Governance and Development of It Security Programme and Policies

Abstract

The individual and group assignment report is in connection with Governance and Development of IT security programme and policies. The organisation which I have selected an imaginary organisation A2Z.The main function of this organisation is financial business. We can also say that it is a micro finance bank. A2Z is framed in such a way that we can conduct the required analysis and propose IT Security Governance programme in it. The more details of A2Z can be found in introduction and further sections.

Introduction

A2Z is a microfinance organisation with 1000 employees. The main aim is to give excellent financial services to people who don’t have monthly income and hence improve their financial capacity. The main values of A2Z are customer centric approach, transparency in financial dealings. Some important information of A2Z is as follows.

Logo :

Tagline : Choice for better tomorrow.

Mobile App : “fine” App which works on android phone. The important financial products of A2Z are Savings Accounts, Current Accounts, Fixed Deposits and Loans. The service is mainly for the people who are working for hourly/daily wages. A2Z is divided into different departments for easy functioning. They are Finance, Marketing, Human Resources, Information Technology and Facility Management.A2Z conducts both internal and external audits in all divisions. Managing Director is the person who holds 80% of the shares. CEO and Divisional Chief executives hold the remaining shares based on certain conditions. All sections consist of a Chief Executive, 2 Chief Managers, Middle Level Managers, Team Manager, Team Lead and employees who work on daily business.A2Z follows line organisational structure which is most suitable for a medium sized organisation. In this model, duty of each position is clearly defined.

The picture above explains line structure

Discussion

The different departments within A2Z and their functionality has been explained below.

Finance : It is the biggest department in A2Z.Teams of young professionals who have big experience in Accounting and Finance are employed here. Team names are as follows. Accounts Receivable, Accounts Payable, Accounting and Reporting, Budgeting and Forecasting, Internal Expense Management, Internal Audit and Compliance, Tax Management.

Marketing: This department can play critical role in making relation with the public. It is divided into many sections. Company normally do online and offline marketing. Offline marketing is equally important as that of digital marketing because the customers in A2Z mainly are daily wagers. Public Relations, Creative Design, Data Management, Product Marketing, Social Media Team, Legal Team are the main subdivisions who help A2Z to become a leader in microfinance business.

Human Resource: The main duty of HR department is recruitment and training of new employees to A2Z. It also deals with company’s organisational behaviour. The sub divisions are Talent recruitment and Training, Payroll, Appraisal and Performance Management, Conflict Resolution.

IT Infrastructure

IT Department is the 2nd most biggest department in A2Z.A2Z uses the most sophisticated technologies to achieve best results. All decisions taken from the top management team can be executed with the help of employees in that wing. Even though there are many competitors in the market, quality of service of A2Z makes the difference.

A2Z has Information Technology wing collect and use the data with at most care. The IT wing plays a crucial part in the business and the IT Chief Executive comes directly under CEO. It has the following sub sections. Service Desk, IT Security,2nd Line and 3rd Line Teams. The other teams as follows. Development, Testing, Data Base Administration, Web page maintenance and Backup. The IT infrastructure consists of hardware and software products. Computer Systems, Phones with IP address, Routers, Switches, Printers, Machines to record employee working hours, Surveillance Cameras, ATM Machines etc. The software platforms are Windows, Mainframe. A2Z also use customised applications to run day to day business. The subscription of cloud services add extra mileage to their business.

All product related queries first go to Service Desk Team. All of the questions are addressed and the phone calls are recorded for quality assurance. Sometimes customer may face problems such as login ID and password selection issues . All these will be resolved through phone call at Service Desk. The access issues on customised applications will need further authentication hence these queries will be directed to User Access Management Team. Similarly an issue which could not be resolved by Service Desk will pass to the appropriate team.

All of the users in the A2Z network is maintained by IT Security Team by giving right access. The internal and external access regulation is done with the help of IT Security team. The 2nd Line and 3rd line support resolve critical network issues which Access team/Service Desk cannot handle. Similarly the other teams carry out their responsibilities based on the business requirement.

A2Z web page is secured and have taken all measures against cyber threats. Any customer can use the A2Z webpage and mobile application easily.

IT Asset Names Product Product Product Product Product

Computer Desktop Laptop

Phones Smartphones CISCO

Computer Peripherals Mouse Keyboard Monitor

Network Components Router Switch Hub Connecting Wires

Uninterrupted Power Supply APC by Schneider Electric

Printer and Scanner Canon

LCD Projectors Canon

Wifi Vodafone

Software Operating System Windows Mainframe Unix

Licensed Application Softwares Office 365 Microsoft Access Mainframe DB2

Customised Application softwares Rumba Prod Rumba Dev Teradata Falcon

Software Solutions IDAM Solution MS Azure Cloud

Security Hardware and Softwares Firewall Kaspersky McAfee

Table 1 - Table which describes IT Asset List

Facility Management

The department arrange all things necessary for daily activities and provide a safe place for working. The teams included in this department are Health and Safety, Project Management, Budget Management, Transportation, Operations and maintenance.

Market Threats, Opportunities, Business Value and Stake Holders

A2Z has unique set of values and the quality of services makes A2Z different from any financial organisations.A2Z face business challenges from similar organisations, but its extraordinary employees and customers help them to stay competitive in the market. Apart from this, there are a lot crimes associated with the financial sector.

Price Waterhouse Coopers(pwc) conducted a survey on financial crimes that was happened in 2014 and 2011.There was a increase in bribery and corruption. The cybercrime threats and accounting frauds was increased 1% and this is due to the lack of monitoring and logging similar cyber threats. If the threats are unattended, there is a huge chance of repeating it again.

A2Z has 50,000 customers and progressive rate of increase in their numbers each year. Every year there are a huge number of people starting online accounts.A2Z believe that strong Information Technology Wing can do a lot in improving company’s business value.A2Z follows customer centric approach. This is the reason why they can say that they are the real stake holders.

Conclusion

The structure of A2Z and nature of its business has been explained above. It should be noted that A2Z has a IT infrastructure which helps to run the business effectively. We can develop information technology programme and policies as part of effective IT framework in the organisation and the governance of the same wherever necessary.