Reference no: EM133482149
CASE SCENARIO: One month into her new position at Random Widget Works, Inc., Iris Majwubu left her office early one afternoon to attend a meeting of the local chapter of the Information Systems Security Association. She had recently been promoted from her previous assignment at RWW as manager of information risk to become the first chief information security officer to be named at RWW.
This occasion marked Iris's first ISSA meeting. With a mountain of pressing matters on her cluttered desk, Iris wasn't exactly certain why she was making it a priority to attend this meeting. She sighed. Since her early morning wake-up, she had spent many hours in business meetings, followed by long hours at her desk working toward defining her new position at the company.
At the ISSA meeting, Iris saw Charlie Moody, her supervisor from Sequential Label and Supply, the company she used to work for. Charlie had been promoted to chief information officer of SLS almost a year ago.
"Hi, Charlie," she said.
"Hello, Iris," Charlie said, shaking her hand. "Congratulations on your promotion. How are things going in your new position?"
"So far," she replied, "things are going well-I think."
Charlie noticed Iris's hesitancy. "You think?" he said. "Okay, tell me what's going on."
"Well, I'm struggling to get a consensus from the senior management team about the problems we have," Iris explained. "I'm told that information security is a priority, but everything is in disarray. Any ideas that I bring up are chopped to bits before they're even taken up by senior management. There's no established policy covering our information security needs, and it seems that we have little hope of getting one approved anytime soon. The information security budget covers my salary plus a little bit of funding that goes toward part of one position for a technician in the network department. The IT managers act like I'm wasting their time, and they don't seem to take our security issues as seriously as I do. It's like trying to drive a herd of cats!"
Charlie thought for a moment and then said, "I've got some ideas that may help. We should talk more, but not now; the meeting is about to start. Here's my new number-call me tomorrow and we'll get together for coffee."
Charlie and Iris met for a working lunch. "First thing you need to do," Charlie told Iris, "is gain some consensus from your higher management to fund a new position for a security analyst. Then fill it by finding someone who knows the security skills but is primarily skilled in project management. Or find a strong security analyst and send them off for PM training." "Why so?" Iris asked. "A good project manager can help the entire team learn how to manage all the security projects to keep you from getting overwhelmed with deadlines and deliverables," Charlie said, smiling. "A good PM can make your operations proactive rather than reactive."
"That sounds good," Iris replied. "What else do I need to know?"
Questions:
Based on your reading of the chapter and what you now know about the issues, list at least three (3) other things Charlie could recommend to Iris.
From your understanding of the material presented in this unit, what do you think is the most important piece of advice Charlie gave Iris? Why did you select that piece of advice?