to 8-page report in a Microsoft Word document concerning the following situation:
The IKEA case provides an excellent opportunity to apply strategic management concepts to a large privately-held company that is expanding into India. IKEA is a Netherlands-based Swedish company with a presence in 44 countries around the world, including the US, the UK, Russia, the EU region, Japan, China, and Australia. It is the largest furniture retailer in the world but did not enter India until 2013, despite the fact that it has been sourcing from India since the 1980s.
The purpose of this case study is to examine the factors that are crucial to IKEA’s continued success and to propose strategic actions to sustain its competitive advantage. The case opens with a review of the company’s humble beginning. IKEA was founded by 17-year-old Ingvar Kamprad in Sweden in 1943. By the 2000s, IKEA has become the world’s largest furniture retailer. The corporate structure was constructed to prevent any takeover and to protect the family from taxes. Thus, the structure is a complicated arrangement of not-for-profit and for-profit organizations. The IKEA stores provide customers with a unique shopping experience with low prices, solid quality, modern designs, and most importantly, the concept of do-it-yourself (DIY) products.
The extensive discussion is followed by a description of the furniture industry in India and what IKEA had to overcome in order to enter the Indian market. IKEA first met with regulatory and political roadblocks, and then had to work with suppliers in order to meet the Indian government’s requirement for sourcing. Finally, there are several challenges that IKEA faces.
This case is ideal for demonstrating the importance of the general environment, international corporate-level strategy, and type of entry. The following points are to guide a review and discussion of these important concepts.
· Review IKEA’s general environment segments and elements in India and describe in detail all the elements associated with this segment. Include three to four perspectives of the general environment.
· What are the segments in the general environment that relate to IKEA’s situation? Be specific? Provide examples and details.
· Analyze IKEA’s intended international corporate-level strategy in India. How was it strategized and what led to this country of interest?
· Describe how, if in any way, India is different from other countries? In your opinion, what would be a close second country?
· What is IKEA’s choice of international entry mode? Provide research and examples.
· What are the advantages and disadvantages compared to other international entry modes?
· Identify IKEA’s current challenges in India. Based on your analysis, what additional recommendations would you make to help IKEA achieve its goals?
· Discuss the uncertain.
Part 1Strategic Management Case Study #6—IKEA (Case Study In.docx
1. Part 1
Strategic Management
Case Study #6—IKEA (Case Study Info at bottom of the
document)
Research and prepare a 7- to 8-page report in a Microsoft Word
document concerning the following situation:
The IKEA case provides an excellent opportunity to apply
strategic management concepts to a large privately-held
company that is expanding into India. IKEA is a Netherlands-
based Swedish company with a presence in 44 countries around
the world, including the US, the UK, Russia, the EU region,
Japan, China, and Australia. It is the largest furniture retailer in
the world but did not enter India until 2013, despite the fact that
it has been sourcing from India since the 1980s.
The purpose of this case study is to examine the factors that are
crucial to IKEA’s continued success and to propose strategic
actions to sustain its competitive advantage. The case opens
with a review of the company’s humble beginning. IKEA was
founded by 17-year-old Ingvar Kamprad in Sweden in 1943. By
the 2000s, IKEA has become the world’s largest furniture
retailer. The corporate structure was constructed to prevent any
takeover and to protect the family from taxes. Thus, the
structure is a complicated arrangement of not-for-profit and for-
profit organizations. The IKEA stores provide customers with a
unique shopping experience with low prices, solid quality,
modern designs, and most importantly, the concept of do-it-
yourself (DIY) products.
The extensive discussion is followed by a description of the
furniture industry in India and what IKEA had to overcome in
order to enter the Indian market. IKEA first met with regulatory
and political roadblocks, and then had to work with suppliers in
order to meet the Indian government’s requirement for sourcing.
Finally, there are several challenges that IKEA faces.
2. This case is ideal for demonstrating the importance of the
general environment, international corporate-level strategy, and
type of entry. The following points are to guide a review and
discussion of these important concepts.
· Review IKEA’s general environment segments and elements in
India and describe in detail all the elements associated with this
segment. Include three to four perspectives of the general
environment.
· What are the segments in the general environment that relate
to IKEA’s situation? Be specific? Provide examples and
details.
· Analyze IKEA’s intended international corporate-level
strategy in India. How was it strategized and what led to this
country of interest?
· Describe how, if in any way, India is different from other
countries? In your opinion, what would be a close second
country?
· What is IKEA’s choice of international entry mode? Provide
research and examples.
· What are the advantages and disadvantages compared to other
international entry modes?
· Identify IKEA’s current challenges in India. Based on your
analysis, what additional recommendations would you make to
help IKEA achieve its goals?
· Discuss the uncertainties and risks of doing business in
different regions throughout the world.
· Discuss whether IKEA would be wise to pursue a cooperative
strategy. Also identify the type of cooperative strategy that
would be best, explained why would it be best, and suggested
with whom IKEA should pursue this strategy? If a cooperative
strategy was not a good idea for IKEA, explained why not.
· IKEA’s product demand is difficult to manage. Recently
overseas competition has refocused their product lines from the
low end of the market to the more median price range. As they
did this, they also broadened their product lines. How should
IKEA manage their products? Should IKEA have a product line
3. to meet the needs of the entire market or should they focus on
one area of the market? If they follow a market focus strategy,
what should their new target market be?
Running Head: SECURITY AWARENESS
Security Awareness
2
Final Project Security Awareness
Terri Y. Hudson
Southern New Hampshire University – IT 552
December 20, 2016
Agency-wide security awareness Program Proposal
Introduction
For the organization to comply with the current PCT DSS
requirement version 12,6, a security awareness program must be
in place. The CISCO of the organization has an immediate
4. requirement of creating an agency-wide security awareness
program. As a means of implementing security awareness
program the organization has conducted a security gap analysis
which is one of the component of security awareness program
which showed the 10 security findings. As one of the means of
conducting the program, I will submit awareness program
proposal.
Objective
This SOW (Statement of Work) is being done on behalf of the
senior information officer. He has requested for the creation of
an agency-wide security awareness program by handing over the
security gap analysis which was done prior to this process.
Hence the major aim of this document is to set a security
awareness program which shows ten major key security
findings. The document will also include a risk assessment of
the current security awareness practices, processes and
practices. By having this document, the organization will be
able to have a well-organized maintenance plan. It is also
important in maintaining and establishing an information-
security awareness program (United States, 2000).
Background
The mission of the organization is to provide efficient IT
services with the best security program in place with an aim of
protecting organizations assets.
1. Technical infrastructure
The organization is engaged in short-term effort aiming at
modernizing its information-processing infrastructure. These
efforts have incorporated software enhancements, installation of
firewalls and high end network systems for an improved
communication. The senior information officer is the one who is
responsible top oversee modernization effort. He has of late
completed conducting a security awareness program and
deployment of the organization’s LAN (Local area Network).
5. The hardware being used is of CISCO products.
2. Computing Environment
The organization’s desktop computers are of Windows 2007/ 98
and 95. The servers are of Pentium with over 1 GB RAM. The
current NOS (Network operating system) are window based.
3. Security Posture of the Organization
The organization has a basic network structure with only one
router which acts as a firewall. It has several working stations
and switches to this working stations. In addition the
organization has installed Kasperky’s antivirus in of their
desktop machines with a motive of reducing external threats.
The data server is highly secured with Kaspersky’s antivirus.
The organization physical security in server rooms has rocks,
network closets and the network cabinet is rocked always. The
organization has a worry on its current security plan this is
because of hackers, spammers and cybercrimes. Also the
security plan of the organization has not proved to have the best
controls after the current security gap analysis that was
conducted.
Security Gaps Findings
From the findings one of the largest organization’s risks is not
the weakness in the IT infrastructure but the action and reaction
of the employees. This has happen through disclosure of
sensitive information by the workers and social engineering
attacks. After the gap analysis report, the organization found
that confidential customer data and the some of the IT assets
were at risk. From the gap analysis findings it is evident that
loss of customer confidential information was very high. The
risks in Information technology assets were classified as
moderate. The top ten security findings were internet; this has
become one of the greatest avenues for hackers. Others are data
breaches, ransom ware, browser plug-ins, virus, worms,
spyware, key loggers, rogue security software and pharming.
Lastly some of the organization factors are contributing to
unhealthy of IT assets. Example a poor plan by the organization
CEO of the best IT personnel, identification of the critical
6. assets of the organization, wrong mapping of the existing cyber
security capabilities across the organization so as to identify
organizational risks, poor assessment of the organization’s
security maturity level and poor identification of the potential
cyber security threats (Roper, 2006).
The best practices in the organizational security program
Assemble all the security awareness team. The team will be
mandated in ensuring development, maintenance and delivery of
the security awareness. The recommendation is for the team to
be well-staffed. In addition to this all the employee dough to be
trained on the ten securities gas findings. The security
awareness program ought to have reference materials such as
ISO 27002:2013 which outlines the code practices of the
information security control, the NIST (National Institute of
Standards and Technology) and COBIT 5 (Desman, 2002).
Tasks
Some of the roles to be performed include performing a general
description of the security posture of the organization and a risk
analysis, drafting security deliverable of the organization and
outlining responsibilities of each and every member in the
organization in ensuring the security of organizational assets.
Personnel
It is highly recommended that security training includes how
social engineering happens and what are the consequences to
the organization IT assets. One of the ways hackers are using
social engineering is to acquire user’s credentials. The program
should tailor this awareness to reflect the types of attacks that
the organization is encountering and what the organization can
encounter in long-run. As one of the findings from the security
gap is confidentiality of customers’ data, it is highly
recommended that different ways of how to safeguard
customers’ information to be covered at the basic level for all
the personnel. Example is protecting data in electronic and non-
electronic form. Others that need to be included in the
7. awareness program is organization’s security awareness policy,
the impact of unauthorized access and the awareness of the
CHD security requirements (Gardner, 2014).
Conclusion
This SOW document has highlighted the objective of SOW. The
document has addressed four critical elements which must be
addressed in the security program, these are; the security
posture of the organization and the major findings from the
security gap analysis, the human factors which undermine the
security of the organization IT assets and organization factors
that contribute to unhealthy of the organization. Lastly I have
included what need to be done in the security awareness
program.
Introduction
Information security involves keeping corporate records
secured. Policies are used to address the necessities to protect
data from unauthorized access, disclosure, loss, interferences
and corruption and are appropriate to information in both
physical and electronic formats. A security policy refers to a
well-documented strategy with the purpose of protecting and
maintaining accessibility to a person network and its resources.
Enough security in an organization is the responsibility of the
management. At this era that there is high risk of data threat,
almost all organizations have taken the initiative to implement
security policies in their companies. This paper will address the
ten available security policies, and their importance, which are:
access control policies, addressing remote access, encryption
and hashing, auditing network accounts, configuration change
management, segregation of duties, mandatory vacation,
information breaches, media protection, and social engineering
(Bowden, February 18, 2003).
1. Access control policies
Access control is concentrates in determining the authorized
activities of rightful users, mediating each trial by a user to get
entry to a resource in the system. In several systems, total
access is given upon a successful verification of the user,
8. although many systems need more complicated and compound
control. Additionally, to the verification method like a
password, access control concentrates with how verifications
are designed. In several scenarios, authorization might reflect
the organization’s structure, while in others it might rely on the
sensitivity degree of a range of documents and the clearance
degree of the user contacting those documents.
Organizations thinking of access control system implementation
should look at three abstractions which are: access control
policy, mechanisms and models. Access control policies mean
high-level requirements that state how access is managed and
the person who has the authority to access information and also
under what circumstances. For example, policies might be
appropriate to resource utilization in or over units of an
organization or might be based on need-to-know, authority,
competence, conflict-of-interest, or obligation factors. In a high
level, access control policies are implemented over a
mechanism that translate request of a user, regularly in terms of
design that a system offers (NIST, May 6, 2015).
2. Addressing remote access
The importance of this policy is to describe rules and
requirements for connecting to a company’s network from any
host. The reason these rules and requirements are designed is to
increase the likelihood exposure to the company from damages
which may be brought from unlawful use of the resources of the
company. Damages consist of loss of sensitive or confidential
data of the company, intellectual property, damage to critical
internal systems of the company, damage to public image, and
fines or other financial liabilities acquired from those losses.
Remote access policy applies to company’s staffs, contractors,
vendors and agents company owned or personally-owned
workstation or computer used to link to the network of the
company. It applies to remote access links used to carry out
tasks on behalf of the company, including sending or reading
email and screening intranet web resources. Remote access
policy covers each and all technical executions of remote access
9. used to connect company’s networks. It is the duty of company
staffs, contractors, vendors and agents with remote access rights
to corporate network of a company to make sure that their
remote access link is offered equal consideration as the user’s
on-site link to the company (SANS Institute, 2014).
3. Encryption and hashing (to control data flow)
The main goal of encryption is to change data so as to keep it
secret from others in order to control data flow. For example,
sending somebody a secret letter, which only them that can be
in a position to read or securely sending password in the
internet. Instead of concentrating on usability, the objective is
to make sure the data cannot be consumed by somebody else
apart from the intended recipient. Encryption changes data into
a different format in a way that only particular person can undo
the transformation. It applies a key, which is kept secret, in
combination with the plaintext and the algorithm, so as to carry
out the encryption activity. Ciphertext, key, and algorithm are
needed to undo to the plaintext.
Hashing acts the role of guaranteeing integrity that is, making it
so that if something is transformed one will be able to know it.
To be precise, hashing consumes arbitrary input and give a
fixed-length string. It is implemented in combination with
verification to give strong proof that a particular message has
not been changed. This is achieved through taking a specific
input, hashing it, and later signing the hash with the private key
of the sender. Upon receiving the message, the recipient can
confirm the signature of the hash with the public key of the
sender, and later the hash the message itself and contrast it to
the hash which the sender signed. If they are similar it is
unchanged message, sent by the right person (Miessler, 1999-
2016).
4. Auditing network accounts
Network auditing is the collective measure carried out to
analyze, study, and collect data regarding a network with the
aim of guaranteeing its health in line with the requirements of
the organization or network. Primarily, network auditing offers
10. insight into how helpful network practices and control are, that
is, its fulfillment to internal and external network policies and
regulations. When it comes to auditing network works it entails
checking what user accounts and groups are on every machine
and the shares are accessible and to whom.
Many auditing tools will deal more on the basic user
account information that requires to be included in the audit.
These main properties and settings are a good place to begin
with the audit and will normally consist of the following
properties: Workstations, LogonScript, last time password was
set, password is needed, password expires, password time
expires, account is disabled, and last logon time. From the fact
that attacks are available through a user account that got one or
several inaccurate and non-secured settings, it brings sense to
concentrate on user account properties in time of audit. (Melber,
August 4, 2005).
5. Configuration change management (to reduce unintentional
threats)
Organizations have minimum visibility into the efficiency of
their change management controls over their IT infrastructure.
When there is no effective management and monitoring of
change controls, the consequences of this can be distressing. At
first, minimized availability over key corporate, customer, and
financial systems can happen if unauthorized changes or updates
of software are performed, even if their nature is non-malicious.
These operations can impact main functionality, or a time
brings breakdown the whole systems. As systems must later be
taken offline to lessen a security problem or just withdraw the
unauthorized change, this can result to dramatic revenue loss as
capital expenditures are raised to resolve the problems, and
clients are not able to access revenue-producing systems
(Constellation Software Engineering, 2015).
6. Segregation of duties
Segregation of duties security policy manages conflict of
interest, the manifestation of conflict of interest, and fraud.
This policy is important since it makes sure that there is
11. separation of various functions and explains authority and
accountability over transactions. It is important to efficient
internal control; it minimizes the danger of erroneous as well as
inappropriate actions. This policy limits the power amount held
by a person. It creates a boundary in place to keep away fraud,
which might be committed by one person. There will still be
occurrence of fraud when there is collusion. For one to be
guaranteed that all segregation duties problems have been
identified, one will first require to develop an information flow
diagram for each function in each part of the organization.
Administrators who are responsible should consider the rule of
segregation of duties when planning and describing job roles.
They must use processes and control procedures that, to the
degree practicable, segregate duties to the employees and that
consist of effective oversight of operations and transactions. To
the situation when it is not possible to separate these functions,
for instance in small number of staffs, more reliance must be
positioned on administrative scene (Lowa State University,
1995-2016).
7. Mandatory vacation (to mitigate intentional threats)
Mandatory vacation policy assists to detect when staffs get
caught up in malicious action, like embezzlement or fraud. For
embezzlement activity of any considerable size to be successful,
a staff would require to be constantly available so as to stage-
manage records and respond to various inquiries. Alternatively,
if a staff is forced to be absent for a minimum of five
consecutive workdays, the possibility of any illegal activity
flourishing is minimized, because another person will be forced
to respond to the queries in time of the staff’s absence.
This policy is not restricted to financial institutions only.
Numerous organizations need same policies for administrators.
For instance, an administrator might be the only individual
needed to carry out sensitive actions like reviewing logs. An
administrator who is malicious may overlook or cover up some
actions revealed in the logs. But, a mandatory vacation policy
would call for somebody else to carry out these activities and
12. raise the likelihood of discovery (Darril, 2015).
8. Personally identifiable information breaches
Personally identifiable information (PII) means any data that
could possible identify a particular person. Any information
which can be used to differentiate an individual from the other
can be applied for de-anonymizing anonymous data can be said
as PII. PII can be grouped into two: sensitive and non-sensitive.
Sensitive PII refers to that information, when exposed, could
cause harm to the person whose privacy has been violated or
breached.
Therefore, sensitive PII should be encrypted in transit and when
data is at rest. Examples of such kind of information are:
biometric information, personally identifiable financial
information (PIFI), medical information, as well as unique
identifiers like passport or Social Security numbers. Non-
sensitive PII is information which can be sent in an unencrypted
format without causing any harm to the person. It can also be
gathered with ease from public records, corporate directories,
and phonebooks (Rouse, January, 2014).
9. Information breaches
The importance of information breach procedure is to offer
general guidance to employees who manage IT resources in an
organization, to facilitate quick and effective recovery from
security events; react in an orderly manner to events and
perform all required steps to rightfully take on an event;
minimize or prevent interference of critical computing services,
as well as reduce theft or loss of sensitive or mission important
information. The IT security breach notification also is used to
breaches regarding all organization’s Health Insurance
Portability and Accountability Act (HIPAA) and all
organization’s business associates incorporated under HIPAA.
The Health Information Technology for Economic and Clinical
Health (HITECH) Act, as well as their implementing regulations
increase the privacy and security features of HIPAA.
10. Media protection and Social engineering
Information security media protection policy creates the
13. enterprise media protection policy, for managing risks rooting
from media access, media transport, media storage, as well as
media protection by the establishment of an efficient media
protection program. The media protection program assists an
organization to implement security best practices in relation to
enterprise media usage, storage, and clearance.
Social engineering simply means the act of manipulating people
so as confidential information is given. The kind of information
that criminals look upon may be different, though when peoples
are aimed the criminals are normally attempting to trick the
individual into giving them their passwords or information
about their bank, or access a user’s computer to secretly install
malicious software that will offer them access to user’s
passwords and bank information and providing them control
over one’s personal computer. Security entails identifying the
person and what to trust. Knowing when and when not to take
an individual at their word, when to rely the person one is
talking to is actually the person one thinks he or she is talking
with; when to rely on a website; when to trust that person on a
phone; when giving information is or is not a good idea
(Criddle, n.d.).
Introduction
Purpose
Continuous monitoring is one of six stages in the Risk
Management Framework portrayed in NIST Special Publication
800‐137. The motivation behind a Continuous monitoring
project is to figure out whether the entire arrangement of
planned, required, and conveyed security controls inside a data
framework or acquired by the framework keep on being
compelling after some time in light of the inescapable changes
that might happen. Nonstop checking is a vital action in
surveying the security impacts on a data framework coming
about because of arranged and spontaneous changes to
firmware, the programming, or environment of operation
(Whitman & Mattord, 11 May 2016).
14. Overall security posture
To see any organizations' security pose, group significant
discoveries were classes of digital security that is affected:
security knowledge, application, information, business
accomplices and outsourcing, and risk insight. These subjects
serve as an extraordinary beginning stage for critical talks
encompassing an association's security hone, with basic security
address including: What is association's greatest security
concern and is its security spends and ability legitimately
apportioned to address that hazard? There's no specific business
needs, business hazard, most important resources, and so on.
Security pose that doesn't attach specifically to an organization
goal can lead security vanity appeal, however, doesn't offer a
genuine assessment of where an association stands (Alexander,
Finch, Sutton, & Taylor, 18 Jun. 2013).
Human factors
Human elements that antagonistically influence the security
atmosphere specifically, human qualities conduct impacts data
security and at last related dangers. searching into employments
constraint field investigation comprehends driving and limiting
strengths of human issues and consider these powers as
objectives and snags of data security. The examination will
demonstrate the human variables while endeavoring to
comprehend the present Information Security Management
System circumstance of an association and its change
considering perfect circumstance. It will give measures to
interest in elements that satisfy the objectives of ISMS since the
association is powerless against both unintentional and
intentional security dangers.
Proposal
Setting and keeping up a safe processing environment is
progressively more troublesome as systems turn out to be
progressively interconnected and information streams
perpetually openly. In the business world, the network is no
15. more drawn out discretionary, and the conceivable dangers of
availability don't exceed the advantages. Subsequently, it is
imperative to empower systems to bolster security benefits that
give satisfactory assurance to organizations that lead a business
in a moderately open environment (Solms & Solms, 26 Nov.
2008). To give satisfactory security of system assets, the
strategies, and advances that individual send needs to ensure
three things:
Privacy: Providing classification of information ensures that
exclusively approved clients can see delicate data.
Respectability: Providing uprightness of information ensures
that exclusively approved clients can change touchy data and
gives an approach to identify whether information has been
messed with amid transmission; this may likewise ensure the
credibility of information.
Accessibility of frameworks and information: System and
information accessibility gives continuous access by approved
clients to essential figuring assets and information.
The unintentional risk that the association is probably going to
face is that the approved client may erase delicate information
by oversight or unintentionally. The information may likewise
be undermined or erased because of: the specialized
disappointment of equipment, disappointment of some program
running on the PC, the sudden breakdown of electric supply as
well as viruses. The solutions for inadvertent danger actualized
are: Backing up of information will be taken frequently. The
reinforcement of information can be utilized to recoup the
erased information. Most recent antivirus programming will be
utilized to output all information coming into the PC (Sutton, 26
Nov. 2014).
While the Intentional threat, the unapproved (or approved)
client may erase delicate information purposefully. The client
might be an irate representative of an association or whatever
another unapproved individual. For the most part, programmers
can erase the delicate information. A programmer can break the
security of the PC framework for erasing or changing
16. information. He accesses information through PC network
utilizing PC programming or devices or different procedures.
The solution for deliberate risk:
Just the approved staffs that have rights to get to information
might be permitted to erase or adjust information subsequent to
taking after a well-ordered process. An appropriate secret word
assurance ought to be utilized. A log record ought to likewise
be kept up to monitor every one of the exercises performed on
the information/documents. Approved clients ought to change
their passwords intermittently. Some solid encryption
calculation ought to be utilized where useful information is
encoded before its stockpiling or transmission over a system.
On the off chance that anybody (unapproved individual)
accesses the information; he will most likely be unable to
comprehend it. PCs and all sponsorship stockpiling gadgets
ought to be put in bolted rooms. Just approved clients ought to
get to these assets (Solms & Solms, 26 Nov. 2008).
Work Settings
At the point when people feel that they can't act naturally at
work, they won't connect with completely as a major aspect of
the group or in allocated work. Hierarchical pioneers will
assume an imperative part in setting the tone for the move
towards expanded differing qualities and comprehensiveness in
an association. An instructive approach can discredit many
feelings of trepidation that individuals have with regards to
tending to assorted qualities. Representatives need to realize
that differing qualities and incorporation are best supported in
an open working environment where errors can be utilized for
learning not for humiliating or disgracing people.
Work Planning and Control
Upkeep work administration is the center of support
administration. It's the place where the capability of
administrators, organizers and specialists are illustrated, and
where the achievement and cost-adequacy of an upkeep
administration framework are resolved. A compelling work plan
and control processor framework will recognize and approve all
17. the support work to be done (both strategic and non-strategic),
matches it with the required assets through legitimate arranging,
plans when it will be done, distributes the undertakings to
skilled people and guarantees that it is done effectively and
hesitantly. At long last, the work points of interest and expenses
will catch for reporting and examination purposes (Alexander,
Finch, Sutton, & Taylor, 18 Jun. 2013).
Correspondence Plan
A corporate security mindfulness program means to make every
one of the representatives comprehend and acknowledge not just
the estimation of the organization's data security resources
additionally the outcomes on the off chance that these
advantages are traded off. In principle, the procedure is clear
and easy.
Informing procedures
Interpersonal Communication
A standout amongst the most critical if not the most imperative
types of correspondence a supervisor will take part in
consistently is interpersonal correspondence. The benefit of
Interpersonal Communication aptitudes is that:
Detailed data: When managing an unpredictable issue, email
misses the mark. There's a lot forward and backward that can
bring about mistaken assumptions and deficient trades that
prompt to botches. Better to get up from your work area, talk
face to face, and clear up points of interest.
Significant tasks: Working on real activities, coordinate
correspondence can maintain a strategic distance from issues
and underscore key focuses. For instance, amid discussions,
extra issues may emerge, which can be specifically tended to.
You complete the discussion sure you have a grip on new data.
Better understanding: Face-to-face communication permits you
to watch non-verbal communication and how somebody
responds sincerely to your thoughts. Since quite a bit of
correspondence is nonverbal upwards one will pick up a full
18. comprehension of collaborators' viewpoint and point of view,
something you can't get from a PC screen or cell phone.
Persuading Stakeholders
The most imperative will be to distinguish and comprehend
partners' level of intrigue; it permits one to enroll them as a
feature of the exertion. Utilizing Interpersonal Communication
aptitudes will build the odds for the accomplishment of security
collaboration. For the majority of the above reasons,
recognizing partners and reacting to their worries makes it
significantly more probable that collaborations will have both
the partners' bolster it needs and the suitable concentration to be
viable (Sutton, 26 Nov. 2014). Interpersonal Communication
techniques will likewise make space for a question and answer
session since it's a one on one style of correspondence, making
it easy clarify further and demonstrate partner the advantage of
putting resources into the proposed innovation.
Conclusion
The blend of preventive and analyst observing controls is
essential in building a successful constant checking program.
The fruitful usage of continuous monitoring project will require
normal duty through initiative support, approving authority
authorization, and framework proprietor obligation. A very
much outlined and actualized consistent checking project can
enhance the nature of organization data security programs by
giving administration present, significant data on the security
stance of their IT resources (Alexander, Finch, Sutton, &
Taylor, 18 Jun. 2013).
References:
United States. & United States. (2000). Summary statement of
work. Washington:
National Commission on Air Quality.
Desman, M. B. (2002). Building an information security
awareness program.
19. Boca Raton: Auerbach Publications.
Gardner, B., & Thomas, V. (2014). Building an information
security awareness
program: Defending against social engineering and
technical threats.
Waltham, Massachusetts: Syngress.
Roper, C. A., Grau, J. J., & Fischer, L. F. (2006). Security
education, awareness, and
training: From theory to practice. Burlington, MA:
Elsevier Butterworth-Heinemann.
Bowden, J. S. (February 18, 2003). Security Policy: What it is
and Why – The Basics. SANS Institute InfoSec Reading Room.
Retrieved from https://www.sans.org/reading-
room/whitepapers/policyissues/security-policy-basics-488
Constellation Software Engineering. (2015). Minimize Risk and
Downtime With Change Management Controls. CSE. Retrieved
from https://www.cse-corp.com/cybersecurity-change-
management/
Criddle, L. (n.d.). What is Social Engineering? WEBROOT.
Retrieved from
https://www.webroot.com/ie/en/home/resources/tips/online-
shopping-banking/secure-what-is-social-engineering
Darril. (2015). Mandatory Vacations. Get Certified Get Ahead.
Retrieved from
http://blogs.getcertifiedgetahead.com/mandatory-vacations/
Lowa State University. (1995-2016). Segregation of Duties.
Retrieved from http://www.policy.iastate.edu/policy/duties
Melber, D. (August 4, 2005). Auditing User Accounts. Windows
Security. Retrieved from
http://www.windowsecurity.com/articles-
tutorials/authentication_and_encryption/Auditing-user-
accounts.html
Miessler, D. (1999-2016). Encoding vs. Encryption vs. Hashing
vs. Obfuscation. Retrieved
fromhttps://danielmiessler.com/study/encoding-encryption-
hashing-obfuscation/#gs.0kQuJwE
20. NIST. (May 6, 2015). Access Control Policy and
Implementation Guides. Computer Security Division Security
Resource Center. National Institute of Standards and
Technology. Retrieved from http://csrc.nist.gov/projects/ac-
policy-igs/index.html
Rouse, M. (January, 2014). Personally Identifiable Information
(PII). TechTarget. Retrieved from
http://searchfinancialsecurity.techtarget.com/definition/personal
ly-identifiable-information
SANS Institute. (2014). Remote Access Policy. Consensus
Policy Resource Community. SANS. Retrieved from
https://www.sans.org/security-resources/policies/network-
security/pdf/remote-access-policy
Agarwal R. and Prasad J. 1998.A conceptual and operational
definition of personal innovativeness in the domain of
Information Technology, Information Systems Research,Vol. 9,
no. 2:204-215.
Bandura, A. 1989 Social cognitive theory, In R. Vasta (Ed.),
Annals of child development.Vol.6. Six theories of child
development (pp. 1-60). Greenwich, CT: JAI Press.
Garson, B. 2005. Work addiction in the age of information
technology: An analysis. IIMB Management Review, Vol. 15:
21
McCue, K. 2008. A comparison of employee benefits data from
the MEPS-IC and form 5500. Working Papers 08-32, Center for
Economic Studies, U.S. Census Bureau.
Murray, B. 1991. Running corporate and national security
awareness programmers. Proceedings of the IFIP TC11 Seventh
International Conference on IS security: 203-207.
IT 552 Executive Summary Rubric
21. Executives in today’s business environment have limited time
available to research and absorb information. In order to
optimize their time, executive summaries
are becoming increasingly important. They allow readers to
speed read a report and gain the focus and insight needed.
Your executive summary should:
rovide a conclusion and/or make recommendations
Prepare an executive summary presentation of your final
project. It should summarize the final project so it can be
presented to the board of a particular
company. Use this guide to writing an effective executive
summary as a resource to prepare your content and message for
your presentation. The presentation
should contain about 7–10 slides with either audio (voice over)
or detailed speaker notes.
Consider and apply the following principles of an effective
presentation:
Prezi, or Google Slides to create your presentations.
internet for your presentation. However, first consider your
presentation from the audience’s
perspective prior to selecting a specific style. Distracting
backgrounds, large blocks of text, all uppercase fonts, elaborate
font styles, grammatical errors,
and misspellings are distracting. Be consistent with the style of
22. text, bullets, and sub-points in order to support a powerful
presentation that allows your
content to be the focus.
large blocks of text on the visual. Your presentation is not a
means of presenting a short paper.
In an actual presentation you would not read from your slides
but use them as prompts.
presentation to a group should be listed in the notes section of
the slide.
slightly smaller text.
diagrams to enhance but not overwhelm your content.
ssess the
presentation’s effectiveness by gauging audience
comprehension (when possible).
The following links offer helpful tips and examples for
developing presentations:
Remember:
23. featuring a discussion of the strengths of the presentation as
well as areas that could be improved.
http://www.med.navy.mil/sites/nmcphc/Documents/environment
al-programs/risk-
communication/Appendix_E_AGuideToWritingAnEffectiveExec
utiveSummary.pdf
http://prezi.com/
http://www.google.com/slides/about/
http://www.iasted.org/conferences/formatting/Presentations-
Tips.ppt
http://www.sethgodin.com/freeprize/reallybad-1.pdf
of your comments positive and constructive.
You are reviewing the presentation, not the person.
Follow-up should focus on receiving clarification on edits and
feedback, or should lead to a discussion contrasting approaches.
Constructive and friendly follow-
up is optional, but encouraged.
Rubric
Instructor Feedback: This activity uses an integrated rubric in
Blackboard. Students can view instructor feedback in the Grade
Center. For more information,
review these instructions.
Critical Elements Exemplary (100%) Proficient (90%) Needs
Improvement (70%) Not Evident (0%) Value
Executive Summary Meets “Proficient” criteria and
provides very clear, succinct,
and well-presented information
24. Provides an executive summary
that identifies the main points
of the report using appropriate
detail
Provides an executive summary
but does not clearly identify the
main points of the report as there
are gaps in organization and detail
Does not provide an
executive summary
35
Presentation Format Meets “Proficient” criteria and
presents the information in a
clear and succinct manner
Provides a presentation that
illustrates the main points of
the report using appropriate
detail
Provides a presentation that does
not clearly illustrate the main
points of the report as there are
gaps in organization and detail
Does not provide a
presentation
20
Peer Review:
25. Suggestions
Meets “Proficient” criteria and
provides highly relevant
suggestions using specific
examples
Provides meaningful, specific
suggestions, asking relevant
questions when appropriate
Provides insufficient suggestions,
asking peers limited or vague
questions
Does not contribute
suggestions
25
Timeliness Submits initial post on time by
Thursday at 11:59 p.m. EST
Submits initial post by Friday at
11:59 p.m. EST, one day late
Submits initial post by Saturday at
11:59 p.m. EST, two days late
Submits initial post by
Sunday at 11:59 p.m. EST,
three days late
10
Writing
26. (Mechanics)
Meets “Proficient” criteria, and
responses are concise using
appropriate language and
theory specific to the profession
Able to write respectful, clear,
and coherent commentary that
can be easily understood by
peers
Able to write commentary that can
be understood by peers
Does not provide coherent
commentary
10
Earned Total 100%
http://snhu-
media.snhu.edu/files/production_documentation/formatting/rubr
ic_feedback_instructions_student.pdf