Information Security Policies in Large Scale Business

Question: Discuss about the Information Security Policies in Large Scale Business. Answer: Introduction As we seek to have a deeper understanding of the information security system policies and frameworks adopted in the current business world, getting the relevant information and data regarding the information security policies is very essential. A study by Chatterjee, Sarker, and Valacich (2015) defines research as comprising of defining or redefining challenges and formulation of hypothesis to suggested solutions as well as collection and organization of related data. It is followed by the process of evaluation of data, decision-making on the effective conclusions. Understanding different security domains can also e important in knowing some of the relevant and essential steps that when adopted can reduce the incidences of information security policies. The conclusion can be further tested to prove their relevancy to the formulated hypothesis. The research methodology is hence a systematic and scientific study aimed at finding a solution to a problem (Feng, 2011). This paper presents the study of the various steps mentioned above, along with the logic behind every step to arrive at an appropriate solution. The paper systematically conceives planned, systematic designs that will be applied in the study. Problem statement Large business organizations are characterized by large number of employees who are given the responsibility of performing various activities within the organization. According to Feng (2011), the traditional information security strategies adopted by large-scale organizations are no longer sufficient in dealing with the dynamic and expanding cyber-risk environments. There is a thus a need of research so as to approve the policies that can be adopted or are practiced by the large-scale organizations to manage, govern, and perform the function of securing the business information. With the advancement of information technology, there are increased cases of cyber crimes as well as information insecurity. Delicate business secretes find its way to the third party and even result to loss of trust and huge finances. Carrying out research on the most sufficient and appropriate in understanding the information security policies adopted so as to understand the appropriate recommendations tha t can be adopted to manage the increased cases of information insecurity as a result of technological advancement. Research objectives In ensuring success towards attaining the goal of the study from a global technological viewpoint, the study gives the highest priority to the information security policies adopted in various global businesses today. Various studies report that very sensitive company or corporate information tend to be very vulnerable to different attacks, mainly on information that is of prime importance (Guo et al., 2011). The study thus narrows to the hypothesis and objectives stated below. Study objectives: This main aims of this study will be to find answers to the following questions What are the advantages of implementing information security in large-scale businesses organization? What is the status of information security policies applied in the worldwide market? The identification and comparison of the information security domains and systems adopted by different security parameters and that commonly implemented by different businesses. These questions will be essential in finding answers to the vital aim of the project research: finding out information security policies adopted in large-scale businesses. Justification of the study This study is vital as it will help in identifying or determining the information security policies adopted by various firms or global businesses. Understanding different security domains can also be important in knowing some of the relevant and essential steps that when adopted can reduce the incidences of information security policies. For this reason, this study will focus on the information policies on the security of the organizations that are adopted by different global businesses. Such security policies will also be implemented by other smaller organizations to help in reducing cases of insecurity towards essential organizations information. Expected output The research study aims at collecting information security policy strategies from the selected global business organizations. These organizations are further divided into three sections or categories such and BPO, Hardware, and Software. Of the three types of companies, the respondents expected will be the top level of medium employees of these business organizations. The targeted respondents thus include information officers, security officer, information security managers, software developers, system administrators, chief technical officer, project managers, and network administrators of the organizations. Other groups that will be targeted as part of the interview respondents also include the human resource managers together with authorized users as they primarily support the relevant preliminary security information in many global business organizations. Ambiguity is normally associated with terms, words, concepts, and notations that are not clearly defined for a specific concept according to Chen, Ramamurthy, and Wen (2012). For instance, in sending the questionnaires, the questionnaires will be monitored so as to avoid generating query regarding any undefined or unknown concepts. The step will thus ensure the study mainly focuses on information security standards in relevancy to the policy guidelines regarding the validity, and reliability of the questionnaires. Conceptual framework and hypothesis of the research In the current business world, the use of information technology is a pensive issue. However, with the internet proliferation and easy access to technological innovations, there is an increase in the use of technology for very unethical issues in many businesses. In many instances, problems such as hacking, plagiarism, spoofing, and software piracy, among others are on the rise. The distributing trend on a large scale has proliferated unethical IT use, thus fuelling the global popularity of the internet and personal computers. As a result, serious security concerns have caused various security violations, especially by insiders of different organizations. Based on the research objectives, problem statement and justification of the study, the project will test the following hypotheses. Study hypothesis H 1: Alternate Hypothesis: Every business that is dependent on IT in the current global market requires a well-structured information security policy H 2: Null hypothesis: Many business organizations and firms worldwide have neither formulated nor implemented policies on information security for their organizations Methodology of study The research design is the outline of the study indicating the steps taken by the research process concerning the operational implications and the hypothesis to the final analysis of data. Research design, thus ensures the arrangement of the data collection and analysis parameters in a manner, aiming at combining relevance to the purpose of the research and its economic procedures (Goel, 2015). It thus constitutes decision regarding where, why, what, how, and when concerning the research inquiry. It involves the sampling, observational, statistical, and operational design for the study of the information security system policies in various global business sectors. Sampling design According to Goel (2015), the sampling design adopted in a study is based on the element selection technique and the representational basis adopted by a study. The investigation of the information security policies will adopt a random sampling method in selecting the samples of data. The random sampling process will be carried out in five of the top thirty global businesses that also operate within the markets of the United States, i.e. ICBC, China Construction Bank, Toyota Motors, Apple, Samsung Electronics. The study will ensure that the top ten global companies selected to adopt the use of IT at different levels of their information security systems to make the sampling data relevant to the objective of the study. Each of these companies will have over 45 employees sizes, dealing specifically with information security and where nine employees will be selected from every company. Among the nine employees selected, the study will randomly select three software, three hardware, and 3 BPO information specialists. The study is aimed at selecting the IT company employees based on the employee size since the objectives of the study mainly target the administrative or management information security systems and not on the technical policies adopted within the organizations. Information security policy implementations are greatly affected by the administrative policies subjected to the organization employees for proper implementation. Random sampling design It will involve the use of questionnaires that will be sent to all the randomly selected employees. The study will then record the number of employees who have responded to the study as it analyses the kind of information filled in the data. With the aim of sufficiently collecting equal information security representation from the software, hardware, and BPO, the study will randomly choose three employees from the selected nine information security personals. The random sampling method will be used in the study as it is a simple but effective method of sampling and data collection in a less or more homogenous on the information under study. Observable design The observation method adopted in a study involves the different methods adopted in the process of collecting primary and secondary data for a study (Kothari, 2004). In his study, Kothari notes that survey method is commonly adopted for the primary data collection by many researchers. However, the collection of the primary data for this study will involve the use of observation and direct interview carried out on particular IT personnel in the selected companies. The questionnaires used for the study will also collect information regarding internet access, data access, email access, physical access, and user access to other domains of security policy strategies employed by the organizations. Interview method Interview method involves the presentation of oral-verbal response and stimulus in the process of collecting verbal information from the targeted audiences according to Liu and Meng (2010). It is the fastest, cheapest, one of the most flexible methods (Kothari, 2004) that will be adopted in the study so as to identify the relevant questions and information that will be adopted in the pilot survey of the study. This will involve a one-on-one discussion with some of the employees of the selected organizations. From the collected information during the pilot survey, questionnaires can thus be formulated with relevant information that targets specific personnel of the selected organizations so as to collect the relevant information security policies adopted. Use of questionnaires Questionnaires for the study will be formulated with a base on various information security policies, standards, and security procedures that are globally accepted. The questionnaires will be designed for twelve different information security domains. The domains include Hardware acquisition, digital signatures, organization security structures, disaster recovery and business continuity planning, software acquisition, Telecom and Network security, as well as access to the user, data, emails, and the internet. In the process of the survey and distribution of the sampling questionnaires, observation method of sampling will as well be used for collection of vital security procedures. Each of the selected domains above will be a representation of the subset of the entire questionnaire. All the questions that will be adopted in the study will as well be subjective questions based on a yes or no type while less than 10% of the questions were of multiple choices. The subsets of the questionnaires will then be distributed to different information security departments as per the domains of the organizations. The questionnaires will be forwarded to the respective organizations through the human resource department authority. Procedures such as the security policy protocols followed when visiting the selected organizations will provide primary information about the information security strategies accepted within the organization (Chen, Ramamurthy Wen, 2012). Information regarding the gate passes of different points of entry, security protocols regarding denying or allowing particular behaviour or access by visitors, and the use of information security devices such as pen drives, mobile phones, or CDs within the organization will be very essential (Gao Luo, 2013). Automatic door lock facilities or even denying the use of internet in specific machines will as well provide vital primary information security strategies that are adopted by the organizations according to Domitrackos (2012). In their study, Chen, Ramamurthy and Wen (2012) denote that different statistical tools are majorly used for different roles in designing research project processes. They are as well important in analyzing any data collected with the aim of drawing the relevant conclusions of the study. These statistical tools are hence essential in testing or measuring different statistical hypothesis so as to attain specific objectives of a study process. At the end of the study, SPSS and Excel software will be used to analyze the data collected. However, for the selected organizations, data segregation and consolidation will be done using Minitab software. The same Minitab or SPSS will be used in the calculation of the percentage analysis of BPO, Software, and Hardware which will be the three different software companies. Operational design Cross tables Cross tabulations will be used in representing the data output after the analysis has been done using different tools. Chatterjee, Sarker, and Valacich, (2015) define a cross tabulation as the table representing the joint frequency distribution of discrete variables. As a result, the columns and rows will represent or correspond to the possible value of the first as well as second variable as the cells containing the frequency of the occurrence of the corresponding pairs of value of both the first and second variables. The cross tabulation will be used in the representation of the data because it has several advantages. For instance, Siponen and Vance (2010) report that they are very easy to interpret and understand thus preferred by people who are not interested in using other sophisticated measures. The tables will also give a deeper insight of the security policies of the organizations rather than just suing a single statistic. It thus helps in avoiding cases of sparse or empty ce lls and is simple to conduct. As a result, the cross tables will be used at any level of measurement of the information security data on whether ordinal, interval, nominal, or even ratios. Organization of the study The study will be organized as follows: Proposal of the research project as presented in this assignment. An in-deep analysis of the recession of the case study. This will include the methodology focusing in the literature review, data analysis, as well as the observation of the key recession indicators and methods of data analysis. The project outcome and analysis of the research. Summarizing the vital findings of the project together with their implications Gant Chart The table below is indicating the projected duration that the research is expected to take from the beginning to the end. Task Starting date Ending date Days Project proposal 10/8/2016 21/8/2016 11 Reviewing the relevant information and the literature 05/09/2016 25/09/2016 20 The data collection process 6/10/2016 6/12/2016 60 Analysis of the collected data 15/12/2016 30/12/2016 15 Final report submission 5/1/2017 30/1/2017 25 Deliverables and milestones The budget and justification of the research The process of research and completion of the project is expected to $5500 within the stipulated time as per the Gantt chart. The budget is specified due to the following reasons: The use of survey method and questionnaires while collecting data will involve various processes such as the need to travel, print, and mail or post relevant papers among other requirements. The whole process is estimated to cost $ 2500. The literature review will involves the use of journal articles, textbooks, and other online resources which are estimated to cost $ 1500. Data analysis using various statistical methods in discussing and interpreting the collected data are also expected to cost $ 1500. Perimater Estimated expenditure Literature review $ 1500 Collecting data $2500 Analyzing the data $1500 Total budget $ 55000 References Akinbinu, T. a., Tiamiyu, M. A. (2016). Attitude of Civil Servants Towards the Use of Research Information in Policymaking in Selected Ministries in Lagos State, Nigeria.Library Philosophy Practice, 1-25 Chatterjee, S., Sarker, S., Valacich, J. S. (2015). The Behavioral Roots of Information Systems Security: Exploring Key Factors Related to Unethical IT Use.Journal Of Management Information Systems,31(4), 49-87. doi:10.1080/07421222.2014.1001257 Chen, Y., Ramamurthy, K., Wen, K. (2012). Organizations' Information Security Policy Compliance: Stick or Carrot Approach?.Journal Of Management Information Systems,29(3), 157-188 Dimitrakos T. (2012). The CORAS framework for a model-based risk management process. In the Proceeding of the 21th International Conference on Computer Safety, Reliability and Security, 2002. 18. Feng M, (2011). An information systems security risk assessment model under uncertain environment. Applied Soft Computer, Vol. 11, No.7, pp. 4332-4340. Gao Y, Luo J. Z. (2013). Information security risk assessment based on grey relational decision making algorithm , Journal of Southeast University, Vol. 39, No. 2, pp. 225-229. Goel, C. V, (2015). Information security risk analysis - a matrix-based approach. Journal of Southeast University, Vol. 39, No. 2, p. 168-75 Guo, K. H., Yuan, Y., Archer, N. P., Connelly, C. E. (2011). Understanding Non-malicious Security Violations in the Workplace: A Composite Behavior Model.Journal Of Management Information Systems,28(2), 203-236 Puhakainen, P., Siponen, M. (2010). Improving employees' compliance through information systems security training: an action research study.MIS Quarterly,34(4), 767-A4 Siponen, M., Vance, A. (2010). Neutralization: New insights into the problem of employee information systems security policy violations.MIS Quarterly,34(3), 487-A12