The aim of this project is to evaluate the effectiveness of information security policy in the context of an organization, OSI systems, inc. With presence in africa, australia, canada, england, malaysia and the united states, OSI systems, inc.Cognitive behavioral learning is a worldwide company based in california that develops and markets security and inspection systems such as airport security X-ray machines and metal detectors, medical monitoring anesthesia systems, and optoelectronic devices.Cognitive behavioral learning the company is also represented by three subsidiary divisions in offices and plants dedicated to the brands, rapiscan systems, OSI optoelectronics and spacelabs healthcare.Cognitive behavioral learning

In 2010, OSI, inc. Had sales of $595 million with net income of over $25 million. As of june 2010, the company was comprised of 2,460 personnel globally.Cognitive behavioral learning the parent company provides oversight and fiscal control to the different divisions, and is connected through its virtual network world-wide intranet system; with external integration of other stakeholders involved in the channel of operations, mostly represented by third party vendors whom are connected to the company’s extranet.Cognitive behavioral learning key stakeholders involved in IT security decision and job responsibilities at OSI, inc. Are outlined in table 1.

In 2011, OSI, inc. Will implement changes to its IT security policies.Cognitive behavioral learning those changes are largely in response to national articulations in computer misuse laws. This especially pertains to extensive statutory provisions within UK employer related policy on internet privacy and propriety commercial information as will be discussed in review of the nation’s computer misuse law (CMA), put into effect in 1990 with revision in accordance with technological innovation in 2006.Cognitive behavioral learning related legislation in the united states on telecommunications and internet use, and in accordance with post 9/11 provisions on web-based privacy infringement in part to anti-terrorist legislation on IT infrastructure, OSI, inc.Cognitive behavioral learning will improve its competency as a technology organization through heightened policy posture.

As with other global organizations, OSI, inc. Is constantly seeking solutions to its vulnerabilities to both internal and external forces of competition.Cognitive behavioral learning for this reason, security policy amendments are strategic priorities: 1) corporate and IT organizational structure including rules and resources with respect to information security; 2) stakeholders (users, managers, and designers) interacting with information security; 3) security technology (technical platform); 4) tasks associated with information security (goals and deliverables); 5) information security risks.Cognitive behavioral learning formidable to those actionable goals, is the vision of CIO, john loo’s administrative oversight of the corporation’s IT informatics network.Cognitive behavioral learning in an interview with mr. Loo, I redeemed important insights into the transition of OSI, inc. In this unit of business operations, illustrated in table 2.Cognitive behavioral learning

JL: was that he did not have a not have such a large encompassing plan due to the relative smallness of the company as compared to a general electric or IBM.Cognitive behavioral learning in fact many contend that this type of security philosophy is penny wise and foolish (whitman & mattord, 2010. 171). He said he had just a disaster recovery plan which did not include an SIRT team.Cognitive behavioral learning

He said that he does not have a list of personnel that he calls from but basis his team on the immediate threat at hand. In the event of a vulnerability attack on the network, mr.Cognitive behavioral learning loo would base the severity of the attack and that he himself would determine if it was just an incident or a major disaster. From there he would then determine the extra personnel that would be needed to take care of the threat.Cognitive behavioral learning again, no security team list is in place.

JL: he did not put together such a listing profile because of the enormity and sheer number of different threats and vulnerabilities and the small size of his company.Cognitive behavioral learning mr. Loo also indicated that his primary fear or concern for security was simply having someone walk into an OSI facility, plant or office and plug their laptop into the network and be able to hack or password into the network and interrupt or steal company data.Cognitive behavioral learning

JL: he does have a back-up – a warm back-up site facility in issaquah washington. It is not a hot site where the company can immediately turn things on and start operating.Cognitive behavioral learning although all of the applications are loaded in the servers, the back-up data tapes and disks are stored in burbank, CA and that they would have to be carried and sent over to issaquah and then loaded into the databases and tested before operation can begin.Cognitive behavioral learning that would take anywhere from 10 hours to 2 days for completion. If the situation was not totally disabling, he would just send the disks and tapes to the torrance california facility and restore the servers from there.Cognitive behavioral learning that would take less than a day.

JL: indicated that although there is no chief information security officer (CISO) between him and the CIO, the CIO is firmly committed to obtaining the resources and expenses for fully implementing proper security within the company.Cognitive behavioral learning unfortunately, the CIO himself does not directly report to the CEO but to the non-technical CFO mr. Edick and that sometimes it is very difficult to obtain additional money and resources to fully implement all of global its plans for security since the company has never had an IT or security in a real emergency before.Cognitive behavioral learning

Although it is quite common and natural for many companies, both small and large to place their security department or group within the IT organizational structure, this is not the best place for it.Cognitive behavioral learning given the seriousness for destructiveness due to loss data and networks, many organizations place their security group either within legal or insurance and risk management departments.Cognitive behavioral learning since OSI is small it is just within the IT department. Another factor is that the CIO and CEO are brothers and that can provide for a conflict of interest.Cognitive behavioral learning this is why the CIO does not report directly to the CEO. This conflict imperils information security. Most experts agree that the CIO or CISO should report directly to the COO or president of the company.Cognitive behavioral learning in case they do not.