research paper

STRATEGIC INFORMATION SECURITY

ABSTRACT

The security of the information of any given organization is crucial. However, the way an organization deals with the processes of securing the information dictates how secured the information will be. Apple is one of the best organizations in terms of technology, and the paper will be looking at the current situation as far as the aspect of security is concerned. The planners and the implementers of the security strategies will be focused on. The approaches to security implementation will also be highlighted. The policies that are currently utilized will also be looked into as well as the key ideas and suggetions will be discussed to improve security.

INTRODUCTION

Apple Inc. is one of the most advanced companies in the world, and the company has used its technology to make sure that the security of its information is taken to a higher level. At Apple Inc. not only the safety of the information of the company matters but also the security of the information of the customers. The reason behind it is associated with the products that the company produces in the market. It is for this reason that Apple Inc. has structures and policy that are aimed at implementing some of the best information security strategies with the primary objective of securing the information of the customers and the organization as well. The company makes sure that the information security is promoted by introducing multiple layers of protection on its security systems. At the same time, the company introduces multiple layers of protection to its products such as iPhone. The security of the organization's information is taken seriously at the company, and that is one of the reasons why the senior management is involved from the stage of drafting security policy to the stage of implementing it. Apple Inc. has one of the best information security systems in the world, and that has been promoted by the seriousness that has been demonstrated by the management to take the level of security to a higher and better level.

THE CURRENT STATE OF INFORMATION SECURITY AT APPLE INC

The current state of Apple Inc. security system is promising and at its best. Tim Cook stands as the CEO who has paid more attention to Apple Information security while compared with the CEOs who have served before him (Ifinedo 2014, P. 79). The company has been able to attain its high-security level goal by working together with Cisco. Through innovations that Apple has invested heavily in and the contribution of Cisco, Apple has been able to make sure that the level of its security is not compromised. Apple from working together with a technology company, there are also other ways which show that the current state of information security at Apple is admirable. One of them is the effective policy on access and distribution of information.

Apple has a policy that guides the employees on matters of information access and distribution. It is imperative to note that for an organization to promote the security of the information, it must have a policy in place. Apple has identified the need for a policy, and it is for this reason that it has a strong policy. The policy has helped Apple to define roles, introduce rules of engagements, create boundaries, and assign different responsibilities (Ifinedo 2014, P. 69). The security of an organization’s information cannot be promoted if every person is allowed to access the system of the company. An organization must come up with rules that state the people who should access the information and to the extent that they should use the information.

The policy at Apple has created ranks that have helped to promote protocol thus helping the organization to identify the origin of issues whenever they arise. The policy defines the authority, and that helps the employees to know who to take orders from as well as who to report to (Peltier 2016, p. 12). At the same time, the policy draws a line that helps the employees to know their limit when it comes to accessing information and using it. Therefore, law and order are promoted at Apple, and that affects the security of the company's information.

Apple Inc. is a company that has introduced the cloud computing in its information systems with the aim of securing its information. Cloud computing is a method that many organizations are using to make sure that they protect their information from being stolen. The method entails the aspect of using multiple walls to protect the information and using a mobile server (Peltier 2016, p. 11). The employment of multiple walls in the information systems of Apple has made it hard for the hackers to access the information. Multiple walls of protection have helped the current state of Apple in different ways. The first way is associated with the complexity of the systems.

When information systems are protected using multiple layers of protection, the hackers or rather the thieves of the information are given a hard task. When an organization gives the hackers a hard task to access its information, it discourages the hackers from trying to steal its information. Apple has applied the strategy, and it is working well in making sure that the information about the company is not stolen. At the same time, the multiple walls of the information systems create an alert in the case of any attempt. When the company is alerted, it is able to react before the hackers can reach the most crucial layer of the walls (D'Arcy et al. 2014, p. 317). As a result, the security of the company's information is promoted. In summary, currently, when it comes to protecting the information of Apple by using protection strategies, Apple has done well, and it has emerged to be one of the best organizations globally that are doing well to safeguard their information.

THE PLANNERS AND IMPLEMENTERS OF INFORMATION SECURITY STRATEGIES AT APPLE

The CEO of Apple is the official at the highest level who are involved in the process of planning and implementing information security strategies. However, he assumes the roles by being advised rather than being active in the process of looking for the best strategies. At the same time, his input is essential because his words and contributions must be taken seriously (D'Arcy et al. 2014, p. 318). On matters that are related to security of the information, the CEO works with the CFO, CIO, and the COO. The three officers have played a significant level in making sure that the information system of Apple is secure. The three officers play different roles in the implementation of the information security strategies. However, it is imperative to note that only one of the officers has the knowledge about information systems and he is the CIO.

The CIO with his team works on the systems of the company with the intention to know their vulnerabilities and weak points. The reason for doing so is to make sure that the strategies which will be implemented will be looking into the potential issues. The Chief Information Officer is qualified to understand the information systems of the company and that is why he plays the role of advising the rest of the officers on the issues that ought to be looked into. The CEO of the company has a significant role to play in developing strategies (Safa et al. 2016, p. 70). The CEO shares the vision of the type of information system security that he prefers and the CIO looks into its viability. The reason behind it is because the CIO has the knowledge of information systems and therefore if the request of the CEO can be met, the CIO implements it.

The COO also has a significant role to play when it comes to the aspect of planning and implementing the information security strategies. Operations of an organization cannot be separated from the systems of the company. Apple is an organization that has grown by a significant percentage when it comes to technology, and that means that its vulnerability to information insecurity is high (Xu et al. 2014, p. 1149). Therefore, the company has made sure that the Chief Operating Officer is involved in the process of determining the best security strategies to be implemented.

The Chief Financial Officer also sits together with the CEO, COO, and CIO. His role is significant because the company cannot employ any strategy without involving him in one way or another. Information systems of Apple are advanced, and any upgrade or change comes at a considerable cost. Considering that Apple is a company that is led by quality leaders, the strategies must go through the CFO so that he can audit the financial effects that they might have on the company. therefore, when it comes to the audit of the current situation at Apple as far as the aspect of developing and implementing the information security strategies is concerned, Apple has scored well(Safa et al. 2016, p. 78). The reason behind it is because the process of coming up with the information security strategies has involved all crucial departments and leaders in the organization. When all essential and relevant persons are involved, it means that the whole process is transparent thus attaining the organizational goals does not become a challenge.

APPROACHES TO SECURITY IMPLEMENTATION

The approaches that Apple has been taking to implement security are effective and helpful to the company. The company follows different procedures before it is able to implement security (Xu et al. 2014, p. 1151). The first procedure is the identification of the issue. Before a security strategy can be employed, the company makes sure that it is aware of the issues that face the security of the company. The reason for doing so is to make sure that the security strategies that will be implemented will bring an end to issues that the company might be going through and at the same time, it will be helping to advance and enhance the security of the company.

The second step is the brainstorming process. The process entails the aspect of all leaders and team players coming together to discuss the issue at hand and the solution that has been identified. It is imperative to note that there are multiple solutions to one problem (Xu et al. 2014, p. 1150). Therefore, there is a dire need to make sure that the best solution is found. The engagement of the relevant people and leaders comes in place to make sure that a mistake of implementing security that may fail is not made at any given level.

The third step that the company takes is to select the most suitable security solution and auditing the security strategy. A security strategy must go through the process of auditing, and this is to make sure that the solution is viable. Different tests are done on the strategy. The first test is associated with the budget. An organization cannot employ a strategy that it cannot fund. There are reasons why the strategy must go through the financial audit is to make sure that its implementation does not leave the organization crawling in terms of finances (Cherdantseva and Hilton 2015, p. 1236). The second test is associated with the practicality of the security. The security must be practical for it to be implemented. For example, it must work for the company, and the employees must be able to implement it. After the practicality, the essentiality aspect comes in place. When an organization is looking for a security strategy, it does so because it needs to upgrade or take care of a specific issue. The timeframe comes in handy because at the time an organization might be in a hurry to implement the strategy because of the threats that it faces without the strategy in place. In this respect, Apple makes sure that the security strategy passes through the different procedures before its implementation.

With the procedures that are carried out before the implementation process as well as the considerations that are made by the company, conclusively, it is appropriate to state that the current situation at Apple is admirable. The reason behind it is because it is evident that Apple takes all precautions before implementing any security (Xu et al. 2014, p. 1149). A situation becomes worse if an organization blindly implements security without considering the adverse effects it might have on the company. Apple has proven that it is a rational and calculative organization. At the same time, the company has proven that its level of engagement is one of the best thus making it stand on a higher position when it comes to the implementation of security strategies.

INFORMATION SECURITY POLICIES

Apple Inc. has one of the best information security policies globally. The company has a strong information security policy that has helped to maintain law and order at the organizational level. At the same time, the policy has played an essential role when it comes to assigning different responsibilities to different employees. For example, the policy states the people who should access the organizational information and what they should do with the information (Shropshire et al. 2015, p. 178). Therefore, it is right forward that any person who is not mentioned by the policy should not try to access the information of the company. At the same time, the policy states the authority of different management officials. For example, the level of access that is given to the department of finance is not the same level as that given to the information department. The reason behind it is because the department of information systems and technology is directly involved in the process of maintenance and therefore limiting the access can affect the company when there are security emergencies (Cherdantseva and Hilton 2015, p. 1235). The information security policy at Apple stipulates what is likely to happen to the people who fail to work in line with the policy guidelines. Therefore, it is evident that the policy is transparent and well defined. As far as the aspect of the policy and the current situation at Apple are concerned, it is no doubt that the current situation at Apple when it comes to policy is outstanding. The reason behind it is because the company has a policy in place that helps it to run matters that are related to the security of information of the company.

CONTINGENCY PLANNING

Apple has scored a high mark when it comes to contingency planning. The company is aware of the risks that are associated with the information systems. therefore, it has put measures in place that are supposed to make sure that in the case of any risk, the system is able to protect the information from being stolen. The contingency planning involves the workforce and the systems. The employees have been advised on the best steps to take when there is the risk of hackers (Ab Rahman and Choo 2015, p. 45). At the same time, the information system of the company has been designed in a way that it makes it harder for the hackers to access the information. However, when the hackers succeed to pass a specific layer, the systems are designed in a way that they lock down making it hard for both the hackers and the users to use the systems. As a result, the hackers are unable to take with any information since the system has already blocked them from accessing the information.

RECOMMENDATIONS

As much as the current situation at Apple is admirable in terms of information security, there are several recommendations that can make the situation better. The first recommendation is associated with the partnership aspect. Apple has partnered with Cisco to improve its systems and to boost the security of its information. Partnerships are beneficial and also good for organizations; however, there should be a limit. For example, Apple should not trust another organization to the level of engaging the organization in the processes that touch on its privacy (Shropshire et al. 2015, p. 179). Apple is an organization that is advanced in terms of technology, and this can be seen in many of its products. Therefore, it would be recommendable for Apple to make sure that it develops its security strategies alone without the involvement of another party.

The benefits that come along with the development of Apple developing the security together are reduced risks, easy control, and easy response in the case of an emergency. Security systems may fail in different cases, and that means that the attention of the handlers comes in handy (Sinha and Zscaler Inc. 2015, p. 32). Therefore, if handling is shared between two parties, the speed of responding to the issue at hand might not be high. Emergency issues need to be dealt with as soon as possible. When there is a delay, the situation might get out of hand. The involvement of another party fosters delays because of the process of consultations. With this in mind, it is essential for Apple to work alone to boost its security.

The development of the security strategy by one party reduces the risks. For example, when two parties come together, sometimes it is a challenge to define the motive of each party that is involved (Ab Rahman and Choo 2015, p. 45). Therefore, one party might have an ill motive, and that exposes the system to risks that might affect the company negatively. It is advisable to have one party developing the security system. The second recommendation is associated with the engagement of the relevant parties. The Chief Information Officer is the person with the highest level of knowledge about the systems and the way to secure the information of the company (Siponen et al. 2014, p. 213). However, he is held to the same level as the Chief Operating Officer and Chief Financing Officer. The company should review the protocol and make the Chief Information Officer the adviser to the CEO on matters that are involved with the security of the information of the company.

CONCLUSION

The security of the information of any organization is crucial. The situation at Apple has proven to be admirable as far as the security aspect is concerned. The procedures that are involved in the implementation of security have helped the company to maintain a high level of security. The utilization of the relevant leaders has also helped the company to boost the level of its information security. However, the company needs to look into ways of avoiding partnerships and engaging the Chief Information Officer more than other leaders to boost the level of its security.

References

Ab Rahman, N.H and Choo, K.K.R 2015, A survey of information security incident handling in the cloud, Computers & Security, 49, pp.45-69.

Cherdantseva, Y and Hilton, J 2015, ‘Information security and information assurance: discussion about the meaning, scope, and goals,’ In Standards and Standardization: Concepts, Methodologies, Tools, and Applications (pp. 1204-1235). IGI Global.

D'Arcy, J., Herath, T and Shoss, M.K 2014, ‘Understanding employee responses to stressful information security requirements: A coping perspective,’ Journal of Management Information Systems, 31(2), pp.285-318.

Ifinedo, P 2014, ‘Information systems security policy compliance: An empirical study of the effects of socialisation, influence, and cognition,’ Information & Management, 51(1), pp.69-79.

Peltier, T.R 2016, Information Security Policies, Procedures, and Standards: guidelines for effective information security management, Auerbach Publications.

Safa, N.S., Von Solms, R and Furnell, S 2016, ‘Information security policy compliance model in organizations,’ Computers & Security, 56, pp.70-82.

Safa, N.S., Von Solms, R and Futcher, L 2016, ‘Human aspects of information security in organisations,’ Computer Fraud & Security, 2016(2), pp.15-18.

Shropshire, J., Warkentin, M and Sharma, S 2015, ‘Personality, attitudes, and intentions: Predicting initial adoption of information security behavior,’ Computers & Security, 49, pp.177-191.

Sinha, A and Zscaler Inc, 2015, Cloud-based mobile device security and policy enforcement, U.S. Patent 9,119,017.

Siponen, M., Mahmood, MA and Pahnila, S 2014, ‘Employees’ adherence to information security policies: An exploratory field study,’ Information & management, 51(2), pp.217-224.

Xu, L., Jiang, C., Wang, J., Yuan, J and Ren, Y 2014, ‘Information security in big data: privacy and data mining,’ IEEE Access, 2, pp.1149-1176.

E.Whiteman, M. and J.Mattord, H. (2018). Management Of Information Security. 4th ed. https://www.cisco.com/c/m/en_au/solutions/global-partners/apple.html