issc422 discussion response 1 |cheapassignmenttutors.com

issc422 discussion response 1 | cheapassignmenttutors.com

Hello,

I need two responses of at least 150 words each for the below students discussions for this week. Also in the bold below are the questions the students at answering.

Topic: Security Administration

1) Describe how security administration works to plan, design, implement and monitor an organization’s security plan.

2) Describe five effective change management processes organizations can execute as well as the advantages and disadvantages of change management when it comes to the IT department.


Student one:

To answer the first question:

Security Administration is a vital part of a company’s security. They are the key to its planning, designing, implementing, and monitoring. Before even setting the team, it has to be decided exactly what kind of information is the company looking to protect; what’s its level of security (is it just personal – credit card info or top-secret – government secrets) Once decided that the security team is needed, and it always is, each member of the team will be given a certain task so all of the responsibility doesn’t fall on one person with the Security Administrator heading the group. As stated in Chapter 6, “The the primary task of an organization’s security administration team is to control access to systems or resources.” (Kim, 2013) This means that the team is responsible for which employees will get onto the network and access certain applications and which ones won’t. The Security Admin and team deal with the four areas of Access control. The first being Identification or the ability to have credentials provided to validate their authentication, Authorization or the ability to provide the users who have permission to be on the system the ability to do so. Authentication or the ability of the user to prove they are who they say they are and the most important, Accountability or the ability to keep track by the use of logs what is happening on the system and who was using it at that time.

To answer the second question:

As a company grows and becomes more productive, their security measures also need to change. It’s important as this growth takes place to always go over the present security policies to see what needs updating and what can stay the same. One effect is to realize that a company’s needs will change. When setting up any security policy, it’s important to realize it’s not a one time deal but something that will need to be addressed over and over as time goes on. The next thing is to discuss what needs to be done with the upper-level management and those who will be part of any upgrades. Communication is very important and all those involved needs to be kept a part of any changes made. The next step will be to set up the plan of what the changes will be and how they’ll be done, what will need to change and what won’t. Once all of that is done, the biggest step is to set the changes into motion. This may also come with the need to train employees on these new procedures so they know what they’re supposed to be doing. The last is to keep records of the new changes to see what is working for the company and what isn’t. Advantages to change management range from helping the company function better in helping them keep up and hopefully bypass their competitors. The disadvantages come when the SA doesn’t have a good grasp of what the company is all about. Not knowing what needs to be protected will give way to the security being short of what it should be. Another disadvantage comes when the SA doesn’t follow up on the procedures but rather just lets everything sit without knowing whether or not it worked out. This can lead the system to be open to attack if there are still vulnerabilities aren’t taken care of.

References:

Advantages and Disadvantages of Change Management Methodology. (2019). BrightHubPM.com. Retrieved from https://www.brighthubpm.com/change-management/1847…

Kim, David, Michael Solomon. Fundamentals of Information Systems Security PDF VitalBook, 2nd Edition. Jones & Bartlett Learning, 07/2013. VitalBook file.

Security Systems Administrator Overview, (2019). CareerExploror.com. Retrieved from https://www.careerexplorer.com/careers/security-systems-administrator/

-Arleen

Student two:

Hello Class!

1) Describe how security administration works to plan, design, implement and monitor an organization’s security plan.

Security administrators will need to look at the requirements of an organization as the first phase of planning. This means looking at the current state of security and assessing any vulnerabilities or areas that can be improved. Those portions identified will need to be corrected with updated or new systems put in place. The only way to know if those changes in the security plan were effective is to monitor the network and conduct pen testing to minimize risk as much as possible

2) Describe five effective change management processes organizations can execute as well as the advantages and disadvantages of change management when it comes to the IT department.

Kotter’s change model uses 8-steps that go along with three different themes (Smartsheet, 2016). The first is creating the climate for change: creating urgency, forming a powerful coalition, and creating a vision for change. As that takes hold the second phase is to move towards engagement: communicating the vision, empowering action, and creating quick wins. The final phase is implementation: building on the change and ensuring the change remain.

The ADKAR model is communicating effectively the same thing but with few steps (Smartsheet, 2016). The five steps are what spell out the acronym ADKAR: Awareness of the need for change, Desire to support to change, Knowledge of how to change, Ability to demonstrate skills & behaviors, and Reinforce to make the changes stick.

The PDCA model uses four steps that consist of the planning phase, the establishment of objectives and processes (Smartsheet, 2016). The do phase which implements the collection of data followed by the check phase which evaluates the data. Testing will also occur on the check phase with the Act or Adjust phase looking at areas for improvement and implemenation.

Upon looking around for other examples of change management. The theme was very strong among them all that before action can occur there needs to sometimes be a mental attitude adjustment and to make sure that every impacted position is involved in the process. Communication is clear throughout the whole process and improvement is happening from beginning to end. New ideas need to be experimented with at first with full implementation being a gradual process. The universal nature of the change management models makes them applicable to IT and can include user feedback all the way up to administrator feedback. Although if it is regarding the security of the network the feedback pool will probably consist of just the smaller administrator group.

-Bill

Smartsheet. (2016, December 14). 8 Elements of an Effective Change Management Process. Retrieved from https://www.smartsheet.com/8-elements-effective-ch…