Information Technology Reference
In-Depth Information
a score, which demonstrates information security, level of the organization in terms of
the organizational reliance on information technology, people, risk management,
processes and technology. Scores obtained in these sections were reported and evaluated
to reflect current situation and needs of defense industry organization.
6
Results
In this section of the study, results obtained from the assessment tool, Information
Security Assessment Tool for State Agencies, are presented. In parallel with the
research objectives, assessment tool provides overall assessment and considers
current situation, requirements and improvements for the defense industry
organization. In this context, assessment tool indicates the results of main components
of information security like organizational reliance on IT, risk management, people,
processes, technology and general overview.
6.1
Organizational Reliance on IT
In the beginning of the assessment, general structure of the test-bed and
organizational reliance on IT of the defense industry organization were identified by
the multiple choice and Likert scale questions. According to results, annual budget of
the organization (between $100 million to $1 billion) is in medium level. Results also
reflect that the defense industry organization is at a very low level with its number of
employees (less than 500 employees).
Organizational reliance on IT and general characteristics of the test-bed were
investigated via 11 Likert scale and 2 multiple-choice questions. According to the
answers given to this part of the tool, the defense industry organization is at high level
in terms of dependence upon information technology systems and the Internet to offer
services to customers, outreach programs, conduct research, and support services.
Assessment regarding the value of the organization's intellectual property stored and
transmitted in electronic form places it at the medium level. Information security
experts thought the impact of major system downtime on operations is in medium
level for the organization as well.
According to the results, the degree of change within the organization, impact on
the organization's operations from an Internet outage, dependency on multi-site
operations, and plans for multi-site operations (i.e. outsourced business functions,
multiple locations and new collaborations) are at a low level. Information security
experts also noted that the organization is at a very low level in terms of preparation
for potential impact to national or critical infrastructure in case of outage,
interruption, or compromise to systems. It is also noted that sensitivity of stakeholders
and customers to security and privacy, and extent of operations dependent upon third
parties, are at a high level. Furthermore, it was determined that the organization's
level of regulation regarding security and privacy is at mid-level.
Search WWH ::




Custom Search