Case Study Analysis

profilektzjoey24d
CaseStudy.pdf

Prior to the first meeting of the RWW Enterprise Policy Review Committee, Mike

asked Iris to meet him in his office.

“You’ve convinced me that IT and InfoSec policy are tightly integrated,” Mike said,

motioning for Iris to sit down. “And you’ve convinced me that InfoSec policy is

critical to this enterprise. Since we are each members of the Enterprise Policy

Review Committee, I think we may want to coordinate our efforts when we bring

issues up in that group. You agree?”

Iris, who knew how important policy was to her program’s success, smiled.

“Sure, no problem” she said. “I see it the same way you do, I think.”

“Good,” Mike said. “We’ll work together to make sure the EISP you’ve drafted is

integrated with the other top-level enterprise policies. What we need to watch

out for now is all the cross-references between the top-level policies and the

second-tier and third-tier policies. The entire problem of internal consistency

between supporting policies is a problem, especially with getting the HR

department policies to integrate fully.”

Iris nodded while Mike continued.

“I want you to take the current HR policy document binder and make a wish list of

possible changes,” he said. “You should focus on making sure we get the right

references in place. If you can send me the change plan by the end of the

weekend, I will have time to review it.”