COBIT V4.1 Framework

What is a process control block, and what is it used for? A process block control is a data structure containing information about an active process. PCB is used for storing the collected information about the processes and allows the OS to locate key information about a process such as the name, state of the process, resources that are allocated to the process, scheduling information, process ID, and input/output devices that are used by the process. 7.

Executives should work towards minimizing those activities that inhibit alignment and maximize those activities that bolster it (Luftman & Brier, 1999) (as cited, Hsin Yien Laxamana, Discussion 1, 11:43 PM). Alignment is not a one-time event, it is a behavior that needs to be developed, cultivated, and sustained. My role as the CIO would be ensure the long-term development of alignment behavior, assessment of the company’s alignment maturity, and realign the IT department as necessary to maintain

FISMA act gives a great importance to risk based rules that helps in defining cost-effective security solutions to the organization. FISMA standard should be executed with the help of senior security officials, chief information security officers and security director who can help to conduct different annual reviews of the organization`s information security program and produce the report in front of management about its findings. The management will use this data in order to identify different security loopholes and apply the proper security measures in order to make the organization security compliant. It`s

As a member of the Homeland Security Assessment Team for our organization, we will attempt to build a program that will allow us to meet the goals of our business plan as well as the needs of our Homeland Security Assessment that we will create from the results of our evaluation of our organization (Fisher, 2004). We will utilize the Baldridge Criteria to combine our two-goal seeking areas of our business plan as well as our Homeland Security Assessment goals that we are identified at the conclusion of our Homeland Security Assessment. When we do our Baldridge Criteria measurements of our organization we will be able to determine the areas of our organization that we are already protected from weaknesses and vulnerabilities; and will be able

Empowerment and accountability are taking responsibility for your own actions and acting as an expert in the industry. The last value is agility, meaning to challenge each other and have an open mind. (Grainger, About Us, 2015) W. W. Grainger uses these values as a road map to

• take advantage of Information Technology to further corporate gains. • gain operational excellence by availing of technology. • make sure that the risk around computing is monitored correctly. • make best use of IT that has been heavily invested in. • remain compliant with any contracts, regulations and other compliance laws.

Based on benchmarking of the team, what are the key components to consider for your organization in a homeland security assessment? Why? I think before we go into this question that it is imperative that a definition of benchmark be given. A simple definition of benchmark is nothing more than this, to benchmark is to compare performance against a standard (Azevedo, Newman, & Pungiluppi, 2010).

• Deployment of intrusion detection system (IDS): as cited by Carasik and Shinder (2003), An Intrusion Detection System (IDS) is the high-tech equivalent of a burglar alarm—a burglar alarm configured to monitor access points, hostile activities, and known intruders. Though there was a firewall in the network architecture, but the present of a network intrusion detection device prevents unauthorized traffic to the network hosts. • Establishing an information security management system (ISMS): According to Iso.org, (2014), An ISMS is a systematic approach to managing sensitive company information so that it remains secure. It includes people, processes and IT systems by applying a risk management process.

We have many comprise in our IT department that can comprise our company and our customer's records. These are the key weakness and inefficiency that need to be addressed by you Chris: separation of duties, mandatory vacations, job rotation policies, agreements with vendors, including password and other login information, and IT confidentiality agreements. To address this issue, this executive summary outlines a plan to improve the IT department. the plan will focus on improving the IT department’s processes and procedures. This includes streamlining existing processes, implementing new technologies, and training staff on the latest technologies and best

o Develop and implement incident response plans to ensure business continuity in the event of a security incident. o Facilitate security audits and compliance assessments, ensuring compliance with industry standards such as SOC2 and PCI. o Maintain and update security policies, procedures, and documentation to ensure adherence to regulatory

There are many different type of IT problems, which an organization will have to address, but it is important to note that an effective security plan starts with the management team. The management team has to be committed to developing a workforce trained to handle different types of security threats. The process starts with management developing a strong security policy, which explains which security is important, provides guidelines for meeting industry standards and complying with government regulations and it must provide a clear outcome of what will happen when an employee does not comply with the policy. Management should also provide a central leader who will provide command and control for the entire security requirement listed in

1.2.3 Strategies • Review IT organizational structure • Review IT policies and

The purpose of this publication is to provide guidance for conducting risk assessments of federal information systems and organizations. In addition to identifying the steps in the risk assessment process, it also provides guidance in identifying risk factors to watch and courses of action that should be taken. Risk assessments provide the senior leaders/executives with the information needed to determine appropriate courses of action in response to identified risks. The target audience includes individuals with oversight responsibilities for risk management, organizational missions/business functions, acquiring information technology products, services, or information systems, information system/security design, development, and implementation,

· Ensureing that the IT infrastructure guarantees availability and reliability of the available

Worth noting is that, IT governance and its mechanisms such as; IT organizational structure, governance committees, approvals and budgeting processes (Weill, 2004) can be found in every enterprise but the only difference is that, enterprises with an effective proactive governance also have in place active IT governance mechanisms which enables their appropriate behavioural patterns to be fitted into the organization’s goals, strategy, values, norms, mission, and culture, to crown it all successful. Therefore from the above description of IT governance one can now easily pin-point the key issues related to an effective IT governance mechanisms, highlighted in Galliers & Leidner chapter 12, (2009, p. 303-4) by Weill, (2004) as explained below: