Question

The last step on Kotter’s Eight-Step Change Model is to anchor the changes in corporate culture; to make anything stick, it must become habit and part of the culture. Therefore, it is important to find opportunities to integrate security controls into day-to-day routines.
Do you believe this to be true or false? Why? 12.In general, implementing security policies occurs in isolation from the business perspectives and organizational values that define the organization’s culture. Is this correct or incorrect? Why?

Answer 1

Answer:

Therefore, it is important to find opportunities to integrate security controls into day-to-day routines.

Do you believe this to be true- Yes.

In general, implementing security policies occurs in isolation from the business perspectives and organizational values that define the organization’s culture. Is this correct or incorrect? - Incorrect

Explanation:

Truly, it is important to find opportunities to integrate security controls into day-to-day routines, this is in order to minimize future security threats by formulating company-wide security policies and educating employees on daily risk prevention in their work routines. In the operational risk controls, vigilant monitoring of employees must be implemented in order to confirm that policies are followed and to deter insider threats from developing.

Flexing and developing policies as resources and priorities change is the key to operational risk controls.

These risk controls implementation in organizational security is not a one-time practice. Rather, it is a regular discipline that the best organizations continue to set and refine.

For better preparation of an organization towards mitigating security threats and adaptation to evolving organizational security needs, there must be a proactive integration of physical information and personnel security while keeping these risk controls in mind.

12. In general, implementing security policies occurs in isolation from the business perspectives and organizational values that define the organization’s culture - Incorrect.

When security policies are designed, the business perspectives and the organizational values that define the organization’s culture must be kept in mind.

An information security and risk management (ISRM) strategy provides an organization with a road map for information and information infrastructure protection with goals and objectives that ensure capabilities provided are adjusted to business goals and the organization’s risk profile. Traditionally, ISRM has been considered as an IT function and included in an organization’s IT strategic planning. As ISRM has emerged into a more critical element of business support activities, it now needs its own independent strategy to ensure its ability to appropriately support business goals and to mature and evolve effectively.

Hence, it is observed that both the Business Perspective and Organisational goals are taken into consideration while designing Security policies.