PYZ Technology is a forward-thinking IT firm that currently acquired a government contract that could enable the organization to achieve billion dollars’ worth over five years. The firm continues to build on its Technology Strategy and Security Policy focusing on the strategic planning process. Technology Strategy is referred to as the formation of an overall business plan which is inclusive of principles, objectives, and tactics for using technology to achieve organization objectives. It is important to implement policies and standards within an organization to maintain and establish information security system. Not only executive-level personnel are responsible for the implementation of policies, but employees also play a vital role in making the implementation process a success. They are an integral part of the implementation as they play a huge role in creating, executing, and enforcing security policies within an organization. Strategy Policy is referred to as an organization’s intent to control employee’s behaviour in regards to the information system. PYZ aim to have control over the employee’s access to information, especially to sensitive client’s data. Strategy planning process differs depending on the size, nature of the organization and their respective needs.
Almost all of the strategic planning process forms with intent, of an overview of where do an organization want to be at in a specific time shortly. To choose a potential course of action to move forward to achieve your objectives and in this case, PYZ’s objectives are to ensure the information security, creating operation efficiency. Where does the firm want to be in the next five years? Vision must support the strategies of the target audience (Stackpole, B., & Oksendahl, E. ,2011). In PYZ case the target audience would be government who wants to keep track the activities of the ex-felons and general public who want to ensure security of their children. It could be both short or long term as the strategic vision is dependable on the variables and time frame of the project being pursued. As mentioned in our textbook that passion, direction, mission come from vision, therefore, forming vision is the very first level of the strategic initiative. PYZ aim to be the organization that provides security to the audience through its products, therefore, security policy within an organization is a necessity.
Roles and Responsibilities
The strategic planning process is not an easy task as it has to take into account all the aspect of an organization and the outside factors that are a potential threat to an organization. There are many stages involved in strategic planning and one of the level being roles and responsibilities. The questions surfaces are who are responsible for the planning, facilitating the plan, the participants in the planning process. The common members who are active participants in such process are CEO, CFO, CIO, CSO or anyone from the corporate level. It is important to have RAA detailed down in the document to be used in the planning process. The document will serve the members as the guidelines through steps that can be taken in the planning process and states who is responsible for it. The document will assist you in keeping track of who is responsible for which elements as you move along a planning cycle (Stackpole, B., & Oksendahl, E. ,2011). In
PYZ case since the information security is a concern, it would be helpful to establish the roles and responsibilities within PYZ. The audience for this policy includes all PYZ employees who might be involved with Information Security.
Process and Procedures
The organization is made of people and when organization and people who engage in strategic planning are more successful to achieve their objectives. Developing strong strategic planning skills and implementation it provides employees with a strong sense of security about the organization’s future. It will enable us to have better control of operational issues and will establish better communications and relationship (Stackpole, B., & Oksendahl, E. ,2011). In PYZ case establishing a primary information security policy to ensure that every employee who makes use of information technology within the breadth of the organization, to its networks must comply with its stated rules and guidelines and the consequences should be made clear.
Is described as an important process where the information is gathered and analyzed for implementing it to achieve the organization objectives and do better business. It is a tool that is used by an organization to set goals to take certain steps to work on achieving the organization goals. The initial stage formulates and identifies the security groups, how it functions within an organization. This formation for strategic planning also includes allocating of existing resources to best utilize it to maximize the security of the organization. The most crucial steps include discipline, focus, and a willingness to ask challenging questions when the organization prepares to face uncertainties when considering to new possibilities or making decisions on fundamental change (Stackpole, B., & Oksendahl, E. ,2011).
In this stage the organization should know where it wants to go, however, need to decide how to get there? When the strategic group have come up with the clear picture of the organization and its challenges, the following step should be to produce strategic plans which are generally of one to three years with objectives, situations or strategic backup plan (Stackpole, B., & Oksendahl, E. ,2011).
Security Convergence Plan:
It is describing as the phenomenon of two or more things assimilation. As the textbook provided an example of attaching video cameras and DVRs to an IP network. The recent assimilation would be of smartcard and facility access card combination. It provides benefit to an organization by enhancing risk-mitigating by increasing organizational effectiveness and efficiency. PYZ can assimilate video cameras in its IP networks to monitor, control and to prevent employee’s access to sensitive data (Stackpole, B., & Oksendahl, E. ,2011).
The changes management refers to the actions a business takes to make a change or to make an adjustment of the important component of an organization (Roger Gill, 2002) Change management I would communication the need for the transformation to be able to evolve the products, processes, workflow, and strategies over time. The importance of having a proper strategic planning process as we are currently dealing with the high profile products which demand secrecy and accuracy. It is important for the organization to have discipline where needed and to remain focused on our vision to achieve both short and long objectives of the firm.
We each are responsible and accountable for the steps we take towards our goals (Ashkenas, R. 2013, April 16).
When the strategic plan is formed it is crucial to follow through to make sense and to come to its effectiveness. Integration is key to the successful implementation of the strategy. PYZ must make sure that the rules and procedures are being followed through to safeguard the Information System and is not a victim of data theft. By implementing the above process within PYZ it would be successful in securing data complication that many firms face directly or indirectly. (Stackpole, B., & Oksendahl, E. ,2011).
The balanced scorecard enables the organization to align strategic initiatives, goals, and objectives with the organizational vision, mission, and strategy while monitoring organizational performance. It would benefit PYZ to keep communication flow with the middle management about the implementation of password policy, network access policy, the encryption policy and physical security policy etc (Stackpole, B., & Oksendahl, E. ,2011).
Feedbacks, Tracking, and Control
In conclusion, when the strategies are formed and implemented, any organization must look at the results. It is important to know if the strategy is working or taking us towards our end goals (Stackpole, B., & Oksendahl, E. ,2011). Are we able to collect new information that might be helpful to further enhance the process?
Ashkenas, R. (2013, April 16). Change Management Needs to Change. Retrieved January 8, 2021, from http://www.newoaksconsulting.com/assets/docs/Change_Management_Needs_to_Change_
Roger Gill (2002) Change management–or change leadership?, Journal of Change Management, 3:4, 307-318, DOI: 10.1080/714023845
Stackpole, B., & Oksendahl, E. (2011). Security strategy: From requirements to reality. Boca Raton, FL, FL: CRC Press.
Need help with this assignment or a similar one? Place your order and leave the rest to our experts!