Académique Documents
Professionnel Documents
Culture Documents
1
Philemon Mapfumo: W1125681 Coursework 1
D'Ausecours
Memorandum
Introduction
This is a memorandum is for the attention of the managing director Mr Matt Le Blanc of
D’Ausecours, discussing the duties and responsibilities of a Data Security Officer, the number
required for the organisation, how there will be adapted into the organisation, the financial costs,
benefits of employing a data security officers and the implications of the merger of between Delta
base and D’Ausecours organisations.
2
Philemon Mapfumo: W1125681 Coursework 1
The security officer must display security awareness regardless of whether its in the physical or
logical domain (Forcht, 1994).The responsibilities are varied and can include planning, organising,
implementing and having a understanding of the customer and the supplier (Kovacich, 2003).
However it is not the responsibility of the security officer to perform security functions, but to make
certain that security efforts are coordinated, by ensuring that, policies, procedures and standards are
updated and adhered to (Killmeyer , 2006). The benefits of the security officer to an organisation
would be to, support organisational requirements, to increase value of the business assets and to
reduce the risks to the current network infrastructure (Kovacich, 2003). The data security officer must
also ensure that the organisation adheres to legal and regulatory requirements like the Data Protection
Act of 1998, which ensures ensure that organisations collect and process customer details legitimately
without unnecessarily disclosing personal details. Which could result in legal action, and loss of
business if violated (ICO, 2009). The data security officer must also ensure that organisation complies
with Computer Misuse Act of 1990 (OPSI, 2009). It is comprised of the following 3 computer
offences:
If any of the offences are committed. The organisation should be able to apply the Act regardless of
whether the offence was committed internally within the organisation or externally. Even though, the
investigation is the responsibility of law enforcement. Evidence needs to be collected appropriately
for a prosecution to be achieved. The security office must ensure that the organisation adheres to the
3
Philemon Mapfumo: W1125681 Coursework 1
ISO 27005 standard which provides a guidelines on how to manage IT Security risk assessment in an
IT environment, no particular risk analysis method is suggested but it strongly recommends that a
systematic and thorough risk analysis is conducted (Infosec, 1996).
There will always be a one security officer to maintain daily operations. The average salary for data
security officer in the United Kingdom is £35,000 – £37,000 per annum Which would translate to:
€39,000-€41,000 in Euros. Therefore the cost of the security officers to the organisation will be
£140,000 per annum. Furthermore to see how a security officer would fit into the structure of the
organisation please see appendix 1 and appendix 2.
Implications of a merger
Now that the companies are merging, with the new organisation now consists of two sites (Kovacich,
2003). The consequences of that are the protection of physical assets will decrease due through a lack
of communication and coordination. The data security officer be conscious of the division and must
encourage more coordination and communication within these divisions. The security officer must be
vigilant in all phases during the merger which will include (Tipton and Krause, 2007);
4
Philemon Mapfumo: W1125681 Coursework 1
References
1) Forcht, K., (1994) Computer security management. Massachusetts: Boyd and Fraser
2) Kovacich, G., (2003) The information systems security officer’s guide: Establishing and
managing and information protection program. Burlington: Butterworth and Heinemann
3) Infosec , (1996) The information security (ISS0) guide book.[online] Available from:
<<http://www.marcorsyscom.usmc.mil/sites/ia/references/don/NAVSO%20P5239-
07%20ISSO%20Guide.pdf > [assessed 14 March 2010]
4) ICO, (2009). The guide to data protection. [online]. London: Information Commissioner’s
Office: Available from:<
http://www.ico.gov.uk/upload/documents/library/data_protection/practical_application/the_gu
ide_to_data_protection.pdf > [assessed 5 March 2010]
5) The IT Job Board,(2010) Information security officer [online ] Available from: <
http://www.theitjobboard.co.uk/IT-Job/Information-Security-Officer/7810956/en/?
source=Search&SearchTerms=information+security+officer&LocationSearchTerms=&JobTy
peFilter=0&DatePostedFilter=0&Page=1&OrderBy=0&CountryId=0&nocache=1268857217
> [assessed 15 March 2010]
6) OPSI, (2009) Computer Misuse Act 1990. [online] Available from: Office of Public Sector
Information < http://www.opsi.gov.uk/acts/acts1990/UKpga_19900018_en_1.htm>
[assessed 16 March 2010]
8) Tipton, H., Krause, M., (2007) Information security management handbook. 6 th ed. Raton.
Auerbach Publications
5
Philemon Mapfumo: W1125681 Coursework 1
6
Philemon Mapfumo: W1125681 Coursework 1
Appendences
Appendix: 1
Board of Directors
President / CEO
Security Officer
Information Division /
Division /Department
Technology Department
Information Security
Operations and
Maintenance
Architecture, Plans
and Supprt
7
Philemon Mapfumo: W1125681 Coursework 1
Appendix: 2
IT Component
Administrators
Help Desk
Human Resouces
Security Officer
Network Application
Administrator Administrators
8
Philemon Mapfumo: W1125681 Coursework 1