Information Assurance Compliance with Government Regulations

Information Assurance

Name

CIS 598: Information Assurance Capstone

Dr. Professor

Strayer University

June 10, 2018

Introduction

Information Assurance is the art of being able to access the right information and pass that information to the right people at the right time. The main aim of Information Assurance (AI) is to ensure that such information has the utility to enable those authorized to access such information reap full benefits while, at the same time, diminish the relevancy of such information to the unauthorized. AI is sometimes regarded as information security as it involves guiding information and ensuring that it only reaches those who are relevant to such a message. In business, AI forms a very crucial aspect of ensuring continuity through formulating strategies that minimize the business risk through improved management. Importantly, AI is applied to systems that are involved in the handling of business information crucial to the running of the enterprise. AI practitioners address the aspect of corporate governance through issues like disaster recovery, privacy, regulatory and standards compliance and business continuity as they innately concern with information systems. Different from information security, AI mainly deals with Criminology, fraud, forensic science, systems engineering, accounting, security engineering, user experience, and business. It is important, therefore, to appreciate AI as an outcome of risk management or an umbrella term for the holistic activities of information security.

Employees That Have a Deeper-Level of Information Assurance (IA) Policy Compliance

AI touches on every employee albeit on different levels. Therefore, the holistic fulfillment of AI compliance requires every employee within an organization to play their part faithfully actively. However, there are those employees or departments that are more involved in information security than others. These include:

Leadership

The leadership of every organization is solely responsible for the running of the organization's affairs. Therefore, everything that happens in and out of the organizations and concerns the organization in any way should affect them. It is important that they are fully enlightened about the activities of the organization. Their need to access every information regarding the business they are running is to enable them to strike deals and drive the organizations towards improved productivity and profitability. Their access to information is therefore bound on utilizing such information for the overall continuity of the business.

Accounting Department

The “heart” of any business lies in the accounting department, which determines whichever direction they are meant to take and when the business is initiated such action. The accounting department also determines the health of the organization by determining the break-even points that allow it to initiate specific action plans. It is important that the accounting department understands its significance and role in driving forward the organizations business; otherwise, it will endanger the organization through reckless sharing of information.

It Department

Today, every organization is structured on an information technology platform. The IT department ensures that all departments within the organizations access and relay such information as required of them and promptly. As the foundation upon which the organization's functions are based upon, it is important that they maintain a very high level of security. Lack of which, hackers and malicious intruders will use such information to affect the business of the organization. IT department employees should and must understand that they play a very significant role in ensuring performance and continuity of the organization.

Factors That Increased the Individual’s Level of the Propensity for Compliance

Level of Authority

The higher the level of power within an organization, the heavier a load of responsibility placed upon them. Great responsibility comes with high accountability requirement, not only on a personal level but also by the organization. When an individual holds power, it means that they should be made accountable if the organization, at any instance fails. Therefore, any information such a person receives goes a long way in influencing the organization's performance. KPMG (2013) argues that such an authority impacts significantly to the running of the organization. Hence it is imperative that they are careful on what information they relay to their subordinates. Authority means that compliance is crucial, lack of which, the organization will be affected holistically.

Job Placement

It is tough for an employee in production to understand why there is a very rigorous examination at the gate for every person who comes through. It is also challenging for a marketing agent to figure out why the IT expert denies them access to certain accounts despite influencing those accounts. Salam (2010) compares job placement to an access key that only allows the holder specific access that others lack. He points out that each task only grants employees certain access while denying them others. Likewise, when an employee “feels” substantial and understand the kind of responsibility that is expected of them, they are more likely to comply as compared to one that lacks such authority. Certain power accords different perks that determine an individual propensity to comply.

Contractual Requirement

Employment is contractual, and as such, every employee is expected to fulfill a particular mandate, lack of which, they are liable to prosecution. Jessy (2012) identifies contractual agreement as the defining factor in according authority and responsibility to an employee. Such power and responsibility define the boundaries within which one is meant to function. If the contractual requirement is stringent, compliance will be very high. Also, if the contractual consequences are stringent, the individual will be motivated to comply.

Professionalism

Each profession is guided by certain guidelines that expect one to adhere to lack. For example, a doctor will not disclose certain elements of their patient’s ailment until they are confident enough of such information or until the right person is available. They also cannot disclose another person’s health information without the authority of the owner. Likewise, an accountant or an auditor is expected to keep a certain level of privacy on their work and only disclose such information to the relevant persons. Professionalism influences the propensity substantially for compliance while at the same time dictating the kind of information to be disclosed.

...