Strategic Information Management System

Question: Discuss about the Strategic Information Management System. Answer: Introduction The term information system is the word that defines the total system of information that basically consists of the collection, organization, storage and finally the communication of the information. This information system needs a system of networks that is normally used by the people in the process of filtering, collection, creation and the distribution of data. These processes are as a whole can be said to be delivered by the process of communication system. The information system of Deloitte may be a total system that is being operated by the people or the automated system of the interpretation of the information. The communication as it is plays a vital role in the whole system of information and its security (Bento et al., 2014). Information system is basically used in Deloitte which affect the decision making procedure, which is the reason the process of information system comprises of some basic rules, laws and ethics that will lead the way of the processes to make a successf ul information system along with its security for the organization. In the organization, the employees must have the knowledge of the information system of that particular organisation along with the reflective action practices and the learning procedures that are specifically meant for the information system of the organization relating to its security (Boonstra, 2013). Also along with the communication, the intercommunication is most important as there are interactions between the people inside and outside of Deloitte. Therefore there is a strong impact on the ongoing of the interpersonal communication in the organization that will in further cases affect the workforces and the performances of the workforces in an organization. It is also clear that the impacts that are shown by the use of interpersonal communication in Deloitte that are mostly abided by the theories and concepts that will particularly keep its concern regarding the security of the information system. Moreover the se securities of the information system basically deal with the personnel, ethics and laws of it along with only security. The information system along with the interpersonal communication affects the processes of the management that will make the successful implementation of the management of the project in the organization. Basically the security of the information system of the organization is mainly working for the dealing with the work in a business organization to maintain the security of the information in an organization (Cassidy, 2016). The information system is having a process of work that will make the security professionals tests along with the implementation, maintenance and repairing of the hardware and software that will help in protection of the information of the organization. In all the terms it said that the information system and its security is majorly involved in dealing with the data assets of the organization along with the protection of those data assets of the organization. Interpersonal Communication, its Impacts on the Security of Information System The term interpersonal communication is the particular word that deals with the process of information exchange in the organization, Deloitte. This process of exchange of information in an organization makes an involvement of exchange of the feelings, information. Again it is also evident that this type of information exchange is done by the both verbal and non verbal messages along with the communication that to be done through the messages or face to face communication. The process of interpersonal communication is mostly willing to not only the languages but also through the message communication that is done through non-verbal or facial gesture and the body language (Crossler et al., 2013). Therefore the interpersonal communication is said to as such a factor that will make the serving the informational data of the organization. The interpersonal communication in the organization in some instances happens when there is the involvement of the people of the organization in the same place with having the presence of the people around them communication with each other. The interpersonal communication basically not any type of subtle or unintentional, that is the reason when people in an organization communicate with each other irrespective of any type of communication, then there will have communication without the involvement of words, like by having the cues of posture, facial expression, dressing style, the personality of the person involving their emotional status and intentions for having the communication. The communication as mentioned earlier can be done through both verbal condition and non-verbal condition (Crossler et al., 2013). The information system of the organization is also dependant on the interpersonal communication, as sometimes this type of communication does not abide the rules, laws and e thics of the information system that eventually hampers the security of the information system of the organization. Therefore there has been the introduction of many elements for the clear understanding of the concept of interpersonal communication in an organization. The process of interpersonal communication is having the elements are the communicators, the message, the noise, the feedback, the context and finally the channel. All the elements are having their different prospective of work. The communicators, the messaging, context, noise, feedback, and channel all processes work in their different way to make the satisfactory completion of the interpersonal communication. The communication is the verbal way of communication along with the messaging is the nonverbal way of communication. Both are different in their way of expressing the message to the observer or listener. Feedback is also a way by which the observer or listener will get an idea regarding the information of the or ganization. Same is the channelling and context which deliver its particular type of information to the opposite party. These types of ways of communication sometimes lead to the use of the giving and collection of information by influencing the attributes of the people with the process of formation and maintenance of contacts within the people inside the organization and outside the organization (Crossler et al., 2013). The communication makes the sense of the world by experiencing the information of the organization that is meant towards understanding the personal needs of the customer and employees, keeping in concern the emotional requirement. In other words it can also be said that the interpersonal communication can also be helpful in making the decisions in an organization which will lead to solve any type of issues in that organization. Interpersonal Communication in an organization specifically means the transfer or the exchange of information or the facts or the ideas of the people to the other people which basically work for the understanding of the transmission of the ideas towards the intended direction for which it was meant for. Therefore if any type of communication came through the type of reprimand then knowing the mode of communication is an important criterion. The management also depends on this type of communication as because the there is a certain planning process of the management like the execution of the process for the achievement of the goals that depends on the communication of the information in the organization. This process of interpersonal communication is basically intended for the managers as they only execute the process of planning, organizing, directing and controlling, which goes on aiming towards the achievement of the goals of the organization (Jamroga Tabatabaei, 2016). The proces s of interpersonal communication has an impact on the information system as it has effect on the management, sales, training and conflict resolution. The interpersonal communication and the information system security both are interrelated to each other. The communication no doubt gives the process of management in an organization but it also in some processes creates a threat to the information system. Therefore the security of the information system means the security or the protection of the data of the organization and having the control on the activities of the people of an organization. This security is also establishes to stop the unauthorised access to the data, the usage, disruption or disclosure of the data, or any type of modification or destruction of the data (Luse et al., 2013). For attaining the security of the management first process is to ensure the implementation of the information security to have the secure knowledge of the place by having the proof of concept and the matter that is explainable through the display in the monitor screen. The security program of the information system is basically had its objectives, responsibilities and the approaches by which the security program can get a control over the security system of the organization. The approaches that are done are mostly have the both the top to bottom approach and bottom to top approach that have the control on the security programs of the organizations. The security controls divides it to keep control over each and every part of the organization like having the administrative control, technical control and physical control. These three broad areas involve every aspect of the organization that enhances the responsibility of the information owner by keeping an eye on the protection of the d ata. Deloitte, as in an international multinational company, so it involves the elements of security of its information system including the vulnerability of the information, risk of the information, threat of the information, exposure of the information and finally the safeguard of the information which gives the control over the access of the safety of information or the data of the organization (Layton, 2016). All these elements are strongly attached to each other and works for the maintenance of the information system security. Likewise when it is accounted for threats its agent will give rise to the vulnerability of the information which will eventually give rise to the amount of risks that will make the damage of the assets or the data or the information. Thus damage of the information or the data makes the exposure of the data that enables the exposure of the data to the outside of the organization which is further suppressed by taking the respective counter measures of the s afeguard for the issue of data exposure (Lee et al., 2015). This safeguard will in further situation affects the work of the threat agent who is the causative of such scenario of the organization. For this reason it can be said that Deloitte, as an international multinational company, developed some core fundamental rules for its company regarding the security principles of the information system. These principles ensure the security of the data assets of Deloitte. These can be described under the fundamental of availability, integrity and confidentiality. These three are such principles of core information security that will definitely make sure the maintenance of the law and ethics of the organization in terms of the data security. Confidentiality says about the maintenance of the required amount of secrecy by preventing the disclosure of the information by making visible of the threat resources and its counter measures (Li, 2015). In the same way, the integrity gives the idea of assurance of the idea of accuracy and the reliability and the durability of the information or the data that Deloitte is providing which will definitely prevent any type of unauthorised modification of the data or information. The data security availability is mostly having the ensuring the easy and timely assessment to the information or data of Deloitte that is only available to the authorized personnel of Deloitte. Apart from these security processes there are more other processes that came into consideration for the informational security of Deloitte. Controlling Risk of the Information System Security The process of controlling of the risks or it can be said as the management of the risks by adapting the process of identification of vulnerabilities and threat methods of data or information that has been used by Deloitte to enable the success in the goals and the business objectives and afterwards making the decision of measures for the counter part of the risk that are emerging due to the valuation of the resources of the data or the resources of the information in the organization (Peltier, 2016). In other words it can be said that the controlling risk is the process that involves the identification, controlling and minimization of the effect or impact of certain events that has taken place for maintaining the security level of the information or the data of the organization. The effective amount of controlling of risk of the organization or the risk management of the organization is being divided into four phases, i.e.., and the assessment of the risk, the decision of the manage ment, the implementation of the control mechanisms and the review of the effectiveness of the controlling program of the management. This whole total process of the controlling risk of Deloitte basically involves the process of identification of the risk, then the measurement of the amount of risk, and finally taking steps for the minimization of the risk as per the events that affecting the data resources. That is the reason this whole process of the identification, controlling and elimination or minimization procedure mostly takes up the analysis of the other criteria like the analysis of the risk, selection, implementation and testing, cost benefits, evaluating the security of the safeguards and finally observing the review of the whole process in terms of security. For this reason the controlling risk is majorly having the inclusion of the strategic planning of the procedure the operations that are needed for the financial reporting and the compliances of the information system and its security (Peppard, Galliers Thorogood, 2014). For the establishment of the methodology of controlling risk there is a specific process that will specifically comes with context establishment, risk assessment, risk treatment, risk acceptance, risk communication, risk monitoring and review. The company by having the whole process in a manner will develop a system of systems development life cycle that goes for Deloitte to have a secure system of information or data of it. Protection Mechanism The protection mechanism is a vital process of the company, Deloitte, as it is the main part of protection of the data or the information of the company. All the total processes make the implementation of the processes in the mechanism of saving of the data or the information of the organization. These protection mechanisms are of two processes like the considerations surrounding the study of protection and the technical underpinning process of the information. In the process of the study of protection, the process will include basically the general observations, functional levels of the procedure of information, designing the principles or the mechanisms that are needed for the protection procedure and finally the summary of the process that is considered for the protection process (Ogiela Ogiela, 2012). Afterwards the part of the technical underpinning is the development of the plan that has to be taken forward for the process of protection, then the process of designing of the es sentials of protection of the information or data. After this procedure, there will be the take up of an isolated virtual machine for the process of protection of the data. The protection of the information or the data is only possible through the authentication of the mechanism that has been selected for the process of protection of data; the system must need a users claimed identity that will ensure further usage of the mechanism in the protection process. By having the use of the protection mechanism the security of the system must depend on the secrecy of the identification of the user (Ogiela Ogiela, 2012). Finally the sharing of the information and the authorization of the information is been useful for accessing the information but also having the security of the data or information. The protection mechanism of the information system is basically having the process of effective scenario of the security of the data or information system. Personnel and Security The part of terms and securities is a part of the information security system that enables the system of Deloitte to have a well structured system of policies and procedure that will make the organization to have secured way to access the assets or data of it. By having this process, the organization will be able to manage the risk of any issue that has been created to the staff for mishandling or the exploitation or any intention to handle any of the legitimate access of the data assets of the organization. The organization usually takes up the process of personnel and security during the process of recruitment where the security is being maintained by the employment of the staff members of the Deloitte (Ogiela Ogiela, 2012). That is the reason the company possesses a pre-employment screening of the employees particularly by going through the effective line management and the strategies of welfare of the employees by showing the clear lines of communication to the employees of the organization having a strong security culture of the organization. It is also an established truth that if the personnel security will be used in a regular basis then there will be have an reduction of the operational vulnerabilities of the organization which is further situation will be helpful in building a secure culture for the environment of Deloitte (Shapiro Varian, 2013). That is the reason when there will be the application of personnel and security then the organization will have the employees those were reliable with having the chances of maintenance of the security of the information system. By having this process the organization will have the detection of the suspicious behaviour which will eventually resolve any type of issues that is being detected in Deloitte. Laws and Ethics The law and ethics of the company is the important part of an organization which will take up all the legal and ethical responsibilities of the organization. Therefore Deloitte is having a well structured legal policies and procedures that also define the ethical standards of the business. These implementations are mostly due to the minimisation of the liabilities and the risks that will definitely ensure the security of the information system of Deloitte (Shapiro Varian, 2013). These processes are done understanding the environment of current legal condition of the organization and getting strongly abided by the current laws and regulations of the organization mainly evaluate the issues that are emerged during the process in the organization. In Deloitte, the laws are formulated in such a manner that it will mandate or prohibit the behaviour of any unauthorised action of the data assets of the organization. In the same it has ethics that is accepted in the social environment with a friendly behaviour. PRT Network Monitor report In the organisation it is quite essential to monitor the network. PRT Network Monitor report helps to provide the report of the each of the network action. It helps to generate detailed reports, graphs and charts regarding the network performance and history. Even this can be customized as per the organisation requirements. Conclusion The process of the security of the information system of an organization like Deloitte need a very integrated process of security to have the access over the threats and the issues that emerge from the illegal or unauthorized acts with the assets of the company or the data or information assets of the company. For this reason there have an implementation of many automated tools that will have the prediction of emergence of the security attacks upon the information system of the company. The financial assessment gives a support to the threat management to the company in a larger amount which will have the correlation between the security attacks of the past and present situation and also can predict the future situation. References Bento, A., Bento, R., White, L. and Bento, A., 2014. Strategic Information Systems and Business Outcomes.International Journal of Human Capital and Information Technology Professionals (IJHCITP),5(1), pp.15-25. Boonstra, A., 2013. How do top managers support strategic information system projects and why do they sometimes withhold this support? International Journal of Project Management,31(4), pp.498-512. Cassidy, A., 2016.A practical guide to information systems strategic planning. CRC press. Crossler, R.E., Johnston, A.C., Lowry, P.B., Hu, Q., Warkentin, M. and Baskerville, R., 2013. Future directions for behavioral information security research.computers security,32, pp.90-101. Galliers, R.D. and Leidner, D.E., 2014.Strategic information management: challenges and strategies in managing information systems. Routledge. Haux, R., Winter, A., Ammenwerth, E. and Brigl, B., 2013.Strategic information management in hospitals: an introduction to hospital information systems. Springer Science Business Media. Jamroga, W. and Tabatabaei, M., 2016, September. Information Security as Strategic (In) effectivity. InInternational Workshop on Security and Trust Management(pp. 154-169). Springer International Publishing. Luse, A., Mennecke, B., Townsend, A. and Demarie, S., 2013. Strategic information systems security: definition and theoretical model. Layton, T.P., 2016.Information Security: Design, implementation, measurement, and compliance. CRC Press. Lee, T., Ghapanchi, A.H., Talaei-Khoei, A. and Ray, P., 2015. Strategic Information System Planning in Healthcare Organizations.Journal of Organizational and End User Computing (JOEUC),27(2), pp.1-31.