Discussion

Paper details:

Developing Enterprise Processes for Compliance
This Discussion is based on the following case study and references the optional article “Security Manager’s Journal: Security Measures Have to Be Reasonable.” In this case, the security manager works at a large organization that must comply with Sarbanes-Oxley regulations. The organization uses an enterprise resource planning (ERP) software package for critical business processes. The organization needs to grant access to ERP software personnel to support the application after working hours. The personnel are asking for generic accounts that have full administrative rights. However, the security manager does not want the ERP software to have an outage and, at the same time, does not want to grant access via a generic ID that cannot be audited for Sarbanes-Oxley. An immediate solution can be to provide limited access rights for the short term and then identify a tool that the ERP software recommends for auditing activity and keystrokes of users working after office hours.

In this case, the security manager reached an interim compromise by restricting the rights of the login account. Frequently, a business manager may request access that is clearly against the security policy. In such cases, the security manager must work with the stakeholders to identify a flexible solution that meets the business goals and the requirements of policies and regulations, if possible. This can be achieved by using security at different layers and by finding an automated or manual way that the business will act as a gatekeeper, allowing limited or managed control of the access rights. The details would typically be documented in an agreement between the security manager and the business owner, called a statement of control.

This week’s Discussion centers on granting access to external users such as vendors and suppliers. This is a timely discussion because many companies are reducing support costs by hiring external firms, local and offshore. It is important for the security manager to avoid a conflict with the business objectives and yet firmly support security policies to limit access to company’s resources by external users. This Discussion also addresses the benefits of standard enterprise security architecture, tools, and processes.

Discussion Prompt:

• Given that limited access rights will not satisfy the business owner, suggest a statement of control and describe how the business would manage the after-hours access by an external vendor providing ERP support.
• What would a productive course of action be if the business owner requests access to resources that the security manager will definitely not approve?
• There is a trend to outsource more support services to vendors. How would you suggest raising awareness within the business to encourage more business owners to look at security issues up front, rather than at the end of their contract negotiations when security is considered a roadblock?
• When a large corporation acquires a smaller company or splits into distinct divisions, the corporation can choose centralized infrastructure, services, and policies or allow each division to have its own policies, standards, and IT infrastructure”and perhaps its own Internet demilitarized zone (DMZ). State why it is better for a company to either maintain centralized IT governance, distribute IT governance, or federalize it.

Discussion

Order Description
NR- 500 Foundational Concepts & Apps
Readings are as follows:

Cleary, M., Hunt, G., & Horsfall, J. (2009). Conducting efficient literature searches. Journal of Psychosocial Nursing and Mental Health Services, 47(11), 34–41. doi:10.3928/02793695-20090930-03

Below are the Course outcomes and how they relate to the program outcomes. Underneath each outcome are the key concepts we will use to meet these objectives through our written discussions.

TD1. Identify a topic of interest related to your area of practice. Perform a search in two scholarly databases for an article that is relevant to that topic. Share the name, URL, and a brief description of the two databases you located. Do not report on MEDLINE or CINAHL as these are already well-known. What databases did you select? Why?

1. Demonstrate effective verbal, written, and technological communication using legal and ethical standards for transferring knowledge. (PO 3, 6)

Key Concepts

Identify scholarly databases.

Demonstrate the process for conducting a scholarly literary search.

2. Apply research principles to the interpretation of the content of published research studies. (PO 9)

Key Concepts

Choose basic resources for finding relevant evidence.

Employ appropriate skills for conducting a scholarly inquiry using an electronic database.

Discuss the role of scholarly literature in promoting evidence-based practice.

3. Analyze data from relevant sources to inform the delivery of care. (PO 4)

Key Concepts

Examine peer-reviewed research articles.

Demonstrate the appropriate skills for conducting a scholarly inquiry using an electronic database.

Examine literature from published research articles for currency.

Analyze website credibility using identified standards for website credibility.

Order Description
NR- 500 Foundational Concepts & Apps
Readings are as follows:

Cleary, M., Hunt, G., & Horsfall, J. (2009). Conducting efficient literature searches. Journal of Psychosocial Nursing and Mental Health Services, 47(11), 34–41. doi:10.3928/02793695-20090930-03

Below are the Course outcomes and how they relate to the program outcomes. Underneath each outcome are the key concepts we will use to meet these objectives through our written discussions.

TD1. Identify a topic of interest related to your area of practice. Perform a search in two scholarly databases for an article that is relevant to that topic. Share the name, URL, and a brief description of the two databases you located. Do not report on MEDLINE or CINAHL as these are already well-known. What databases did you select? Why?

1. Demonstrate effective verbal, written, and technological communication using legal and ethical standards for transferring knowledge. (PO 3, 6)

Key Concepts

Identify scholarly databases.

Demonstrate the process for conducting a scholarly literary search.

2. Apply research principles to the interpretation of the content of published research studies. (PO 9)

Key Concepts

Choose basic resources for finding relevant evidence.

Employ appropriate skills for conducting a scholarly inquiry using an electronic database.

Discuss the role of scholarly literature in promoting evidence-based practice.

3. Analyze data from relevant sources to inform the delivery of care. (PO 4)

Key Concepts

Examine peer-reviewed research articles.

Demonstrate the appropriate skills for conducting a scholarly inquiry using an electronic database.

Examine literature from published research articles for currency.

Analyze website credibility using identified standards for website credibility.

Discussion

Order Description
NR- 500 Foundational Concepts & Apps
Readings are as follows:

Cleary, M., Hunt, G., & Horsfall, J. (2009). Conducting efficient literature searches. Journal of Psychosocial Nursing and Mental Health Services, 47(11), 34–41. doi:10.3928/02793695-20090930-03

Below are the Course outcomes and how they relate to the program outcomes. Underneath each outcome are the key concepts we will use to meet these objectives through our written discussions.

TD1. Identify a topic of interest related to your area of practice. Perform a search in two scholarly databases for an article that is relevant to that topic. Share the name, URL, and a brief description of the two databases you located. Do not report on MEDLINE or CINAHL as these are already well-known. What databases did you select? Why?

1. Demonstrate effective verbal, written, and technological communication using legal and ethical standards for transferring knowledge. (PO 3, 6)

Key Concepts

Identify scholarly databases.

Demonstrate the process for conducting a scholarly literary search.

2. Apply research principles to the interpretation of the content of published research studies. (PO 9)

Key Concepts

Choose basic resources for finding relevant evidence.

Employ appropriate skills for conducting a scholarly inquiry using an electronic database.

Discuss the role of scholarly literature in promoting evidence-based practice.

3. Analyze data from relevant sources to inform the delivery of care. (PO 4)

Key Concepts

Examine peer-reviewed research articles.

Demonstrate the appropriate skills for conducting a scholarly inquiry using an electronic database.

Examine literature from published research articles for currency.

Analyze website credibility using identified standards for website credibility.

Order Description
NR- 500 Foundational Concepts & Apps
Readings are as follows:

Cleary, M., Hunt, G., & Horsfall, J. (2009). Conducting efficient literature searches. Journal of Psychosocial Nursing and Mental Health Services, 47(11), 34–41. doi:10.3928/02793695-20090930-03

Below are the Course outcomes and how they relate to the program outcomes. Underneath each outcome are the key concepts we will use to meet these objectives through our written discussions.

TD1. Identify a topic of interest related to your area of practice. Perform a search in two scholarly databases for an article that is relevant to that topic. Share the name, URL, and a brief description of the two databases you located. Do not report on MEDLINE or CINAHL as these are already well-known. What databases did you select? Why?

1. Demonstrate effective verbal, written, and technological communication using legal and ethical standards for transferring knowledge. (PO 3, 6)

Key Concepts

Identify scholarly databases.

Demonstrate the process for conducting a scholarly literary search.

2. Apply research principles to the interpretation of the content of published research studies. (PO 9)

Key Concepts

Choose basic resources for finding relevant evidence.

Employ appropriate skills for conducting a scholarly inquiry using an electronic database.

Discuss the role of scholarly literature in promoting evidence-based practice.

3. Analyze data from relevant sources to inform the delivery of care. (PO 4)

Key Concepts

Examine peer-reviewed research articles.

Demonstrate the appropriate skills for conducting a scholarly inquiry using an electronic database.

Examine literature from published research articles for currency.

Analyze website credibility using identified standards for website credibility.